The University of Zagreb School of Medicine (hereinafter: Repository Owner) provides the service of the Dr Med - University of Zagreb School of Medicine Digital Repository (hereinafter: Repository) and is responsible for data processing for the Repository. The legal position of the Repository Owner as the data controller is regulated by the DABAR System Regulations - Digital Academic Archives and Repositories, which are governed by the University of Zagreb University Computing Centre (hereinafter referred to as "SRCE"), governing the rights and obligations related to the use of the DABAR System - Digital Academic Archives and Repositories.
SRCE is the data processor responsible for the personal data located in the Repository and provides the technological prerequisites for the establishment and maintenance of the Repository. The mutual rights and obligations related to the processing of personal data in the Repository are regulated by the Personal Data Processing Agreement between the data controller and the data processor.
The Repository Owner enables access to the Repository in two ways: by user login to the Repository, and by accessing the content of the Repository without user login.
The Repository Owner has a legitimate interest in collecting usage indicators of the Repository and ensuring compliance with information security requirements. Based on such legitimate interest, the Repository Owner is authorized to collect the following personal data of all users who access the Repository:
Personal data will not be used for other purposes nor will it be transferred to third parties except in cases of information security breaches in which case the data will be submitted to CERT. The personal data of all users who access the Repository will be kept for 24 months from the registered access to the Repository after which they are permanently deleted unless there are other legitimate reasons for processing the data in accordance with positive regulations.
By signing into the Repository, a relationship is created which allows the user to access the personalization functions of the Repository. For the purpose of enabling the use of personalized functionalities of the Repository, the following personal data of users will be collected and processed:
The collected personal data of users who sign into the Repository may be used to compile Repository’s usage statistics and will not be used for other purposes or transferred to third parties. The personal data of users who access the Repository will be kept for 36 months from the last registration.
When using the “Request a copy” functionality, the following personal data are collected and processed:
The personal data of users who are using the above mentioned functionality will be visible to the editors of the Repository in which the object is stored and can be used to create statistical representations of the use of the Repository. Apart from the above, personal data will not be used for other purposes nor will it be transferred to third parties. The personal data of users who use the “Request a copy” are kept for 36 months from the completion of the request. When using personal data to create statistical representations and Repository usage indicators, the data will be displayed in anonymized or aggregated form so that they can no longer be linked to a specific user.
Repository users have, under the conditions of the General Data Protection Regulation, the right to access personal data collected by the Repository Owner, the right to delete (forget), the right to limit processing, the right to data portability and the right to correct personal data if they are incorrect or have been modified.
The user has the right to submit a complaint to the supervisory body for the protection of personal data in the Republic of Croatia regarding the collection and processing of personal data.