Personal Data Protection Policy

Trilix d.o.o. implements the personal data protection measures in its operations, in accordance with the General Data Protection Regulation (GDPR), the Act on the Implementation of the General Data Protection Regulation and other legal and regulatory obligations.We are fully committed to ensuring the continued and effective establishment of this Policy, and we except the same from our employees and business partners. Therefore, any violation of this Policy may result in disciplinary measures or business sanctions.This Policy defines the expected behaviour of Trilix and its employees, as well as business partners and third parties in relation to the collection, use, storage, transfer, disclosure or destruction of personal data processed within the Company’s business processes.The Personal Data Protection Policy refers to privacy protection practices that Trilix applies when contracting and providing services to its clients. We have defined it to clarify the purpose and method of using personal data, the categories of personal data we collect, time period in which we are processing them and to let you know about all the ways of informing in relation to the processing of your data.


Trilix’s business is based on the provision of services to business users and the Company rarely finds itself in the position to process personal data of end users of such services.Therefore, from our full range of Trilix services described on our website, personal data of end users of our services are processed in the following cases:

  • When providing services through Learning Management System (LMS) in which case we collect the user’s name, surname and e-mail address;
  • When providing support for a mobile payment service for top up of accounts for the system of public city bicycles – Nextbike – in which case the Trilixov Customer Support Department processes the end user’s mobile phone number and the current location in order to help resolve the incident;
  • When recruiting and establishing employment relationship – with the purpose, method and deadlines for data processing being detailed in the Prospective Employee Data Privacy Statement.Purpose of data processing

Trilix processes personal data of end users of services during the provision of LMS services or the support for the use of Nextbike services solely for the purpose of fulfilment of contractual obligations and does not use collected data for any other purpose.

Methods of data collection

In each of these cases, Trilix collects personal data directly from an individual:

  • LMS – by means of them applying via a specific interface and leaving information required for the registration (name, surname and e-mail);
  • Nextbike – by a call from the end user reporting a certain difficulty in using the service (user’s mobile phone number and current location);


We do not retain data longer than necessary with regard to the purposes for which we collect them.Therefore, Trilix retains personal data of data subjects as long as it is required to provide contracted services.The time period of retention of data collected during the employment process is described in the document Prospective Employee Data Privacy Statement.When the retention period expires, Trilix will erase personal data in a way that ensures that they cannot be reconstructed or read.


Trilix ensures the realisation of rights of data subjects in relation to:

  • Access to information;
  • Objection to processing;
  • Restriction of processing;
  • Data transfer;
  • Data correction;
  • Data deletion.

Data subjects submit their requests for the exercise of rights in writing or orally. If the subject submits a request that applies to any of the abovementioned rights, Trilix will consider any such request in accordance with all applicable laws and regulations on data protection. We reserve the right to charge the cost of processing user requests in exceptional cases, when such requests are unreasonable.All requests regarding the personal data should be addressed to the Personal Data Protection Officer, at the address,  which will record any request upon the receipt. The response to the request shall be sent within 30 days from the receipt of the written request of the user.If we cannot fully respond to the customer’s request within 30 days, we will send you the following:

  • Confirmation of the receipt of application;
  • Notification about all data collected,

– Details of any requested information or modifications that will not be provided to the user, reasons for the rejection, and possible complaint procedures;

  • Estimated date by which the remaining responses will be submitted,

– Estimated cost to be paid by the user (if the request is excessive).

– Name and contact information of the individual that should be contacted by the Subject for further information.


As you are browsing through the Trilix website, you are not completely anonymous as we collect cookies, that is very small text files that we save on your device. This website uses only two types of cookies.NECESSARY – necessary for the proper functioning of this website, and they only collect data on the language selection of the visitor.ANALYTICAL – third-party cookies, that is Google Analytics, which also collects the following information:

  • IP address (for user’s geo location);
  • Time spent by the user on certain parts of the website;
  • Total user visit duration. collects Google Analytics cookies in accordance with .We also have a cookie called _unam which allows direct visit to our website from a specific social network. Such cookie does not collect your data, but only opens our website within the selected social network.

DATA PROTECTIONAmong other things, Trilix gives great attention to information security and the protection of computer systems. Therefore, in accordance with the requirements of ISO 27001:2013, it performs physical, technical and organisational measures that guarantee the security of all information we dispose of in our operation, including personal data (for example, the prevention of loss or damage, unauthorised modifications, access, processing and other threats personal data may be exposed to by human activity or physical/natural environment).Accordingly, Trilix implements the Information Security Policy at the level of its entire business and acts in accordance with the procedures that ensure the implementation of such policy, all with the purpose to:

  • Prevent unauthorised persons from accessing the data processing system where personal data is processed;
  • Prevent persons who have the right to use the data processing system to access personal data which is beyond their needs and authority;
  • Ensure, in the case when the processing is carried out by the processor, that the data can be processed only in accordance with the instructions of the controller;
  • Ensure the protection of personal data from unwanted destruction or loss;
  • Ensure that personal data collected for various purposes can be processed separately;
  • Ensure that personal data is not retained longer than necessary.

REQUIREMENTS BY JUDICIAL AUTHORITIES Under certain circumstances, it is permitted to share personal data without the knowledge and consent of the user. That is the case when the disclosure of personal data is necessary for any of the following purposes:

  • Prevention or detection of crimes;
  • Arrest or prosecution of offenders;
  • Estimate or collection of taxes and fees;
  • Following the order of the competent judicial authority.


In case of complaints regarding the compliance with these and other rules relating to the protection of personal data, contact us by e-mail:

or by post:

Trilix d. o. o., Ul. Grada Vukovara 269f/2, 10000  Zagreb Att: „Službeniku za zaštitu osobnih podataka/Data Protection Officer“

Last updated: 30 May 2019