Logo Croatia Connect

Privacy Policy

"CROATIA CONNECT" DOOEL Prilep

This Privacy Policy explains how "CROATIA CONNECT" Single Member Limited Liability Company – Prilep ("CROATIA CONNECT" DOOEL) processes the personal data of users of the website and platform for connecting candidates and employers.

1. Data Controller

The controller of personal data processing is:

Company name: "CROATIA CONNECT" DOOEL

Registered address: Malo Konjari b.b., 7500 Prilep, Republic of North Macedonia

Company registration number: 7887809

Privacy contact email: support@croatiac.com

This Policy applies to all users of the website and services of "CROATIA CONNECT" DOOEL, including job seekers and employers.

2. Categories of Persons and Personal Data

2.1 Job Seekers

For job seekers, we may process the following categories of personal data:

  • Basic data: first and last name.
  • Contact data: email, phone number.
  • Professional data: previous and current jobs (job title, company name, location – including location entered via Google Maps), work experience description, skills.
  • Documents: CV, cover letter and other documents voluntarily uploaded by the candidate.
  • Platform usage data: username, registration date and time, job application data, communication history through the platform, IP address, login logs and technical data from device/browser.

Certain fields may be mandatory to create a profile and use the services (e.g., name, contact email, phone, basic work experience information).

2.2 Employers and Business Contacts

For employers (clients) and their authorized persons, we may process:

  • First and last name of contact person.
  • Position in the company.
  • Business email and phone number.
  • Company data, job postings and candidate requirements.

3. Processing Purposes

Personal data is processed for the following purposes:

  • Registration and management of user profile (candidate and/or employer).
  • Enabling candidate profile creation, entering work experience and contact data.
  • Enabling job posting by employers and applications by candidates.
  • Connecting candidates with employers and facilitating communication between them.
  • Communicating with users regarding their profiles, applications, job postings, interviews and job offers.
  • Ensuring technical functioning, security and improvement of the website (logs, abuse prevention, usage statistics).
  • Sending service-related notifications (system messages, terms changes, security notifications).
  • Marketing communications (newsletter, promotional messages) only if the user has given prior consent.

4. Legal Basis for Processing

Personal data is processed based on:

Performance of contractual obligations and taking steps at the request of the data subject prior to entering into a contract

processing of personal data of candidates and employers is necessary to enable the use of the employment mediation platform (registration, job postings, applications, information exchange).

Legitimate interest

maintaining and improving a secure, functional and efficient platform, internal statistics and abuse prevention, provided that these interests do not override the rights and freedoms of data subjects.

Consent

for activities that are not necessary for basic service use (e.g., newsletter, marketing messages, longer profile retention after the usual period expires), processing is carried out only based on prior, clear consent, which the user may withdraw at any time.

5. Processing Principles and Minimization

"CROATIA CONNECT" DOOEL processes personal data in accordance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability.

Only personal data necessary to achieve the stated purposes is collected and processed. Users are encouraged to regularly update their data.

6. Personal Data Recipients

Personal data may be disclosed to:

  • Employers (platform clients) to whom the candidate has applied or expressly consented to have their profile/data accessible.
  • External IT service providers (hosting provider, technical support, email service, analytics tools), who act as personal data processors based on a contract and are obliged to protect the data and act exclusively according to the instructions of "CROATIA CONNECT" DOOEL.
  • Competent state authorities, inspections, courts and other institutions, only when there is a legal basis or legal obligation to disclose the data.

7. Retention Periods

The candidate's profile and personal data are kept as long as the candidate has an active profile on the platform and the services are reasonably expected to be used.

If the profile remains inactive for a longer period (e.g., 24 months) or the candidate requests deletion, the data will be deleted or anonymized, unless there is a legal obligation for longer retention (e.g., accounting documentation).

Data related to contracts, financial and accounting obligations are kept for the periods determined by applicable laws in these areas.

Specific retention periods may be additionally regulated in internal acts and technical documentation.

8. Personal Data Security

"CROATIA CONNECT" DOOEL applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • use of secure access protocol (e.g., https);
  • access controls, strong passwords and the "minimum necessary access" principle;
  • regular backups and data recovery measures;
  • confidentiality obligations for employees and engaged persons who have access to personal data;
  • contractual security and confidentiality obligations with external processors.

Despite the measures taken, no system can guarantee absolute security. In the event of a personal data incident, measures and procedures will be taken in accordance with the law.

9. Transfers to Other Countries

If personal data is transferred to countries outside the Republic of North Macedonia or the European Economic Area, the transfer will only be made:

  • to countries/entities for which an adequate level of protection has been established, or
  • based on appropriate safeguards (e.g., standard contractual clauses or other mechanisms provided for by applicable regulations).

Information about specific transfers and safeguards can be obtained upon user request.

10. Data Subject Rights

Every user whose personal data is processed has the right to:

  • obtain confirmation whether their personal data is being processed and, if so, access to that data and information about the processing;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data when there is no longer a legal basis for their processing;
  • request restriction of processing in certain cases;
  • object when processing is based on legitimate interest;
  • withdraw given consent, when processing is based on consent (e.g., newsletter), without affecting the lawfulness of processing before withdrawal;
  • exercise the right to data portability, where applicable.

11. Exercising Rights

The user can exercise their rights:

  • through their user profile, where technically possible to view, modify or delete data; and/or
  • by sending a written request to email: support@croatiac.com

The request should clearly state which right is being exercised and, if necessary, which data/period the request relates to.

"CROATIA CONNECT" DOOEL will respond within the deadlines provided by applicable regulations, usually within 30 days of receiving the request, with the possibility of extension in complex cases, for which the user will be notified in a timely manner.

12. Right to Complain to Supervisory Authority

If you believe that the processing of your personal data is contrary to applicable regulations, you have the right to file a complaint with the supervisory authority for personal data protection in the Republic of North Macedonia – the Personal Data Protection Agency. Contact information is available on the official website of the Agency.

13. Cookies and Similar Technologies

The website may use cookies and similar technologies for:

  • ensuring basic functionality (login, session maintenance, security);
  • improving user experience and analyzing website usage.

Necessary cookies are used based on legitimate interest/technical necessity. For analytics and marketing cookies, when used, consent will be requested through a visible cookie banner. More detailed information may be provided in a separate cookie policy.

Cookie Policy

14. Privacy Policy Changes

"CROATIA CONNECT" DOOEL reserves the right to periodically update this Privacy Policy to reflect changes in laws, services or technical solutions.

The updated version will always be published on the website with the date of last modification indicated. In case of significant changes, users will be appropriately informed (e.g., via email or website notification).

Applicable Regulations

When processing personal data, "CROATIA CONNECT" DOOEL adheres to:

  • The Law on Personal Data Protection of the Republic of North Macedonia ("Official Gazette of the Republic of North Macedonia" No. 42/20 and 294/21) and the bylaws adopted on its basis.
  • The principles and standards aligned with Regulation (EU) 2016/679 of the European Parliament and Council (General Data Protection Regulation – GDPR), where applicable in the context of services provided and users from the EU.