Based on Article 32 of the Statute of the Ruđer Bošković Institute and Articles 37 and 39 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons about the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
PRIVACY POLICY OF THE RUĐER BOŠKOVIĆ INSTITUTE
CONTROLLER:
- Ruđer Bošković Institute (RBI)
- Bijenička cesta 54, 10000 Zagreb
- e-mail: pisarnica@irb.hr
1. DATA PROTECTION OFFICER
The Data Protection Officer is available for all questions related to the processing and protection of personal data.
2. PURPOSE AND LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL DATA
2.1. Processing within the framework of the performance of a contract
The Ruđer Bošković Institute processes personal data that are necessary for the performance of the contract to which the data subject is a party or in order to take action at the data subject's request prior to entering into a contract within the meaning of Article 6, paragraph 1, point (a) of the General Regulation (EU) 2016/679 (GDPR), such as personal name, personal identification number and other data relevant for the conclusion and performance of the contract.
2.2. Processing for the purpose of fulfilling legal obligations
In accordance with Article 6, paragraph 1, point (c) of the General Regulation, the RBI processes personal data for the purpose of employment and keeping records of employees, fulfilling obligations towards competent authorities (e.g. Croatian Pension Insurance Institute, Croatian Health Insurance Fund, Ministry of Science, Education and Youth), fulfilling legal obligations in the areas of accounting, public procurement and archiving.
2.3. Exercise of official authority
In accordance with Article 6, paragraph 1, point (e) of the General Regulation, the RBI processes personal data when necessary for the exercise of entrusted public authority within the framework of scientific activities and administrative proceedings of the Institute.
2.4. Processing based on legitimate interest
In accordance with Article 6, paragraph 1, point (f) of the General Regulation, the RBI processes personal data for the purpose of ensuring the safety of persons and property (video surveillance), keeping records of visitors, keeping records of vehicles entering the RBI premises (license plates).
2.5. Processing based on the consent of the data subject
For certain activities, we process personal data such as names, surnames and e-mail addresses of participants in conferences, seminars and workshops on the basis of their voluntary consent. This data may be used, for example, to inform about events and send relevant materials, document and promote events (photos, videos), prepare a list of participants.
You can withdraw your consent at any time, and the withdrawal does not affect the lawfulness of the processing carried out before the withdrawal of consent.
3. USE OF COOKIES
The official website www.irb.hr uses cookies to ensure functionality and to improve user experience.
More detailed information is available in the Cookie Policy.
4. YOUR RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA
To exercise your rights, you can contact the Data Protection Officer at gdpr@irb.hr.
Your rights include:
- right to access personal data
- right to rectification of inaccurate or incomplete data
- right to erasure ("right to be forgotten") with the exceptions of Article 17 (3) of the General Regulation
- right to restriction of data processing
- right to object to data processing
- right to data portability, if applicable
You also have the right to file a complaint with the Croatian Personal Data Protection Agency (AZOP), Ulica Metela Ožegovića 16, 10000 Zagreb, e-mail: azop@azop.hr.
5. RECIPIENTS AND PROCESSORS
Personal data may be forwarded to processors who provide IT, administrative or technical services for the RBI and to recipients such as competent state bodies (Croatian Pension Insurance Institute, Croatian Health Insurance Fund, Ministry of the Interior), national and international agencies for financing and controlling the implementation of projects (European Commission, Central Finance and Contracting Agency, Croatian Agency for SMEs, Innovation and Investments (HAMAG-BICRO), Croatian Science Foundation), project partners, patent offices, audit bodies and others.
Personal data is not passed on to third parties for commercial purposes.
6. SECURITY OF PERSONAL DATA
RBI applies technical and organizational security measures to ensure the confidentiality, integrity and availability of personal data and to prevent unauthorized use, loss or access.
7. PERSONAL DATA STORAGE PERIOD
Personal data is stored for as long as necessary to achieve the purpose of processing, and then deleted or archived in accordance with legal regulations. Personal data is stored in accordance with the Ordinance on the content and manner of keeping records of workers (OG 55/2024) and the internal Ordinance on office and archive operations.
8. CONTACT INFORMATION
For all questions regarding the processing of personal data, you can contact: gdpr@irb.hr.
9. CHANGES TO THE PRIVACY POLICY
This Privacy Policy is regularly updated to comply with applicable regulations and practices. All changes will be published on the official RBI website.
