The Personal Data Protection Policy (Privacy Policy) provides detailed information on which personal data of users are collected, how they are processed, for what purposes and how they are protected. The policy applies to all contents of the website, which include the processing of personal data (eg sending inquiries via online forms, data of our students and former students, partners, etc.). It primarily applies to natural persons. However, it also applies to legal entities, in accordance with applicable regulations.

1. What type of data processing does this Policy refer to

This Policy applies to the processing of personal data:

• our contract associates

• users who visit our website

2. What types of personal data we collect and in what way

We collect and process your personal information when you interact with us (for example, the information you enter by filling out a form on our website) or when you contact us by email.

Data covered by the system of Personal Data Protection Policy (Privacy Policy):

• name and surname

• date of birth

• address

• e-mail address

• telephone and / or fax number

• other information you provide to us that you wish to remain confidential

If we have received your personal data from a third party, we will provide you with all relevant information about their processing as soon as possible, and no later than one month after we have received your personal data, including information about the categories of personal data being processed. processing and its legal basis.

Every time you visit our website, if you allow us to use cookies, using the Google Analytics system (third-party cookies), we collect technical data such as type and version of browser, device, time zone, etc. Expert Business School does not collect personal data, such as your IP address, we already receive aggregated information about the use of our website (which pages are the most read, the duration of visits to certain pages, the average time spent on each page, etc.). We delete this data after 26 months. You can find out more in the Cookie Use Policy.

3. For what purpose we collect personal data

We keep your personal data in a form that allows the identification of respondents no longer than necessary, but no longer than 5 years. We primarily collect personal data for:

• The most efficient response to your inquiry

• ensuring the provision of the requested service

• promotion of our services

• our internal statistical data processing

• the possibility of sending publications, brochures and other promotional materials

We process your personal data for the purpose of establishing a contractual relationship with you; when it is necessary for us to fulfill our legal obligations (for example, in accordance with the legal regulations governing the areas of employment, bookkeeping, auditing); when necessary for our legitimate interests (or the legitimate interests of a third party) and for your own interests (for example, to detect and prevent fraud or security of network and information technology) except where your fundamental rights take precedence over those interests.

In cases where we ask you for personal information in order to fulfill our legal or contractual obligations, you are obliged to provide us with that information. This means that in the event that we do not receive the requested personal information, we may not be able to enforce our contractual relationship or meet our obligations. In all other cases, you decide for yourself whether to give us your personal information and you are not obliged to give it to us.

In the case of legal entities, for the purpose of providing services or payments in accordance with the relevant contracts, we may process your personal data such as identity data including company or OIB identification number, business contact information, bank account information and tax number.

4. How and to whom we disclose your personal information

We will never sell your personal information to third parties.

Only a limited number of employees and external collaborators have access to your personal information as needed. All of them are obliged to adhere to the obligation of confidentiality. In order to protect personal data, appropriate technical and organizational measures have been adopted and are being implemented. Employees are allowed to use personal data only to the extent necessary to carry out their work tasks.

We provide access to personal data to state authorities and / or law enforcement agencies in cases when it is determined by law or to protect our rights, including our terms of use and to protect our legitimate interests (including the legal rights of others) in accordance with legal regulations. are in force.

We may also disclose your personal information to third parties, including service providers that provide administrative, professional and technical support related to information technology, security and business resources; business partners, suppliers and subcontractors to establish our contractual relationship with you.

5. Where your personal information is stored

Your personal data that we collect is stored in the European Union (EU) and the European Economic Area (EEA). However, data collected by third parties via Cookies (e.g. Google Analytics) can generally be said to travel from the data collection center closest to the location where the internet traffic originated. This means that data, including ad-related traffic, may be received on servers located in the EEA and directed to servers not located in the EEA. You will find more information about this in the Cookie Use Policy.

In addition, your personal data may be transferred and stored outside the European Union and the European Economic Area. Partners in the NORMENG project will be taken out of Croatia for the purpose of further processing only if the country or international organization to which personal data are transferred has an appropriately regulated protection of personal data, ie an adequate level of protection is ensured.

Before taking personal data out of Croatia, in case there is reason to suspect the existence of appropriate personal data protection, ie they are not on the list of the European Commission or are not otherwise contractually defined, we will obtain the opinion of the superior regulator based on the contract. A list of countries with adequate protection is available on the AZOP website.

We store your information on our servers and on servers managed by a third party (including third party cloud services). In doing so, we apply appropriate technical and organizational measures to protect your personal information and prevent unauthorized access. Data transmission over the Internet is not completely secure. While we do everything in our power to protect your information, we cannot guarantee the security of the information you transmit using our website; you make any such transfer at your own risk. Once we receive your information, we use strictly controlled procedures and security measures to prevent unauthorized access.

6. Your rights and their protection

You have the right to ask us to confirm whether or not we have processed your personal data, as well as a copy of your personal data and / or the opportunity to correct them. In some circumstances, you have the right to request that we delete your personal information or, with respect to the right to transfer data, that we transfer part of your personal information to you or others. You also have the right to object to a certain type of processing of your personal data. You have the right to deny us consent without any negative consequences for you.

No later than within 15 days from the submission of the request, we will, at the personal request of each respondent, ie his legal representatives or proxies:

• provide confirmation of whether personal data relating to him are processed or not,

• give information in an understandable form about the data related to him, and whose processing is in progress, as well as about the source of this data,

• provide insight into the records of the personal data collection and insight into the personal data contained in the personal data collection related to it and their transcription,

• submit excerpts, certificates or printouts of personal data contained in the collection of personal data relating to him, which must contain an indication of the purpose and legal basis for the collection, processing and use of such data,

• submit a printout of data on who and for what purposes and on what legal basis received the use of personal data relating to him and

• give notice of the logic of any automatic data processing relating to it

If you wish to exercise these rights, please contact us at the contacts listed below. We hope to be able to successfully respond to any questions you may have about how we process your personal information. It is also your right to contact the appropriate data protection authority. You can lodge a complaint in the Member State in which you live or work or in the Member State in which you allege a breach of data protection law.

7. How long we retain your personal information

We intend to keep your personal information only as long as necessary. For example, if you are our student, we will retain your personal information for the duration of our contractual relationship with you. We delete all personal data collected with your consent after 5 years, except for those data that we must retain until the end of the legally specified minimum period. If you want to know more about how much we keep personal data, please contact us at . Please note that we may use your personal information that we have anonymized without further notice.

8. How we protect the privacy of children

We do not knowingly collect personal information from persons under the age of 18. If we find that personal information has been provided by a person under the age of 18, we will delete it immediately.

9. Links to other websites and social networks

Our website may offer links to websites that are not under our control. We recommend that you familiarize yourself with the privacy settings of that website when you visit the page to which the link took you. We are not responsible for the policies and practices of other societies. We have no oversight and are not responsible for the content, privacy policy and privacy warnings of any sites or services provided by third parties.

10. Contact

In case of any questions, please contact us at

Complaints regarding the processing of your personal data by the Company may also be addressed to the competent data protection authority in Croatia (AZOP).

In case of unauthorized outflow of personal data, ie personal data breach either by accidental or intentional actions within the business or by natural or legal persons involved in the NORMENG project, which has a significant impact on the user’s personal data, it will notify the competent regulator in accordance with law. prescribed period, as well as users.