The protection of personal data of individuals is regulated by the General Data Protection Regulation (EU 2016/679) and the Data Protection Act (Official Gazette no. 42/2018).
The General Data Protection Regulation (GDPR) is Regulation no. 2016/679 of the European Parliament and the European Council of 27 April 2016, concerning the protection of individuals with regard to the processing of their personal data and the free movement of such data. The Regulation entered into force on 25 May 2018 and is directly applicable in all Member States.
At the University of Rijeka, personal data is collected to fulfil legal obligations, fulfil obligations of public interest, executing public authorities and contracts. Accordingly, the University collects and processes only appropriate and relevant personal data and only for specified, explicit, and legitimate purposes. The personal data of our students, employees, external associates and other persons with whom we cooperate in performing our activities is processed lawfully, fairly, and transparently, where the security of such data is protected from unauthorized or illegal processing and technical and organizational protection measures are applied.
What is personal data?
Personal data is all data relating to an individual whose identity has been or can be established (“data subject”), where an individual or data subject, as identified by the Regulation, is a person who can be identified directly or indirectly, in particular by a name, identification number, location data, a network identifier, etc. or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
What does the concept of personal data processing include?
Processing means any procedure or set of procedures carried out on personal data or personal data sets, either through automated or non-automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, locating, inspecting, using, detecting by transmission, by disseminating or making available otherwise, adjusting or combining, restricting, deleting or destroying data.
Why is your personal data processed?
The University collects and processes personal data to the extent necessary to meet the obligations of the University’s regular activities established by law and other regulations and in accordance with the Act on Scientific Activity and Higher Education and other regulations that we apply in our work.
The University acts in accordance with the provisions of the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation and preserves the confidentiality of personal data recorded in data collections and records kept by the University, for which the University has the right and authority to access and process.
The University does not submit or make available personal data, to which it has the right and authority to access and process, or make it available to third (unauthorized) parties in any other way, except in cases when it means executing statutory and other legal obligations of the University towards third authorized parties, national authorities and institutions.
The University processes personal data when its processing is necessary for performing tasks of public interest and official authority and for compliance with legal obligations, in accordance with the law or other regulations of the Republic of Croatia and the EU law. The University processes personal data only to the extent necessary to achieve the lawful purpose of processing.
What is consent?
Consent of a data subject means any voluntary, specific, informed, and unambiguous expression of the wishes of the data subject, whereby they agree to the processing of personal data relating to them by issuing a statement or another clear act of confirmation. Consent is one of the legal grounds for the processing of your personal data and is necessary when there is no other legal basis for collecting and processing data.
BASIC PRINCIPLES IN PERSONAL DATA PROTECTION
Lawfulness, fairness, and transparency
Your personal data at the University of Rijeka is processed exclusively on a lawful basis – on the basis of a legal obligation, your consent/agreement, or other legitimate grounds. Data relating to you will be collected, used, made available, or otherwise processed in a transparent manner, and the deadlines and purposes of data processing, data on the controller’s identity, as well as information on how you can access your data, file a complaint of request data updating, are all made publicly available.
Purpose limitation
Your personal data will be collected for specified, explicit, and legitimate purposes and will not be further processed in a manner that is incompatible with those purposes. Data collected for one purpose will not be used for any other purpose or in a manner that is incompatible with the initial purpose. You will be asked to give specific consent if the purpose of data processing is not carried out on a lawful or contractual basis.
Data minimization
The personal data we collect is adequate, relevant, and limited for the purpose of processing. The controller and the processor will not collect personal data that is not needed for the purpose of processing.
Data accuracy and integrity
It is essential that the personal data we collect and store is accurate and up-to-date and we will therefore take every reasonable measure to ensure that inaccurate personal data is deleted or corrected without delay while taking into account the purposes for which it is processed.
Storage limitation
The time limits for storing your personal data are determined by positive legal regulations and internal acts of the University of Rijeka.
Integrity and confidentiality
We will take all reasonable technical and organizational security measures to protect your data from unauthorized or unlawful processing, loss, destruction, and corruption. We will monitor the access, use, and maintenance of personal data and continuously improve our security measures in accordance with technological developments.
Contact
All information related to personal data processing and exercising your rights relating to personal data processing can be requested in writing to the address of the University of Rijeka, Trg braće Mažuranića 10, 51000 Rijeka or by e-mail to the Personal Data Protection officer: gdpr@uniri.hr.