The joint controller is Algebra Group, which includes Algebra d.o.o., Gradišćanska 24, Zagreb, OIB: 24919984448 and Algebra University College, Gradišćanska 24, Zagreb, OIB: 14575159920, while each entity is a leader in education in its respective field. For more information about each of the educational entities individually, visit the following link: https://www.algebra.hr/o-algebri/. The joint controllers have also appointed a joint Data Protection Officer (DPO), who may be reached at: firstname.lastname@example.org.
What data do we collect and how?
The personal data we collect is contact information and other personal data necessary for the provision of services. We collect personal data through our website by means of contact forms, automatically, using website cookies, through the registration forms, or according to services contracts. Some of the data is collected by means of video surveillance in some of our facilities.
The data we collect directly from you
When we collect personal data directly from you using forms, we always inform you about the exact purpose for which the data is collected, or we try to make that purpose clear in itself, for example, on forms for specific purposes. So when you sign up to create a user account or for participation in an online course, register for payment confirmation, fill out an online form on our website, send us an email, participate in our celebrations, or in any other way directly submit your information to us, we will ask you for the following information: e-mail address, name and surname, phone number and similar data necessary to provide a service or enable the use of one of the services and in order to contact you.
Depending on the circumstances of data collection, all obligatory data will be marked with an asterisk (*) on our website, while the entry of any non-obligatory data will be at your discretion. All data collected in this way will be used for the same purpose and protected using the same protective measures as the obligatory data.
Using video surveillance in some of our facilities, we collect data for the purpose of protection of persons and property based on legitimate interests. An appropriate notice about video surveillance is displayed in each facility.
The data we collect from other sources
We process a portion of the personal data as a data processor for other processors based on business agreements. Privacy Policies of other processors for whom we work apply to this personal data. If you want to exercise the rights guaranteed to you by the Regulation, please contact the data controller directly, because in this instance, based on the provisions of the Regulation and the data processing agreement, we are unable to fulfill your request.
We store small data files known as cookies on your devices. This is standard procedure on most websites on the internet.
What are cookies?
A cookie is a file that is stored on a computer or mobile device when visiting websites. With the help of cookies, websites for instance remember your actions and desired settings, such as login, language, font size, and other desired settings related to displaying the website, so it is not necessary to re-enter them every time you return to the website, i.e. when browsing different pages of a particular website.
The cookies we use do not collect personal data such as name, surname, e-mail address and the like.
We use functional cookies for the purpose of recognizing a user’s visit to the website, in order to remember your preferences with the aim of improving and providing a personalized user experience.
We use Google and Facebook analytics cookies in order to track from which pages the users come to our website and the users’ movement across our website; in order to place personalized content and improve the quality of our website and services, as well as to gain a better understanding of user needs and accordingly improve the services and functionalities of our website. Analytics cookies allow us to see aggregated demographic data of the visitors – their age brackets and the cities they come from. We also use them, for example, to determine the number of users who have viewed a service after clicking on an ad; in order to place ads based on your interests, avoid repeating the ads you have already seen, and to track the conversion of advertising campaigns.
- Google Chrome
- Internet Explorer
- Mozilla Firefox
- Safari (Desktop)
- Safari (Mobile)
- Android Browser
- Opera Mobile
Additional information about internet cookies is available at http://www.aboutcookies.org.uk/ or similar sites, such as:
- European Interactive Digital Advertising Alliance (EU)
- Internet Advertising Bureau (US)
- Internet Advertising Bureau (EU)
- Croatian Personal Dana Protection Agency (AZOP)
If you reject our cookies, some of our website functionalities and features may not work properly.
What is the purpose of data processing?
The processing of personal data that we perform is related to the provision of services and information about our services.
We process personal data in order to fulfill our contractual obligations – to provide and maintain services such as certification, training and education, to conduct and improve courses and training programs, to enhance security, to detect, prevent and otherwise discover fraud, illegal actions or technical problems and to fulfill our legal obligations. We also use personal data in communication with you in order to respond to inquiries regarding services and deliver useful data or requested information.
In order to provide you with a better insight into how we use personal data, we will offer a few specific examples:
- Create and manage your user accounts for online services
- Providing access to certain training seminar content or service for which you have signed up
- Monitoring individual and group attendance, progress and completion of online, offline or mixed assignments and training programs, and analyzing the participants’ progress and learning style
- Monitor and detect possible misuses of our website
- Improve and simplify the use of content and services
- Provide information on seminars or services you have signed up for
- Respond to your inquiries and provide customer support
- Become acquainted with your needs in order to offer you the seminars and services you desire and present content that interests you
- Send updates about the latest on-line, off-line and mixes seminars and other services and events, as well as information related to market communication and the operation of our website and its update times
- Research and analyze opportunities to improve our services, individually (e.g. lecturers working with our clients) or collectively; as well as become acquainted with your user experience in terms of access, ease of use and our website performance
- We use video surveillance in some of our facilities for the purpose of protecting property and persons
What is the basis of data collection/processing?
We collect personal data on the basis of legal obligations for the purpose of concluding service agreements for lifelong learning, seminars and training, study programs at the University College, to monitor seminar attendance and creating accounts, certificates of attendance and certification. Likewise, we use it to fulfill contractual obligations for training courses, seminars and study programs, projects and other agreed services. Based on your consent, we collect personal data that we use for the purpose of informing you about our programs in several ways – from sending newsletters, answering your questions, to information about the programs you have expressed interest in.
Processing of personal data of minors – under 16 years of age
Algebra does not knowingly collect personal data from minors under the age of 16 without the appropriate consent from a parent or legal guardian. If you are under the age of 16, please do not send us any personal information, including your name, address, telephone number or email address, without the consent of your parent or guardian.
We take appropriate verification measures and in the event that we discover that we have collected personal data from a person under the age of 16 without adequate parental or guardian consent, we delete that data as soon as possible. If you suspect that we have collected personal data from a minor without proper consent, please let us know by e-mail at email@example.com and we will immediately undertake the necessary measures.
Who has access to data?
A portion of the data, for certain seminars and training courses, is exchanged and made available on the basis of legally defined obligations with public authorities such as the Ministry of Science and Education, the Croatian Employment Service, CARNet, the University Computing Center (SRCE) and the like.
Under no circumstances will personal data be sold or illegally transferred to third parties.
Websites of other companies
On our website, you will occasionally come across internet links to other companies’ websites that are not under the purview of Algebra Group. Algebra Group is in no way accountable for the content, products, services and practices of other companies. The links do not represent endorsement or association with these companies.
Please note that you can make your personal data available to other users by using our online collaboration tools such as forums, chat rooms or other spaces through which public communication or communication of registered users is possible. Other users of these services may read your information, collect it or use it for some other purpose. Therefore, we recommend that you exercise reasonable caution in deciding to publish any information that could be used to identify you in public. If you would like us to remove your personal data from our public spaces, please contact us by e-mail at firstname.lastname@example.org. If in some cases, we are not be able to remove your personal data, we will inform you of this and explain the reasons.
Transfer of your personal data outside the European Economic Community
Although Algebra is based in Croatia, our business partners are located all over the world, and therefore we or our service providers in special cases transfer your personal data to USA using prescribed security measures. To cite an example, we use an external processor that provides services, such as the service of hosting data in the cloud. In these cases, we have taken every precaution to keep your personal data as protected as possible in USA as well, by using the Privacy Shield agreement between the EU and USA.
In the event of a merger, sale of our assets, financing or acquisition of our company in part or whole by another company, we will share your information. In any of these instances, and before the transfer of your personal data, you will be informed in a timely manner about the change of ownership or user of your personal data. We will also share your personal data in the event that we are legally required to do so by a competent institution or investigative body.
How long is the data retention period?
The terms of storage of your personal data depend on the following factors: the time required to perform the service for which you have applied and the timeframe to which we are bound by our legal framework, the execution of agreements or the need to resolve disputes. We will also store and process your personal data collected with your consent until the deadline indicated at the time of collection or until your consent is withdrawn. A portion of retention periods is therefore defined by internal acts, while all of them will be transparently announced to you at the time of using the service at the latest. Of course, we always communicate the maximum retention periods, but in case we no longer need your personal data, we will return or delete them even before the maximum storage period expires.
Please note that if you contact our Customer Service, we may, if necessary, collect additional personal data. This additional data will be deleted as soon as your case is resolved.
We regularly update the periods of personal data retention.
What are the measures of protection?
Algebra takes the security of your personal information very seriously, therefore, we use, constantly check, test and update our physical, technical and organizational measures used to prevent accidental or unlawful destruction, loss, alteration, as well as unauthorized disclosure or access to your personal data. Access to your personal data is provided only to those of our employees who require it in order to provide you with the services you desire. Our employees regularly receive training on the importance of data confidentiality and maintaining the privacy and security of your personal data.
Since no security measure is absolutely fullproof, we recommend that you keep your passwords safe, as this is one of the easiest ways you can manage the security of your account yourself. For the purposes of our services, security passwords are generated and must be changed upon first use, whereas only in rare cases you will receive a generated security password. We recommend that you do not write down your passwords and especially that you do not make them accessible to others.
Communication via e-mail or any other internet channel is not secure unless it is encrypted. Your communications may pass through several countries before reaching us and we are not accountable for any unauthorized access or loss of personal data beyond our control.
What are the data subjects’ rights?
We ensure that the data subjects receive the rights guaranteed by the General Data Protection Regulation:
- Right to data access
You have the right to request confirmation of whether we are processing your data and, if so, to obtain access to that data. In the event that we process a large amount of data related to you, we may ask you to specify your request for the delivery of certain specific groups of data that we process about you.
- Right to rectification
In case you notice that we are processing incorrect or incomplete data about you or you want to change your data, you have the right to request a correction or supplementation of incomplete personal data. In order to ensure that we always process only accurate personal data about you, it is necessary for you to notify us of any changes without delay.
- Right to erasure (‘right to be forgotten’)
You may request the deletion of your personal data, for example, if you consider that your personal data is no longer necessary for the purpose for which it was collected or otherwise processed, if you consider that your personal data is being processed illegally, or if you object to the processing. If you withdraw your consent, we will immediately delete your personal data collected on the basis of consent.
However, please note that we will not be able to delete your data if it is necessary to fulfill legal obligations, contractual obligations and other legal requirements from the General Data Protection Regulation.
- Right to restriction of processing
You have the right to obtain a restriction of the processing of your personal data, which can be requested, for example, if you have filed an objection to data processing, you have doubts about the accuracy of the personal data being processed or the legality of its processing, but you do not want this data to be deleted or you still need it for the fulfillment of legal requirements.
- Right to data portability
If the processing is based on your consent or an agreement concluded with you, and at the same time is performed by automated means, you have the right to receive the personal data that we have obtained from you. Upon your request and if technically feasible, we will securely transfer your personal data directly to another controller.
- Right to object
At any time, considering your individual situation, you are authorized to lodge an objection to the processing of the personal data relating to you, following which we will limit the processing thereof. You also have the right at any time to object to the processing of your personal data for direct marketing purposes. After submitting an objection, we will stop processing your personal data for the stated purpose.
- Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data is in violation of the General Data Protection Regulation, you have the right to submit a complaint to the competent supervisory authority. For the territory of the Republic of Croatia, the supervisory authority is the Croatian Personal Data Protection Agency, with the following contact information: Martićeva 14, 10000 Zagreb, Croatia, web: http://azop.hr/, phone: +385 1 4609 000.
- Right to withdraw consent
If the processing of your personal data is based on consent, you have the right to withdraw said consent at any time, without any consequences.
You can request the fulfillment of the above rights:
- in person or in writing to the address: Algebra, Gradišćanska 24, Zagreb 10000
- more information on how to submit a request for the fulfilment of subject rights may be obtained by e-mail, at email@example.com, or by phone, at 01/2332-861
Note – when submitting a request, identification of the applicant is required. The reason for this is to protect you as the owner of personal data.
Data Protection Officer
- In writing, at the address: Algebra, Gradišćanska 24, Zagreb
- By e-mail, at the address: firstname.lastname@example.org