Privacy policy

INFIGO IS d.o.o. (hereafter INFIGO) specializes in providing services and solutions in the field of information security, personal data protection and advanced analytics and machine learning. With regard to the field of activity, INFIGO has set the privacy and protection of personal data of its temporary and permanent employees, clients, and partners as one of the key priorities in the part of internal harmonization of its business. This privacy policy covers the processing of personal data relating to users of INFIGO's services and solutions and INFIGO's business partners. Employee-related processing is covered by separate internal acts.

The policy is valid from: 25.05.2018.
Version: 2.0

Contact information
For all questions related to the protection of your personal data, feel free to contact us via the following contacts.

INFIGO IS d.o.o.
Karlovačka cesta 24A, 10000 ZAGREB
Tel: +385 4662 700
Fax: +385 4662 701

Categories of data subjects whose data we process

  • Existing clients – legal entities, users of our products and services with whom we have or have had a business cooperation agreement.
  • Potential clients – legal entities, potential users with whom we do not have a contract, but there is an opportunity to establish business cooperation.
  • External associates (business partners) – partners with whom we cooperate in various business areas, either for internal needs, or for the provision of services, or delivery of licenses for specialized business solutions.
  • Potential employees – candidates for employment who applied for a position at INFIGO.

Categories of personal data we process
Depending on the business need, we process personal data of the following categories of data subjects.
Category of data subjects Category of personal data Description
Existing and potential clients Basic identification data Name and surname, job title, name of the employer
Contact information Email address, phone number
Candidates for employment Basic identification data Name and surname, OIB
Contact information Email address, address, phone number
Curriculum vitae Data on work experience, certificates, education
External associates Basic identification data Name and surname, job title, name of the employer
Contact information Email address, phone number

For what purpose do we process your personal data?

INFIGO processes personal data for the following purposes.
Purpose of data processing Description Legal basis
Contract fulfillment In order to enable quality and complete fulfillment of contractual obligations and delivery of our services and products and products of our partners, we process the personal data of our clients, to the minimum extent necessary. This usually includes the contact person responsible for the fulfillment of the contract and other persons necessary for the implementation and fulfillment of the contract. Contract fulfillment, Article 6., paragraph 1. b).
Business development In order to develop business and create new business opportunities, INFIGO processes potential customer data gathered through various channels such as business meetings, tenders, conferences, etc. Personal data is processed to the minimum extent necessary for the realization of potential business opportunities. Legitimate interest, Article 6., paragraph 1. f).
Registration of sales opportunities with software manufacturers with which INFIGO cooperates In addition to developing its own products, INFIGO also offers its customers solutions from other manufacturers.


If you are interested in any of the products that INFIGO represents, or your interest is recognized as a sales opportunity, based on a legitimate interest, your data will be forwarded exclusively to the software manufacturer you are interested in.
Legitimate interest, Article 6., paragraph 1. f).
Exchange of data on conference visitors at which INFIGO is a sponsor with software vendors In order to promote its products and services, INFIGO organizes and participates in various conferences and seminars. Some of these events are organized by INFIGO, while some are organized by third parties.


Your contact information obtained by INFIGO through such events will not be passed on to a third party without your explicit consent, unless you have previously expressed an interest in one of the products offered by INFIGO.
Consent, Article 6., paragraph 1. a)
Photographing at events organized by INFIGO for advertising and marketing purposes INFIGO organizes various conferences and seminars with the aim of promoting its products and services.


Through such events, INFIGO can take photos for promotional purposes, which in some parts may also include participants of the event.


In doing so, INFIGO will take all necessary measures to ensure that the photos taken do not in any way endanger the privacy of visitors.
Legitimate interest, Article 6., paragraph 1. f)
Assessment of the complexity and scope of the service Occasionally, for the purpose of assessing the complexity of our services, we require potential clients to fill out a form that includes basic contact information and information necessary to assess the complexity of the project. Legitimate interest, Article 6., paragraph 1. f)
Direct marketing Occasionally, in order to present its services and solutions, INFIGO contacts its customers via e-mail or telephone. Through all direct marketing activities, INFIGO will enable users to be excluded from this type of processing (so-called "opt-out"). Legitimate interest, Article 6., paragraph 1. f)
Quality monitoring and improvement of our services As part of the quality management system according to the ISO/IEC 9001 standard, occasionally client's responsible persons are asked for feedback on the quality of our services through customized forms. Legitimate interest, Article 6., paragraph 1. f)
Web visitors tracking In order to track website visitors, INFIGO monitors basic information through the Google Analytics solution. More detailed information is available in our cookie policy. Legitimate interest, Article 6., paragraph 1. f)
Employment Employment candidates apply for open tenders or by sending open job applications. The employees of the HR department of INFIGO forward the resumes via e-mail to the heads of organizational units of INFIGO within which there is a need for employment.

In the event that there is currently no need for employment, candidate CVs can be kept, with the candidate's consent, for a period of two years from the moment they are sent.
Legitimate interest, Article 6., paragraph 1. f)

Consent, article 6., paragraph 1. a)

Data subjects' rights

INFIGO enables all the above categories of data subjects to exercise their right to privacy and data protection in accordance with the GDPR Regulation according to Articles 12-21.

INFIGO enables the exercise of the following rights:
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

In case of your need to exercise any of the above rights, feel free to contact us at the contact information listed in the introductory part of the document.
We will try to respond to your request as soon as possible, within 30 days at the latest.

Data storage

INFIGO processes all personal data for a specific period defined in accordance with business needs, unless the retention period is legally/contractually defined or the data subject requests, guaranteed by the GDPR, the right to be forgotten. At the INFIGO level, the Personal Data Processing Register is defined, which, among other things, defines the personal data storage periods within each identified personal data processing.

Transmission and exchange of data with third countries or international companies

INFIGO, as appropriate, exchanges the personal data of its existing or potential clients with the software vendor partners that INFIGO offers through its partnership representation agreements.

If we have entered into a License Delivery Agreement with a particular manufacturer, or you have an interest in any of the listed products (sales opportunity), your information will be passed on to a third party based on the agreement or legitimate interest.
In any other case, your data will be forwarded solely on the basis of your consent.

Security measures

INFIGO, as a company specializing in information security services, pays special attention to technical security and organizational measures for the protection of personal data. As a confirmation of the maturity of its initiatives and activities in the field of information system and data protection, INFIGO has certified its operations according to the internationally accepted standard ISO/IEC 27001: 2013.