RIGHTS TO PERSONAL DATA PROTECTION IN THE REPUBLIC OF CROATIA

– What are personal data
– Why and whose personal data are being protected
– Who has the right to collect and process personal data
– To whom can data subjects address themselves in case their right to    personal data protection has been violated

PERSONAL DATA PROTECTION AND LEGAL BASIS
The personal data protection is a constitutional right. Every citizen has the right to the protection of his/her personal data, their secrecy and safety in the framework of human rights and fundamental freedoms. Without data subject’s consent personal data can be collected, processed and used only under the conditions set up by the law.
For this reason the Act on personal data protection (Officail Gazette N°103/03) has been eancted, providing for protection of personal data in collecting, processing and use.

NEED FOR PERSONAL DATA PROTECTION IN A MODERN SOCIETY
Your personal data can be collected and used in many aspects of an everyday life. As an individual you can give your personal data when you want to e.g. become a member of a library, to open a bank account etc. Although in the majority of cases you give your personal data on a voluntary basis and for a specific purpose. However, there are many possibilities for a misuse of your data and for their use for various illegal purposes. It is therefore necessary to be aware of the purpose, for which data are being given, and whether those data are going to be used for something else.
A special caution should be used when personal data are being given via modern telecommunication means. A developement of modern technologies ensures not only a faster transfer of huge amounts of data but also a possibility to trasnfer them to other countries without a consent a knowledge of a data subject.

WHAT IS THE PURPOSE OF PERSONAL DATA PROTECTION AND WHOSE DATA ARE BEING PROTECTED?
The purpose of personal data protection is the protection of private life and other human rights and fundamental freedoms in the processing procedure.
The personal data protection is ensured to every individual disregarding his/her citizenship, ethnical or racial origins, religious beliefs, political or other opinions or any other caracteristics.

WHAT ARE PERSONAL DATA AND WHERE CAN THEY BE FOUND?
Personal data represent any information relating to an identified or an identifiable natural person. An identifiable person is one who can be identified, directly or indirectly by reference to one or more factors specific to his identity. Therefore, personal data can be any data identifying an individual, such as an e-mail address, a telephone number or a photo.
Personal data relating to racial or ethnic origin, political opinions, religious or other beliefs, trade-union membership, health or sex life as well as personal data on criminal or misdemeanour proceedings represent special categories of personal data. While processing such data special protection measures must be enforced.
Your personal data can be contained in a computer basis of personal data or they can be technically or manually maintained. A set of personal data represents according to the Act on personal data protection a personal data filing system.

WHAT DOES PERSONAL DATA PROCESSING MEAN?
Personal data processing encompasses a complete operation upon personal data (which can be collecting, alteration, erasure, disclosure of data to third persons etc.).

WHEN CAN YOUR PERSONAL DATA BE COLLECTED AND PROCESSED?
Personal data can be collected and processed in the following cases:
– you have given your consent for processing of your personal data
– personal data processing is defined by the law; a data controller is obliged to comply with his legal obligations
– personal data processing aims at protection of your life and phisical integrity
– personal data processing is being performed in a public interest or in order to comply with public competences
– a subject to personal data processing are those data, which you have published on your own
In case your personal data are being processed upon your consent, the consent must be given freely, explicitly and for a specific purpose.
Special categories of personal data can be processed exceptionally and under the condition that you have given your consent if data processing takes place for the purposes of complying with legal obligations of a data controller, for the purposes of protection of your life and physical integrity, if you have yourself published personal data or if data are being processed by an unprofitable organisation, the member of which you are.

WHO IS RESPONSIBLE FOR TAKING CARE OF A LEGAL PROCESSING OF YOUR PERSONAL DATA?
For a legal processing and protection of personal data are responsible all natural and legal persons, state or other bodies (data controllers) processing your personal data. e.g. it can be your employer, who is maintaining staff data, your association or your bank.
A legal personal data processing means that data controllers are obliged to process personal data for specific purposes. The data must be accurate, complete and up-to-date. They must not be overproportinally or unnecessarilly collected for the purpose, for which they are been collected. They cannot be disclosed to unauthorised persons or be used after an expiry date set up for the use of data or after a fulfillment of the purpose, for which data were collected.

WHAT ARE YOUR LEGAL RIGHTS FOR PROTECTION OF PERSONAL DATA AND WHAT IS THE FIRST STEP IN THE REALISATION OF THESE RIGHTS?
In case of processing of your personal data you have the following rights:
– the right to get an information from a data controller on the processing of your personal data
– the right to know for which purpose and by whom your personal data are being processed and who is going to use them
– the right to access your personal data
– the right to request a correction, alteration or updating of inaccurate, incomplete or not updated data
– the right to withdraw your consent given for processing of your personal data and to request cancelation of data processing
– the right to opose data processing for the marketing purposes
In order to be able to enforce your legal rights you can contact a data controller, responsable for the processing of your personal data.

WHOM TO CONTACT IF AN ILLEGAL PROCESSING OF YOUR DATA BY A DATA CONTROLLER HAS CAUSED YOU CERTAIN DAMAGES?
You can introduce a compensation claim before the court.

WHOM TO CONTACT IF YOU THINK THAT YOUR RIGHTS HAVE BEEN VIOLATED BY A DATA CONTROLLER IN THE PROCESSING OF YOUR PERSONAL DATA?
The supervision over personal data protection, thus over everyone who is processing personal data is carried out by the Personal data protection agency.
Therefore, if you think that a data controller has violated your legal rights, you can send a request to the Agency for establishment of a violation in the processing of your personal data.

PERSONAL DATA PROTECTION AGENCY AND ITS SUPERVISORY COMPETENCES
Personal Data Protection Agency is an independent, supervisory and advisory body, which ensures the implementation of personal data protection.
Agency’s main task consists in supervision over the implementation of personal data protection.
The Agency supervises data controllers responsable for the personal data processing and warns or notices them about irregularities in that processing procedure. The Agency can order correction of irregularities, temporarily prohibit data processing, order erasure of personal data, prohibit their cross-border transfer. Should data controllers not comply with their legal obligations, the Law predicts financial fines.
The Agency may also propose to initiate criminal or misdemeanour proceedings before a competent authority.

PERSONAL DATA PROTECTION AGENCY CONTACT

Selska cesta 136
10 000 Zagreb
Tel: 00385 1 4609 000
Fax: 00385 1 4609 099
azop@azop.hr
www.azop.hr