1. Home
  2. Data Protection

Data Protection

 

Pursuant to Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) applicable as of 25 May 2018, the Board of OTP banka adopted the Data Protection Policy which regulates the processing of Your personal data.  

From Wednesday, 27 May 2020, credit institutions in the Republic of Croatia continue to exchange data on citizens' credit exposure. The mentioned data exchange will be carried out using the IT system called „OSR system“, within HROK d.o.o. Find out about the processing of personal data in the OSR system. 

We inform all citizens that in May 2025, the Croatian Personal Data Protection Agency has moved to a new location, Ulica Metela Ožegovića 16, Zagreb. This information is also available at the following link: AZOP notification. 

Other

Find below the information and your rights relating to the processing of Your personal data:

  • Data controller is OTP banka, and its contact information are the following: OTP banka d.d., Domovinskog rata 61, 21 000 Split, taxpayer ID No.: 52508873833, phone 0800 21 00 21, e-mail address: info@otpbanka.hr;
  • Contact information of the data protection officer in OTP banka d.d. are: Data Protection Officer, Domovinskog rata 61, 21000 Split, e-mail address: zastita-osobnih-podataka@otpbanka.hr;
  • You have the right to request from the Bank the access to your personal data and detailed information on how your personal data are processed at any time. However, exercising one’s right to data access must not have a negative impact on the rights and freedoms of others;
  • You have the right to obtain from the Bank the rectification of inaccurate personal data. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. The Bank shall take the necessary measures reasonably expected from it, to verify the accuracy of data and to rectify them;
  • You have the right to obtain the erasure of personal data if one of the following conditions is met:
    • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • You withdraw consent on which the processing is based;
    • You object to processing of personal data based on the legitimate interest of the Bank or a third party, including profiling based on such grounds, and to processing of personal data for marketing purposes, which includes profiling to the extent that it is related to such direct marketing. In the first case, no data will be deleted if the legitimate interests of the Bank are stronger than the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
    • The personal data have been unlawfully processed;
    • The personal data have to be erased for compliance with legal obligations further to other legal regulations.
  • You are entitled to obtain restriction of personal data processing, subject to the following conditions:
    • You contest the accuracy of the personal data for a period enabling the Bank to verify the accuracy of the personal data;
    • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
    • The Bank no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
    • You have objected to processing based on legitimate interest, including the profiling based on such data, pending the verification whether the legitimate grounds of the Bank override yours.

    You will be informed by the Bank before the restriction of processing is lifted.

  • You are entitled to portability of your personal data. This means that, on your request, you can receive the personal data concerning yourself in a structured, commonly-used and machine-readable format, and to transmit those data to another controller provided that the processing is based on consent or necessary for execution of a contract where you are one of the parties, or to enable activities preceding the conclusion of the contract at your demand or in case if the processing is carried out by automated means. In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  • You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself, when the data is processed based on the legitimate interest of the Bank or a third party, including profiling based on such grounds. In this case, the Bank shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims
  • Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing, in which case, the Bank may no longer process data for such purposes.
  • You are entitled to lodge an objection with the authorised supervisory body of the Republic of Croatia, i.e. the Croatian Data Protection Agency, Ulica Metela Ožegovića 16, 10000 Zagreb.

Other information on processing of your personal data in line with the General Data Protection Regulation (EU) 2016/679 are included in the Data Protection Policy that will be given to you upon collection of your personal data.

The Data Protection Policy is published on the Bank’s website and is available at Bank’s branches.