Last update: 19.07.2021.
Every user of the Application is obliged to familiarize themselves with the Privacy Rules of the mobile application in order to protect their own rights and interests.
The application is under the jurisdiction of the Ministry of Health, Ksaver 200, 10 000 Zagreb, OIB: 88362248492 MB: 2830396 and the Ministry of the Interior, Ulica grada Vukovara 33, 10 000 Zagreb, OIB: 36162371878, MB: 03281418 (hereinafter: "Company").
"Company" means the Ministry of Health, Ksaver 200, Zagreb, OIB: 88362248492 MB: 2830396 and the Ministry of the Interior, Ulica grada Vukovara 33, Zagreb, OIB: 36162371878, MB: 03281418". In accordance with the regulations on data protection, the Company is jointly made up of processing managers and are responsible for data processing within the Application at the national level.
"CovidGO application" means a mobile application that serves to check/verify EU digital COVID certificates via a QR code, as well as store the digital version of the COVID certificates in the wallet of the CovidGO mobile application with the mandatory entry of the unique password printed on the certificate itself.
"User of the Application" means a person who has been enabled by the Company to use the Application and who accesses the Application in accordance with these Privacy Rules;
"Privacy rules" mean the general terms of business and the privacy rules of the mobile application as well as all its future amendments and additions, which are based on REGULATION (EU) 2021/953 OF THE EUROPEAN PARLIAMENT AND COUNCIL of June 14, 2021 on the framework for issuing, checking and acceptance of interoperable certificates of vaccination, testing and recovery from the disease COVID-19 (EU digital COVID certificate) in order to facilitate free movement during the pandemic of the disease COVID-19 and the Decision of the Government of the Republic of Croatia on the establishment of a national system for issuing an EU digital COVID certificate from May 31, 2021 (Official Gazette 60/2021).
The installation of the Application does not require registration, nor does it require any personal data, including data such as the user's first and last name, date of birth, mobile phone number or e-mail address. Installation and use of the Application is completely voluntary. Users decide independently whether to download the installation to their mobile device, how to use it and when to remove the Application from their mobile device. At no time does the application collect users' geolocation data, nor is the data stored on the mobile device itself without the User's approval, and it is not forwarded to third parties for processing.
By entering the Application, the Application requires the user's consent to use the camera on the mobile device for the purpose of scanning the QR code, without consent the application will not be able to access the functionality of using the mobile device's camera. Before scanning the COVID certificates, in the Application settings, it is necessary to download the list of public signature keys that are used for the cross-border exchange of public signature keys of EU member states through the gateway defined by the Implementing Decision of the Commission (EU).
Storing the COVID certificate in the Application wallet, the Application requires the User to enter the password for the mobile application located on the COVID certificate. Without entering a password, the confirmation will not be stored in the Application wallet. The QR code contains basic information and a digital signature so that the application can verify the authenticity of the certificate. By saving the COVID certificate, the User agrees to save a certain set of personal data.
Types of personal data
By storing the COVID certificate in the Application wallet, the Application saves the following personal data of the User:
- name and surname
- date of birth
- unique identifier of the certificate
- type of certificate (COVID-19 TESTED/VACCINATED/OVERCOME)
- expiration date of the certificate
Collection of personal data
The Application collects data solely based on the User's request to store the COVID confirmation in the Application's wallet.
Personal data processing techniques
No personal data processing techniques are used, which consist of creating a profile and making automated decisions, nor are analyzes or predictions of the individual's personal preferences, behavior and attitudes carried out.
The processing carried out does not have a discriminatory effect on individuals on the basis of racial or ethnic origin, political opinion, religion or belief, trade union membership, genetic or medical condition or sexual orientation.
Use of personal data
The Application will only use personal data for the purpose for which it was collected (or for a use identified as related to that purpose).
The application uses the User's personal data only for the purposes listed below.
- To protect the User from unauthorized use or potential hacking attempts.
Where the User's personal data is kept
The application stores the User's personal data and implements appropriate security measures accepted by relevant international standards and/or best technical practices in order to protect personal data. The application does not transfer or share the User's personal data with any third parties or locations.
The application may use encryption to ensure the necessary level of security for the User's personal data. However, it should be noted that the Internet cannot be guaranteed to be 100% secure. The user should only access the services in a secure environment.
How long the data is kept
The application stores personal data as long as the User uses the application.
What are the User's rights regarding data processing?
By storing the COVID certificate, Users are considered to have agreed to the processing of personal data.
We comply with the General Data Protection Regulation and the Law on the Implementation of the General Data Protection Regulation (Official Gazette 42/18), and in accordance with them we enable the User to exercise the following rights:
a) The right to access personal data
The user can receive confirmation as to whether his personal data is being processed and, if processed, access to that data and the following information: information on the purpose of processing, the categories of personal data in question, the expected period during which personal data will be stored and the existence of the data subject's rights in regarding the processing of personal data.
b) The right to correct personal data
If the User's personal data that is being processed is incomplete or incorrect, the User may at any time request the Company to correct or supplement it by providing an additional statement. It is noted that the User is responsible for providing correct data, and in addition, he has the obligation to inform about relevant changes to his personal data.
c) The right to delete personal data
If the data was illegally processed or if such processing represents a disproportionate encroachment on the protected interests of the User, the User has the right to delete the stored COVID confirmation from the Application wallet at any time. In this way, all personal data of the User used by the Application will be deleted.
d) The right to object
The user has the right to file an objection to the processing of his personal data if such processing is not necessary for the performance of tasks in the public interest or tasks of public bodies or if during the processing it is based on the obtained consent or on legitimate interests.
e) The right to complain to the supervisory authority
If the User believes that the processing of his personal data was not in accordance with the legal obligations and that his right to the protection of personal data was violated, the User can submit a complaint to the Agency for the Protection of Personal Data, at the address Selska cesta 136, Zagreb, or to the electronic address [email protected].
f) The right to be notified of a violation of personal data
In the event that, despite all the measures taken, there is a violation of the User's personal data, the User will be notified of any such violation without undue delay by sending a notification in writing.
The aforementioned notification shall describe the nature of the personal data breach, specify the name and surname of the person from whom additional information about the breach can be obtained, a description of the likely consequences of the personal data breach and a description of the measures taken to resolve the personal data breach, including measures to reduce the harmful consequences . The aforementioned notification will be drafted using clear and simple language.
Way of exercising rights
If the User wishes to exercise any of his previously mentioned rights, he can contact using the contact information provided in Article 8.
Before providing any data, the necessary measures will be taken to confirm the User's identity, and in case of doubt, additional information may be requested from the User.
The User's request will be answered within one month of its receipt, and the deadline, depending on the complexity of the request, can be extended by an additional two months.
In the event of a request for more complex processing of a larger amount of data, the right is reserved to charge a reasonable fee based on the administrative costs incurred by providing such information.
Components of the server infrastructure communicate with the Application via encrypted and protected channels. Data on the server infrastructure is stored in a database that is realized as a separate logical entity with the application of security policies of the highest standard. However, please note that you should only access the Application in a secure environment.
Saved confirmations are kept in the Application until the User decides to remove them.
The user can remove the collected public signing keys at any time through the settings of the operating system of the mobile device. In this way, data on saved certificates is also removed. The company has no possibility to delete public signature keys from the user's mobile device, as well as from the mobile devices of other users with whom the user has exchanged public signed keys.
The Company will not charge any fee to the Users of the application for the use of the Mobile Application.
Internet resources (multimedia content, data, graphic works, linguistic works, drawings, sketches...) published on the Application are copyrighted works and subject to copyright protection. Reproduction (in one or more copies, in whole or in parts, directly or indirectly, temporarily or permanently, by any means and in any form), distribution (sale, rental, assignment...) is strictly prohibited without the written permission of the Company. ), communication or processing of an Internet resource published on the Mobile Application. The application is available on the platforms "Google Play Store" for Android devices and "App Store" for Apple devices.
By using the Application, the User declares and guarantees that:
2. you will not use the Application for any illegal or unauthorized purposes;
3. your use of the Application will not violate any applicable law or regulation;
The Application may not be used for any endeavors other than those expressly authorized by us.
As a User of the Application, you agree that you will not:
1. make any unauthorized use of the Application;
2. participate in unauthorized connection to the Application;
3. Decipher, decompile, disassemble or process any software that in any way forms part of the Application;
4. Use the Application in a manner that does not comply with any applicable laws or other regulations
The Company makes available to the users of the application, for the purpose of technical support: application work applications, complaints and suggestions, the customer service will be available via e-mail [email protected].