Privacy policy

Personal data protection policy

BiLog d.o.o. implements personal data protection measures in its operations in accordance with the General Data Protection Regulation (GDPR), the Act on the Implementation of the General Data Protection Regulation and other legal and regulatory obligations.

We are fully committed to ensuring the continuous and effective implementation of this Policy, and we expect the same from our employees and business partners. Therefore, any violation of this Policy may result in disciplinary measures or business sanctions.

This Policy determines the expected behavior of BiLog and its employees as well as business partners and third parties in relation to the collection, use, storage, transfer, disclosure or destruction of personal data processed in the Company’s business processes. The personal data protection policy refers to the privacy protection practices that BiLog applies when contracting and providing services to its clients. We have defined it in order to clarify the purpose and method of using personal data, the categories of personal data that we collect, the time period in which we process them, and to familiarize you with all the ways of information regarding the processing of your data.

Data we collect

BiLog bases its business on providing services to business customers. Of the BiLog services described on our website, the personal data of the end users of the services is processed in the following cases:

– When providing services through the implementation of the HRMS system
– When providing application-building services according to user requirements
– When providing services for the construction of data warehouses and reporting systems
– When hiring and establishing an employment relationship – the purpose, methods, and terms of data processing are detailed in the document Declaration on the – Protection of Personal Data of Potential Employees.

Purpose and methods of data processing

BiLog processes the personal data of the end users of the services in the case of providing HRMS system implementation services, building business applications, data warehouses and reporting systems exclusively for the purpose of fulfilling contractual obligations, and does not use the data for any other purposes. The data for the aforementioned processing purposes are processed exclusively on the systems of business users and are not transferred to BiLog’s systems.

Data Retention

BiLog processes the respondent’s personal data as long as it is necessary to provide the contracted services.

The time period for retaining data collected/processed during the recruitment process is described in the document Declaration on the Protection of Personal Data of Potential Employees.

When the retention period expires, BiLog will delete personal data in a way that ensures that they cannot be reconstructed or read.

Requests of respondents

BiLog ensures the realization of the rights of respondents in relation to:

– Access to information
– Objection to processing
– Restriction of processing
– Data transfer
– Data correction
– Data deletion.

The respondent submits requests for the realization of rights in writing or orally. If the data subject submits a request relating to any of the above rights, BiLog will consider each such request in accordance with all applicable data protection laws and regulations. We reserve the right to charge costs for processing user requests in exceptional cases, when the requests are unreasonable.

All requests related to personal data should be sent to the Personal Data Protection Officer at, who will record each request upon receipt. The response to the request shall be submitted within 30 days from the receipt of the user’s written request.

If we cannot fully respond to the user’s request within 30 days, we will provide a notification about:

– Confirm receipt of request
– All the information that has been collected,
– Details of any requested information or changes that will not be provided to the user, the reason for refusal and possible procedures for appealing the decision;
– The estimated date by which the remaining responses will be delivered,
– Estimate of the costs to be paid by the user (if the request is excessive).
– The name and contact information of the individual whom the Respondent should contact for further information.

Cookies and why we collect them

While browsing the BiLog website, you are not completely anonymous, since we collect cookies, that is, very small text files that we save on your device. This website uses only two types of cookies.

NECESSARY – which are necessary for the operation of this website and only collect data about the current language selection of the website visitor

ANALYTICAL – these are third-party cookies, specifically Google Analytics, which also collect the following information:

– IP address (for geolocation of the user),
– The time period the user stays on certain parts of the page,
– The total duration of the user’s visit.
– collects Google Analytics cookies in accordance with

We also have a cookie called _unam that enables direct visits to our page on a particular social network. Such a cookie does not collect your data, but only opens our page on the selected social network.

Data protection

Among other things, BiLog pays great attention to information security and the protection of computer systems. Therefore, in accordance with the requirements of the ISO 27001:2013 standard, it implements physical, technical and organizational measures that guarantee the security of all information that we have in our business, including personal data (e.g. prevention of loss or damage, unauthorized changes, access or processing and other threats to which personal data may be exposed caused by human activity or the physical/natural environment).

Accordingly, BiLog implements the Information Security Policy at the level of the entire operation and acts in accordance with the procedures that ensure the implementation of such Policy, all in order to ensure that:

– Prevent unauthorized persons from accessing the data processing system in which personal data is processed
– Prevent persons who have the right to use the data processing system from accessing personal data that is beyond their needs and authority
– It ensures, in the case where the processing is performed by the processor, that the data can be processed only in accordance with the instructions of the processor
– It ensures the protection of personal data against unwanted destruction or loss
– It ensures that personal data collected for different purposes can be processed separately
– It ensures that personal data is not kept longer than necessary.

Requests by judicial authorities

In certain circumstances, personal information is allowed to be shared without the user’s knowledge or consent. And when disclosure of personal data is necessary for any of the following purposes: – Prevention or detection of crimes – Arrest or prosecution of offenders – Assessment or collection of taxes or fees – By order of competent judicial authorities.


In case of complaints related to compliance with these and other rules related to the protection of personal data, please contact us at the email address: or to address:

BiLog d.o.o.
Strojarska cesta 20
10000 Zagreb
n/r “Personal Data Protection Officer”