Privacy Statement of the Zagrebačka banka d.d. Website

Zagrebačka banka d.d. respects your right to the protection of personal data and bases its websites on technologies that provide a better and safer online experience. Please read this Information in order to understand how and why we process your personal data via the website.

Furthermore, additional information regarding the processing of personal data in connection with the provision of products and services shall be made available to you in certain forms, i.e. web-based forms you access and use to provide your personal data, as well as in the specific information regarding the processing of personal data (for example, for the purpose of scheduling an appointment for a video meeting or a meeting in the branch).

In general, you may find additional information on the processing of personal data by the Bank as the Controller and on the Bank's operations here .


Zagrebačka banka d.d., member of the UniCredit Group, PIN (OIB): 92963223473, with company headquarters at the Trg bana Josipa Jelačića 10, 10000 Zagreb, Republic of Croatia, e-mail:, tel: 01 3773 333 (hereinafter: Bank or controller) is the controller of personal data as regards the processing of personal data performed on this website.

Personal data categories, purposes and legal bases of processing

When you use the websites, your personal data is collected and processed, which allows us to identify you directly or in combination with additional information (“personal data”). The data are collected directly from you when you enter them/provide them on your own or by analyzing your activities on the website (as detailed below).

  • Information that you providepersonally:

The Bank collects this information when you choose to provide it (e.g. if you request the Bank to contact you about a particular service/product and you voluntarily provide your contact information), through, for example, an online chat conversation, through the “Schedule a meeting” form, through “Complaints", “Suggestions”, “Commendations”, etc.

If you contact our employees via chat or an online form on the Bank's website and request assistance or submit a question, we will process your data in order to provide the answers or services you have requested (e.g. if you request an appointment, etc.), and in order for the Bank to contact you when necessary and respond to your requests and inquiries. In this case, data processing is necessary for the exercise of one of your rights guaranteed by the relevant legislation (e.g. in order for us to respond to your complaint) or for the performance of an agreement with you, i.e. to take actions at your request before entering into an agreement.

Furthermore, in the event that you contact us via social media, we will collect the data you have provided when submitting an enquiry or a request so that we can respond to your request, which is based on the performance of an agreement concluded between you and the Bank, i.e. taking action at your request or if the processing is necessary to enable you to exercise one of your rights guaranteed by the relevant legislation (the Bank must respond to the complaint).

Therefore, your personal data that you provide are collected via websites, depending on the purpose.

Please note the required information marked as mandatory. Should you, as a user, refuse to provide the requested information necessary for us to undertake the requested or expected action for you, the action may not be feasible in certain cases (e.g. if the necessary information for making an appointment has not been provided).

  • Data we collect through cookies and other web technologies (hereinafter: cookies)

Operation of the website includes the use of computer systems and software processes that collect information about website users as part of their normal operation, and the transfer of this data is carried out by using internet communication protocols. Zagrebačka banka collects data of your device (computer, mobile phone, tablet, TV, etc.) used to access our website using cookies and other technologies (data layer). This data includes your IP address, hardware information, app version and language settings, type of browser, time of access and website addresses, location (country), information regarding your activities on our website (for example, the pages you visit, the products you browse - information on clicks and your access to the website at

Furthermore, the Bank collects and processes data to improve its websites and their content and in order to provide you with information and advertisements pertinent to you and your interests. This occurs after the installation of non-essential cookies (e.g. statistics and marketing cookies). For instance, for the purpose of recommending offers tailored to your needs and interests, providing you with information about other websites/services which the Bank deems relevant to you (e.g. about members or partners of the Bank).

In that connection, the storage of cookies, other than essential (necessary) cookies, requires your prior consent. You are under no obligation to give your consent to the storage of cookies and have the right to withdraw it at any time with no adverse consequences.

For more information on cookies, see here. You may also withdraw your consent subsequently by changing the settings under this link.

Consent is not required for necessary (technical) cookies and they are used to ensure that websites operate properly and securely (to ensure the proper operation of the website and to detect errors and/or abuse of the website). If these cookies are not enabled, some parts of the website will not function properly. These cookies cannot be disabled in the settings. For more information on the necessary cookies, see  here.

Moreover, most browsers feature a “Do Not Track” setting that allows users to request not to be tracked (e.g. tracking for analytics and profiling).

Please note that the “Do Not Track” feature will activate only upon the initial access, once you have enabled the feature on your device.

Who will have access to your personal data?

With the obligation to maintain confidentiality, the Bank shares data with trusted partners (mainly processing entities or sub-processors and with some separate controllers) for specific purposes: producing statistical analysis, providing technical or IT support or similar needs.

Furthermore, the Bank will share data with other recipients (e.g. a regulatory authority carrying out supervision/inspection, etc.) where this is legally required or on another legal basis mandatory for the Bank.

Where are your personal data kept?

We keep your personal data in a secure environment. Your personal data are protected from unauthorized access, disclosure, use, modification or destruction.

Processed data are stored in the controller’s premises and IT systems, while sometimes we store data on the servers of our trusted service providers.

This means that we share your personal data using secure IT systems. When we do so, data are transferred to servers located in the EU or in a country that ensures an adequate level of protection in accordance with EU law.

Use of social networks and other tools

For statistical analysis and site traffic measurement, also uses several statistical tools, particularly Adobe Analytics (hereinafter: Adobe). Adobe Analytics uses JavaScript code implemented on the website to collect data from users. When a user accesses a website, the JavaScript code records information such as the number of visits, pages viewed, time spent on the website, the source of visit, and many other relevant data.

Adobe Analytics is a website analytics tool that allows companies to track and analyze the behaviour of their website visitors and uses cookies to collect information about website visitors. When Adobe processes data, the information it collects includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network details, and application version number. These cookies enable tracking of user activity to collect data on activity, navigation and interactions, including IP address, system activity, as well as date and time.

Adobe provides data anonymization features that can be used by organizations to ensure the protection of user data. These features allow data to be collected and analysed without revealing the identity of individual users.

Additionally, Adobe collects website interaction data, including IP address, system activity, as well as the date, time, and the referring URL for the respondent's request.

The Bank also uses the services of Facebook, YouTube, Instagram, LinkedIn and Twitter and maintains company profiles there. This Information is not applicable to services and third parties that have separate privacy policies, i.e. information on the processing of personal data. For more information on their policies and how they use your personal data, please visit:

Please be aware that when you provide data through a social network, third parties who manage social networks may transfer your data to the USA (e.g. if they store them on servers in the USA or grant access to persons from the USA), where they are processed in accordance with the relevant regulations of the USA. If you want to contact the aforementioned third parties to exercise your rights or if you have any questions regarding their data collection and processing, you can contact them at the following addresses:

META PLATFORMS IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Facebook’s Data Protection Officer of:
Instagram’s Data Protection Officer:
You can also contact the Irish Data Protection Commissioner or the Personal Data Protection Agency in the Republic of Croatia.

Google Ireland, Ltd., Gordon House Barrow St, Dublin 4, Ireland

Youtube’s Data Protection Officer:
You can also contact the Irish Data Protection Commissioner or the Personal Data Protection Agency in the Republic of Croatia.


Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland

LinkedIn’s Data Protection Officer:
You can also contact the Irish Data Protection Commissioner or the Personal Data Protection Agency in the Republic of Croatia.

Twitter International Unlimited Company
Attn: Data Protection Officer
One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND

Twitter’s Data Protection Officer:
You can also contact the Irish Data Protection Commissioner or the Personal Data Protection Agency in the Republic of Croatia.

What are your rights? How can you exercise them?

You can exercise your rights guaranteed by the General Data Protection Regulation at any time, i.e. the right to withdraw consent, the right of access to personal data, the right to restrict of processing of your personal data, the right to rectification or erasure, the right to object to the processing of such data and the right to data portability.

Please contact us in this regard or if you have any questions at:, or The e-mail address of the Data Protection Officer:

In addition, you can lodge a complaint concerning the processing of personal data with the supervisory authority for the protection of personal data, i.e. the Personal Data Protection Agency, at Selska cesta 136, 10000 Zagreb (e-mail:, phone: 01 4609 -000).

The bank shall notify you of the action taken, i.e. respond to your request, immediately and at the latest no later than one month after receipt of your request. This time limit can be extended exceptionally by two additional months when necessary, considering the complexity and number of requests, about which the bank must inform you.

Storage of personal data

  • When collecting personal data, the Bank is guided by the principle of collecting the minimum required number of personal data for a particular purpose, i.e. as prescribed.
  • The consent to data collection (cookies) is given via a pop-up window and is renewed 12 months after your last acceptance or rejection of certain cookies.Thereby, personal data collected through cookies are stored depending on the duration of the cookies, i.e. until the user deletes the cookies from their device or changes the cookie settings on the Bank's website, whereby the proof of the cookie consent is retained for 12 months from the date of consent.

After the specified time periods, your data will be erased and/or anonymized, except for the data required by the Bank to be retained for a longer period of time in the event of a dispute and/or to be processed for the establishment or defense of legal claims. In this case, the data will be kept for a longer period of time as long as a purpose for the processing persists (e.g. until the conclusion of the procedure), i.e. as long as it is required in a specific circumstance.

Third Party Websites contains links to third-party websites.

This Information shall only apply to the website of the Bank. Therefore, whenever you visit other websites, we recommend that you read their information on the processing of personal data.

Amendments and updates

Zagrebačka banka reserves the right to amend this information and cookie banners anytime to provide new important information and to keep you informed about the ways in which Zagrebačka banka processes your data on its website. Therefore, we recommend that you check it occasionally for updates.

Last updated 4 September 2023

Types of cookies


Custom cookie settings

Below you can enable or disable the use of individual categories of online cookies, and you can subsequently change your choice at any time. If you are not sure, you can find detailed information about the cookies we use on pages in our cookie policy.

Technical cookiesAlways active

They enable the proper and safe operation of websites.

Performance cookies

They enable improvements in the use of websites.

Marketing cookies

They enable tracking of website visitors and collect data used to personalize ads and user experience.

Analytical cookies

They record statistical data that enable the improvement of our pages and our offer.