The General Data Protection Regulation (GDPR) stipulates the protection of personal data of the citizens of the European Union and comes into effect on 25 May 2018. GDPR shall be applied directly in all EU Member States.
GDPR introduces new and simplifies some current definition, it defines biometric and genetic data, describes more precisely the current terms, strengthens the rights of data subjects and reduces and simplifies specific administrative obligations of the controller, enhances supervisory authorities and ability of imposition of sanction by personal data protection authorities. The controllers shall clearly define what user data they collect, how and why they process them.
Some of the users’ rights include the right to access, right to rectification, right to erasure (right to be forgotten), right to restriction of processing, right to data portability, right to object, etc.
The Institute of Public Finance adjusted their business practices to the foregoing Regulation and set forth the privacy and data protection policy.
Privacy and Personal Data Protection Policy
I. Validity and Implementation of This Policy
This Privacy and Personal Data Protection Policy refers to the following websites: www.ijf.hr and www.pse-journal.hr (hereinafter: the website) managed by the Institute of Public Finance, Smičiklasova 21, Zagreb (hereinafter: the Institute). The Policy concerns all website users.
By using the website, the user confirms that she/he understands, acknowledges and agrees with the provisions of this Privacy and Personal Data Policy.
The Policy may be amended at any time without prior notification, and the information related to the modifications shall be published on the website of the Institute. By using the website after the amendments hereof, the user confirms that she/he agrees with the amendments that were made.
II. User Data Collected by the Institute
Osobni i drugi podaci koje o korisnicima Institut prikuplja putem web-mjesta odnosno uz njegovu pomoć te svrhe obrade (uporabe) tih podataka navedeni su u donjoj tablici.
Kada nam šaljete elektroničku poštu (e-poštu) s osobnim podacima po kojima Vas je moguće identificirati, bilo putem e-pošte ili obrasca koji nam dostavljate elektroničkom poštom, mi te podatke koristimo u svrhu ispunjenja Vaših zahtjeva.
| Type of data |
Where/When are the data collected? |
The purpose of data processing |
Retention period |
- e-mail address
- language selection
|
When subscribing to the newsletter.
The language is selected automatically in accordance with the language the user selected as the language of the website.
|
Sending of information about new publications and conferences as well as other website-related content to the specified e-mail address.
|
Until revoked by the user.
|
- First name
- Last name
- E-mail address
- Institution
- Address of the institution
- City
- Post Code
- Country
All data are mandatory, unless stated otherwise for particular data.
|
When completing the web form for submission of article for publishing in the “Public Sector Economics” journal.
|
Receiving of articles to be published in the “Public Sector Economics” journal.
Sending of articles for review.
Publishing of articles in the journal.
|
Until revoked (unsubscribed) by the user.
|
- Personal ID number (OIB)
- Name of the client
- E-mail
- Mobile phone / Phone number
- Address (street and number)
- Postcode
- City
- Delivery address (street and number)
All data are mandatory, unless stated otherwise for particular data.
|
When completing the form for subscription or purchase of publications published by the Institute.
|
Preparing and sending of the offer to the specified e-mail address.
Registering the user in the subscriber database.
Sending of publications to the specified mail address.
|
Until revoked by the user.
|
|
|
When entering the premises of the Institute |
Protection of persons and property |
6 months |
III. Data Processing
The Institute shall use the collected user data only for the purposes set out in the table under the item II. hereof. Before using the collected data for some other purposes, the Institute shall obtain the relevant user’s consent.
The Institute shall not deliver the collected data to third parties, unless this is required by the law (e.g. a court request or a request by some other authority, etc.).
IV. Data Protection and Retention Period
The Institute shall retain all user data in accordance with this Policy and personal data protection requirements set out in the legislation of the Republic of Croatian and regulations of the European Union.
The user is familiar and agrees that the Institute may retain the relevant data, delivered by the user, for as long as specified in the table under item II. hereof. The Institute may retain other data to the minimum required to serve the relevant purpose, after which the Institute is obligated to delete such data permanently or to anonymise them effectively so that particular data can no longer be linked to a specific user.
V. Cookies
The Institute uses cookies to provide better user experience. Cookies are small text files stored on the user’s computer for the purpose of tracking the selection of specific language versions of our websites, as well as when certain sections of the webpages are access that required entry of the username and password. It is also possible to view our websites without cookies if your Internet browser is set appropriately. Please, read further information on the cookies policy here.
VI. Rights of Users
The Institute shall enable the user who subscribed to the electronic newsletters of the Institute to unsubscribe in a simple and intelligible manner at any time.
Using the link, the user may either change or amend his personal data or permanently delete the data that refer to him at any moment.
The user may request from the Institute a confirmation if the user data are collected or processed and what types of data are subject to collection and processing by means of a request sent to dpo@ijf.hr.
The user may request from the Institute an electronic copy of the user data to be sent to him by means of a request sent to dpo@ijf.hr. Prior to the delivery of the above-mentioned copy, the Institute has the right to request from the user to confirm his identity. If the Institute doubts the identity of the user, the Institute has the right to reject the user’s request.
VII. Waiver
The Institute shall not be liable for the damage that might be caused to the user as a consequence of delivery of incorrect, false, incomplete or outdated user data by the Institute.
The Institute shall not be liable for the damage that might be caused to the user as a consequence of disclosure, modification or processing in any manner of the user data by unauthorised third parties without the explicit consent or approval of the Institute despite the Institute’s normal diligence.
The Institute shall not be liable in any case, even if normal diligence was practised, for the damage that might be caused to the user as a consequence of the cased specified in the preceding paragraph hereof, if such case results from the fact that the user failed to keep the data (username and password) required for access to particular parts of the website with due diligence. The user shall be solely responsible for keeping of the data required for access to particular parts of the website (username and password).
The user is obliged to inform the Institute without delay about any suspicion of misuse of the user’s personal data or data required for access to the particular parts of the website (username and password) or in case of doubt of unauthorised disclosure of such data.
When the Institute and the user establish a contractual relationship, the exclusion and limitation of liability of the Institute shall be regulated by the provisions regulating such relationship (contract, general terms and conditions, etc.).
VIII. Modifications of Our Privacy Policy
In case of any modifications of our privacy policy, we shall inform you about them on this website and update the date of modification of the privacy policy below as follows.
The latest modification of this privacy policy was dated 5 September 2022.
If you have any questions or doubts in relation to our Personal Data Protection Policy, contact the Personal Data Protection Officer.
Data protection officer
Responsibilities of the personal data protection officer are laid down in Article 18a, paragraph 8, of the Act on Personal Data Protection (OG 106/12), under which the personal data protection officer:
- is responsible for the legality of processing personal data within the meaning of this Act and other regulations governing personal data processing
- has to warn the personal data filing system controller of the necessity to apply personal data protection regulations in the event of planning and actions which could affect the matter of privacy and personal data protection
- informs all the persons working on the processing of personal data about their legal obligations in relation to personal data protection, looks after fulfilling the obligations under Articles 14 and 17 of the Act
- enables the exercise of the rights of data subjects referred to in Articles 19 and 20 of the Act
- cooperates with the Croatian Personal Data Protection Agency.
Personal data protection officer is obliged to keep as confidential all the information and data that she/he learns in the process of performing her/his duties, and this obligation continues after the duty of the personal data protection officer terminates.
Contact information of the personal data protection officer at the Institute of Public Finance:
Martina Fabris
Phone: (+385 1) 4886 450
E-mail: dpo@ijf.hr