Financial donations towards the State Budget of the Republic of Croatia which are made online are processed via the public contributions collection system using payment cards.

Based on the Decision of the Government of the Republic of Croatia on establishing and running the collection system for public contributions using payment cards (Official Gazette, No. 123/19), as of 11 December 2019 the Financial Agency has established and has been running the Public Contributions Collection System.

Within the Public Contributions Collection System, public contributions are collected on behalf of the budget of the Republic of Croatia in accordance with the regulations, and based on a request from a specific system in which a public service or procedure for which payment needs to be paid has been recorded.

The terms and conditions for providing public services and execution of processes are defined in the regulations of the Republic of Croatia and published in the Official Gazette and/or on websites of relevant authorities.

For placing payments the Public Contributions Collection System uses the services of the third-party Internet Payment Gateway (IPG) system for secure processing of online payment transactions (hereinafter: IPG Service Provider), thus providing full confidentiality and protection of sensitive card data and payers' personal data. The IPG Service Provider complies with all the applicable and necessary card payment security standards and card companies' rules, and all the applicable and relevant regulations and acts of the European Union and the Republic of Croatia.

Secure online communication is ensured by Secure Sockets Layer/Transport Layer Security (SSL/TLS) cryptographic protocols.

In accordance with contractual provisions, the IPG Service Provider agrees to perform the processing of transactions in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Additional security for executing online transactions is provided through 3–D Secure programmes enabling confirmation of a card holder's identity by the card issuer. The handling of payers' personal data is regulated by the contractual provisions according to which the IPG Service Provider complies with the applicable privacy protection regulations, while keeping the payment information as a banking secret.

Personal data processing in the Public Contributions Collection System (first and last name, OIB, address, e-mail address, telephone number, card number) is performed in accordance with the regulations for the purpose of collection of public contributions only, and personal data shall not be forwarded to third parties, except in cases prescribed by the law. Personal data shall be kept in the system 11 years from the expiration of the business year they refer to.