Privacy Policy

This Privacy Policy (hereinafter: “the Policy”) outlines how the Croatian Standards Institute (HZN), Ulica grada Vukovara 78, HR-10000 Zagreb, OIB: 76844168802 (hereinafter: “HZN”) collects, uses and manages your personal data contained on and available to HZN via hzn.hr and repozitorij.hzn.hr.

HZN is committed to protecting and respecting your privacy. Please read this Policy carefully to understand why and how we collect your personal data and how we will use it. HZN is the controller and as such determines the purpose for and means by which personal data are processed.

As the provider of websites hzn.hr and repozitorij.hzn.hr HZN is committed to protecting the privacy of personal data.

If you wish to contact us in connection with this Policy or your personal data, please use the following data:

HRVATSKI ZAVOD ZA NORME
Ulica Grada Vukovara 78
10000 ZAGREB
OIB: 76844168802

You can contact the Data Protection Officer by e-mail at szop@hzn.hr or by post to the above address, specifying “Službenik za zaštitu podataka” (Data Protection Officer).

To what purposes do we collect your personal data?

HZN collects personal data for the purpose of improving its business and your user experience and for marketing purposes. Therefore, HZN has a comprehensive privacy program aimed at the protection of data privacy rights, analysis and project implementation, marketing and other types of technical support.

Your personal data are treated as confidential data and appropriately protected by HZN and/or its trusted partners.

We process your personal data for compliance with legal obligations if this is necessary for the performance of a contract to which a data subject is a party or to perform activities at the request of a data subject prior to entering into a contract or for the purposes of legitimate interests, unless such interests outweigh the interests or fundamental rights and freedoms of the data subject.

What data do we collect directly from you?

When a user engages in certain activities on the website hzn.hr or repozitorij.hzn.hr, such as logging in through the assigned user account or a user account maintained by third parties, searching standards, subscribing to the newsletter, purchases and/or sending an inquiry, HZN may request the user to provide certain additional personal data. In this case, before providing personal data, the user should review this Privacy Policy and its application to additional data, which will be notified in due time.

Some of requested data are defined as mandatory and some as voluntary, depending on the type of activity. If a user does not wish to provide mandatory data for an activity requiring them, the user will not be able to engage in such activity.

HZN collects and uses personal data to enable users to engage in activities via websites hzn.hr and repozitorij.hzn.hr and improve the operation of these websites, create a database of users/customers for the purpose of improving its services and/or marketing and improve advertising and promotion. It can also use personal data to resolve complaints and issues related to delivery of purchased products, perform other administrative tasks and contact users.

At hzn.hr and repozitorij.hzn.hr websites HZN collects personal data of data subjects such as: IP addresses of website visitors, website visitor ID, customer ID, first name, surname, e-mail address or other contact details, preferences related to the standards search tool and user account data.

In addition to the above personal data we process when you visit the website, we collect and process other types of personal data in the course of our regular business operations, as follows:

• HZN collects and processes personal data of its employees and other associates for the purpose of the performance of employment contracts with employees or consulting and/or work contracts with associates, related to personnel, administrative or other business/contractual purposes. In the latter case we collect and process data such as: first name, surname, sex, marital status, citizenship, residence, date and place of birth, personal identification number (OIB), occupation, training, health insurance, work experience, account details (IBAN), signature, etc.
• We collect and process data of suppliers, customers and associates for the purpose of fulfilling contractual obligations, such as: name and surname of the responsible person of the legal entity, contact details of the person in charge of communication and performance of the contractual obligations.
• HZN collects and processes data of job candidates for the purpose of recruitment, which may include: first name, surname, address, contact details, level of education, nationality, profession and occupation, previous professional experience, training and test results which may reflect the ability of the candidate to perform all duties assigned to him/her at the job applied for.
• In case of enquiries, we collect your e-mail address or phone number, first name, surname and the subject and content of the message, depending on the inquiry. For example, if you wish to exercise any of your consumer rights, we will collect additional data contained in the Waiver (name, surname, address, IBAN, phone number, e-mail address).
• HZN also collects data about its customers in order to be able to fulfil all its obligations arising from the applicable regulations. In case of purchase of products or services, we will collect data such as name, surname, e-mail address, phone number, sex, delivery address, IP address, payment details. For example, when you make a purchase via HZN website, we will ask you for certain personal data if necessary for the processing of your purchase, i.e. if you select delivery. To process your order and ensure that your personal and financial data are accurate, we use third-party trusted payment systems to ensure that your payment is secure and your data are not misused. In order to ensure that the products and services you purchase from us are delivered to the correct address, we may share your personal data with trusted external partners (e.g. your name, delivery address and delivery options you may have specified — such as the preferred time of delivery).
• When you contact us or order products by phone, the controller processes your data such as: name, address, delivery address, phone number and/or e-mail address, for the purpose of providing our services to you.
• In an application for HZN membership, HZN collects data such as: applicant, contact person, function, address, phone number, e-mail address.
• In an application for work in technical committees, we collect the name and surname of the representative, his/her vocation, occupation, phone number, e-mail address, foreign language skills, experience in standardisation, computer and internet skills.
• In an application for a certificate of work in technical committees, we collect the name and surname of the applicant.
• In an application for cooperation with HZN, we collect the name and surname of contact person, his/her function, address, phone number and e-mail address.
• When a user uses the standards search tool, the Controller automatically processes data from the user account previously assigned by HZN, which the user may have assigned to its employees and authorised persons, or from a third-party login system.

The following persons may have access to personal data in the performance of their duties: legal persons involved in the execution of legal relationships with users such as IT support and other companies whose services HZN uses, such as payment systems or delivery, public bodies that require personal data in accordance with regulations binding on HZN, in regard to which HZN keeps prescribed records of processing activities.

What privacy rights do you have?

HZN acknowledges that personal data need to be accurate, complete and kept up to date. If a user believes that his/her personal data are incomplete, inaccurate or not up to date, he/she can contact HZN at szop@hzn.hr.

Please note that you have the right to request the following from HZN at any time:

Access to your personal data	You can ask HZN what personal data it is using and ask for access to them. You have the right to know the purpose of processing, which categories of your personal data we hold, authorities or categories of authorities we share your personal data with, retention period and the source of the data if they are indirectly collected. You can contact us if you want a copy of some or all of the personal data we hold about you.
Right to rectification of inaccurate personal data	We want your personal data to be accurate and up to date. You may request us to rectify or remove data that you think are inaccurate or outdated.
Right to erasure of personal data	You can request HZN to stop processing or even erase your personal data. However, in such case HZN may not be able to perform a contractual obligation towards you. Further, if your personal data are required for a specific legal obligation (e.g. tax obligations), we may not be able to fulfil your request.
Right to restriction of processing	If you wish to contest the accuracy of any data, or if we no longer need them for the purpose of processing, but you need them to pursue, exercise or process any legal claims, or you have objected to the processing on any grounds we consider legitimate, you have the right to request restriction of the processing of your personal data.
Right to lodge a complaint about the use of your personal data	You have the right to object to the processing of personal data based on a legal basis that HZN considers legitimate.
Right to data portability	If the processing is based on your consent or automatically, you have the right to request from HZN the transfer of data to another controller.

In order to exercise any of the above rights, please use the contact details provided at the beginning of this Policy.

If you are not satisfied with the way we collect or use your personal data, you can submit a formal complaint to the Croatian Personal Data Protection Agency (AZOP).

Where are your personal data stored?

We keep your personal data in a secure environment. They are protected from unauthorised access, disclosure, use, alteration or destruction by any organisation or individual.

The processed data are stored on our premises and in our IT systems, however, sometimes we store them on the servers of our trusted service providers.

HZN shall ensure that personal data are kept in a secure place (including reasonable administrative, technical and physical safeguards against unauthorised use, access, disclosure, copying or alteration), which can only be accessed by authorised persons.

Data collected for the purposes set out in this Policy will only be stored for as long as necessary for the fulfilment of the purpose of their storage. Personal data will not be kept in any form that permits identification longer than HZN reasonably considers necessary for the purpose for which they have been collected or processed. HZN will keep certain personal data for a period prescribed by law or a regulation obliging HZN to keep them. For example, data related to the exercise of your rights, such as the right to erasure (“right to be forgotten”) are kept permanently and data relating to a consumer’s complaint for 1 year from collection, etc.

In case you have given us your consent, we will process your personal data until you withdraw your consent. If you make a legitimate objection to the processing of personal data which is based on a legitimate interest, we will not process your personal data in the future.

In addition, please note: during an audit we will ask you to renew your consent 1 year after you have accepted selected cookies and/or given your consent, however, if a judicial, administrative or extrajudicial procedure is initiated, personal data may be stored until the end of such procedure, including any period for enforcing a judicial remedy. HZN will keep certain personal data for the period prescribed by law, or a regulation obliging the controller to keep them.

Does HZN exchange data with third parties?

Privacy protection is important to us and we will never share your personal data with any third party except for the purposes described in this Policy.

HZN cooperates with other companies. This means that we sometimes share your personal data using secure IT systems. When we do so, such data are transferred to servers located in the EU or in a country that ensures an adequate level of protection in accordance with EU law.

When we provide you with access to the Repository, depending on which category of users you belong to, we can enable you to log in through the intermediary authentication and authorisation infrastructure of science and higher education system in Croatia, whose tasks are coordinated, developed and maintained by Srce — University Computing Centre of the University of Zagreb. For the sole purpose of authorising your log-in, AAI@EduHr mediates in data sharing between HZN (resource owner) and the institution managing your electronic identity. Learn more at AAI@EduHr.

 
HZN as the controller of personal data may transfer personal data outside the EU if these are necessary for the execution of a contract between HZN and the processor and/or another controller, or for the fulfilment of legal obligations. In the latter case, HZN transfers personal data outside the European Economic Community only to countries that provide an adequate level of protection, either through model contracts containing binding provisions (standard contractual clauses and additional safeguards) or through binding corporate rules, or in accordance with an approved certification mechanism and/or privacy safeguards adopted by the European Commission — https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_hr.

In addition to the above, we may share your personal data with our trusted partners who maintain our IT system or provide services on behalf of HZN, for example, for the purposes of marketing, finance, advertising and other services performed within or outside HZN. These service providers are obliged, under the relevant agreements, to use the data entrusted to them strictly in accordance with our guidelines and solely for the purposes strictly determined by us. We also oblige them to adequately protect your data and to treat them as a business secret.

Cookies

In order to maintain the website and ensure that its functionalities are at the expected level, HZN uses “cookies”.

Cookies are small files that we send to your computer and can access them later. They can be temporary or permanent. Thanks to cookies, you can easily search our website and display results relevant to you. Cookies show us the interests of visitors to our website, which helps us improve it.

Learn more about the cookies we use at www.hzn.hr in the Cookies policy.

Learn more about the cookies we use at repozitorij.hzn.hr in the Cookies policy.
 

HZNacrti draft review tool

HZN as the operator of web tool http://hznlive.67bricks.com/ collects data on comments to draft standards.

The tool is managed by an external service provider 67Bricks.

Learn more at https://www.67bricks.com/privacy-policy/.

At the time of registration, the following data are collected: e-mail address (user name), name, organisation on behalf of which comments are submitted, country of residence, stakeholder category, number of employees.

Learn more about cookies used by this tool at https://www.67bricks.com/privacy-policy/.

Newsletter

HZN can inform you about its activities and news you may be interested in. At repository.hzn.hr a registered user can subscribe to a newsletter. A user may unsubscribe at any time. For the purpose of newsletter subscription HZN collects and processes e-mail addresses of subscribers.

Third-party websites

This Policy applies only to the use of data collected by HZN from website visitors, news subscribers, users of the draft review tool and customers (data subjects). Other websites that can be accessed via www.hzn.hr and repozitorij.hzn.hr have their own confidentiality and data privacy policies.

HZN is not responsible for the manner and terms of operation of third parties.

Entry into force of and amendments to this Privacy Policy