We, coordinators of RIS Internship project, are aware that the right to privacy is one of the most important human rights in modern society, which is why this Personal Data Protection Policy applies to the processing (usage) of any personal data that we carry out or that a third party carries out on our behalf. We value our partners, we understand their concern for privacy, and we handle personal data responsibly. We are completely committed to a legal, fair, and transparent processing of personal data. By implementing the proper protection measures, we also prevent access to personal data by unauthorized persons, maintain its confidentiality and completeness, and prevent its loss or unintentional destruction during processing.
About Us as the Controller of Personal Data
The personal data that you provide to us is processed by the project coordinator, University of Zagreb, Faculty of Mining, Geology and Petroleum Engineering, available via email: firstname.lastname@example.org (hereinafter referred to as “RIS Internship coordinators” or the “Controller”).
The processing of personal data is necessary for our business. Without the ability to obtain and process your personal data, we will not be able to provide our services to you. If your consent is required for the processing of personal data, we shall not demand or induce it by threatening to disregard or terminate our business relationship, nor shall we limit our provision of services.
We handle your personal data according to the generally applicable legal provisions of the Republic of Croatia and at the European Union level while also endeavouring to prevent unjustified handling or misuse. The protection of personal data, privacy, and individual rights is one of the fundamental principles consistently observed by the Controller.
Controller is fully aware of the value and sensitivity of the personal data that they come into contact with and that they handle. We are fully aware of the scope of damage that a disclosure, destruction, or rectification of this data would cause and what that means for data subjects, i.e. for you.
RIS Internship members who come into contact with your personal data commit to protecting the confidentiality, access, and integrity of that data, whether we are mandated to do so by law or not. The personal data RIS Internship team members come into contact with or use for a certain purpose shall never be disclosed, unjustly transmitted to a third party, rectified, or destroyed, and will only be used within the scope of the RIS Internship team member’s required work.
Each team member strives to prevent a possible disclosure, destruction, or rectification of personal data that they come into contact with or use in their work. This means that they comply with the regulations regarding the protection of confidential information and personal data, that they protect personal data in paper form, and that they control their environment and immediately report any unusual procedures of computer equipment, their colleagues, or third parties.
RIS Internship team endeavors to guarantee the fair and transparent processing of personal data, which is why we perfect procedures to that end and regularly improve them by providing data subjects with answers to any questions that they may have regarding their data and the way we process them.
RIS Internship team assigned to this task strives to ensure that the rights of data subjects are respected, and to this end, we are implementing not only the appropriate technology but also the appropriate procedures.
What Types of Personal Data are Processed and with what Purpose?
The personal data that you provide and that we process is used for specific purposes, e.g. for distribution of e-news, processing applications for internship, providing information on registered events. This would not be possible without such data. The following personal data is concerned:
- Basic contact details (name, last name, home address, e-mail address, country).
- Data that we need for the organization of events (name of organization, type of organization, position in the organization).
- Data on the use of websites (clicks on links, visit duration) and data regarding feedback to our e-mails (was the e-mail opened, which link was clicked).
On what Legal Grounds do We Process your Personal Data?
The aforementioned personal data that you provide is processed on the basis of your explicit consent. You always have the right to withdraw your given consent.
Who Do We Transmit Your Personal Data to?
We do not transmit or disclose your personal data to third parties (outside of RIS Internship) except to those who have concluded a written contract with us and perform certain tasks related to data processing on the basis of that contract and are obligated to follow the legislation on the processing and protection of personal data (the so-called Contractual Processors). The Contractual Processors, to who we transmit personal data to, are:
- creators and maintainers of computer applications, websites, and information services;
- outside marketing agencies and event organizers.
The Contractual Processors may process personal data only in compliance with our instructions and may not process them for their own purposes. They, as well as their employees, are committed to the protection of your personal data.
Additionally, personal data of the student-potential intern such as address, phone number, e-mail address etc. will be shared only with the company that the student has indicated as his/her first choice, or in the case of rejection, with the company of his/her second or third choice. Companies shall only use this data for purposes of communication with the applicant and will not share them with any third parties outside of the company and without relation to the Internship programme.
The Contractual Processors do not transmit personal data to third countries (outside of the European Economic Area – EU member states and Iceland, Norway, and Liechtenstein).
How long Do We Store your Personal Data?
The personal data that we process on the basis of your consent is stored permanently or until you withdraw your given consent.
The Processing of Cookies, Monitoring IP addresses, and other Means of Technological Control
Voluntary Transmission of Data and Consequences if They Are not Transmitted
The transmission of personal data is voluntary. You are not obligated to transmit your personal data to us, but if you choose not to transmit them, you are not eligible for certain services. The type of data that is subject to the aforementioned consequences if not transmitted shall be stated each time we obtain personal data from you.
RIS Internship coordinators are committed to the principles laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “General Data Protection Regulation”) and is prepared to fully cooperate when you decide to exercise your rights.
Regarding your personal data, you have the following rights:
- to request from us at any time:
- confirmation as to whether we are processing your personal data;
- access to the personal data and the following information: the purpose of the processing, the types of personal data, recipients or categories of recipients to who the personal data has been or is going to be disclosed, especially recipients from third countries or international organizations;
- one (free) copy of your personal data in the form of your choosing (where the data subject makes the request by electronic means, and unless otherwise requested, the copy shall be provided in an electronic form). For any further copies requested by the data subject, the Controller may charge a reasonable fee based on the administrative costs;
- a rectification of inaccurate personal data;
- a restriction of processing when:
- you contest the accuracy of your personal data for a period enabling us to verify the accuracy of it;
- the processing is unlawful and you oppose the erasure of the personal data, requesting the restriction of its use instead;
- we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims;
- erase all personal data (the right to be forgotten), if conditions from Article 17 of the General Data Protection Regulation are fulfilled, and especially if you withdraw your consent to the processing of personal data;
- a copy of your personal data in a structured, commonly used, and machine-readable format, retaining the right to transfer this data to another Controller without our interference;
- to stop using your personal data for direct marketing purposes, including profiling;
- the right to file a complaint with the Information Commissioner if you believe that our processing of your personal data violates the General Data Protection Regulation.
Procedure for Exercising your Rights
Please send any requests to exercise your rights regarding personal data to: email@example.com.
To reliably identify you when you decide to exercise your rights regarding personal data, we may ask for additional information. We may refuse to take action only if we can prove that we cannot reliably identify you.
We must respond to your request for exercising your rights regarding personal data without undue delay and no later than one month from receipt of the request.
The data subject may send a written request for a permanent or temporary, complete or partial withdrawal of their given consent to the processing of personal data to: firstname.lastname@example.org. The withdrawal of the consent does not affect the lawfulness of the processing carried out before the withdrawal.
Personal Data Protection
RIS Internship coordinators protect your personal data with a security management system that is based on the personal data risk analysis. RIS Internship coordinators commits to regularly assess security situations and risks, adapting its security plans with the purpose of keeping your personal data safe. We assure you that the appropriate procedures and technologies are being implemented to protect your information and ensure the physical and administrative protection with organizational as well as technical means. For obvious reasons, we shall not mention these procedures and mechanisms here.