Privacy Policy – Law Firm Avdagić Privacy Statement

In general

The Avdagić law firm takes the issue of security and its legal responsibility regarding your personal data very seriously. This Privacy Statement states which of your personal data we collect through interaction with you, how we process that personal data, and provides information about your rights regarding the processing of your personal data.

Data processing manager

The data manager at the Avdagić Law Office is lawyer Jasmin Avdagić, and for other lawyers with whom the office is connected, each lawyer is a separate and independent business entity and is responsible for its own management of data processing.


We collect and process personal data from: our clients, suppliers, business contacts and potential clients (and/or individuals associated with them); individuals whose personal data we collect for the purpose of providing professional services to our clients (e.g. employees of our client, customers and suppliers, family members of our clients and their and our employees, contact persons from state agencies, other collaborators of respondents);

our employees and job candidates in our office;

and visitors to our website and social media;

What personal data do we process?

Depending on the nature of the services provided, the legal obligations to which we are subject, our legitimate interests or the consent you give us, we may collect the following categories of personal data:

your name, age, date of birth, gender, language;

your contact (eg address, name, phone, e-mail and other details);

description of your business activities;

Your marital status and information about your family;

employment and education details (eg the company you work for, your title and education details);

identification numbers (eg personal identification number, passport number, identity card number);

salary, income, tax, creditworthiness and other financial information;

hobbies and social occupations;

your IP address, browser type and language preference;

Your access time; posts on social media (Facebook, LinkedIn, blogs, forums…);

For certain services or activities, and when required by law or with the explicit consent of the individual, we may also collect special categories of personal data. Special categories include race or ethnicity; political commitment; religious or philosophical beliefs; membership in trade unions; information about physical or mental health; genetic data; biometric data; sex life or sexual orientation and criminal records.

How do we collect personal data?

We can collect data either if you give it to us, or if we receive it from other persons (e.g. a client about its employees, customers, clients and other subjects whose data it collects; other collaborators of the subject; state agencies; or third parties that are service providers which we use in our business…), through your connection to our Wi-Fi network, through our websites and social media tools or because they are publicly available.

Use of personal data

Except in situations where we process your personal data on the basis of your (explicit) consent, we may process your personal data for the purposes listed below, because the processing is necessary for (1) compliance with our legal and regulatory obligations, (2) execution of a contract in which You are a party or taking steps at your request before entering into a contract and/or (3) for the purpose of our legitimate interests related to the delivery of our services or business.

We use personal data for the following purposes:

Initial contracting or continuing contractual relationship: In order to start and continue working with our clients, we are legally required to take certain steps (ZSPN). We will process personal data about our clients, their owners and representatives.

Providing professional services to our (potential) clients. We process personal data in order to deliver services to (potential) clients, where they themselves may be respondents, respondents’ employers or employees of respondents.

Administration, management and development of our business and services: we process personal data in order to be able to do business, including managing relationships with our customers, fulfilling our own administrative, accounting and corporate obligations, maintaining and using our IT systems, developing our business and services, organizing events, managing our systems and applications.

We also process personal data about our suppliers, subcontractors and individuals associated with our suppliers and subcontractors to manage the relationship, the contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.

Recruitment and Personnel Administration: We collect personal information from job applicants in order to hire new employees. We also collect personal data about our staff for administrative, management and management purposes.

Security, quality and risk management: personal data may be processed in the context of protecting our information and that of our customers and as part of risk analysis and internal quality.

Advertising and Website: We may process personal data for the purpose of advertising, in order to provide you with information that we believe will be of use to you, all in accordance with the Ordinance on Advertising, Advertising and Lawyer Websites.

Compliance with any law, regulation or professional body of which we are a member: As with any professional service provider, we are subject to legal, regulatory and professional obligations. We must keep certain records to demonstrate that our services are provided in accordance with these obligations, and these records may contain personal information.

Protection of our rights and the rights of our clients;

To whom do we disclose personal information?

From time to time, we may transfer or disclose your personal information to employees of the Avdagić law office, lawyers with whom we cooperate for mutual representation or joint representation, or to third parties for any of the above purposes, including state and professional agencies and third parties that provide services in our name, such as providers of web hosting services, IT, payment services, customer relationship management services…

When we disclose your personal information to third parties that perform services on our behalf, we ensure that such service providers use your information only in accordance with our instructions and we do not give permission for their use or disclosure, unless it is necessary to perform services on our behalf or in accordance with applicable legal obligations.

We may also disclose your personal data to third parties if this is required by law or if you are brought into connection with any legal proceedings, i.e. for the purpose of establishing, exercising or defending our legal rights. Due to the global nature of our business, we may transfer your personal data outside the European Economic Area (EEA) to countries whose data protection laws may not be as comprehensive as those in the EU.

When we transfer data outside the EEA, we will only transfer personal data (i) to a country deemed by the European Commission to have adequate data protection laws; or (ii) where we have put in place an appropriate data transfer mechanism, such as EU Standard Contractual Clauses, to ensure that your personal data is adequately protected.

We do not sell or rent your personal data for any purpose.

Subject of data processing and his rights Where we act as a data controller for your personal data, you may exercise several rights over your data, including: access to your personal data that we have ask us to correct any of your personal data we hold that is incorrect request the deletion of your personal data withdraw consent to the processing of your personal data (on the condition that we process your personal data based on consent) set restrictions on the processing of your personal data complain about our processing of your personal data ask us to transfer your data to another controller (data portability).

If you want to exercise any of your rights, contact us at and, in accordance with the applicable privacy regulations, we will enable you to exercise your rights. In order to prevent unauthorized disclosure of your personal data, we must confirm your identity.

In case of doubt or ambiguity, we will first ask you for additional information (preferably a copy of your identity card). In the event that we receive a request from you to exercise one of your rights, and as part of the relationship with the client, we act only as a data processor, we will inform you about this and refer you directly to our client as a data processor.

Questions and complaints

If you have any questions or complaints regarding this privacy statement or the way we collect and process your personal data, please contact our data protection officer:

Asja Žuvela Kaloper +385 22 214-114

If you are not satisfied with the way we handled your personal data and we are not able to solve the problem for you, you can contact the Personal Data Protection Agency:


Phone: + 385 (0)1 4609-000

Duration of processing

We will retain your personal data in our systems for a maximum of the following periods: (i) as necessary depending on the purpose of collection; (ii) for as long as required by law; or (iii) until the end of the period in which litigation or investigations related to our services may arise.

After the expiration of the retention period, personal data will be deleted or become anonymous.

Data security

We ensure appropriate technological and organizational controls that protect your personal data from loss, misuse, alteration or accidental destruction, such as the use of anti-virus programs, firewalls, secure servers, encryption software hard disk management, password protection, physical access control, two-factor authentication, detection of intrusions and anomalies,…

Our employees who have access to your personal data are trained to maintain confidentiality. Access to personal data will be allowed to them only to the extent that they need certain personal information to properly perform their duties. Persons who can use your data are also bound by strict professional discretion. The data protection conditions apply to the same standard for all our contractors, subcontractors and suppliers.

We regularly monitor and test our security protection to ensure it continues to be effective against the latest threats.

Data transmitted over the Internet and through this website is protected by encryption technologies to ensure security.

Children and our website

Avdagić Law Office understands the importance of protecting children’s privacy, especially in the online environment. Our websites are not designed or intended for children. It is our policy that we will never knowingly collect or hold information on our websites about anyone under the age of 16. If you are under the age of 16, you must obtain the consent of a parent or guardian to submit data through our website. Please ask them to review this information before communicating with us.


In order to automatically collect the data described in the previous section, we use “cookies”. A cookie is a small amount of information that is sent to your browser and stored on your computer’s hard drive. Please see our Cookie Policy for more information about cookies and how you can change your settings to delete or refuse cookies.

Changes to the privacy statement

This privacy statement applies as of June 2018. We may change it from time to time. Any changes will be posted on this page and we recommend that you check it regularly to keep up with our data processing activities.