CHRIS HR
Sign in

Privacy policy

This policy explains, in plain language, what personal data we process, why, and what your rights are.

Who we are

This website (chris.hr) and the CHRIS application (app.chris.hr) are operated by Web rješenja d.o.o., Markuševečka cesta 115, 10040 Zagreb, Croatia, OIB (tax ID): 97669668809. For any privacy questions, contact us at hello@chris.hr.

This website (chris.hr)

The chris.hr marketing site uses no cookies, no analytics tools and does not track visitors. We do not collect personal data when you simply browse the site.

If you contact us by email, we use your address and the content of your message solely to reply to you.

The application (app.chris.hr): who is responsible for what

CHRIS is an HR and leave-management tool used by organizations (employers). For its employees' personal data, the data controller is the organization using CHRIS — it decides which data it enters and how it is used. Web rješenja d.o.o. processes that data on the organization's behalf, as a data processor.

What data the application processes

Depending on what the organization enters, the application processes the following categories of employee data:

  • name and work email address,
  • employment details: start date, contract type and leave quotas,
  • leave requests, including the leave type (which may indicate health-related leave),
  • optionally: HR notes, an emergency contact and a CV.

Lawful basis for processing

Data in the application is processed to perform the contract with the organization (Art. 6(1)(b) GDPR) and on the basis of the employer's legitimate interest in keeping orderly employee and leave records.

Sub-processors and data location

We use the following sub-processors to provide the service, and all data is stored in the European Union:

  • Supabase — database and authentication (EU region),
  • Stripe — payment processing,
  • Mailgun EU — email delivery,
  • Hetzner (via Nebion) — hosting in the EU.

How long we keep data

We delete data at the organization's request or no later than 30 days after the contract ends. Before deletion, the organization can request an export of its data.

Your rights

You have the right of access, rectification, erasure, restriction of processing, data portability and objection. If you are an employee of an organization using CHRIS, the simplest route is to contact your employer as the data controller — we will gladly help them fulfil your rights. You can also lodge a complaint with a supervisory authority; in Croatia, that is the Personal Data Protection Agency (AZOP).

Changes to this policy

We may update this policy from time to time. The new version applies from its publication on this page, and we will notify organizations using CHRIS about material changes.

Version 1.0 — June 2026.