NIAS

National Identification and Authentication System

General Terms of Use

  1. PREAMBLE
  • These General Terms and Conditions of Use of the e-Citizen portal (hereinafter referred to as: the General Terms and Conditions) shall govern the use, by legal and natural persons, of the e-Citizen as well as other corresponding components integrated in the State information infrastructure.
  •  
  • The use of the e-Citizen portal (together hereinafter referred to as: the System) shall not be possible without consent to the General Terms and Conditions and personal data processing.
  •  
  • By activating and using the System, the Users acknowledge that they have been familiarized with and understood the General Terms and that they expressly accept them, as well as give their consent to the processing of their personal data.
  •  
  • The General Terms shall be posted on the corresponding System website (www.gov.hr).
  •  
  • By accepting these General Terms and Conditions, the Users agree that they shall use the System, the electronic services and other corresponding components integrated in the e-Citizen and e-Business Systems and the State information infrastructure solely in accordance with their original purpose, legally intended use and without jeopardising, limiting or preventing the work and the use thereof by third parties.
  •  
  • The Central State Office for the Development of Digital Society reserves the right to modify and/or supplement the General Terms and Conditions without prior notice and it shall inform the Users/Cross-Border Users thereof in a timely manner.
  •  
  • All enquiries or remarks about the System operation shall be made via e-mail to: pomoc@e gradjani.gov.hr or phone at: 072 200027
  •  
  • All enquiries or remarks about e-services and the contents delivered to the user mailbox, shall be made directly to the e-Service Provider in accordance with the Terms and Conditions of the e-Service provision.
  •  
  • All requests or enquiries about Personal data processing as well as the withdrawal of the consent to personal data processing may be delivered in writing at the following address: Central State Office for the Development of Digital Society, Ivana Lučića 8, 10000 Zagreb, or by e-mail to: zastitapodataka@rdd.hr.
  •  
  • The contact information of the personal data protection officer of the personal data controller are: zastitapodataka@rdd.hr.
  •  
  • These General Terms and Conditions shall be applied as of 30th March 2021.

 

  1. DEFINITIONS
  • The terms contained in these General Terms and Conditions shall have the following meaning:
  •  
  • Administrator or System Administrator means the Central State Office for the Development of the Digital Society;
  •  
  • Authentication means the process enabling the User’s and/or Cross-border system verification and/or the verification of the use of the User’s and/or Cross-Border User’s personalised security credentials;
  •  
  • Node means the point of connection between the National Identification and Authentication System (hereinafter referred to as: The NIAS) and the EU/EEA structure for the interoperability of electronic identification. It is included in the cross-border authentication of Cross-Border Users and has the ability to recognise and process, i.e. forward data to other nodes and NIAS;
  •  
  • e-Representations means an e-Authorisations subsystem module that retrieves information on legal representatives from the Attribute provider and e-Authorisations database, enabling the identification of a business entity legal representatives;
  •  
  • e-Mandate means an e-Authorisation subsystem module that enables the creation and management of e-Mandates for the access to e-Services by legal representatives or other authorised persons of a business entity;
  •  
  • e-Authorisations means an e-Business subsystem enabling the authorisation data management and retrieval of legal representatives’ information, which is composed of two modules: the e-Representation module and the e-Mandate module. The e-Authorisation subsystem is also used within the e-Citizen system where it enables e-Services requiring information on underage children of an authenticated User, who is the children's legal representative according to the Attribute provider record (Parent-child functionality), to retrieve such data;
  •  
  • Electronic service ili e-Service is a public service provided by the e-Service Provider to a User and/or Cross-Border User via the internet;
  •  
  • Electronic identity ili e-ID is a unique set of identification data of a particular entity (a person, a public-sector entity, a computer system) kept in electronic form and providing a unique identification of the entity to which such data pertain; these data are required for an unambiguous User identification for the purpose of access to an e-Service;
  •  
  • Cross-Border User’s Unique Identifier means, for natural persons, a natural person’s identification number and for business entities, a business entity’s unique identifier created by an EU/EEA Member State for cross-border identification purposes.
  •  
  • User’s Unique Identifier for Natural Persons in NIAS is the Personal Identification Number (PIN), while for business entities, it is the business entity’s unique identifier, i.e. a combination of the business entity’s identifier data contained in the competent register and those contained in the business entity register source (Attribute Provider).
  •  
  • Single Sign On means a method of User authentication allowing a User to be authenticated only once in order to log in to multiple e-Services, provided that the minimum authentication security level requirement, necessary for the access to an e-Service, is met, i.e. that the User is authenticated once per session and NIAS enables the access to all e-Services requiring authentication by a credential of the same or lower security level without the User having to use its credential again.
  •  
  • Single Sign-Out enables a User to log off from all e-Services to which s/he has logged in during a single NIAS session.
  •  
  • The user is a natural person acting on its own behalf (or, as the case may be, on behalf of a minor) or a person authorised to act on behalf of a business entity and owning a nationally recognised electronic credential, who accesses the System via NIAS.
  •  
  • User Mailbox (hereinafter referred to as: UM) is a e-Citizen system service enabling electronic communication with public-sector entities through the components of the State information infrastructure. For the avoidance of doubt, the term UM shall be used herein also to indicate both the personal user mailbox as a part of the e-Citizen system and the business user mailbox, as a part of the e-Business system.
  •  
  • Qualified electronic signature means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
  •  
  • Qualified electronic time stamp means an electronic time stamp that binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably, it is based on an accurate time source linked to Coordinated Universal Time and it is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method.
  •  
  • My Profile is an e-Service automatically activated by the User when logging in to the System via Navigation bar; it is intended for the purpose of User’s account administration within the System. Should the My Profile e-Service become available for Cross-Border Users as well, such term shall be applied respectively to the Cross-Border User logging in to the System.
  •  
  • The National Identification and Authentication System (NIAS) means an information and technological system of central identification and authentication of electronic services users, which forms a part of the System.
  •  
  • The navigation bar is part of the System and contains basic information regarding a User logged in the System and the business entity on whose behalf the User is authorised to act. The navigation bar may also contain information regarding a Cross-Border User logged in the System and the business entity such Cross-Border User is authorised to act for.
  •  
  • General Data Protection Regulation means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  •  
  • Personal data means any information being processed and relating to an identified or identifiable natural person according to the definition contained in the General Data Protection Regulation.
  •  
  • User’s Basic Attributes means a User’s identification information linked to its Personal Identification Number (PIN) or a business entity’s unique identifier, which are used to identify the User using an e-Service.
  •  
  • Basic Cross-Border User’s Attributes means a Cross-Border User’s identification information linked to its Personal Identification Number (PIN) or a business entity’s unique identifier, which are used to identify the Cross-Border User using an e-Service.
  •  
  • Cross-Border User means a citizen or a person in a business entity of an EU/EEA/EES Member State, who possesses a credential issued in an EU/EEA Member State, except the Republic of Croatia, whereby the Cross-Border User accesses an e-Service via Node and NIAS.
  •  
  • e-Service Provider is a public authority and/or a legal entity established by the Republic of Croatia and/or a legal entity designated by the head of the authority competent for e-Croatia, which provides an e-Service to the Users and/or Cross-Border Users. For the avoidance of doubt, this term shall not include the service provider within the Shared-Services Centre that entered into the System Component Operational Management Agreement with the System Administrator in accordance with Article 2, item 2 of the Regulation on the Organisational and Technical Standards for the Connection on the State Information Infrastructure (Official Gazette of the Republic of Croatia “Narodne novine” No 60/2017)
  •  
  • Personal Data Protection Regulations means all laws and other regulations referring to the processing of personal data, including the General Data Protection Regulation (2016/679) and the act implementing the General Data Protection Regulation, as well as other rules regulating the rights and the obligations of the controller and the processor.
  •  
  • System means the e-Citizen portal with all its components.
  •  
  • The e-Citizen System forms part of the State information system and it is composed of the Portal for Public Information and Electronic Services for Citizens, the National Identification and Authentication System and the User Mailbox System.
  •  
  • The e-Business System forms part of the State information system, and it is composed of: the Portal for Public Information and Electronic Services for Business Entities, the National Identification and Authentication System and the User Mailbox System.
  •  
  • Public Authorities are state administration bodies, other state bodies, local and regional government, legal entities and other bodies with official authorities, legal entities established by the Republic of Croatia or local or regional government, public service bodies, legal entities mainly or entirely financed from the state budget or the local or regional government budget or from public funds (duties, charges and similar) based on a special regulation, as well as companies majority-owned, separately or together, by the Republic of Croatia and local and regional governments.
  •  
  • Credential means a set of information on the User, used as a evidence of electronic identity (e-ID) for the purpose of enabling the access to e-Services.
  •  
  • Controller means Central State Office for the Development of Digital Society, Ivana Lučića 8, 10 000 Zagreb, Personal Identification Number (PIN): 55422358623, contact phone number: +385 1 44 00 840.
  •  
  • The processor is the Financial Agency (FINA) and/or APIS IT Ltd.
  •  
  • “data subject”, “personal data breach”, “processor”, “third party” and “processing” shall have the meaning given to these terms by the provisions of the General Data Protection Regulation. Legal processing means the processing of personal data in accordance to the provisions of the Personal Data Protection Regulations.
  •  
  • Zakonita obrada je obrada osobnih podataka sukladno odredbama „Propisa iz područja zaštite osobnih podataka“.

 

  1. USE OF THE SYSTEM AND E-SERVICES
  • 3.1. The User accesses the System, the NIAS and the e-Services via internet (international computer network).
  •  
  • 3.2. The Cross-Border User accesses the Croatian e-Service across the Cross-border Node and the Croatian node that is connected to the NIAS.
  •  
  • 3.3. In order to access the e-Service, the User and/or the Cross-Border User must have access to the internet and to one of the most used internet browsers such as, for example, Edge, Chrome, Opera, Mozilla Firefox and others.
  •  
  • 3.4. The User and/or the Cross-Border User shall use their credentials as a means of proof of their e-identity.
  •  
  • 3.5. The e-Service Providers shall decide on the User’s and/or Cross-Border User’s access based on a NIAS message containing the result of the credential authenticity verification and the retrieval of additional authorisation attributes that depend on the selected e-Service.
  •  
  • 3.6. e-Service Providers shall provide e-Services in the manner and to the extent stipulated by the rules of use of a specific e-Service laid down by a particular e-Service Provider. The Administrator shall neither have influence on the rules of use of an e-Service nor on the e-Service provision and/or contents.
  •  
  • 3.7. The User and/or Cross-Border User shall be responsible for a conscientious use and keeping its credential.
  •  
  • 3.8. The user may use more credentials recognised by the NIAS.
  •  
  • 3.9. Administrator or System Administrator shall publish information on credentials that are recognised by the NIAS, their issuers and the issuing method.
  •  
  • 3.10. The User may request a credential from the credential Issuer in accordance with the Issuer’s credential issuing rules.
  •  
  • 3.11. The Cross-Border User may perform the cross-border authentication with a credential published by the European Commission in the Official Journal of the European Union in accordance with Article 6 of the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (hereinafter referred to as: the eIDAS Regulation).
  •  
  • 3.12. In order to access Croatian e-Services, the Cross-Border User shall use a credential issued in an EU/EEA Member State, except the Republic of Croatia. The NIAS enables the User to view the set of information about the User itself, which is required by the e-Service Provider for login purposes. In case of e-Services intended both for the citizens and the business entities, the e-Service Provider will always require the maximum set of information. The User may cancel the data required for the e-Service login from being sent, but by doing so, the User’s login process will be cancelled as well.
  •  
  • 3.13. When a Cross-Border User is accessing an e-Service, the Node will send the set of information received by the Cross-border node to the NIAS that in turn will forwards it to the e-Service. Based on the information received, the e-Service Provider will decide whether to allow or to deny the access to the e-Service to a Cross-Border User.
  •  
  • 3.14. During its initial logging in via the NIAS, the User will have its user account automatically opened in the My Profile e-Service.
  •  
  • 3.15. The My Profile service enables the User to administrate its user account within the NIAS, to access all e-Services of the System, to manage its own shortcuts to available e-Services, to view the 60-day history of credential use, to manage authorisations for an automatic data forwarding to e-Services and to set an e-mail address for the receipt of the credential use notifications.
  •  
  • 3.16. By logging off from the NIAS, the User logs out of the session on the NIAS, resulting in the Single Sing-Out of the e-Services that it had previously logged in.
  •  
  • 3.17. The “My Profile” service enables a Cross-Border User to access all System e-Services intended for Cross-Border Users.
  •  
  • 3.18. The Single Sign On option is not available for Cross-Border Users.
  •  
  • 3.19. The access to an e-Service requesting the authentication with a credential of a higher security level than the one that has already been authenticated per active session, requires new authentication with a higher security level credential from the User or/and Cross-Border User.
  •  
  • 3.20. The Single Sign-Out option is not available for Cross-Border Users. Cross-Border Users needs to log off from each service separately.

 

  1. USER MAILBOX
  • 4.1. All users authenticated in the NIAS with a valid credential shall be entitled to use an UM. Should the UM also become available to Cross-Border Users, this term shall include them as well.
  •  
  • 4.2. During the initial login to the System via NIAS, the UM shall be automatically opened for each new User.
  •  
  • 4.3. An UM shall be automatically opened for the existing Users who have not had an UM until coming into force of these General Terms and Conditions, once they agree to these General Terms and Conditions.
  •  
  • 4.4. When opened, the UM may be deactivated by the User who will then continue to use the System without the UM.
  •  
  • 4.5. The Users shall have the right to export data from the UM to an easily-read data base while the UM remains opened.
  •  
  • 4.6. After closing the UM, the access to and the export of data from the UM shall not be possible.
  •  
  • 4.7. False representation and unauthorised access to other people’s UMs as well as any action that may cause unauthorised data modification, confusion, disturbance, interference in communication with the UM and other adverse actions, shall be prohibited.
  •  
  • 4.8. The User shall be responsible for forwarding the information regarding the received message to the UM. The Administrator shall not be liable for any information forwarded to the-email, which has been verified by the User itself.
  •  
  • 4.9. The UM data storing and copying for the purpose other than use in the User’s interest shall be forbidden.
  •  
  • 4.10. The messages in the UM shall be protected from data modification and unauthorised use. By electronically logging in and/or time-stamping the information contents at the time of forwarding such received information to third parties, the User confirms that the contents forwarded is identical to the contents of the message that the User received from the e-Service Provider.
  •  
  • 4.11. The costs of procurement and maintenance of User’s own computer equipment (hardware and software) as well as other equipment required for the access to and the use of the UM, including other costs related to its use, shall be borne by the User.
  •  
  • 4.12. The UM message contents shall be available only to the Users and their representatives/authorised persons.
  •  
  • 4.13. The Administrator shall warn the Users that there is a certain level of risk of the security measures being bypassed by unauthorised persons or applications causing damage to the Users.
  •  
  • 4.14. The Central State Office for the Development of the Digital Society shall ensure that the best UM function and contents testing standards are in place.
  •  
  • 4.15. The UM system shall use data and unauthorised data management protection standards and measures stipulated by law.
  •  
  • 4.16. In case of breach of the General Terms and Conditions, the Administrator shall have the right to suspend the access to the system and activate measures stipulated by law in order to provide protection.
  •  
  • 4.17. The Administrator shall not be held liable for any contents or its loss and damage caused by the use of the UM.
  •  
  • 4.18. The e-Service Providers who sent the contents delivered to the UM shall be liable for such contents.
  •  
  • 4.19. The UM shall deliver the messages and the attachments to the User in the form sent by the sending institutions.4.19. KP Korisniku dostavlja poruke i priloge u obliku u kome su ih poslale institucije pošiljatelji.
  •  
  • 4.20. Neither the UM nor the Administrator may guarantee, and they do not guarantee, the accuracy and the quality of the contents of the messages received.
  •  
  • 4.21. The Administrator shall not be held liable for the documents and contents at the sources which the UM connects to and the Administrator may not guarantee the accuracy, the origin or the quality of contents of those pages or their availability.

 

  1. SYSTEM AVAILABILITY AND EXCLUSION OF ADMINISTRATOR LIABILITY
  • 5.1. The Administrator shall provide the Users with a limited System access service via the State information infrastructure and shall in no way be liable for its use by the Users and its around-the-clock availability and correct operation.
  •  
  • 5.2. The Administrator shall endeavour to make the System available at all times, except during maintenance, but it shall not guarantee around-the-clock availability or correct operation of the System.
  •  
  • 5.3. By using the System, the User accepts the risk of the System being partly or entirely unavailable or malfunctioning during a certain period of time.
  •  
  • 5.4. The Administrator shall not be held liable for the System unavailability or malfunctioning regardless of whether the reason for such unavailability or malfunctioning is beyond Administrator's control and/or fault or not.
  •  
  • 5.5. By accepting these General Terms and Conditions, the Users expressly declare that they release the Administrator from any future liability for around-the-clock availability and correct functioning of the System.
  •  
  • 5.6. Given that the e-Services are provided through the System, the Administrator does not provide such services, therefore the Administrator shall not in any way be liable for the contents and availability of e-Services.
  •  
  • 5.7. Should the User note that the System and/or the use of e-Services is not available and/or is malfunctioning, the User shall, inform the Administrator thereof without delay via e-mail: pomoc@e gradjani.gov.hr or phone at: 072 200027
  •  
  • 5.8. When notified of such System and /or e-Service unavailability or malfunction, the Administrator shall endeavour to promptly inform the e-Service Providers thereof in order to avoid any adverse consequences of such System and/or e-Service provision unavailability or malfunctioning, and the Administrator shall try to enable the System operation at its earliest convenience. The consequences of an e-Service unavailability or malfunction shall be subjected to the rules of use of the e-Service in question.
  •  
  • 5.9. Should the User fail to notify the Administrator of the System and/or e-Service provision unavailability or malfunction in accordance with the item 5.6 of the General Terms and Conditions, the User may lose the rights that the User would be normally entitled to under the rules of use of a specific e-Service laid down by the e-Service Provider.
  •  
  • 5.10. The Administrator shall, at the request of the User who has acted in accordance with item 5.6 of the General Terms and Conditions, issue a System and/or e-Service provision unavailability or malfunctioning confirmation within 3 days of the day of request. The request referred to in this item shall be filed to the Administrator via e-mail to: pomoc@e gradjani.gov.hr.
  •  
  • 5.11. The Administrator shall not be liable for the e-Service Provider’s denying the access to the User and/or Cross-Border User based on the information received.
  •  
  • 5.12. The e-Service Provider shall be responsible for providing clear information about prerequisites to be met by the Users in order to access an e-Service, as well as of the requirement to regulate their access rights by means of e-Mandates in e-Authorisations and the acceptance of the conditions of use of the e-Service concerned.
  •  
  • 5.13. The Administrator shall not be held liable for any damage caused by credential misuse or neglectful keeping as well as of any damage/destruction of User’s/Cross-Border User’s data and equipment caused by the use of the System.
  •  
  • 5.14. The Administrator does not control the internet, therefore the Administrator may not and will not guarantee the availability of e-Services that are not under its direct control.
  •  
  • 5.15. The e-Service Providers shall be responsible for correct and proper operation of e-Services in accordance with stipulated rules of use of a specific e-Service, for the message contents as well as for the protection of the communication channel between the e-Service and the User/Cross-Border User.
  •  
  • 5.16. The Administrator shall not be liable for damages to the User’s and/or Cross-Border User’s equipment as a result of the use of the System or any of its components.
  •  
  • 5.17. The Administrator shall not be held liable for the way the credential, the password and PIN are used.

 

  1. PERSONAL DATA PROCESSING AND CONSENT TO THE PROCESSING
  • 6.1. The Administrator shall respect the privacy of the System users. The Personal data in the System shall be treated in accordance with the Personal Data Protection Regulations.
  •  
  • 6.2. By activating and using the System, the User, the Cross-Border User and other persons using the System accept the General Terms and Conditions and give their consent to the processing of their Personal data in accordance with the General Terms and Conditions.
  •  
  • 6.3. By accepting the General Terms and Conditions of Use of a specific e-Service, defined by the e-Service Providers, data subjects give their consent to the processing of their personal data in accordance to such General Terms and Conditions. Given that the Administrator has no influence on the adoption of the General Terms and Conditions of Use of a specific e-Service, the Administrator has no liability ensuing from such Terms and Conditions either.
  •  
  • 6.4. Data subjects, the User, the Cross-Border User and other persons using the System, shall have the right to withdraw their consent at any time in accordance with item 6.19. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  •  
  • 6.5. The categories of data subjects whose personal data may be processed are national and foreign natural persons.
  •  
  • 6.6. The personal data of Users and/or Cross-Border Users and other persons whose data may be processed as well as the System registration data shall not be made available to third parties, unless they are e-Service Providers, FINA or APIS IT Ltd., and as such are authorised to keep and process the said data within the framework of the services they provide.
  •  
  • 6.7. The personal data may be made available to third parties who are not e-Service Providers, FINA or APIS IT Ltd. only if the provision of such data is stipulated by law.
  •  
  • 6.8. The data subjects’ Personal data shall be used exclusively for the purpose of: provision of the stipulated System and e-Service functionalities; opening and upgrading the UM contents and functions; receipt, display and use of messages and communication with the Users via UM, as well as upgrading UMs, the System and e-Services. Neither the Administrator nor the System shall have access to the Users’ credential-related secret information nor are they aware of it in any way.
  •  
  • 6.9. The Administrator warrants to the User and the Cross-Border User as well as to other persons whose data may be processed, that the Agreement the Administrator entered into with the Financial Agency (FINA), as the NIAS and the Node Operation Manager, and the Agreement with APIS IT Ltd., as the UM Operation Manager, ensure that the Personal data pertaining to the Administrator shall be used in accordance with the Personal Data Protection Regulations. The privacy and the secrecy of data exchanged between the Node and the Cross-Border Nodes is regulated by the e-IDAS Regulation and the Regulation 2015/1501 on the interoperability framework
  •  
  • 6.10. Specific Personal Data of Data Subjects shall not be processed.
  •  
  • 6.11. By accepting the General Terms and Conditions, the User acknowledges and agrees that the System and its components required for the User to access the System and/or an e-Service, will forward a set of Personal data that may contain: Personal Identification Number (PIN), name, surname, country code (HR), date of birth, birth surname, place of residence (country, city, municipality, residential area, street and house number), ID card number and validity date. In case of e-Services that retrieve underage children’s data, the set of Personal data may also contain: child’s Personal Identification Number (PIN), name, surname and his/her date of birth. For the purpose of cross-border authentication, when accessing to e-services provided by EU/EEA member States, the basic set of User’s data shall be extended to his/her date of birth, and, optionally, birth surname, place of birth, current address and similar. For the purpose of User’s access to e-Services intended for business entities and e-Services intended for citizens and business entities in the Republic of Croatia, the said data set may be extended to the business entity unique identifier, company name, authorised person’s function, description and function value, key, role description and value that the User has for the business entity and the authentication certificate DN, if delivered by the business credential issuer or if the Attribute Provider holds data related to the business entity concerned. For the purpose of cross-border authentication for business e-Services, beside the business entity unique identifier data, the NIAS may forward optional business entity data, such as: business entity address, VAT number, tax reference number, identifier according to Article 3, paragraph 1 of the Directive 2009/101/EC of the European Parliament and of the Council, the Economic Operator Registration and Identification Number (EORI) referred to in the Commission Implementing Regulation (EU) No 1352/2013, as well as the excise number under Article 2, paragraph 12 of of the Council Regulation (EU) No 389/2012. The aforementioned data shall be retrieved by the NIAS from the Personal Identification Number Record (the PIN System), the Crafts Register, the Farmers Register, the e-Authorisations Data Department where the data were entered by the Officer before use of e-Authorisation, and Births Register, all in accordance with the NIAS Work Protocol for e-Citizen and e-Business. According to the NIAS Work Protocol for e-Citizen and e-Business, all these registers act as the official public e-Service users’ Attribute Providers. The User has the option to enter its e-mail address in the My Profile e-Service, which is used exclusively for the purpose of receiving notifications when using the credential.
  •  
  • 6.12. The following User’s data are processed in the NIAS in accordance with the NIAS Work Protocol for e-Citizen and e-Business:
    1. Personal Identification Number;
    2. Security level of the credential used by the User/Cross-Border User for its authentication:
    3. e- mail address (if entered by the User);
    4. The history of User’s attributes requested from and sent to a particular e-Service and type of credential used for logging in (the User may view the history in My Profile service);
    5. ISO code of the country whose credential a Cross-Border User uses to authenticate itself;
    6. Mandatory and optional User and Cross-Border User’s attributes that are forwarded through the Note and the Cross-Border Node, carrying the sending country ISO code and the credential security level;
    7. Electronic records containing the contents of messages exchanged with the credential Issuer, the e-Service Provider and the Node. The largest set of User’s data that is contained in the electronic record and is to be processed, depend on the credential used and encompass the following mandatory data: name, surname, date of birth (for singing in to cross-border e-services), PIN, country code (HR), User-child relation including: child’s PIN, name, surname and date of birth, User’s relation with the business entity including: the business entity unique identifier, company name, authorised person’s function, description and function value, key, value and role description that the User has with regard to the business entity and the authentication certificate DN as well as the following optional data: birth surname, place of birth, current address and gender, the User’s relation with the business entity including: business entity address, VAT number, tax reference number, identifier according to Article 3, paragraph 1 of the Directive 2009/101/EC of the European Parliament and of the Council, the Economic Operator Registration and Identification Number (EORI) referred to in the Commission Implementing Regulation (EU) No 1352/2013, as well as the excise number under Article 2, paragraph 12 of of the Council Regulation (EU) No 389/2012. The largest set of Cross-Border User’s data is contained in the electronic record and is to be processed include the following mandatory data: current name and surname, date of birth, the unique identifier created by the sending country, the Cross-Border User’s country code, the Cross-Border User’s relation with the business entity including: the business entity unique identifier and legal entity’s name, and for the purpose of cross-border authentication in accordance with the implementing acts of the Regulation (EU/EEA) No 910/2014, the following data are optionally processed: birth name and surname, place of birth, current address and gender, the Cross-Border User’s relation with the business entity including: current business entity address, VAT number, tax reference number, identifier under Article 3, paragraph 1 of the Directive 2009/101/EC of the European Parliament and of the Council, the Legal Entity Identifier (LEI) referred to in the Commission Implementing Regulation (EU) No 1247/201, the Economic Operator Registration and Identification Number (EORI) referred to in the Commission Implementing Regulation (EU) No 1352/2013, as well as the excise number under Article 2 of paragraph 12 of the Council Regulation (EU) No 389/2012. The Node retrieves the set of Cross-Border User’s data and forwards it it to the NIAS that, in turn, forwards it to the e-Service Provider.
  •  
  • 6.13. The Personal data shall be processed during and 10 years after the last day of use of the System.
  •  
  • 6.14. The receivers of the Personal data forwarded by the System for the purpose of use of e-Services shall be e-Service Providers.
  •  
  • 6.15. The personal data forwarded by the System to the e-Service Provider shall be processed solely for the purpose of singing in to e-Services via the System, unless otherwise specified in the General Terms and Conditions of Use of a specific e-Service, agreed to by the User/Cross-Border User.
  •  
  • 6.16. The secret number (PIN) used for the System registration process by means of an application installed on mobile devices, shall be known only to the User using the mobile application and shall not be available nor visible to third parties. The User shall keep the secret number (PIN) undisclosed.
  •  
  • 6.17. The System uses cookies. A cookie is a small text file saved by the visited website on the User’s or Cross-Border User’s device. The file contains information supporting the use of the website concerned. The cookies enable the System and the NIAS to work efficiently, providing comfort to the User/Cross-Border User, and they are deleted at the end of the session. By accessing to the System, the User/Cross-Border User accepts that the System and/or the NIAS may save cookies on the User/Cross-Border User’s computer or any other device used by them. If the user/Cross-Border User refuses cookies, the NIAS and/or the System may not function.
  •  
  • 6.18. Korisnik/Prekogranični korisnik na kojeg se odnose osobni podaci koje Sustav i NIAS prosljeđuje Pružatelju e-usluge, koje obrađuje voditelj obrade ima pravo zatražiti pristup, ispravak, brisanje, prenosivost i ograničavanje obrade, podnijeti prigovor na obradu osobnih podataka koji se na njega odnose, ako su za to ispunjene pretpostavke propisane propisima iz područja zaštite osobnih podataka kao i povući privolu u svakom trenutku. Zahtjev u vezi s prethodnim pravima Korisnik/Prekogranični korisnik može podnijeti u pisanom obliku na adresu: Središnji državni ured za razvoj digitalnog društva, Ivana Lučića 8, 10000 Zagreb ili elektroničkom poštom na: zastitapodataka@rdd.hr.
  •  
  • 6.19. The User/Cross-Border User who the personal data forwarded by the System and the NIAS to the e-Service Provider and processed by the controller refer to may request access, rectification, erasure, portability and restriction of processing and file an objection to the processing of such personal data if the requirements stipulated by the Personal Data Protection Regulations are met, as well as withdraw his/her consent at all times. The User/Cross-Border User may file a written request related to the aforementioned rights to: Central State Office for the Development of the Digital Society, Ivana Lučića 8, 10000 Zagreb, or by e-mail to: zastitapodataka@rdd.hr.

 

  1. GENERAL PROVISIONS
  • 7.1. All relations that have not been specifically provided for in these General Terms and Conditions shall be subjected to the requirements of the NIAS Work Protocol for e-Citizen and e-Business, the e-Authorisations Work Protocol as well as all relevant regulations of the Republic of Croatia, as applicable.
  •  
  • 7.2. Unless otherwise specified herein, all relations between the Administrator and the User or the Cross-Border User shall be governed by the law of the Republic of Croatia.
  •  
  • 7.3. All relations involved with the communication between the NIAS, the Node and the Cross-Border Node that have not been specifically provided for in these General Terms and Conditions, shall be subjected to the requirements of the NIAS Work Protocol for e-Citizen and e-Business and the Regulation (EU) No 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market.
  •  
  • 7.4. All headings are inserted for convenience of reference only and shall not affect the contents of these General Terms and Conditions.
  •  
  • 7.5. Any reference to gender identity shall include any gender, that is any person.
  •  
  • 7.6. The preamble shall be binding as the rest of the General Terms and Conditions.
  •  
  • 7.7. Any dispute arising out of and/or related to the use of the System and/or these General Terms and Conditions shall be resolved by the competent court in Zagreb.
User identifier: 0ECA-E75C-28F9-43BE-4F23-7F2E-FD0A-83CC