HR EN

Privacy policy

PROCESSING OF PERSONAL DATA - BOARDING PASSES CONTROL


International Zagreb Airport Jsc and MZLZ - Airport Operator Ltd (hereinafter jointly: MZLZ) collect and process personal data of passengers with valid boarding passes for purpose of controlling airside access and directing those passengers to further physical security screening (security body check). By scanning of valid boarding passes MZLZ collects from the passengers all data contained in the boarding pass (name and surname, flight number, destination, number of boarding pass) and uses the mentioned data only to direct those passengers with valid boarding pass to physical security screening and as proof for the authorities, the airline of the passenger, and the very passenger, that a specific passenger was directed to security screening at the airport at a specific time. MZLZ shall keep the personal data obtained by such processing for 12 months at longest, from the date of their receipt, or longer, in case of a court procedure where this personal data obtained - are used.

MZLZ shall not use the personal data obtained in this way for any other purposes except this specified herein. The stated processing of personal data is necessary to be conducted because of civil aviation security, and is based on legal obligation of MZLZ succeeding the following regulations:

  • Regulation (EC) No. 300/2008 of the European Parliament and of the Council of 11 March 2008 common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002
  • Commission implementing Regulation (EU) 2015/1998 of 05 November 2015 laying down detailed measures for the implementation of the common basic standards on aviation security
  • Commission Implementing Decision C(2015) 8005 final of 16 November 2015 laying down detailed measures for the implementation of the common basic standards on aviation security containing information
  • National civil aviation security program of the Republic of Croatia, edition 3
  • Airport program of Civil aviation security of MZLZ


For processing of personal data MZLZ uses services of sub-contractor company SECURITAS HRVATSKA d.o.o. which in the name and for behalf of MZLZ scans passenger boarding passes in order to perform access control to airside and directs to further security screening those passengers with valid boarding passes. MZLZ shall publish any changes of sub-contractor or any other changes related to this processing of personal data on its official web pages and on boarding pass control desk.

Visitors of Franjo Tuđman Airport have the following rights of protection of their personal data which MZLZ processes in the following way:

  • Right to access
  • Right to restriction of processing
  • Right to object.

MZLZ is the Data Controller of this personal data processing and for all questions regarding the matter you may contact the Data protection officer via e-mail: DPO@mzlz-zagreb-airport.hr.

MZLZ protects this processing of personal data in way that the access to electronic data bases containing the personal data obtained by this process is enabled only through personally specified user's name and password, and the access to server equipment of the system is under video surveillance and access control.

PROCESSING OF PERSONAL DATA - VIDEO SURVEILLANCE


International Zagreb Airport Jsc, MZLZ - Airport Operator Ltd, MZLZ - Security Ltd and MZLZ - Ground Handling Services Ltd (hereinafter jointly: MZLZ) collect and process personal data of all visitors of the airport area by video surveillance system which records data on looks and movements of persons and things. The scope of collection and further processing of data by using of video monitoring system is limited to:

  • effective protection and security of people, property, operating surfaces, devices, facilities, installations, devices and equipment at Franjo Tuđman Airport,
  • preventing unlawful actions,
  • anti-terrorist, anti-attack and anti-sabotage activities,
  • determining the Company's liability towards third parties and the liability of third parties towards the Company, in cases of performing legal obligations of the Company and in cases when such is necessary in terms of legal interests of the Company and Affiliated companies or third parties to which the content of the video surveillance is made available.


MZLZ shall not use the personal data obtained in this way for any other purpose except in the purpose specified herein. Personal data obtained by this processing are automatically erased after 30 (thirty) days of storage on external disk space, except in case when the capacities of external servers are full in which case the videos will be kept/saved shorter than 30 (thirty) days. Keeping of video recordings after 30 days is possible in case of court proceedings being in progress, where the personal data obtained by this processing may be used.

Stated processing of personal data of passengers is based on legitimate interest of MZLZ and legal obligation of MZLZ which succeeds from the following regulations:

  • ICAO Annex; Doc, 9859 SARP, Global Aviation Safety Plan;
  • Eureopan Aviation Safety Plan;
  • National civil aviation security program of the Republic of Croatia, edition 3
  • Airport program of Civil aviation security of MZLZ
  • National civil aviation security program
  • Law on Air Traffic (OG 69/09, 84/11, 54/13, 127/13, 92/14);
  • Law on privacy protection (OG 68/03, 31/10, 139/10);
  • Ordinance of conditions and manner of technical security (OG 198/03);
  • Law on critical infrastructures (OG 156/13) and other acts generated from that Law;
  • Directive on selection criteria of security measures and manner of marking of military and other facilities of special importance for defence (OG 63/2011),


MZLZ shall publish any changes related to this processing of personal data on its official web pages.

Visitors of Franjo Tuđman Airport have the following rights of protection of their personal data which MZLZ processes in the following way:

Right to restriction of processing

Right to object.

MZLZ is the Data Controller of this personal data processing and for all questions regarding the matter you may contact the Data protection officer via e-mail: DPO@mzlz-zagreb-airport.hr. MZLZ protects this processing of personal data in way that the access to electronic data bases containing the personal data obtained by this process is enabled only through personally specified user's name and password, and the access to server equipment of the system is under video monitoring and access control.

PROCESSING OF PERSONAL DATA - USERS' COMPLAINTS, USERS' INQUIRIES

International Zagreb Airport Jsc, MZLZ - Airport Operator Ltd, MZLZ - Security Ltd and MZLZ - Ground Handling Services Ltd (hereinafter jointly: MZLZ) collect and process personal data of passengers / visitors of Franjo Tuđman Airport via official web page or by written form where passengers have right to make a complaint on certain services provided by MZLZ or through which the passengers / visitors have right to ask a question or give a suggestion to MZLZ. Personal data which MZLZ collects in this way are name and surname, e-mail address and residence address. The personal data are used by MZLZ exclusively for purpose of processing of the complaint and preparation of a reply.

By sending of filled-out form you give to MZLZ your approval to use your personal data for the subject purpose (processing of a complaint and preparation of a reply), including the check needed with third parties necessary for processing of the complaint / reply. Those personal data obtained by such processing of MZLZ will be kept at most 12 months from the date of their receipt, or longer in case of court proceedings where the personal data here obtained will be used, or if solving of complaint takes longer than 12 months.

MZLZ may share these personal data received from passengers/visitors in this purpose with its sub-contractors who provide services of maintenance and operation of web pages of MZLZ, and provide services and/or process personal data in the name and on behalf of MZLZ.

Where such sharing of personal data is made, MZLZ will ensure that such sub-contractors follow the same protection measures for your personal data as well as MZLZ.

Passengers /users of Franjo Tuđman Airport have the following rights to protect their personal data that MZLZ handles in this way:

  • Right of access
  • Right to restriction of processing
  • Right to rectification
  • Right to object.


MZLZ is the Data Controller of this personal data processing and for all questions regarding the matter you may contact the Data protection officer via e-mail: DPO@mzlz-zagreb-airport.hr

MZLZ protects this processing of personal data in way that the access to electronic data bases containing the personal data obtained by this process is enabled only through personally specified user's name and password.