Skip to content

Privacy policy - CovidGO App

Article  1.

The Privacy Policy regulates the use of the CovidGO mobile application ("Application"). For the purposes of the Privacy Policy the User of the Application is any legal or natural person (hereinafter: "User") who uses the Application.

Every user of the Application is obliged to read and understand the rules of the Privacy Policy of the mobile application in order to protect their own rights and interests.

By accessing and using the Application, the Users have read, understood and accepted the rules of Privacy Policy, and that they understand and agree with the Privacy Policy, and with processing data. If you do not fully agree with the Privacy Policy, we advise you to stop using the Application immediately.

The application is under the jurisdiction of the Ministry of Health, Ksaver 200, 10 000 Zagreb, OIB: 88362248492 MB: 2830396 and the Ministry of the Interior, Ulica grada Vukovara 33, 10 000 Zagreb, OIB: 36162371878, MB: 03281418 (hereinafter: the “Company”)

Article  2.

In terms of the Privacy Policy, the following terms mean the following:

"Company" means the Ministry of Health, Ksaver 200, Zagreb, OIB: 88362248492 MB: 2830396 and the Ministry of the Interior, Ulica grada Vukovara 33, Zagreb, OIB: 36162371878, MB: 03281418 ". In accordance with the data protection regulations, the Company is jointly made up of processing managers that are responsible at the national level for data processing within the Application.

"CovidGO application" means the mobile application used to check/verify EU digital COVID certificates via QR code, as well as storing COVID certificates in digital version in the wallet of the CovidGO mobile application. It is mandatory to enter the unique password written on the certificate itself.

Application User” means the person to whom the Company gave permission to use the Application and who accesses the Application in accordance with the Privacy Policy;

"Privacy Policy" means the General Terms and Conditions and the Privacy Policy of the Mobile Application as well as any future amendments thereto, based on REGULATION (EU) 2021/953 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 June 2021 on a framework for issuing, verifying and acceptance of interoperable certificates on vaccination, testing and recovery of COVID-19 disease (EU digital COVID certificate) in order to facilitate free movement during the COVID-19 pandemic and the Decision of the Government of the Republic of Croatia on establishing a national system for issuing EU digital COVID certificate

of 31 May 2021 (NN 60/2021).

Article  3.

Only the Users of the application have the right to access and use the Mobile Application. By downloading the application a person becomes the User. When launching the Application, the User accepts the Privacy Policy, and by continuing to use it, it will be considered that the User of the application has read, understood and accepted the terms of businessof the Privacy Policy.

Installation of the Application does not require registration, nor does it require any personal information, such as first and last name, date of birth, mobile phone number or e-mail address of the User. Installation and use of the Application is entirely voluntary. Users independently decide whether to download the installation to their mobile device, how to use it and when to remove the Application from their mobile device. The application does not at any time collect geolocation data of the Users, nor is the data stored on the mobile device itself without the approval of the User, and is not forwarded for processing purposes to third parties.

By accessing the Application, the Application requires the consent of the user to use the camera on the mobile device in order to scan QR code. Without this consent, the application will not be able to access the camera of the mobile device. Before scanning COVID certificates, it is necessary to download the list of public signature keys in the settings of the Application that are used for cross-border exchange of public signature keys of EU member states through the gateway defining the Commission Implementing Decision (EU).

Saving the COVID certificate in the applications wallet, the application requires the User to enter the password for the mobile application located on the COVID certificate. Without entering a password, the confirmation will not be stored in the Applications wallet. The QR code contains basic information and a digital signature so that the application can verify the validity of the certificate. By storing the COVID certificate, the User agrees to save a certain set of perso Types of personal data

By storing the COVID certificate in the Application wallet, the Application saves the following personal data of the User:

  • first and last name
  • date of birth
  • unique certificate identifier
  • type of certificate (COVID-19 TESTED / VACCINATED / RECOVERED)
  • date of Certificate expiry


Collection of personal data

The Application collects data solely on the basis of the User's request to store the COVID certificate in the Application's wallet.

Personal data processing techniques

No personal data processing techniques consisting of profiling and automated decision making are used, nor are conducted analyses or predictions of personal preferences, behaviors and attitudes of the individual.

The processing carried out has no discriminatory effect on individuals on the basis of racial or ethnic origin, political opinion, religion or belief, trade union membership, genetic or health condition or sexual orientation.


Use of personal data

The application will only use personal data for the purpose for which it was collected (or for use identified to that purpose).

The application uses the personal data of the User only for the purposes listed below.

• To protect the User from unauthorized use or potential hacking attempts.


Where is personal data of the Users stored

The application stores the personal data of the User and implements appropriate security measures accepted by relevant international standards and / or best technical practices in order to protect personal data. The Application does not transfer or share the User's personal data with any third parties or locations.

The application may use encryption to provide the required level of security for the User's personal data. However, it should be borne in mind that the Internet cannot be guaranteed to be 100% secure. The user should only access the services in a secure environment.

How long the data is stored

The application stores personal data for as long as the User uses the application.

What are the rights of the User in terms of data processing?

By storing the COVID certificate, it is considered that the Users have agreed to the processing of personal data.

We comply with the General Regulation on Data Protection and the Act on the Implementation of the General Regulation on Data Protection (OG 42/18) and in accordance with them we enable the User to exercise the following rights:

a)    The right to access personal data

The user can get the answer whether his/her personal data are processed and, if so, access to such data and the following information: information on the purpose of processing, categories of personal data in question, the intended period in which personal data will be stored and the existence of respondents' rights. regarding the processing of personal data.

b)    The right to correct personal data

If the personal data of the User processed are incomplete or inaccurate, the User may request the Company at any time to correct or supplement them by giving an additional statement. It is pointed out that the User is responsible for providing correct data, and in addition the User has the obligation to inform about relevant changes to his personal data.

c)    The right to delete personal data

If the data has been processed illegally or if such processing constitutes a disproportionate encroachment on the protected interests of the User, the User has the right at any time to delete the stored COVID certificate from the wallet of the Application. In this way, all personal data of the User used by the Application will be deleted.

d)    d) The right to object

The user has the right to object to the processing of his personal data if such processing is not necessary for the performance of tasks of public interest or tasks of public bodies or if during the processing, he refers to the obtained consent or legitimate interests.

e)    The right of complaint to the competent authority

If the User considers that the processing of his personal data was not conducted in accordance with legal obligations and that his right to protection of personal data was violated, the User may file a complaint to the Agency for Personal Data Protection, at Selska cesta 136, Zagreb, or e-mail [email protected].

f)     The right to be notified about the breaches of personal data protection rights

In the event that, despite all the measures taken, the User's personal data get violated, the User will be notified of any such violation without undue delay by sending a written notice.

The notice shall describe the nature of the personal data breach, the name of the person from whom additional information on the breach may be obtained, a description of the likely consequences of the personal data breach and a description of the measures taken to address the personal data breach, including mitigation measures. The a.m. notice shall be drawn up using clear and simple language.

Manner of exercising rights

If the User wishes to exercise any of his aforementioned rights, he may exercise them using the contact details provided in Article 8.

Before providing any information, the necessary measures will be taken to confirm the identity of the User, and in case of doubt, additional information may be requested from the User.

The User's request will be answered within one month of receiving it, and the deadline, depending on the complexity of the request, may be extended by an additional two months.

In the case of a request for more complex processing of a larger amount of data, the right to charge a reasonable fee based on the administrative costs incurred in providing such information is reserved.

The server infrastructure components communicate with the Application through encrypted and secure channels. Data on the server infrastructure is stored in a database that is implemented as a separate logical unit with the application of security policies of the highest standard. However, please note that you should only access the Application in a secure environment.

Article  4.

Downloaded certificates are kept in the Application until the User decides to remove them.

The user can remove the collected public signature keys at any time through the settings of the mobile device operating system. In this way, the data from the downloaded certificates are also removed. The Company has no possibility to delete public signature keys from the user's mobile device, as well as from mobile devices of other users with whom the user has exchanged public signed keys.

The Mobile Application Company will not charge any fee to the users of the application.

Article  5.

Internet resources (multimedia content, data, design, written texts, drawings, sketches ...) published on the Application are copyrighted works and subject to copyright protection. Reproduction (in one or more copies, in whole or in part, directly or indirectly, temporarily or permanently, by any means and in any form), distribution (sale, rental, assignment ...) is strictly prohibited without the Company's approval as well as communication or processing of Internet resources published on the Mobile Application. The application is available on the platforms "Google Play Store" for Android devices and "App Store" for Apple devices.

Article  6.

The Company is not responsible to the User of the Application for the non-functionality of the Application and does not guarantee that the Internet resources on the Application are always accurate, precise and reliable because the User of the Application uses the Application at its own risk as agreed when installing the Application and by accepting the Privacy Policy.

Article  7.

By using the Application, the User declares and guarantees and agrees:

1. to follow by these Privacy Policy and Terms of Business;

2. not to use the Application for any illegal or unauthorized purposes;

3. that the use the Application will not violate any applicable law or regulation;

The app may not be used for any endeavors other than those expressly approved.

As an Application User, you agree that you will not:

1. perform any unauthorized use of the Application;

2. participate in unauthorized connection to the Application;

3. Decrypt, decompile, disassemble or process any software that in any way forms part of the Application;

4. Use the Application in a manner that does not comply with any applicable laws or other regulations

Article  8.

Društvo Korisnicima aplikacije, u cilju tehničke podrške: prijave rada Aplikacije, prigovore i prijedloge, stavlja na raspolaganje korisničku službu koja će biti dostupna putem e-pošte [email protected] .

The Company set up a call center for the users of the application, for the purpose of technical support that will be available via e-mail [email protected].

These privacy policies comes into force on July 19, 2021

Cookie policy

To make this website run properly and to improve your experience, we use cookies. For more detailed information, please check our Cookies Policy.

Choice of cookies on this website

Allow or deny the website to use functional and/or advertising cookies described below:

Settings Accept necessary I accept