Privacy policy

Privacy policy

Personal Data Controller:
Croatian Insurance Bureau
Martićeva 71, 10000 Zagreb
dpo@huo.hr

 

The Croatian Insurance Bureau (hereinafter referred to as "HUO" or "Bureau") is the national insurance office in the Republic of Croatia, a non-profit legal entity representing insurance companies in legal transactions with third parties.

HUO is a legal entity with public authority as defined by the General Data Protection Regulation (GDPR) and the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18).

The Bureau's activities are determined by the Insurance Act (Official Gazette 30/15, 112/18, 63/20, 133/20, 151/22), the Compulsory Traffic Insurance Act (Official Gazette 151/05, 36/09, 75/09, 76/13, 152/14, 155/23), and other regulations.

The duties of HUO as a public authority include:

Duties prescribed by Article 353, Paragraph 1 of the Insurance Act:

  • Duties as the national insurance office and other duties set out in international agreements regarding vehicle owners' liability insurance for damages caused to third parties;
  • Management of the Guarantee Fund;
  • Operations of the Compensation Bureau;
  • Operations of the Information Center;
  • Insurance statistics;
  • Handling complaints from policyholders or injured parties;
  • Out-of-court resolution of disputes between policyholders or insurance contract holders, or consumers and insurance companies or insurance service providers, involving decisions on the rights and obligations of legal and natural persons.

Duties prescribed by Article 52 of the Compulsory Traffic Insurance Act:

  • Managing the Information Center, including maintaining a prescribed register containing data on: i) License plates; (ii) Types, brands, models, and chassis numbers of vehicles registered in the Republic of Croatia; (iii) Insurance policy numbers for these vehicles; (iv) Other prescribed data.

In exercising its public authority and performing the above-mentioned duties, HUO collects and processes personal data.

 

1. PURPOSE OF PROCESSING PERSONAL DATA

Below are the personal data processing activities carried out by HUO based on Article 6(1)(e) of the GDPR (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller). These processing activities fall under HUO’s public authority.

 

1.1. Information Center Operations

The Information Center operated by HUO is established under the Compulsory Traffic Insurance Act to enable injured parties to claim compensation for damages resulting from traffic accidents involving vehicles.

The Information Center collects and maintains a register containing the following personal data:

  • Vehicle registration number, type, brand, model, chassis number, and owner;
  • Motor vehicle liability insurance policy number;
  • Name, surname, date of birth, personal identification number (OIB), residence, and domicile of the insured, beneficiaries, and policyholders;
  • Date of insurance coverage termination or expiry.

The above personal data and other information are regularly submitted to the Bureau by insurance companies and the Ministry of Internal Affairs, based on obligations under the Compulsory Motor Insurance Act.

In accordance with the Compulsory Motor Insurance Act, data from the Information Centre's register is kept for at least 7 years from the deregistration of the vehicle registration or the expiry of the policy.

Exceptionally, the data may be stored for a longer period.

Based on an objective assessment and justified business needs, the Croatian Insurance Bureau (HUO) has determined the maximum data retention periods, taking into account specific statutes of limitations and the particularities of insurance operations (e.g. reactivation of court cases in the future, deterioration of the claimant’s health condition, increase of annuities, etc.).

Considering the interests of claimants, HUO stores this data for a maximum of 15 years from the deregistration of the vehicle or the expiration of the insurance policy.

 

1.2. Handling of Compensation Claims

To assist in resolving compensation claims filed with HUO and its members (insurance companies), HUO collects information on the claims submitted. 

HUO also receives information on traffic accidents from the Ministry of the Internal Affairs under the Compulsory Motor Insurance Act.

Documentation collected and processed for these purposes may include, in addition to the data listed in Section 1.1, the following personal data:

  • Information on injured parties, participants, and witnesses in traffic accidents;
  • Descriptions of damages, injuries, and health conditions;
  • Medical records, expert reports, and other health-related data used to assess the severity of the incident's consequences;
  • Information on birth, death, marital status, and property ownership;
  • Bank account details for compensation payments;
  • Identification card or passport number, Green Card number, email address, or phone number of the insured or injured person.

Data for compensation claims is stored for 5 years from the claim resolution date, or 15 years if the case involved legal proceedings.

 

1.3. Frontier Motor Third Party Liability Insurance Activities 

In cooperation with its members (insurance companies), the Bureau organizes the issuance of frontier motor third party liability insurance policies. A frontier insurance policy can be purchased at certain road and maritime border crossings upon entry into the territory of the Republic of Croatia, as well as online via the Bureau’s website.

The Bureau maintains a record of issued insurance policies, which contains the following personal data:

  • The number of the frontier motor third party liability insurance policy;
  • Name and surname, date of birth, personal identification number, residence and place of residence of the insured, or of the policyholder if different from the insured.
  • Proof of ownership of the vehicle ((photo of driving license and vehicle) if the policy is contracted online.

The record of issued frontier insurance policies is kept for 7 years after the policy expires.

Documentation proving vehicle ownership is retained for a maximum of three months, or until the frontier insurance policy expires, whichever comes first.

 

1.4. Complaints by Policyholders and/or Injured Parties

The Bureau also handles complaints from policyholders or injured parties related to the work and conduct of insurance companies.

Additionally, the Bureau carries out out-of-court dispute resolution between policyholders / insurance contractors, or consumers, and insurance companies or insurance service providers, through arbitration, mediation, and the functions of the Insurance Ombudsman.

For these purposes, personal data of policyholders / insurance contractors or consumers that are necessary for resolving complaints and disputes, or for mediation procedures, are collected.

This may include medical documentation and other special categories of personal data when applicable or necessary for the establishment, exercise, or defense of legal claims.

Data collected for the purpose of resolving complaints and out-of-court dispute resolution is retained for 2 years from the conclusion of the complaint procedure.

Data collected during mediation procedures is retained for 2 years from the receipt of the proposal to initiate the mediation process.

 

1.5. Detection and Prevention of Insurance Fraud

Within the scope of its public authority, the Croatian Insurance Bureau (HUO) collects and processes data on individuals directly involved in traffic accidents, as well as data on claimants, liable parties, policyholders/insured persons and/or insurance beneficiaries, and other data related to the loss event, for the purpose of preventing insurance fraud.

The aforementioned data is retained for 25 years from the date the insurance company receives notification of the loss event, in accordance with the specific nature of insurance operations, the claims settlement process, and the applicable statutes of limitations related to the criminal offense of fraud.

In addition to the personal data processing conducted within the scope of its legal authority, the Bureau also engages in commercial activities and processes personal data for the following purposes:

 

1.6. Organization of Professional Conferences, Seminars, and Training

The Croatian Insurance Bureau (HUO) regularly organizes conferences, professional seminars, and training sessions in the field of insurance. For these purposes, data on participants (name, surname, contact details, payment information, certificates of participation) are collected.

This data is gathered as part of pre-contractual activities or based on the contractual relationship between the Bureau and the training participants.

The record of participants, along with data on completed training programs and issued certificates, is retained for 5 years.

Based on its legitimate interest, the Croatian Insurance Bureau (HUO) conducts photography and video recording of certain events, about which all participants are always informed in advance.

 

1.7. Notifications on News and Other Useful Information (Newsletter)

Participants of professional conferences, seminars, and training, as well as other individuals who have expressed interest in HUO’s activities, regularly receive updates on news and developments in the insurance sector, as well as announcements of future events organized by the Bureau.

For these purposes, contact information, particularly email addresses, are used.

HUO carries out this data processing based on legitimate interest. The data is retained until unsubscribed, which can be done in each newsletter received.

 

1.8. Recruitment and Selection Process

For the purpose of conducting recruitment procedures for open job positions, the Croatian Insurance Bureau collects data on candidates (such as name and surname, contact information, place of residence, education details, previous work experience, and other information contained in the CV).

The legal basis for processing candidates' personal data is the undertaking of pre-contractual measures (conclusion of an employment contract) at the request of the data subject.

Data collected for these purposes is retained until the conclusion of the recruitment process.

 

2. RECIPIENTS OF PERSONAL DATA

In certain business processes, such as IT support and accounting, the Croatian Insurance Bureau (HUO) uses the services of trusted partners (data processors). When necessary, data processors process personal data on behalf of and in accordance with the Bureau’s instructions, ensuring appropriate technical and organizational measures for the protection of personal data.

As part of official investigations, supervisory procedures, regulatory reporting, and other official powers and actions of public authorities, HUO provides personal data to the Ministry of the Interior and the Croatian Financial Services Supervisory Agency (HANFA), as well as to other authorized public authorities based on an official request or legal obligation.

HUO, as the national insurance bureau, is a member of  the 'Green Card System', which includes 47 national bureaux that are members of the Council of Bureaux, headquartered in Brussels. The purpose of the system is to facilitate the international movement of motor vehicles by enabling third-party liability insurance for damages caused to third parties, in accordance with the regulations of the visited country, and to guarantee to injured parties that compensation will be paid in case of an accident, in accordance with the national laws of that country.

Upon request, the Croatian Insurance Bureau provides national bureaux of EU member states or third countries that are members of the Green Card System with information about the territory of the Republic of Croatia where the vehicle is usually based and its registration number, if available, as well as information about the vehicle’s insurance, if required by the member state in which the vehicle is usually based.

When data is transferred for these purposes to third countries that are members of  the Green Card System, standard contractual clauses are applied. More information on the standard contractual clauses is available at the following link: SCC.

 

3. RIGHTS OF DATA SUBJECTS

Depending on the legal basis and the processing activities, data subjects may exercise the following rights:

  • Right to information and access to their data;
  • Right to correct inaccurate or incomplete data;
  • Right to request the deletion of data (if no longer legally necessary for processing);
  • Right to object to processing based on HUO's legitimate interest;
  • Right to withdraw consent for data processing (where applicable).

 

4. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

Data subjects have the right to file a complaint with the supervisory authority: Agency for the Protection of Personal Data, e-mail: azop@azop.hr .

 

5. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

HUO has appointed a Data Protection Officer. Data subjects can send any requests, inquiries, or complaints to the following contact details:

Croatian Insurance Bureau
Martićeva 71, 10000 Zagreb
dpo@huo.hr

 

This Privacy Policy was last updated on July 18, 2025.

Corvus PAY
MasterCard MAestro Visa