The application is under the jurisdiction of the Ministry of Health, Ksaver 200, 10 000 Zagreb, OIB: 88362248492 MB: 2830396 and the Ministry of the Interior, Ulica grada Vukovara 33, 10 000 Zagreb, OIB: 36162371878, MB: 03281418 (hereinafter: the “Company”)
"Company" means the Ministry of Health, Ksaver 200, Zagreb, OIB: 88362248492 MB: 2830396 and the Ministry of the Interior, Ulica grada Vukovara 33, Zagreb, OIB: 36162371878, MB: 03281418 ". In accordance with the data protection regulations, the Company is jointly made up of processing managers that are responsible at the national level for data processing within the Application.
"CovidGO application" means the mobile application used to check/verify EU digital COVID certificates via QR code, as well as storing COVID certificates in digital version in the wallet of the CovidGO mobile application. It is mandatory to enter the unique password written on the certificate itself.
of 31 May 2021 (NN 60/2021).
Installation of the Application does not require registration, nor does it require any personal information, such as first and last name, date of birth, mobile phone number or e-mail address of the User. Installation and use of the Application is entirely voluntary. Users independently decide whether to download the installation to their mobile device, how to use it and when to remove the Application from their mobile device. The application does not at any time collect geolocation data of the Users, nor is the data stored on the mobile device itself without the approval of the User, and is not forwarded for processing purposes to third parties.
By accessing the Application, the Application requires the consent of the user to use the camera on the mobile device in order to scan QR code. Without this consent, the application will not be able to access the camera of the mobile device. Before scanning COVID certificates, it is necessary to download the list of public signature keys in the settings of the Application that are used for cross-border exchange of public signature keys of EU member states through the gateway defining the Commission Implementing Decision (EU).
Saving the COVID certificate in the applications wallet, the application requires the User to enter the password for the mobile application located on the COVID certificate. Without entering a password, the confirmation will not be stored in the Applications wallet. The QR code contains basic information and a digital signature so that the application can verify the validity of the certificate. By storing the COVID certificate, the User agrees to save a certain set of perso Types of personal data
By storing the COVID certificate in the Application wallet, the Application saves the following personal data of the User:
- first and last name
- date of birth
- unique certificate identifier
- type of certificate (COVID-19 TESTED / VACCINATED / RECOVERED)
- date of Certificate expiry
Collection of personal data
The Application collects data solely on the basis of the User's request to store the COVID certificate in the Application's wallet.
Personal data processing techniques
No personal data processing techniques consisting of profiling and automated decision making are used, nor are conducted analyses or predictions of personal preferences, behaviors and attitudes of the individual.
The processing carried out has no discriminatory effect on individuals on the basis of racial or ethnic origin, political opinion, religion or belief, trade union membership, genetic or health condition or sexual orientation.
Use of personal data
The application will only use personal data for the purpose for which it was collected (or for use identified to that purpose).
The application uses the personal data of the User only for the purposes listed below.
• To protect the User from unauthorized use or potential hacking attempts.
Where is personal data of the Users stored
The application stores the personal data of the User and implements appropriate security measures accepted by relevant international standards and / or best technical practices in order to protect personal data. The Application does not transfer or share the User's personal data with any third parties or locations.
The application may use encryption to provide the required level of security for the User's personal data. However, it should be borne in mind that the Internet cannot be guaranteed to be 100% secure. The user should only access the services in a secure environment.
How long the data is stored
The application stores personal data for as long as the User uses the application.
What are the rights of the User in terms of data processing?
By storing the COVID certificate, it is considered that the Users have agreed to the processing of personal data.
We comply with the General Regulation on Data Protection and the Act on the Implementation of the General Regulation on Data Protection (OG 42/18) and in accordance with them we enable the User to exercise the following rights:
a) The right to access personal data
The user can get the answer whether his/her personal data are processed and, if so, access to such data and the following information: information on the purpose of processing, categories of personal data in question, the intended period in which personal data will be stored and the existence of respondents' rights. regarding the processing of personal data.
b) The right to correct personal data
If the personal data of the User processed are incomplete or inaccurate, the User may request the Company at any time to correct or supplement them by giving an additional statement. It is pointed out that the User is responsible for providing correct data, and in addition the User has the obligation to inform about relevant changes to his personal data.
c) The right to delete personal data
If the data has been processed illegally or if such processing constitutes a disproportionate encroachment on the protected interests of the User, the User has the right at any time to delete the stored COVID certificate from the wallet of the Application. In this way, all personal data of the User used by the Application will be deleted.
d) d) The right to object
The user has the right to object to the processing of his personal data if such processing is not necessary for the performance of tasks of public interest or tasks of public bodies or if during the processing, he refers to the obtained consent or legitimate interests.
e) The right of complaint to the competent authority
If the User considers that the processing of his personal data was not conducted in accordance with legal obligations and that his right to protection of personal data was violated, the User may file a complaint to the Agency for Personal Data Protection, at Selska cesta 136, Zagreb, or e-mail [email protected].
f) The right to be notified about the breaches of personal data protection rights
In the event that, despite all the measures taken, the User's personal data get violated, the User will be notified of any such violation without undue delay by sending a written notice.
The notice shall describe the nature of the personal data breach, the name of the person from whom additional information on the breach may be obtained, a description of the likely consequences of the personal data breach and a description of the measures taken to address the personal data breach, including mitigation measures. The a.m. notice shall be drawn up using clear and simple language.
Manner of exercising rights
If the User wishes to exercise any of his aforementioned rights, he may exercise them using the contact details provided in Article 8.
Before providing any information, the necessary measures will be taken to confirm the identity of the User, and in case of doubt, additional information may be requested from the User.
The User's request will be answered within one month of receiving it, and the deadline, depending on the complexity of the request, may be extended by an additional two months.
In the case of a request for more complex processing of a larger amount of data, the right to charge a reasonable fee based on the administrative costs incurred in providing such information is reserved.
The server infrastructure components communicate with the Application through encrypted and secure channels. Data on the server infrastructure is stored in a database that is implemented as a separate logical unit with the application of security policies of the highest standard. However, please note that you should only access the Application in a secure environment.
Downloaded certificates are kept in the Application until the User decides to remove them.
The user can remove the collected public signature keys at any time through the settings of the mobile device operating system. In this way, the data from the downloaded certificates are also removed. The Company has no possibility to delete public signature keys from the user's mobile device, as well as from mobile devices of other users with whom the user has exchanged public signed keys.
The Mobile Application Company will not charge any fee to the users of the application.
Internet resources (multimedia content, data, design, written texts, drawings, sketches ...) published on the Application are copyrighted works and subject to copyright protection. Reproduction (in one or more copies, in whole or in part, directly or indirectly, temporarily or permanently, by any means and in any form), distribution (sale, rental, assignment ...) is strictly prohibited without the Company's approval as well as communication or processing of Internet resources published on the Mobile Application. The application is available on the platforms "Google Play Store" for Android devices and "App Store" for Apple devices.
By using the Application, the User declares and guarantees and agrees:
2. not to use the Application for any illegal or unauthorized purposes;
3. that the use the Application will not violate any applicable law or regulation;
The app may not be used for any endeavors other than those expressly approved.
As an Application User, you agree that you will not:
1. perform any unauthorized use of the Application;
2. participate in unauthorized connection to the Application;
3. Decrypt, decompile, disassemble or process any software that in any way forms part of the Application;
4. Use the Application in a manner that does not comply with any applicable laws or other regulations
Društvo Korisnicima aplikacije, u cilju tehničke podrške: prijave rada Aplikacije, prigovore i prijedloge, stavlja na raspolaganje korisničku službu koja će biti dostupna putem e-pošte [email protected] .
The Company set up a call center for the users of the application, for the purpose of technical support that will be available via e-mail [email protected]
These privacy policies comes into force on July 19, 2021