Privacy Policy

In the course of its business operations, HANZA MEDIA d.o.o. (hereinafter: the Company) implements the measures of personal data protection in accordance with the General Data Protection Regulation (hereinafter: the GDPR), as well as legal and regulatory obligations.

Data controller: HANZA MEDIA d.o.o., Koranska 2, 10 000 Zagreb.

If HANZA MEDIA d.o.o. is a controller of your personal data together with another data controller, pursuant to Article 26 of the GDPR on joint data controllers, on the basis of a business cooperation and/or using a joint service and/or on the basis of HANZA MEDIA's legitimate interest, you may request additional information related to your personal data protection and processing from that other controller identified in the part of this Policy setting out Rules on Joint Controllers.

HANZA MEDIA d.o.o. has appointed a Personal data protection officer.

Should you have any questions that relate to your personal data processing and exercising the rights envisaged by the GDPR, you may contact the Personal data protection officer:

  • In writing, by sending your enquiry to HANZA MEDIA d.o.o., Koranska 2, 10000 Zagreb, FAO Personal data protection officer
  • by e-mail:

We are fully committed to ensuring continual and effective implementation of this policy, and we expect our employees and business partners to do the same.

This Policy defines the behaviour that is expected from the Company, its permanent, temporary and occasional employees, business partners and third parties, with respect to collecting, using, storing, transferring, disclosing or destroying personal data processed in the course of Company's business processes.

The following rules are an integral part of this Policy:

PERSONAL DATA PROTECTION RULES define the purpose and the manner of using personal data, the categories of personal data we collect, the time period in which they are processed, and the ways of delivering information about your data processing;

WEB PRIVACY RULES define the manner of collecting and storing data we collect through Company’s web site;

EMPLOYMENT PRIVACY RULES define collecting and using your personal data that relate to recruitment activities;

RULES ON JOINT DATA CONTROLLERS define joint data controllers, their activities and contact point for individuals.


These rules pertain to the practices of privacy protection applied by the Company when contracting and providing services to its users. These personal data protection rules have been defined to clarify the purpose and the manner of using personal data, the categories of the data we collect, and the time period when we process them, and to inform you of all the ways of disseminating information related to your data processing.


In the course of interacting with the Company (using the web sites the Company publishes, sending enquiries/requests by e-mail or post, participating in prize games and competitions, concluding subscription or cooperation contracts) personal data is collected, and such data includes, but is not limited to:

  • Name, surname
  • Personal address
  • Personal tax number (OIB)
  • Bank account number
  • E-mail address
  • Telephone number

In the course of different types of interaction, the Company may collect data which is not considered to be personal data, including, but not limited to:

  • Data on the devices used for your Internet connection
  • Type and version of the Internet browser you use
  • The ways of using the Company's web sites


Personal data is processed and used only for the purposes for which they have been collected. Personal data processing is allowed only if at least one of the following criteria has been met:

  • Processing is necessary in order for the Company to meet its legal obligations, including, but not limited to processing data for the purpose of issuing invoices, handling complaints on the basis of competent regulations (Consumer Protection Act);
  • Processing is necessary to execute a contract to which the data subject is a contracting party, or to carry out activities at data subject’s request prior to concluding the contract, e.g. when entering into a subscription contract, or contracting delivery services in line with the contract, or when delivering obituaries;
  • Processing is necessary for Company’s or third party’s legitimate business needs, unless when the interests or fundamental rights and freedoms of the data subjects demanding data protection supersede such interests, e.g. processing data for marketing purposes, when we inform our users on special offers or invite them to events we expect they might be interested in;
  • On the basis of information on the scope of processing, an explicit consent has been granted by data subject, e.g. a consent has been granted by the holder of parental responsibility fpr disclosing data of children under the age of 16.

Using the data

The Company uses personal data for the following purposes:

  • Provision of services in accordance with contractual obligations - The Company may use personal data during the provision of contracted services, and to provide various forms of communication in the course of cooperation.
  • Marketing and sales activities - The Company may use personal data to provide information about new benefits, amenities, discounts, or similar activities.
  • Company employees’ protection - The Company may disclose personal information if it believes such disclosure is necessary or appropriate to protect the health and safety of employees, visitors, of property and/or user.
  • Legal reporting and data processing obligations

The manner of collecting data

Personal data is collected in one of the following ways:

  • Directly from Individuals – The data provided for the purpose of concluding or executing a contract, creating a user account on Company's web site, entering Company’s premises, telephone conversations with individuals, participation in a prize game or a competition organised by the Company.
  • Indirectly - The data publicly available on websites that do not belong to the Company (e.g. social networks posts, open forums), data obtained by using cookies, links and similar technologies.


The Company ensures that data subjects exercise their rights with respect to:

  • Data access
  • Complaint about processing
  • Limiting processing
  • Data transfer
  • Data correction
  • Data erasure

Data subjects shall deliver requests for exercising their rights in writing or verbally. Data subjects may also request their rights are exercised by using the Form for Exercising Rights which can be DOWNLOADED HERE. The completed form must be sent to or delivered in writing to Company’s headquarters.

If an individual submits a request pertaining to any of the above-mentioned rights, the Company will consider any such request in accordance with all applicable laws and regulations on data protection. The Company reserves the right to charge the costs for processing the requests of data subjects in exceptional cases when the requests are unreasonable.

Data subjects have the right to be informed on the basis of the submitted application and after successful verification of their identity on the following:

  • The purpose of personal data processing;
  • The source of personal data, if such source is not the data subject;
  • Personal data category;
  • Recipients or the categories of recipients to whom personal data may be transferred, as well as the location of such recipients;
  • The envisaged period of storing personal data or the explanation on defining such period;
  • The use of any automatized decision-making, including profiling.

Any request for access to or correction of personal data must be addressed to the personal data protection officer, who will record any such request upon receipt. The response to each such request shall be delivered within 30 days of the receipt of data subject’s written request.


In certain cases, the Company may ask the data subject or the holder of parental responsibility consent for processing personal data for a particular purpose.

When personal data processing is based on consent, data subject or the holder of parental responsibility may at any time withdraw such consent, which will not affect the legitimacy of the processing that was based on such consent prior to its withdrawal.


The Company will not retain personal data longer than necessary for the purposes for which such data was originally collected.

The Company will retain your personal data as long as such data is necessary to provide products or services, as long as it is required in accordance with these Rules or the time of collection, as long as it is necessary as a result of our legal obligations, solving disputes and enforcing our contracts, or to the extent permitted by the law.

When the retention period expires, the Company shall erase personal data in a manner that ensures that such data can neither be reconstructed nor read.


The Company carries out physical, technical and organizational measures that guarantee personal data safety (for example, prevention of loss or damage, unauthorized modifications, access or processing and other threats that personal data may be subject to, caused by human activity or physical/natural environment).

Security measures being implemented aim to:

  • Prevent unauthorized persons from gaining access to the data processing system that processes personal data;
  • Prevent persons entitled to use the data processing system to access personal data that is beyond their needs and authority;
  • Ensure that personal data can not be read, copied, modified or removed without permission during electronic transmission or transmission;
  • Provide access to system records for the purpose of determining who entered, altered or removed personal data from the data processing system;
  • Ensure that, when processing is performed by the data processor, the data may only be processed in accordance with the instructions of the data controller;
  • Ensure that personal data is protected from unwanted destruction or loss;
  • Ensure that personal data collected for various purposes can be processed separately;
  • Ensure that personal data is not kept longer than necessary.


Under certain circumstances, personal data may be shared without the knowledge or the consent of the data subject, when such disclosure of personal data is required for any of the following purposes:

  • Preventing or detecting crimes.
  • Arresting or prosecuting offenders.
  • Estimation or collection of taxes or duties.
  • At the request of a court or pursuant to any law.


In the event of a complaint regarding the compliance with these and other privacy-related rules, contact us at In that case, we will investigate the situation regarding the use and disclosure of personal data in accordance with these rules and we will try to resolve it as soon as possible.


Although the Company is oriented to informing the general public, we are well aware that children deserve special protection in every respect, including personal data protection, given that they may be less aware of the risks and possible consequences of disclosing their data.

Pursuant to Article 19, paragraph 1 of the Law on Implementation of the General Data Protection Regulation (Official Gazette 42/2018), as regards the protection of personal data the Company considers all persons under the age of 16 as children and does not seek or collect personal data of children without the consent of the holder of parental responsibility.

Therefore, the Company will make every reasonable effort to ensure that the data received from children is processed only with the consent of the holder of parental responsibility.

If the Company becomes aware that the personal data of the children has been sent without the valid consent of the holder of parental responsibility, the Company will, to a reasonable extent, endeavour to do the following:

  • Erase such personal data from your its data files as soon as possible;
  • and ensure, in the event that erasure is not possible, that such personal data is not used for any purpose;
  • and in any case will not disclose them to any third party.

If the parent or guardian has questions regarding the processing of their child’s personal data, they can contact our Personal data protection officer at the address provided.


We process your data within the European Economic Area. In the event of any need to transfer the personal data beyond that area, such transfer will only take place if the European Commission has confirmed that a third country meets a certain level of data protection, or if there are adequate safeguards in accordance with applicable law (e.g. binding corporate rules, or standard contractual clause).


If you believe that in the course of processing your personal data we have breached the Croatian or European regulations on data protection, you may file a complaint to the supervisory authority, i.e. to the Personal Data Protection Agency, Martićeva 14, Zagreb,


The Company acknowledges your right to data confidentiality and undertakes to safeguard the security of the data collected through the Company's Web site.

Your personal data is collected and used only on the basis of the data you have voluntarily provided to the Company, either in the course of registration (when the following data is used: name and surname, address, city, e-mail, birth year) or by using the website.

The collected personal data is kept in electronic form and all appropriate technical and organizational measures are applied to prevent personal data breach. The Company shall use received emails containing your personal information only for the purpose of meeting your requests.


In order to ensure the proper functioning of Hanza media d.o.o. web site, we sometimes store small data files known as cookies on your devices. This is done by most major websites. Browsing the web sites/applications of Hanza Media d.o.o. and/or websites/applications of third parties results in collecting information. The legitimate interest of Hanza Media d.o.o. in using cookies is to ensure accurate display of websites/apps, ads, and notifications with a view to continually improving user experience and providing quality content and ads to users. The cookies on the Company's web pages are anonymised and are not used to collect and access user data.

What are cookies?

A cookie is a file that is stored on a computer or mobile device while visiting a particular web site. With the help of a cookie, the web site remembers your actions and preferences (such as sign-in, language, font size, and other preferences related to display) over a longer period, so it is not necessary to re-enter them every time you return to the web site or browse its pages. Thanks to cookies on Company’s web sites/apps, it is possible to:

  • track a more detailed metric of site visits and provide relevant content for articles and ads
  • continuously improve the content and technical functionality of sites/applications
  • detect and protect from user's risky behaviour that may harm web sites/applications
  • understand how users consume site content, and based on that develop existing and create new services

How do we use cookies?

Cookies can be used to recognize user's arrival on the site/app, in order to remember your preferences with the aim of improving and providing personalized user experience. All data collected through cookies is summarised and used for optimization and optimal servicing of site/application, and all cookies we serve are anonymized, meaning we cannot access users’ personal data based on them.

With cookies we can collect data on the use of our sites/apps, e.g. the origin/location of the visit, visited page, viewed videos or ads, keywords, the duration of the visit, and the services selected for online shopping web pages, and, information about the device and about the visit.

Depending on the purpose and frequency of user interaction with Company’s web sites/applications, the collected data serves multiple purposes divided into several categories as shown below.

The purpose of cookies

To ensure proper functioning of the site/application

  • Accurate content display;
  • Creating and remembering shopping carts when purchasing subscriptions to Company’s printed and digital editions;
  • Creating and remembering login/registration on subscription purchase pages;
  • Creating and remembering registration when participating in prize games/competitions the Company organizes;
  • Personalizing interfaces such as language selection;
  • Device parameters;
  • Resolution and screen type;
  • Website/application improvement.

To collect statistical data

We collect statistical data to deliver quality content and improve the quality of web sites/applications and services, to better understand the needs of our users and improve site/application services and functionalities.

For advertising

Sometimes we use cookies to show you an online ad for products and services that may interest you based on your previous behaviour. Based on the cookies we find out which topics you are most interested in, and based on this information we show your ads. Likewise, sometimes our partners (third parties) use such knowledge to present you an ad you might be interested in.

All ad positions are delivered through the Google DFP advertising system. In addition to delivering ads across our system, we also show ads through third-party systems. More details follow.

To customize services

Cookies also help us customize our services to discover potential problems in site/application functioning, and to optimize and improve website/application functionalities such as remembering the shopping cart, sign-in or language data, customization of the user interface, and so on.

How do third parties use web sites cookies?

In some cases, we may work with third parties to provide you with the most quality services on our sites/applications. Company's web sites use tools for measuring third-party visits, such as DotMetrics Audience and Google Analytics.

In addition, other advertisers and business organizations may use their own cookies to collect data about your interaction on web sites/apps and measure the effectiveness of their ads.

The owners of search companies inform you about managing cookies. Read more on the following links.

For other search engines, please consult the relevant documentation provided by the company which is the owner of the search system.

More information about turning off cookies

Currently, there are several web sites enabling turning off storing cookies for different services.

You can read more at the following links:


The Company sends promotional material through digital communication channels to individuals with whom it has at some point had any form of cooperation (subscribers, participants in prize games and competitions) and who gave us contact information for such form of communication. The users of Company's services are at all time entitled to disable the service of receiving promotional materials, and the Company will provide tools in order to carry out the erasure from the database. The legal basis for processing data for these purposes is Company’s legitimate interest.

Contact information, such as name and email address, is necessary in case you want to use the services of receiving promotional materials from the Company. Promotional materials include information on services, special offers and newsletters.

During the first contact or at any stage of providing the service the user will be notified of using his or her data for digital marketing purposes.

The possibility of a general exclusion is not available for some forms of non-marketing communication, such as communication related to product download, sales transaction, winning in the prize game you participated in, statements of compliance with legal obligations (where permitted by law).

The Company may use the technical services of external business partners for delivering newsletters. In this case, we deliver those partners only the email address you have submitted for the Newsletter. We also make sure that the selected business partner uses it only for the delivery of our Newsletters, in the period of your registration for receiving it, and may not use it for other purposes. Except in the aforementioned case and subject to the above conditions, the Company will not share your contact information, which you have provided for the purpose of receiving the Newsletter, with third parties.


The Company takes any security measures to protect user's data during data entry, transfer, processing and storage. Data access is limited to only those employees who need them for their business activities.

Personal information provided to the Company during registration will be stored during the existence of the web site, or during the user’s registration period. Any information given to the Company upon registration on the web site will be destroyed when such site is shut down, at the latest.

At any time, users have the right to request information about which personal data is processed by the Company, and to request their erasure, by submitting a request to the Personal Data Protection Officer.


Privacy Policy is regularly reviewed and checked to make sure it reflects the way the Company handles processing personal data. The current version is always available on our website and in the event of any major changes that affect your rights and freedoms, you will be notified thereof directly.


These rules define how the Company collects and uses your personal data regarding recruitment activities. Personal data will be used in accordance with the regulations below.

By submitting personal data necessary for recruitment purposes or job application, you voluntarily give your personal data to the Company.

Collecting personal data.The Company requires certain data, including the data about education and work experience, contact information, and qualifications for the job you are applying for. Additional/more detailed information such as a CV and employment recommendations are also necessary.

Furthermore, the Company may collect data from third parties when verifying the accuracy of the data submitted by the candidate (e.g. to check the validity of the diploma, work experience and/or recommendations).

Confidential personal data. In the recruitment process, the Company will not seek or require sensitive personal data (e.g. on religious affiliation, health status, sexual or political orientation).

Voluntary disclosure. During recruitment, personal data is made available to the Company voluntarily. The Company will only ask for the data necessary for a proper recruitment procedure.

Using personal information. Data can be used to communicate with you, to manage the procedure of candidate selection and hiring, to comply with corporate, legal and regulatory requirements. If you are eligible for employment, your data may be used for employment and corporate governance.

Data recipients and sharing with third parties. The Company may share your personal information internally and with service providers and third parties if it is necessary in the process of selecting candidates, employment, corporate governance, procurement and legal or regulatory obligations, responding to the demands of the public sector or administration, and for the purpose of state security and/or enforcing the law. The Company shall make sure such service providers and third parties undertake to maintain the confidentiality of your personal data and to use them only in accordance with the specific purpose for which they are disclosed.

Security and confidentiality. The Company maintains a high level of administrative, physical and technical security measures designed to protect the confidentiality of personal data and requires from its service providers to do the same. Company employees who may have access to personal data as a result of their operations must keep the confidentiality of such data.

The Company may apply security procedures in its facilities and on its computer systems to oversee and maintain security. Any supervision of Company’s facilities, systems or assets shall be conducted in accordance with applicable laws.

Your duties. Each candidate is responsible for the data it submits to the Company. All data must be accurate, true, precise, and in no way misleading. Candidates must ensure that the data provided does not contain inappropriate, defamatory or any other content that breaches the rights of third parties. In the case of submitting the personal data of another person (e.g. a person who can make a recommendation), the candidate is responsible to notify the person whose data is provided in a timely manner and to obtain his/her consent.


Data on joint controllers with which HANZA MEDIA d.o.o. agreed to jointly determine the purposes and manners of data processing:

    Koranska 2, 10 000 Zagreb
    OIB: 41937558795
  2. ARENA d.d.
    Koranska 2, 10 000 Zagreb
    OIB: 93439147186
    Dr. Ante Starčevića 24, 20 000 Dubrovnik
    OIB: 71342575080

The Company reserves the right to transfer personal data within its business group as well as to third parties, complying with the principle of appropriate level of legal protection for the rights and freedoms of data subjects.

Personal data transfer is carried out if at least one of the following conditions is met:

  • Transmission is necessary for the performance of contractual obligations/services;
  • Transmission is necessary for the implementation of the pre-contractual measures taken in response to the user's request;
  • Transmission is necessary for the conclusion or performance of a contract concluded with a third party in the interest of the data subject;
  • Transmission is legally mandatory on the basis of important public interests;
  • Transmission is indispensable for the establishment, enforcement or defence of legal requirements;
  • Transmission is necessary to protect vital interests of data subjects;
  • Transmission is necessary for linking business processes within a business group.

For the purpose of doing business efficiently, personal data from one of the companies listed above shall be transmitted to another. In those cases, HANZA MEDIA d.o.o. shall be responsible for the protection of personal data transmitted.

The App is designed for domestic and foreign guests

Download Croatia by Car Application