Terms of use About us HR
Search
Traži
Individuals

Privacy Information Notice for Candidates and Applicants at Zagrebačka banka d.d.

INTRODUCTION

Zagrebačka banka d.d. (hereinafter referred to as: "the Bank") processes your personal data in accordance with:

  • the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: “General Data Protection Regulation”), and the
  • Act on the Implementation of the General Data Protection Regulation.

The General Data Protection Regulation prescribes a set of rules with the aim of ensuring that personal data are processed respecting the fundamental rights and freedoms of natural persons.

With this information, as a job applicant, we provide information on how and for what purposes we process your personal data, what rights you have in relation to the processing and protection of your personal data and how you can exercise these rights.

"Data processing" refers to collection, record keeping, organization, insight, storage and recording of personal data.

We process your personal data lawfully and transparently, for specific purposes, for as long as necessary to achieve a particular purpose and we apply appropriate technical, security and organizational measures to protect your personal data from unauthorized or unlawful processing.

DATA CONTROLLER AND CONTACT DETAILS

Zagrebačka banka d.d., PIN: 92963223473, having its registered office at Trg bana Josipa Jelačića 10, 10000 Zagreb, Republic of Croatia (hereinafter referred to as: "the Bank"), e-mail: zaba@unicreditgroup.zaba.hr, phone: 0800 0024, acts as a data controller.

WHAT PERSONAL DATA IS AND HOW DOES THE BANK COLLECT PERSONAL DATA?

"Personal data" is any data or a combination of data that relates to an individual whose identity is determined or might be determined (hereinafter referred to as: "data subject"), such as mandatory data for job application: first name, last name, e-mail address, professional qualifications, last academic program/level completed, preferred job location and other information provided in the curriculum vitae.

The Bank collects and processes your personal data in order to conduct the selection of applicants in order to establish an employment relationship with the selected applicant, and such data is/was:

  • provided by you in your curriculum vitae, documents and forms submitted for the purpose of job application process or considerations regarding subsequently opened positions in the Bank;
  • provided to the Bank by you, either orally or in writing, during and for the purposes of the selection process through business communication with the Bank, including phone communication, communication via e-mail, communication using digital channels (e.g. communication via Teams), the Bank’s website; 
  • provided to the Bank by third parties on the grounds of a valid legal basis (employment agencies, the Bank’s recruitment business partners, the Bank’s employees through our recommendation system);
  • obtained through psychological testing conducted by the Bank for the purpose of assessing personality traits and cognitive abilities of applicants,
  • depending on the needs of specific positions, obtained through expertise testing conducted through video and photo shoots for the purpose of assessing the specific professional knowledge of applicants,  
  • depending on the needs of specific positions, obtained through video interviews (oral answers provided by the applicants to predefined questions) for the purpose of assessing the personality traits and competencies of applicants required for a specific position,
  • generated as a result of a LinkedIn searches,
  • generated by the Bank’s processing of any of the above-mentioned types of data/information.

When collecting your personal data, the Bank follows the principle of collecting the minimum necessary personal data for a particular purpose. A precondition for any collection of personal data of data subjects is the existence of an appropriate legal basis for processing.

PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASES FOR SUCH PROCESSING

Personal data obtained from you and/or third parties (employment agencies, the Bank’s recruitment business partners) the Bank, in the capacity of data controller, processes to achieve the purpose associated with the rights and obligations related to the selection of applicants with the aim of establishing an employment relationship with the selected applicant:

  • in order to take steps at the request of the data subject prior to entering into a contract e.g.:

- application for employment,
- selection process,
- making a binding offer,

  • in order to fulfill the legal obligations of the Bank as a data controller:

- assessment of the applicants’ suitability to perform key functions for the selection of applicants and employment of the selected applicant.

The processing of personal data for the purposes prescribed by law (assessment of the suitability of candidates for key positions in the Bank for the purpose of employment) is a legal obligation of the Bank and there is a possibility that the Bank will not enter into a contractual relationship with an applicant, or it may withhold certain rights in connection with the employment relationship if the applicant does not submit requested information or the assessment determines that the candidate does not meet the suitability requirement.

  • for the purpose of the Bank’s legitimate interests during the following processing:

- asessment of the acceptability of the applicant’s outside business interests in order to manage the risk of potential conflict of interest with respect to determining the scope of data processing in accordance with the regulatory requirements of the Bank as well as of the UniCredit Group. For this purpose, the Bank will conduct specific internal controls by processing/comparing your personal data obtained through a tender procedure/recorded in the Bank's applications, with the data from public databases containing legal entities’ information, as well as with the data of legal entities as the Bank's clients,
- screening for negative news involving the applicant for the purpose of managing the risks associated with money laundering and terrorism financing,

  • on the basis of your consent to the processing of personal data, for example during the following processing:

- conducting psychological testing, proficiency testing, or interviews through video/photo shoots as a distancing method (one-time consent),
- in connection with other job openings in the Bank following the closure of the recruitment process for the tender for which you initially applied,
- exchanging data with the members of the Zagrebačka banka Group for the purpose of considering the applicant for job openings at the members of the Zagrebačka banka Group.

You can withdraw your consent at any time, and you have the right to object to the processing of your personal data for the purposes specified in the consent(s) given.

The withdrawal of consent will not affect the lawfulness of processing of personal data based on consent before its withdrawal.

EXISTENCE OF AUTOMATED DECISION MAKING

In connection with the business relationship with you as an applicant and in the processing of your data, the Bank does not use automated decision-making that would produce negative legal effects for you as the data subject in accordance with Article 22 of the General Data Protection Regulation.

RECIPIENTS OF PERSONAL DATA

In its role as a data controller in accordance with the aforementioned purposes, the Bank does not share your personal data with third parties, other than with UniCredit S.p.A. regarding certain key functions and the Zagrebačka banka Group, provided you have given your consent in that regard.

Recipients of personal data may be IT companies that provide the Bank with services for the use of application solutions (e.g., tender application software or applicant testing).

RETENTION PERIOD AND CRITERIA FOR DETERMINING THE RETENTION PERIOD

The Bank will process your personal data during the tender, after which your personal data will be deleted.

If you have consented that we may contact you in connection with subsequent job openings, the Bank will not delete your data, but will retain it in accordance with the period specified in the consent in order to contact you regarding new job openings.

If you have been selected to enter into an employment relationship with the Bank, upon employment your data will be kept within the deadlines prescribed for keeping the data of the Bank’s employees, of which you will be informed upon employment.

In cases where the law does not prescribe the retention period for a particular data processing, the Bank in its role as a data controller will determine the retention period itself, ensuring that the data is always retained only for as long as necessary to achieve the purposes for which they are processed.

WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

Each applicant has the following rights:

  • the right of access to information (pursuant to Article 15 of the General Data Protection Regulation):

- allows you to find out whether your personal data are being processed i.e., to obtain a certificate from the Bank stating whether your data is being processed, purposes of processing, categories of personal data being processed, recipients or categories of recipients of your personal data, envisaged period for which your personal data will be stored, and similar;

  • the right to rectification (pursuant to Article 16 of the General Data Protection Regulation):

- allows you to request correction of inaccurate or incomplete data which concern you;

  • the right to erasure (pursuant to Article 17 of the General Data Protection Regulation)

- allows you to request the deletion of personal data. However, the Bank will not be able to delete your personal data if the processing is necessary (e.g., for the purpose of complying with the prescribed data retention requirements or establishing, exercising or defending legal claims);

  • the right to restriction of processing (pursuant to Article 18 of the General Data Protection Regulation)

- allows you to request a restriction of processing of personal data in case you contest the accuracy of the personal data, when you consider the processing is unlawful and you oppose the erasure of the personal data and you request the restriction of their use instead, or if you have objected to processing of your personal data and pending the verification whether the controller’s legitimate interests override your interests;

  • the right to data portability (pursuant to Article 20 of the General Data Protection Regulation)

- which allows you to transmit your data to another data controller. Please have in mind that the right to portability only applies to the personal data you have provided to the Bank yourself;

  • the right to object (pursuant to Article 21 of the General Data Protection Regulation)

- allows you to object to the processing of personal data if the processing is performed in the public interest or is necessary for the purpose of pursuing a legitimate interest of the Bank (including profiling). The Bank will refrain from further processing of your personal data, unless it demonstrates compelling legitimate grounds for the processing (the grounds that override the interests, rights and freedoms of data subject), or processing is necessary for establishing, exercising or defending legal claims;

  • to right to lodge a complaint with a supervisory authority (pursuant to Article 77 of the General Data Protection Regulation)

- allows you to submit your complaints not only to our Data Protection Officer, but also to the Croatian Personal Data Protection Agency.

HOW CAN YOU EXERCISE YOUR RIGHTS AS A JOB APPLICANT?

You can exercise your rights by submitting a written request to the following e-mail address: posao@unicreditgroup.zaba.hr

We will send our response to you within the period of one month from the date of receipt of your request. In exceptional cases, the said deadline may be extended for additional two months depending on the complexity and number of requests, of which you will be appropriately informed.

If you have any questions regarding your rights, you can contact our Data Protection Officer at the following e-mail address:
sluzbenik.za.zastitu.osobnih.podataka@unicreditgroup.zaba.hr .

In addition to contacting our Data Protection Officer, you can also refer all your complaints to the Croatian Personal Data Protection Agency using the following contact details:
Agencija za zaštitu osobnih podataka
Selska cesta 136
10 000 Zagreb
e-mail: azop@azop.hr
phone: 00385 (0)1 4609-000
fax: 00385 (0)1 4609-099

The zaba.hr website uses cookies. Necessary cookies are required for the functioning of the website. Other cookies enable visitor tracking in order to improve our services and provide a better marketing experience. If you reject other cookies, our website may work differently and its use may be less convenient.
More about cookies and settings change

Accept all Accept only necessary

Types of cookies

Consent

Custom cookie settings

Below you can enable or disable the use of individual categories of online cookies, and you can subsequently change your choice at any time. If you are not sure, you can find detailed information about the cookies we use on zaba.hr pages in our cookie policy.

Technical cookiesAlways active

They enable the proper and safe operation of websites.


Performance cookies

They enable improvements in the use of websites.


Marketing cookies

They enable tracking of website visitors and collect data used to personalize ads and user experience.


Analytical cookies

They record statistical data that enable the improvement of our pages and our offer.