Privacy policy

Privacy policy

The policy applies to all personal data of insured persons and related parties that we collect and process, directly or through its members and national insurance authorities of other countries, as well as to all services provided by Croatian Insurance Bureau (HUO).. Personal data is any data relating to a natural person whose identity has been established or can be established, directly or indirectly. Data processing is any action performed on personal data, such as the collection, storage, use, insight and transfer of personal data.

This Policy does not apply to anonymous data. Anonymous data is data that cannot be linked to a specific natural person.

The Croatian Insurance Bureau collects, processes, stores, delivers and uses personal data necessary for concluding insurance contracts, processing and liquidating insurance claims.
HUO respects the privacy of respondents and protects it in accordance with the law and best practices. Accordingly, HUO has adopted the following principles regarding the collection, use, storage, transfer, disclosure and destruction of personal data.

Personal data must be:

  • legally, fairly and transparently treated with respect to the Respondent (“legality, fairness and transparency”);
  • collected for special, explicit and legitimate purposes and may not be further processed in a manner inconsistent with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with Article 89 (1), shall not be considered incompatible with the original purposes ("purpose limitation");
  • appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("reducing the amount of data");
  • accurate and up to date as required; all reasonable measures must be taken to ensure that personal data which are inaccurate, taking into account the purposes for which they are processed, are deleted or corrected without delay ("accuracy");
  • kept in a form that allows the identification of Respondents only for as long as is necessary for the purposes for which personal data are processed; personal data may be stored for longer periods if the personal data are to be processed exclusively for archiving in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), subject to appropriate technical and organizational measures prescribed by this Regulation for the protection of the rights and freedoms of the Respondent ("storage restriction");
  • processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage through the application of appropriate technical or organizational measures ("integrity and confidentiality").

Data sources

HUO collects data in accordance with applicable laws from various sources:

  • Directly from the respondents and their proxies
  • Through our newsletter website
  • By email
  • Insurance companies
  • Ministry of Internal Affairs
  • Detective agencies
  • Green card application (local and web version)
  • Croatian Pension Insurance Institute
  • Croatian Institute for Health Insurance
  • Registrar's Office
  • Land books
  • Ministry of Finance
  • Foreign insurance authorities

We process the data for the following legal purposes:

  • representing and representing the interests of insurance companies in international institutions
  • the management of the Guarantee Fund
  • affairs of the Compensation Office
  • affairs of the Information Center
  • insurance statistics business
  • tasks of resolving complaints of insured persons, ie injured persons
  • affairs outside the court settlement of disputes between the insured, ie the contractor
  • insurance, ie consumers and insurance companies, ie insurance service providers.
  • keeping personnel records and accounting information related to employees
  • sending information and notifications about events and trainings to its members

We do not further process them in a way that is not in accordance with the purpose for which they were collected, unless otherwise prescribed by law or based on the consent of the user.


  • Name and surname
  • Vehicle identification number
  • OIB
  • Registration number
  • Personal or passport number (related to international damages)
  • Data on vehicle owners (name and surname, address)


  • date of birth
  • Birth certificate
  • Marriage certificate
  • Death certificates


  • Notes on payment (payment of damages)
  • Real estate ownership
  • Tax certificate
  • Bank account information


  • Health card
  • Disability data
  • Medical certificate
  • Medical referrals
  • Medical documentation

Judicial data and investigations

  • Extrajudicial and court files (in case of dispute)
  • Certificate of good conduct
  • Detective agency investigation reports
  • Judgments
  • Expertise

Location and contact

  • Address
  • E-mail
  • Contact number
  • Proof of residence

Accident data

  • Accident certificate (with data on injured persons)
  • Summary of traffic accidents (with detailed description of the accident and participants)
  • Inspection report
  • Eyewitnesses, their names and phone numbers
  • Photos of the accident
  • Pictures of injuries

Insurance data

  • Insurance policy number
  • Green card number
  • Insurance conditions

Legality of processing

HUO performs its processing activities in accordance with the Insurance Act, Article 353, and does not need the special consent of the respondent to perform its activities, since the processing is legally justified.

The collection of copies of documents is permitted under Article 79 of the Anti-Money Laundering Act, and may only be used for the purpose of preventing money laundering and terrorist financing.

In addition, the following laws determine the methods of processing and retention periods:

  • Law on Obligations Articles 225, 230, 233,234.
  • Labor Law Article 5 (through the Ordinance on the content and manner of keeping records of workers), and Article 29.
  • Law on Accounting Articles 10, 14

Use of cookies

HUO may, in accordance with the law, collect certain information about users obtained during the use of the website through cookies, which do not contain personal data, and IP addresses that are automatically recorded in the access records. They serve to make the website work optimally.

Blocking cookies is possible, after which you will still be able to browse the site, but some of its features will not be available to you.

Special categories of personal data

HUO processes special categories of personal data:

  • Medical data - for the purpose of processing damages, and data related to the accident. HUP receives data from the Ministry of the Interior regarding traffic accidents, the HZMO regarding data on disability, the HZZO through medical certificates or medical records, medical expertise, and from the respondent himself through data provided by him.
  • Court files - in case the HUO is a party in the process, as well as within the activities of the conciliation center

The lawfulness of the processing is determined by Article 9 of the General Data Protection Regulation, paragraph 2 (g). The processing is necessary for reasons of significant public interest based on Union or and special measures to protect the fundamental rights and interests of respondents.

HUO protects personal data and special categories of personal data using good practices and modern protection techniques.

Insight into personal data

In accordance with the General Data Protection Regulation (GDPR), at your request you will be able to see all your personal data, the method of processing and the possibility of restricting the processing, modification or deletion of the same.

The protection of the privacy of your data is permanent, and HUO takes all measures necessary to protect it in accordance with applicable regulations and good practices. We process personal data in a secure manner, including protection against unauthorized or illegal processing, access, and loss.

Protecting your personal information means that:

  • we will not use your information for any purpose other than that stated or agreed here, and as required by law.
  • we will not provide your contact and personal information to any third party other than those required to perform the statutory processing.
  • your contact and personal data may be disclosed to a third party only at your request (right of transfer) or with a court order
  • you can unsubscribe from the email list at any time.

Data storage time

We store and process personal data only for as long as is necessary for the execution of a certain legitimate purpose, unless the applicable regulations provide for a longer retention period for a particular purpose.

In accordance with the principle of restriction of personal data storage, prescribed by Regulation (EU) no. 2016/679, the Croatian Insurance Bureau ensures data retention in a form that enables identification of respondents within the deadlines set for the purpose of processing, regulations defining time periods of data retention, applicable statute of limitations and internal acts prescribing data retention periods protection of the rights and interests of interested persons from the insurance contract or the rights and interests of the insurance company, taking into account the application of appropriate technical and organizational measures to protect the rights and freedoms of respondents.

HUO keeps records of identified disputed circumstances with data related to the adverse event for five years from the date of filing the application with the insurance companies. After the retention period, the data are deleted from the registers and the documents are destroyed so that their contents cannot be determined and cannot be reused.

If the insurance company determines that the disputed circumstances do not affect the obligations of the insurance company under the insurance contract, the data obtained from the Croatian Insurance Bureau or another insurance company shall be deleted within 30 days from the date of payment of compensation or benefits, and documents will be destroyed so that their contents cannot be determined and cannot be reused.

Processing of personal data outside the EU

We process personal data in the Republic of Croatia. In the event of a request from foreign national insurance authorities, we send information related to the accident that occurred.

Respondents' rights

According to the GDPR regulation, every respondent has certain rights:

  • Right to object - The respondent also has the right to object to the processing of data, unless otherwise provided by law.
  • Right of access - The respondent has the right to receive a certificate of processing of personal data of the respondent, as well as access to the same in accordance with the Regulation.
  • Right to erasure - The respondent has the right to request the erasure of personal data relating to him without undue delay and under the conditions specified in the applicable data protection regulations.
  • Right to correction - The respondent has the right to request the correction of inaccurate personal data relating to the same.
  • Right to Portability - As HUO is the National Insurance Bureau, this right is not applicable.

The respondent has the right to obtain a processing restriction from the processing manager if one of the following is met:

  • the respondent disputes the accuracy of personal data, for the period during which the HUO is allowed to verify the accuracy of personal data;
  • processing is illegal and the respondent opposes the deletion of personal data and instead seeks to restrict their use;
  • HUO no longer needs personal data for processing purposes, but the respondent requests them in order to set, realize or defend legal claims;
  • the respondent objected to the processing pending confirmation as to whether the legitimate reasons of the HUO outweigh the reasons of the respondent

Legality of processing

HUO will process your data in a lawful and secure manner. If you believe that HUO handles your data in an illegal manner and cannot resolve it in cooperation with HUO, you have the right to file a complaint with the Supervisory Authority (Personal Data Protection Agency - AZOP).

Corvus PAY
MasterCard MAestro Visa