19th – 22nd OF SEPTEMBER 2024.

Privacy Notice



With peace, love and communication, we guarantee the security of all your data.

We protect your privacy day and night.


In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (Official Journal of the European Union L 119 , 4.5.2016, page 1, hereinafter: General Regulation on Data Protection), which is in full application from 25 May 2018 in the Republic of Croatia and all EU Member States, as well as the Law on Implementation General Regulation on Data Protection (Official Gazette No. 42/18, hereinafter: the Act) or in accordance with the legal framework for personal data protection in the Republic of Croatia and the European Union and European best practice, PEPERMINT Limited Liability Company for Trade and Services, based in The Republic of Croatia, Ulica Republike Austrije 27, Zagreb, OIB: 13120899290 (hereinafter: PEPERMINT), as the Data Controller of users of its services and customers, has developed the Privacy Policy.


This Privacy Notice (“Notice”) explains how PEPERMINT d.o.o. (in further text: PEPERMINT, Data Controller) collects, uses and manages your personal data that is located on the web site

This Privacy Notice applies to all services offered by PEPERMINT, with the aim of the rules in a clear and transparent way to acquaint our visitors, partners and users of our services (hereinafter: data subjects) with the processing of their personal data and their rights.


PEPERMINT is dedicated to respecting and protection of your privacy. In regard to the data we collect, PEPERMINT is a Data Controller, that is, the one that determines the purposes, needs and means for which personal data is processed.

PEPERMINT as a website service provider is committed to protecting the privacy of personal information.

If you wish to contact us regarding this Notice or regarding your personal data, please use the following contact information:



Ulica Republike Austrije 27

10000 Zagreb




You can also contact our external Data Protection Officer:

Presido d.o.o.

Ulica Republike Austrije 23

10 000 Zagreb





And now we will talk “a little” more about the rights, obligations and other issues that are relevant to the protection of your privacy and personal data! The text that follows is important and by no means boring and dry.



How and when do we collect your personal data?


We collect your personal information when necessary to meet your needs and requirements, perform services or for the purposes of our business and the organisation of the HR.WEEKEND

  1. when purchasing the application form, PEPERMINT will request the provision of certain information (personal data) such as name, address, OIB, country, city, postal code, e-mail address, telephone number. In the case of purchasing the application form, a contractual relationship is concluded, which is the basis for the processing of your personal data, given the need to perform the contract in which you as a customer, our visitor, a party. We also process your data in order to take action at your request, and before concluding a contract.
  2. at the moment when you access the we will collect your IP address, which is also considered to be personal data,
  3. when registering a person as a user or recipient of a newsletter or other information about our products and promotions. As a Data Controller, we will ask you to enter information about yourself (personal data) such as e-mail address, name, surname and telephone number (the latter three types of data are marked as optional). The legal basis for the processing of your data is consent. Therefore, the user who signs up to receive notifications about our products and promotions by entering their data on the page gives consent to the processing of their personal data. The user may withdraw the consent at any time by notifying the e-mail address of the personal data protection officer,
  4. situations in which we collect other types of information such as the date and time of access to the site, information about the hardware, software or Internet browser you use as well as about your computer’s operating system and application version and language settings. We may collect information about clicks and your access to the page displayed to you,
  5. when you contact our office and ask us for help or ask a question in order to exercise any of your rights guaranteed by applicable regulations,
  6. when you contact us through social networks, we collect data that you had made available to us when making inquiries or requests,
  7. when you want to unilaterally terminate the contract, we collect your name, surname, personal identification number, address, account information and purchase amount, all depending on the chosen method of payment,
  8. when you participate in our giveaways, we will process the data depending on the type of gifts, and we will additionally inform you about this in the rules of the giveaway. Data that can be processed are, for example, name, surname, address for sending the gift,
  9. when you complete the satisfaction survey, we process data such as your IP address,
  10. when you send us any inquiry related to our offer, we will process your contacts and / or other information that you provide to us when sending the inquiry,
  11. if you want to send an open job application, we will process information such as your name, surname, age, occupation, occupation, work experience, contact phone number and other information contained in your open job application,
  12. when registering on the website, the date and time of the IP address assigned by the Internet Service Provider (ISP) used by the data subject are also stored. Registration, with consent, is necessary because it allows us as a Data Controller and organiser to offer content or services that can only be offered to registered users due to the nature of the case. Registered persons may at any time change the personal data specified during registration or delete them completely from the records,
  13. for the purposes of web analytics via Google Analytics, we use the application “_gat._anonymize” through which the IP address of the data subject is shortened by Google and anonymized when the HR.WEEKENDl website is accessed by a data subject from an EU Member State or another country under the European Economic Area .,
  14. when photographing and recording lectures and / or short videos or the atmosphere, we will process your photo, movement, hair colour, etc., all based on a legitimate interest, and
  15. when you have bought the registration fee or are on the list of our visitors or you are a lecturer at the HR.WEEKEND, we will inform you about the program, news, exhibitors and other important issues that we consider important and part of the organisational process. During the above activities, we will process your e-mail or other contact based on a legitimate interest or in order to fulfil the contractual obligations we have towards you in accordance with the concluded contract.


PEPERMINT recommends all registration fee customers, visitors, users of our services or users of the site to take care of their login password for registration. We recommend combining uppercase and lowercase letters and numbers when choosing a password character combination. Use a password of at least six characters. We recommend changing the password periodically (at least once a year).   We collect the above specific categories of your personal data either on the basis of the consent shown to you when you arrive at via a pop-up window, or on the basis of a legitimate interest (for example in cases of cookies that are necessary for functioning or when we are already sending you some interesting information and / or offers of shares as our weekender) or in order to fulfil our obligations arising from the applicable regulations of the Republic of Croatia.


If the processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent must be notified to the head of processing by e-mail: or to or to the address Ulica Republike Austrije 27, 10 000 Zagreb with the indication ˝n / r data protection officer˝. Such withdrawal shall not affect the lawfulness of processing based on consent prior to its withdrawal.


Please pay attention to the mandatory volume of data we ask you to provide, because in case the customer or user does not provide the required information which are specified as mandatory in order to perform an activity requested or expected by them, unfortunately they will not be allowed for enter into it, without the required data that activity will not be technically possible to carry out.


Processing of personal data in payment processing   PEPERMINT, as a condition for paying for products and services by credit or debit cards, asks the customer for information to activate the payment process. When paying through contracted providers of card processing and payment services (credit or debit), PEPERMINT’s contractual partners as Data Processors or Independent Data Controllers, your data will be shared.


Data processing during payment is necessary in order to perform all actions that precede the purchase or conclusion of a contract with the Data Controller. When we talk about the legal basis of data processing related to certain types of payments or legal entities that provide these services, payment data such as name, surname, code, amount, account number or other transaction codes are shared with the card company or bank or third party through which payment is made, all at the request of the data subject who independently chooses the method of payment.


PEPERMINT warns customers or visitors to take care of the information stated on the card so that this information would not be available to third parties and so that it would not be misused. So, to summarise all the above, we generally collect your personal information directly from you either to enter a contract with us, to perform an action at your request, when you hire us to perform certain services provided by us or our contractual partners or fill out a specific form or when you want to receive our newsletter.   We do not use your personal information for marketing purposes unless you tell us you agree to that. If you would like us to send you details about our products, the organisation of our events, services, offers and promotions, please subscribe to it by giving us consent when subscribing to the newsletter.   We treat your personal information as confidential information and they are properly protected by PEPERMINT and / or our trusted partners.


What data and for what purpose do we collect directly from you?


Typical categories of information we collect from users are the following: name, billing address, billing address, financial information including credit, debit card information, or other payment information you provide when filling out forms on websites or when communicating with us by phone or email.   We collect your personal data for:

  • performance of a service, fulfilment of a contract or other way of ensuring provision of a requested service
  • the use of all services on the webpage
  • the most efficient response to your inquiry and processing of your requests
  • statistical data processing
  • sending materials, offers and contacting
  • improving the quality of content, functionality, and services.



What privacy rights do you have?


Please note that you have the right to request the following from PEPERMINT at any time:



●        to give you access to your personal data



You can ask PEPERMINT what personal information about you does it use, and you can ask for access to that personal information. You have the right to know the purpose of processing, which categories of your personal data we store, entities or categories of entities with which we share your personal data, the time period we retain your data, as well as the source of the data in case the data is indirectly collected.

You can contact us if you want a copy of some or all of the personal data about you that we store.


●        request the correction of incorrect data  

We want your personal information to be accurate and up to date. You can ask us to correct or remove information that you think is incorrect or outdated.


●        request deletion of your personal data  

You can ask PEPERMINT to stop processing or even the erasure of personal data we store about you. If we need your personal data to perform a contractual obligation to you PEPERMINT could cease to be able to perform such contractual obligations. Also, if your personal data is required in order to be able to meet certain legal obligations (e.g., tax obligations), your request may not be able to be fulfilled.




●        restricting access to your personal data (us and/or third parties) in certain processes or in full


If you want to challenge the accuracy of the data, or we no longer need your personal data for the purpose of the processing, but you need it to establish, enforce or defend legal claims, or you have objected to data processing on the basis that the Data Controller considers legitimate, you have the right to ask for restriction of the processing of your personal data.


●        file a complaint about the way we use your personal data


Remember that you have the right to object to the processing of personal data that is based on a legal basis that the Data Controller considers legitimate.



●        request data transfer to another Data Controller (transferability of rights)


If the processing is based on your consent or if it is carried out by automatic means, you have the right to ask the Data Controller to transfer the data to another data controller.



To exercise any of the above rights, please use the contact information provided at the beginning of the Privacy Notice.


If you believe that your rights are not being respected, you have the right to file a complaint with the Personal Data Protection Agency.


Where is your personal data stored?

We store the personal information we collect about you in a secure environment. Your personal information is protected from unauthorised access, disclosure, use, alteration, or destruction by any organisation or individual.


The processed data is stored in our premises and secure IT systems, but sometimes we store the data on the servers of our trusted service providers located in the EU.


Some data is still stored in paper form, but we tend to digitise all the personal data we process. The processed data is stored in the Data Processor’s premises and IT systems, but sometimes we store the data on the servers of our trusted service providers.


PEPERMINT will ensure that personal data is kept in a secure location (which includes reasonable administrative, technical, and physical protection to prevent unauthorised use, access, disclosure, copying or alteration of personal data), which can only be accessed by authorised persons. All authorised persons sign a statement of confidentiality.


The data collected for the purposes specified in this policy will be retained only for as long as is necessary to fulfil the stated purposes. Your personal information will not be stored in a form that allows you to be identified for longer than PEPERMINT reasonably deems necessary to accomplish the purpose for which it was collected or processed. PEPERMINT will keep certain personal data for a period of time prescribed by law or a regulation that obliges PEPERMINT to retain data (see “How long will PEPERMINT keep your personal data?”).


If you have given us consent (for example, you have subscribed to our newsletter, selected a certain category of cookies to use), we will process your personal data until the consent is withdrawn. If you make a well-founded objection to the processing of personal data based on a legitimate interest, we will not process your personal data in the future.


In addition to all the above, it is important to point out the following; if judicial, administrative, or extrajudicial proceedings are instituted, personal data may be retained until the end of such proceedings, including a possible period for declaring legal remedies.


Does PEPERMINT share data with third parties?


Privacy protection is important to us, so we will never share your personal information with third parties except for the purposes described in this Policy. We will always inform you when sharing and transferring data.


PEPERMINT cooperates with other companies. This means that we sometimes share your personal information, using secure IT systems. When we do so, the data is transferred to servers located in the EU or in a country that provides an adequate level of protection in accordance with EU legislation.


In some cases, our partners providing services on behalf of or for PEPERMINT may process your data outside the European Union. However, the contracts we conclude with such entities oblige them to treat your data using special security measures in accordance with the regulations in force in the Member States of the European Union.


On 10 July 2023, the European Commission adopted a new adequacy decision under which personal data can be freely transferred from the European Union to companies in the US participating in the Data Privacy Framework.

The adequacy decision is based on Article 45 of the General Data Protection Regulation. The General Data Protection Regulation (GDPR) is a mechanism that ensures the secure and lawful transfer of data to third countries. Companies in the U.S. that wish to participate in the Data Protection Framework must undergo a self-certification process and enrol in the list of companies that have accessed the Data Privacy Framework.


Also, if our contract partner is based in the US, we will review existing contracts and check the security standards that our partner guarantees to ensure the protection of all our data subjects with the latest standards approved and suggested by the relevant institutions.


The purposes for which we share data with our trusted partners are, for example, marketing needs, maintenance of the website, advertising, payment processing, delivery, and other services in and outside PEPERMINT. These service providers are obliged, according to the relevant contracts, to use the data entrusted to them only in accordance with our guidelines and exclusively for the purpose we have strictly determined. We also oblige them to adequately protect your data and to consider it a business secret.


Once a year, we audit all our partners to make sure that the protection of your personal data is still at the required level and that it complies with applicable regulations.

How long will PEPERMINT retain your personal information?


PEPERMINT will not retain your personal data for longer than the period required to fulfil the purpose of their use, and for a maximum period of 3 years, except in exceptional cases where the law prescribes a longer retention period (for example, data related to unilaterally terminated contracts and complaints will be kept for 1 year, data related to exercising of your privacy rights will be kept permanently, data related to prize contests will be kept for 5 years, data on lecturers for 5 years).


You can find out more about data retention periods by contacting our data protection officer.


What will we use your data for?


We may use your personal information in several different ways, mainly to meet our legal and other obligations toward you, but sometimes to improve your experience of using the website, and for security reasons.


The purposes for which we use your data are described in these rules, and if your data is processed for other purposes, you will be notified before such (new) processing is carried out.




PEPERMINT wants to send you information about our activities and news that you might be interested in. Please note that you may opt out of receiving them at any time by exercising your rights set forth in this Policy. To subscribe to the newsletter, PEPERMINT collects and processes: e-mail addresses.


The newsletter contains the so-called tracking pixels. A tracking pixel is a miniature graphic element embedded in an email that is sent in HTML format to allow saving and analysis via log files. This allows statistical analysis of the success of marketing campaigns. Through tracking pixels PEPERMINT can see when and if an email was opened by you as a data subject and which links you followed. Personal data collected through tracking pixels in the newsletter is stored and analysed by PEPERMINT as the Data Controller in order to optimise the process of sending the newsletter, as well as adjust the content of future newsletters to the interests of data subjects.


Video surveillance and photography  


We are aware that you also come to the HR.WEEKEND location to take pictures, record and be seen. Due to your expectations, as well as promotional actions, all material will be used globally for promotional purposes of the HR.WEEKEND


Numerous television crews and photographers will be filming at the HR.WEEKEND location and we especially emphasise that drones will be present to record the entire event. At the entrance to the venue where the HR.WEEKEND is held, there will be a special notice about filming and taking of photos. By entering, you agree that you may be filmed and photographed. You also agree that all material from the HR.WEEKEND may be used globally for promotional purposes of the HR.WEEKEND


When taking photos and recording and using the drone to record lectures and/or short video clips or the atmosphere, data such as your physiognomy, movement, hair colour, eye colour are processed.. The video surveillance system is also used to protect property and for security. The legal basis of processing in relation to visitors is a legitimate interest, while in relation to our workers and hard-working students and volunteers is the fulfilment of obligations arising from regulations on occupational safety.




To maintain the website and ensure that its functionality is at the expected level PEPERMINT uses a technology known as “cookies”.


Cookies are small files that we send to your computer that can be accessed later. They can be temporary or permanent. Thanks to cookies, you can easily search our pages. Cookies show us what interests you and other visitors to our website, which helps us improve it.


Read more about cookies in the Cookies Policy.


Other websites


Other websites that can be accessed through the website have their own statements of confidentiality and data collection and the ways in which they are used and disclosed.


PEPERMINT is not responsible for the ways and conditions of work of third parties.


PEPERMINT collects and processes personal information through user interactions on social networks such as Facebook, Instagram and LinkedIn. PEPERMINT or authorised persons appointed by PEPERMINT have access to messages and/or posts on the mentioned social networks, however personal data collected through them, especially those contained in messages, is not stored, and further processed by PEPERMINT except for the purposes specified in this Policy.


PEPERMINT uses a business profile within the services of Facebook, LinkedIn, and Instagram, and you can view their Privacy Policy or Privacy Statements as well as the way they use your personal data at:






In case you have questions regarding the collection and processing of data by Facebook, LinkedIn and / or Instagram or you want to exercise any of your rights guaranteed by the General Data Protection Regulation, contact:




META PLATFORMS IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland



Contact of the Data Protection Officer:


If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory body of Facebook, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.



On the, PEPERMINT as the Data Controller has installed Facebook components. Facebook is a social network.


A social network is a place of social connection on the Internet, an online community that typically allows users to communicate with each other in a virtual space. A social network serves as a platform to share opinions and experiences, or to provide the Internet community with personal or business-related information. Facebook allows its users to create private profiles, upload images and connect through friend requests.


Facebook is owned by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the person using Facebook lives outside the United States or Canada, the Data Controller for processing is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA is a standalone Data Controller.


By opening the data subject’s browser will display the corresponding Facebook component as a result of using the Facebook plugin. An overview of all Facebook plugins can be found at During this technical procedure, Facebook is provided with information about a specific subpage visited by the data subject.


In case you are, as the data subject, logged in to Facebook, Facebook can additionally detect each of your visits to This information is collected through the Facebook component and remitted to the data subject’s Facebook account. If the data subject clicks on any Facebook button integrated on the website, e.g., the “Like” button, or if the data subject sends a comment, Facebook can transfer the information to the data subject’s personal Facebook account and thus save personal data.


Each time a data subject is logged in to Facebook and at the same time visits the website, Facebook will receive information about it via the Facebook component. This will happen regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want to transfer this type of information, he/she can prevent the same by logging out of the Facebook account before accessing the website.





META PLATFORMS Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland



Contact of the Data Protection Officer:


If you wish to raise a concern about Instagram use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority or Instagram International Company’s lead supervisory authority, the Irish Data Protection Commission or the Personal Data Protection Agency of the Republic of Croatia.







Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland


Contact of the Data Protection Officer:


If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority for LinkedIn Ireland, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.




Entry into force and privacy policy changes


This Policy shall enter into force upon publication on the website.


PEPERMINT reserves the right to amend and republish the Privacy Policy on the website.