Privacy policy

    • Privacy policy

      Contact details

      Data controller:

      Osnovna škola Krunoslava Kutena, Trg Petra Zrinskog 2, Vrbovec

      Person responsible for data protection:

      Responsible person:
      Phone: +385 1 2791 433
      E-mail: ured@os-kkutena-vrbovec.skole.hr

      This website uses the EduPage system (www.edupage.org). The technical operator of the server of this website is aSc Applied Software Consultants, s.r.o.

      What is GDPR?

      GDPR, or General Data Protection Regulation in English, is a European regulation on personal data protection that applies to all European Union countries and is directly enforceable in each of them. The full name of the regulation is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation). This regulation was created to establish common requirements for European countries regarding the proper and legitimate processing of personal data of individuals, ensuring uniform application across all states. The regulation sets out the general obligations, rights, and requirements of all entities involved in personal data processing throughout the European space. It regulates the free flow of personal data within the European Union while also defining what falls under personal data protection and what is excluded from such protection.

      EduPage processes personal data in accordance with this regulation.

      How EduPage is commited to the GDPR?

      • EduPage stores data in secured datacenters certified by DIN ISO/IEC 27001.
      • EduPage doesn’t use any sub-processors besides the necessary server hosting and infrastructure providers to process any of school’s data.
      • EduPage never shares any of the inputted data with 3rd parties. The only exception are the exports initiated by the school. EduPage allows the schools to export data to certain government, or to other systems (security hardware, accounting systems and similar). This only happens on a direct request of the school – i.e. by pressing special export button and only the prescribed data are exported.
      • EduPage guarantees the right to be forgotten. Upon request all the data inputted by the school will be removed
      • EduPage has procedures in place that will remove the data inputted by the customer after the customer cancels the service.
      • EduPage guarantees data portability. All the data inputted by the school can be exported if the school wants to transfer them to other service.
      • EduPage data are regularly back-up and EduPage uses secured data centers to store data backups.
      • EduPage technicians signed confidentiality agreement that addresses responsibilities and expected behavior with respect to the protection of information.
      • EduPage uses tiered support levels. By default, EduPage technicians do not see the personal data inputted by the schools. This access is only activated when needed for specific support and maintenance incidents.
      • EduPage collects aggregate statistical data. These data are used to improve the quality of service.
      • EduPage implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk to secure the data and to secure the communication between customer and EduPage service
      • EduPage platform is data redundant, all your information is instantly replicated to two physical computers.
      • EduPage uses encryption to protect data in transit. HTTPS is activated by default for all users.
      • We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools. In case of data breach, we will immediately notify the school and conduct the necessary actions to mitigate the possible negative consequences.
      • EduPage has built it user right system, data controller can assign various user rights to different user roles to make sure only the relevant people can see or modify your data.
      • Most important modules have built in history of changes, for every change it can be traced which user and when has made this change.
      • EduPage stores logfiles of the user activity for security purposes. Our technicians will assist you in security incidents analysis i.e when someone steals password of other users. All logfiles are permanently deleted after 12 months.
      • EduPage uses Google analytics service to gather the statistics about EduPage usage. Statistical information about EduPage usage is thus available to Google.
      • EduPage uses Google cloud services(mainly for push notification service)
      • EduPage uses Apple cloud services (mainly for push notification service)
      • When using the single sign-on feature (e.g., “Sign in with Google” or “Sign in with Microsoft”), the EduPage application does not share any personal data with these providers. We only retrieve basic identifier (email address) necessary for login. The single sign-on providers (e.g., Google or Microsoft) may record information such as your IP address, login time, and device type during the authentication process, in accordance with their own privacy policies.
    • Pišite nam

      If you have any questions about data protection of personal data on our school, please send us a message using this contact form.
      loading data from server, please wait