Institut za umjetnu inteligenciju, obrt za razvoj i primjenu umjetne inteligencije, owned by Patricija Topić (hereinafter: “we“, “the Institute“), is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what your rights are.
1. Data controller
Institute for Artificial Intelligence
Ulica grada Vukovara 269D, 10000 Zagreb, Croatia
OIB: 79932246060
Email: info@institutzaui.hr
Telephone: +385 99 4824 007
Data Protection Officer (DPO): not appointed. Appointing a DPO is not mandatory within the meaning of Article 37 GDPR, because the processing of personal data is not our core activity, we do not process special categories of data on a large scale, and we do not carry out systematic monitoring of individuals.
2. What data we collect
a) Contact form
When you send us an enquiry through the contact form, we collect: your name and surname, your email address, and the content of your message. We use this data solely to respond to your enquiry.
b) Cookies and analytics (Google Analytics)
We use Google Analytics 4 (Google LLC, USA) to analyse site traffic. Google Analytics collects: your IP address (anonymised), browser and device type, the pages you visited, the time spent on the site, and the referral source. The Google Analytics script loads only after you click Accepton our cookie banner. The legal basis is your consent (Article 6(1)(a) GDPR), as well as the requirement of Article 5(3) of the ePrivacy Directive 2002/58/EC (transposed into Article 100 of the Electronic Communications Act), which requires the user’s prior consent before analytical cookies may be placed. You may withdraw your consent at any time by clicking Cookie Settings in the site footer. More about how Google processes data: Google Privacy Policy.
c) Cloudflare Turnstile
To protect the contact form from automated (bot) enquiries, we use Cloudflare Turnstile (Cloudflare Inc., USA). Turnstile may collect technical data about your browser in order to verify that you are a real person. More information: Cloudflare Privacy Policy.
d) Technical server data
Each time our site is accessed, the server automatically records: the IP address, the date and time of access, the requested page, and the HTTP status code. This data is used solely to ensure the stability and security of the site.
e) Newsletter (subscription to email notifications)
If you subscribe to our newsletter, we collect: your email address, the time of subscription, the time of confirmation, and the IP address from which the subscription was made (as evidence that consent was given). Subscriber data is stored locally in the Institute’s database via the Newsletter plugin (The Newsletter Plugin, Stefano Lissa).
Subscription uses a double opt-inprocess: after you click Subscribe me, a message with a confirmation link is sent to your email address. Your address is added to the subscriber list only when you click that link. If you do not confirm, nothing is stored long-term.
In newsletter emails we use open-tracking technology (an invisible pixel that indicates the email has been opened) and click tracking on links within the email. We use this data in aggregate form, to understand which content is useful to subscribers. We do not sell it to third parties and do not link it to your identity outside the list.
Legal basis: consent (Article 6(1)(a) GDPR), subject to the requirements of Article 7 GDPR on demonstrating consent. You may withdraw your consent at any time by clicking Unsubscribe at the bottom of every email, or by sending a request to info@institutzaui.hr. Unsubscribing is free of charge and takes effect immediately.
Newsletter emails are sent through the mail server of the Institute’s hosting provider. We do not use a separate third-party SMTP service. Should we change this in the future, we will update this policy before introducing the change.
3. Legal basis for processing
- Consent (Article 6(1)(a) GDPR) – for sending enquiries through the contact form, for subscribing to the newsletter, and for placing analytical cookies (Google Analytics)
- Legitimate interest (Article 6(1)(f) GDPR) – for protecting the contact form from bots (Cloudflare Turnstile) and for ensuring the stability and security of the server
- Legal obligation (Article 6(1)(c) GDPR) – for retaining data under tax and accounting regulations, where applicable
4. How long we retain data
- Contact form enquiries: until the communication is concluded, and for no longer than 12 months from the last message
- Newsletter subscribers: until you withdraw your consent by clicking the unsubscribe link in the email. After unsubscribing, the record remains in the system as “unsubscribed“ for a maximum of 12 months (as evidence of the prior consent), after which it is deleted entirely
- Analytics data: according to the Google Analytics settings (14 months by default)
- Technical server logs: up to 30 days
5. Transfer of data to third parties
We do not sell, rent out, or share your data for marketing purposes. The following service providers may process data on our behalf:
- Nano Informatika d.o.o. (Subhosting, Ključka 3, 10000 Zagreb, Croatia) – Croatian intermediary for the hosting service. The technical infrastructure (web server, MySQL database, backup, mail server) is located with Cyber Wurx LLC (Portland/San Diego, USA) via the hostingsrv.net infrastructure.
- Google LLC (USA) – site traffic analytics (Google Analytics)
- Cloudflare Inc. (USA) – bot protection (Turnstile)
The transfer of data to the USA (Google Analytics, Cloudflare Turnstile, and the hosting infrastructure through Cyber Wurx LLC) is based on the European Commission’s Standard Contractual Clauses (SCC) and/or the EU-U.S. Data Privacy Framework (DPF), where the respective service provider is certified.
With the processors Google LLC and Cloudflare Inc., data processing agreements (Data Processing Agreement) have been concluded in accordance with Article 28 GDPR, through acceptance of their standard terms of use, which include the obligations of the processor.
6. Cookies
Our site uses the following types of cookies:
- Necessary cookies – required for the basic functioning of the site (WordPress session). They do not require consent.
- Analytical cookies – Google Analytics cookies (_ga, _gid) for tracking site traffic. They are placed only after your explicit consent on the cookie banner. You may withdraw your consent at any time by clicking Cookie Settings in the site footer.
- Security cookies – Cloudflare cookies for bot protection.
You can manage cookies through your browser settings. Disabling cookies may affect the functionality of the site.
7. Your rights
In accordance with the General Data Protection Regulation (GDPR), you have the right to:
- Access – request to see the personal data we process
- Rectification – request the correction of inaccurate data
- Erasure – request the deletion of your data (the “right to be forgotten“)
- Restriction of processing – request a restriction on how we use your data
- Portability – request a copy of your data in a machine-readable format
- Objection – object to processing based on legitimate interest
- Withdrawal of consent – at any time, without affecting the lawfulness of processing carried out before the withdrawal
To exercise any of the above rights, please contact us at info@institutzaui.hr. We will respond within 30 days.
8. Right to lodge a complaint
If you believe that your rights have not been respected, you have the right to lodge a complaint with the supervisory authority:
Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136, 10000 Zagreb
azop.hr
9. Automated decision-making and profiling
We do not carry out automated decision-making or profiling within the meaning of Article 22 of the General Data Protection Regulation (GDPR). All decisions relating to your requests, applications, or user accounts are made by a natural person.
10. Changes to the privacy policy
We reserve the right to amend this Privacy Policy. Any amendment will be published on this page with an updated date. We recommend that you check this page from time to time.