University of Zagreb, Trg Republike Hrvatske 14, Zagreb, Personal identification number (OIB): 36612267447, protects your personal data and takes all necessary technical and organisational measures in accordance with the best practices and obligations provided in Croatian legislation and the General Data Protection Regulation.
This document applies to all persons, students, employees, associates, users and website visitors whose personal data the University of Zagreb collects, uses or otherwise processes. This document defines the types of personal data collected and processed by the University of Zagreb, the purpose and manner in which the collected personal data are used, as well as protection measures for personal data and the rights of data subjects.
Principles relating to the processing of personal data
The data are always used for specified, explicit and legitimate purposes for which they were provided and about which you have been informed.
We are obliged to protect your data and keep them safe. Therefore, we only work with reliable partners.
We are obliged to use your data openly and transparently.
We respect your rights and we always try to fulfil your requests to the greatest extent possible and in accordance with our legal and operational obligations.
The processing of personal data may be entrusted to a processor. In that case, we will conclude a contract with the processor, in which the handling of personal data is prescribed in detail. Therefore, processors will not be able to process your personal data without our order or communicate them to third parties. The University has established contractual relations with the University Computing Centre and Stablo znanja d.o.o., which process data on behalf of the University. In cases in which the University carries out the processing on behalf of another data controller, the University is considered as processor and is obliged to conclude a contract on the processing of personal data in accordance with the regulations.
Types of personal data collected
Personal data are collected in different ways: via forms, web pages, personal contacts, by telephone and others.
The collected personal data may include: name and surname, address and telephone number, JMBAG and OIB numbers, health/pension insurance number, date and place of birth, sex, nationality, bank account number, data on completed education, data on family status, name of father or mother, dependants, trade-union membership, residence/address, data on rights related to employment, e.g. maternity leave, occupational injuries, social rights and support, sick leave, etc., data on the establishment and termination of employment, type of employment relationship, position, data on salaries, working hours, time sheets, marital status, war veteran status, type of study grant, study programme ID, year of enrolment, number of obtained ECTS credits, dormant student statuses and academic years spent on exchange.
Legal basis and purpose of processing personal data
An appropriate legal basis is a prerequisite for any collection of users’ personal data. Personal data are gathered in order to comply with the University's legal obligations (including tax and accounting obligations), respond to requests for information by the state authorities and comply with legal and regulatory obligations, including those related to transparency and disclosure, public interest, and exercise of public power (statistical surveys, use of human resources, monitoring the quality of professional work or the work of professional services, exercise of rights and obligations related to employment and other official purposes).
The collected data are used for the following activities:
- regulating the employment status,
- regulating the relationship with users of the University's services,
- regulating the status of students attending lifelong-learning programmes,
- contracting and carrying out business cooperation with the University of Zagreb,
- implementing legal obligations and requests to which the University of Zagreb is obliged to respond.
The University of Zagreb gains access to regular students’ data (name, surname, OIB, student status) on the basis of the University's legitimate interest to set up the Spajalica application, which serves as a platform for connecting students and employers and the functioning of the digital labour market. Please note that the data for an individual student is processed only after the student signs a declaration with a qualified electronic signature and gives consent for the processing of personal data.
As a personal data controller, the University of Zagreb processes the personal data of Erasmus+ candidates solely for the purpose of conducting the call concerned, i.e., the University processes the personal data of the participants in the Erasmus+ Programme solely for the purposes of implementing the Erasmus+ mobility scheme, reporting on the project, drafting and implementing contracts awarding financial support, as well as the disbursement of the financial support. The implementation of the Erasmus+ mobility scheme and reporting on the project imply entering the candidates’ personal data into the database of the University of Zagreb and that of the European Commission (https://webgate.ec.europa.eu/erasmus-esc/index/privacy-statement). The national Agency for Mobility and EU Programmes and the relevant bodies for exercising student rights may be provided with the candidates’ personal data for the purposes of implementing the Erasmus+ mobility scheme and reporting on the project.
Employment candidates and recruitment procedures
The Office for Human Resources of the University of Zagreb collects and processes candidates’ personal data for the purposes of completing the recruitment procedure and establishing an employment relationship. The data can also be processed electronically. If an employment contract is concluded with the candidate, the submitted data will be stored according to the regulations governing employment relationships. If an employment contract is not concluded with the candidate, the candidate’s personal data are deleted after expiration of the appeal period, except where they are retained in the database, with the candidate’s consent, for the purpose of possible future employment.
Making personal data available for use
User data are not communicated or exchanged with any other legal or natural persons (hereinafter referred to as „persons”), except in the following cases and to the extent necessary for meeting the specified purpose.
Security of personal data
We collect and process personal data in a manner that ensures appropriate security and confidentiality and enables efficient application of data protection principles, data minimisation, scope of their processing, the period of their storage and their accessibility.
In order to protect the collected personal data, we implement appropriate physical, technical and organisational protection measures to prevent accidental or unlawful destruction, loss, alteration, unauthorised use, disclosure, consultation of or access to the data. All employees of the University are required to protect information about the personal data of the data subjects.
All collected data are stored in protected databases. Those databases can be accessed only by authorised persons. We use tools to protect data and prevent data leakages, continuously monitor critical systems and protect data from unauthorised consultation, alteration, loss, theft and any other breach or misuse. In case of a data breach, we will take all available measures to mitigate the consequences of the breach, inform without delay the relevant institutions and all the data subjects whose data have been affected where there is a risk of a serious threat to their rights and freedoms.
LOCATION OF PERSONAL DATA PROCESSING
As a rule, the subjects’ personal data are processed in Croatia, exceptionally in other countries, and, in that case, as a rule in the Member States of the European Union. Exceptionally, we also process data in other countries, always ensuring that personal data are appropriately protected and that the users are informed.
Retention period of personal data
Your personal data are processed until the purpose of the processing of personal data has been fulfilled. Once that purpose has been fulfilled, we will no longer use the personal data, they will be retained in our filing system and kept in accordance with the applicable regulations.
The University of Zagreb does not use automated decision-making (profiling) on this website.
Under the conditions laid down in the General Data Protection Regulation, the user has the following rights, which can be exercised once the data subject/applicant has been identified:
These rights are exercised via a request sent by e-mail to the University of Zagreb's data protection officer or by handing in the request in person in the University's offices.
For all issues related to the protection of personal data at the University of Zagreb, contact the data protection officer by email at gdpr@, by post to the University's main seat or by phone at 01 456 4221. unizg.hr
The user has the right to lodge a complaint concerning the collection and processing of personal data with the Croatian Personal Data Protection Agency, Martićeva ulica 14, Zagreb, azop@, azop.hrhttp://azop.hr/.