Privacy Policy/Statement on the Processing of Personal Data
Selekcija d.o.o.
Address: Stobrečka 10, Split, Croatia
Phone number: 021648685
E-mail: administrator@selekcija.hr
Data Protection Officer: gdpr@selekcija.hr
We collect and process the following personal identifiers (collectively personal data):
- First and last name
- E-mail address
- Date of birth
- Home address
- Age of the individual
- Gender
- IP address or domain name of the computer through which individuals visited your website
- Photographs (depiction of individuals)
- Video recordings
- Level of education
- Contact number
- Results of psychological testing (personality, cognitive potential, motivation...)
We process personal data for purposes that are clearly defined and lawful.
Selection process (employment): If you have applied for a job, we process the data you have provided us (name and surname, e-mail, contact information, gender, level of education). We process the mentioned data based on our legitimate interest in conducting the selection process and keep it for up to 36 months. We keep test results, with your consent, for 36 months. Surveillance photos and video responses are kept for 6 months. If you have not given consent, we delete your data immediately after the selection process is completed, but no later than 120 days from application.
Purchase of psychological tests via online shop: If you purchase a test independently through the Selekcija.hr platform, we process the data necessary to provide the service (education, age, gender, answers and test results). The legal basis for this processing is contract execution. Without processing the mentioned data, we are unable to provide testing services and insights into test results. We keep results and related data for up to :days days so that you have access to results within the specified period.
The Selekcija.hr system is set up for automatic and secure deletion of data after the retention period expires. Selekcija.hr enables purchases via bank cards. The payment processing service is performed by Stripe system, while invoicing is done by Minimax system. Depending on the settings of the event in question, payment for products/services on the Selekcija.hr platform can be made with the following cards:MasterCard
Visa
Diners
We have implemented strict security measures to reduce the risk of injury and misuse of your personal data, such as unauthorized disclosure and unauthorized access to your data.
We use firewalls, strong passwords, antivirus programs, an implemented password management system in accordance with ISO 27001:2013 standards for controlling password complexity, prohibiting guessing/brute forcing passwords, mandatory setting of a new password after reset and upon first login, and prohibiting setting previous passwords when changing them. We also use two-factor authentication during login with access rights management for all systems according to ISO 27001:2013 standards. All stored passwords are hashed with at least the SHA 256 algorithm and other measures for personal data protection (such as encryption and pseudonymization).
Only authorized personnel have access to personal data, and we have regulated the subject of processing with our bylaws.
We regularly organize personal data protection training for our employees to inform them about their obligations arising from the legal framework for data protection and to raise awareness about personal data protection within our organization.
Data encryption - minimum TLS 1.2.
All personal data at rest must be encrypted with industry-standard encryption – at least AES256 – key management must comply with ISO 27001:2013 standards
The web server and all associated systems must be managed by measures and controls prescribed by ISO 27001:2015 standards
All personal data must have encrypted backups that are no older than 24 hours, with at least quarterly testing of data restoration processes that ensure continuous improvement as prescribed by ISO 27001:2013 standards
All data in transit must be encrypted with a strong SSL certificate – at least aes-cbc-essiv:sha256-bit (LINUX) and AES; XTS-AES-256-bit (Windows10) – and should be managed according to the requirements of ISO 27001:2013 in terms of change management and managing the entire media lifecycle, which certainly includes assignment/de-assignment as well as monitoring and reporting incidents of media loss
When using cloud services, all personal data must be protected by end-to-end encryption during transmission and encrypted during use and at rest. The system must be certified according to ISO 27001:2913 standards
Management and listing of all system logs in accordance with ISO 27001:2013 standards
Conducting regular "penetration tests” at least once a year
Protection against DoS and DDoS attacks
Control incoming IP addresses so as not to overload the server's operation or disable availability
Limited access to server resources through IP Whitelisting with appropriate recording and management in accordance with ISO 27001:2013 standards
Right of access to personal data
You have the right to access your personal data that we process about you and you can request detailed information, especially about their purpose of processing, the type/categories of personal data being processed including access to your personal data, the recipients or categories of recipients, and the anticipated period during which the personal data will be stored. Access to personal data may be restricted only in cases prescribed by Union law or our national legislation, or when such restriction respects the essence of fundamental rights and freedoms of others.
Right to rectification of personal data
You have the right to request correction or completion of personal data if your data is not accurate, complete, and up-to-date. To do this, send us a request. Please note that it is necessary to specify in the request what exactly is not accurate, complete, or up-to-date and in what way it should be corrected.
Right to erasure
You have the right to request the deletion of personal data relating to you if one of the following conditions is met: Your personal data is no longer necessary concerning the purpose for which we collected or processed them; you have withdrawn consent on which processing is based according to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for processing; you have objected to processing your personal data according to Article 21(1) GDPR and there are no overriding legitimate grounds for processing; personal data has been unlawfully processed; personal data must be erased for compliance with a legal obligation under Union law or Member State law applicable to the controller; personal data has been collected in relation with offering information society services referred to in Article 8(1).
Right to restriction of processing
You have the right to obtain restriction of processing if: you contest their accuracy; if processing is unlawful but oppose their erasure; if the controller no longer needs personal data but you require them for establishing, exercising, or defending legal claims; if you have objected against processing your personal data.
Right to object
If personal data are processed based on legitimate interest or for direct marketing purposes, you can object against such processing.
Right to portability of personal data
You have the right to receive your previously provided personal data from a controller in a structured format commonly used and machine-readable. You have the right to transfer those data without hindrance from one controller where they were provided if automated means process it based on consent or contract.
The aforementioned rights do not apply insofar as processing is necessary: for exercising freedom of expression and information rights; for compliance with a legal obligation requiring Union law or Member State law applicable on controllers' part or performing tasks carried out in public interest/exercise official authority vested in controllers; for archiving purposes in public interest/scientific/historical research/statistical purposes per Article 89(1), where likely exercise thereof would render impossible/seriously impair objectives achievement thereof; establishing/exercising/defending legal claims.
We share your data with the following recipients in order to provide you with our services. We share personal data with third-party vendors and other service providers who perform functions or services on our behalf and according to our instructions to make our services available to you. This includes:
- Cloud data storage
- SCALEWAY S.A.S, located at BP 438, F-75366 Paris Cedex 08, France, EU – processes personal data within the EEA, the data center is located in France (Paris). Purpose of processing: hosting platform and data.
- Mailgun Technologies, Inc, located at 112 E Pecan St #1135, San Antonio, TX 78205, United States – processes personal data within the EEA. Purpose of processing: automated message sending from the platform. Servers are located in Belgium and Germany
- Cloudflare, Inc., located at 101 Townsend St, San Francisco, CA 94107. Data is stored and processed in Europe: Rosental 7, 80331 Munich, processes personal data within the EEA. Purpose of processing: online service for protecting the external/access part of the platform from malicious attacks and all other threats from the internet
- Apilayer GmbH (IPstack service), Elisabethstraße 15, 1010 Vienna, Austria, registration number: FN443956b – processes personal data within the EEA. Purpose of processing: IP stack – for recognizing user language and time zone for platform customization
We have established legal bases for disclosing your personal data to the above-mentioned third parties and have entered into contracts with our suppliers (processors) that regulate the processing of your personal data (in accordance with Article 28 of the General Data Protection Regulation).
On our official website, so-called cookies are used – text files that a web server places on the user's computer through which the Internet Service Provider (ISP) displays the website.
We use only technical and functional cookies, such as those that remember the language, selected theme, or font size, as well as cookies necessary for the security and proper functioning of the website. These cookies do not collect personal data for marketing or analytical purposes but are used solely to provide better and safer functionality. For this reason, user consent is not required for their use.
List of cookies:
| Cookie Name | Domain | Purpose | Type / Note | Duration |
|---|---|---|---|---|
| locale | europe.recruiter.hr | Remembers selected language | Functional | 1 year |
| country_code | europe.recruiter.hr | Remembers country / local settings | Functional | 1 year |
| timezone | europe.recruiter.hr | Remembers time zone | Functional | 1 year |
| selected_theme | europe.recruiter.hr | Remembers selected theme (light/dark) | Functional | 2 years |
| selected_font_size | europe.recruiter.hr | Remembers font size | Functional | 2 years |
| selected_font_family | europe.recruiter.hr | Remembers selected font family | Functional | 2 years |
| is_custom_theme | europe.recruiter.hr | Records whether a custom theme is used | Functional | 2 years |
| XSRF-TOKEN | europe.recruiter.hr | Security cookie (CSRF protection) | Security | 1 year |
| selekcijahr_session | europe.recruiter.hr | Session ID (keeps session active) | Session only | for the duration of the session |
| di7P7FiJIh9Ez33AzYlxLPHDRltjwmAVu0YsTlSM | europe.recruiter.hr | Internal session / random ID | Session only | for the duration of the session |
| Google Fonts (requests) | fonts.googleapis.com | Loading fonts (external source) | External resource | short-term (minutes/hours) |
If you have any questions, concerns, or complaints regarding how we use and process your personal data, you can send us an inquiry/complaint at gdpr@selekcija.hr.
You also have the right to file a complaint with the supervisory authority for personal data protection:
Agency for Personal Data Protection, Selska cesta 136, Zagreb, email: azop@azop.hr
We regularly update the privacy policy to ensure it is accurate and up-to-date, and we reserve the right to change its content if we deem it necessary. You will be promptly informed of all changes and amendments via our website in accordance with the principle of transparency.
A video surveillance system has been introduced in the business premises of the company Selekcija d.o.o. at Stobrečka 10, Split, for the purpose of property protection.
Last update: 22.09.2025.