Latest technology for top results
In Split, 23.5.2018.
DATA PROTECTION POLICY
Personal data – Data related to an individual whose identity has been identified or can be identified (“the Respondent”)
The Respondent – is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, identification number, location data, network identifier or with the help of one or more factors that are inherent in physical, physiological, genetic, mental, economic, cultural or the social identity of that individual.
Personal Data Processing – An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.
Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller;
Information system – the comprehensiveness of technological infrastructure, organizations, people and processes for collecting, processing, generating, storing, transferring, displaying and distributing information as well as their disposal. The information system can also be defined as the interaction of information technology, data and processes for data processing, and people who collect and use the data.
Supervisory Authority: An independent public authority which is established by the Republic of Croatia for the purpose of controlling and ensuring the implementation of the Regulation.
Confidentiality – is the property, that information (data) is not made available or disclosed to unauthorized individuals, entities.
Consent – all situations where individuals are presented with a proposal to agree or disagree to a particular use or disclosure of their personal information and they respond actively to the question
Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Personal data breach- breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
Profiling– any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Third Party – a physical or legal person, public authority body, agency or other non-respondent body, processing manager, processor or person authorized to process personal data under the direct responsibility of the data controller or data processor.
Distributive Channels – is the network of means and organizations involved in getting an access, contracting, use of products and services from DENTAL CENTAR RADOVIĆ d.o.o. and sending commercial information and offers related to the products and services of DENTAL CENTAR RADOVIĆ d.o.o., including contract partners and executives, web site of DENTAL CENTAR RADOVIĆ d.o.o .: .: https://dentech.hr , https://miglioridentisti-croazia.it/ , http://www.dentechsmiles.co.uk/home/.
Information about the available distribution channels DENTAL CENTAR RADOVIĆ d.o.o. is available to the client at any time by e-mail at firstname.lastname@example.org .
Binding Corporate Rules – the personal data protection policy for Data Controller and Processor, adopted in the territory of a Member State, for transmissions or sets of personal data transfer to the processing manager or processing operator in one or more third countries within the DENTAL CENTER RADOVIĆ d.o.o.
II. BASIC PRINCIPLES
For the purposes of this policy, DENTAL CENTER RADOVIĆ d.o.o., all sites and websites. Data protection takes a significant place in DENTAL CENTAR RADOVIĆ d.o.o. (hereinafter referred to as: DENTECH d.o.o.) who collects and processes personal data of clients, employees, business partners or other persons with whom they are in business cooperation (hereinafter referred to as “respondents”) in their daily business.
The Personal Data Protection Policy (hereinafter: Policy) is a fundamental act that describes the purpose and objectives of collecting, processing and managing personal data within DENTAL CENTER RADOVIĆ d.o.o. , which is based on leading world practices in the field of personal data protection. The policy provides an adequate level of data protection in accordance with the General Data Protection Regulation1 (hereinafter: the Regulation) and other applicable privacy laws.
III. PURPOSE LIMITATION PRINCIPLE
The policy of personal data protection is for purposes of the establishment of a personal data protection framework in accordance with the General Data Protection Regulation. The policy establishes rules relating to the protection of individuals with regard to the collection and processing of personal data and the rules associated with the free movement of personal data.
The aim of the Policy is to establish adequate processes for the protection and management of personal data of the respondents, ie clients, employees, business partners of DENTAL CENTAR RADOVIĆ d.o.o. and other people whose personal data are processed.
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes
IV.DATA PROCESSING PRINCIPLES
The principles of data processing are the basic rules of DENTAL CENTAR RADOVIĆ d.o.o. when processing the personal data of the respondent, and data processing carried out in accordance with the principles mentioned below shall be considered as legitimate.
DENTAL CENTAR RADOVIĆ d.o.o. is processing the personal data in accordance with the following principles:
- Lawful and fair – considering the respondents and their rights, DENTAL CENTAR RADOVIĆ d.o.o. will process personal data of respondents in accordance with the applicable laws and cover all their rights.
- Transparency – DENTAL CENTAR RADOVIĆ d.o.o. will ensure the transparency of the data processing and will provide the respondents with all necessary information and on their request will provide the insight into their data, the reasons for the processing, the basis and the legality of the processing.
- Purpose limitation – personal data must be collected for special, explicit and legitimate purposes and may not be processed in a manner that is inconsistent with these purposes.
- Storage limitation – DENTAL CENTAR RADOVIĆ d.o.o. ensures that the personal data of the respondents are kept in a form that enables the identification of the respondent for no longer as is necessary for the purposes for which personal data are processed.
- Data minimisation – DENTAL CENTAR RADOVIC d.o.o. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy – DENTAL CENTAR RADOVIĆ d.o.o. ensures that personal data shall be accurate and, where necessary, kept up to date. Taking into account the purposes for which the personal data are being processed, every reasonable measure must be taken to ensure that incorrect personal data, shall be deleted, without delay, or by an expiration date.
- Ensures security, control and supervision of data and data processing (Integrity and confidentiality) – DENTAL CENTER RADOVIĆ d.o.o. collects and processes the data in a manner that ensures the proper security of personal data, including the protection of unauthorized or unlawful processing, and of accidental loss, destruction or damage by application of appropriate technical or organization measures.
In accordance with the stated principles, the data of the respondents will be accessed by DENTAL CENTAR RADOVIĆ d.o.o. depending on their authority and workplace, to successfully fulfill the jobs defined for their workplace.
V. LEGALITY OF THE PROCESSIONG
DENTAL CENTAR RADOVIĆ d.o.o. considers the personal data of the respondents as the respondent property and threats them accordingly. Personal data of respondents are processed when one of the following conditions are fulfilled:
- processing is necessary in order to respect DENTAL CENTAR RADOVIĆ d.o.o. legal obligations (valid legal regulations) – at any time when the law authorizes or commits to a particular processing, DENTAL CENTAR RADOVIĆ d.o.o. will based of this law, process personal data of the respondent.
- Processing is required for the needs of legitimate interests of DENTAL CENTAR RADOVIĆ d.o.o. or third parties – unless the interests of the respondent are of a greater interest or the fundamental rights and freedoms of the respondents who require the protection of personal data, especially if the child is a child.
- The respondent has given the consent for processing his/ her personal data for one or more special purposes – the consent must be demonstrable and voluntary, written in an easy-to-understand language and the respondent has the right at any time to withdraw his / her consent (withdrawal must be as simple as granting). DENTAL CENTAR RADOVIĆ d.o.o. will request the consent of the respondent for data processing and contact for direct marketing purposes via contact information provided by the respondent.
- processing is necessary in order to protect the key interests of the respondent or other natural person;
- processing is necessary for providing tasks of public interest or in the exercise of the official authority of the processing controller;
VI.THE RIGHTS OF THE RESPONDENT
DENTAL CENTAR RADOVIĆ d.o.o. considers that the personal data of the respondent are his property and although these data are necessary for us to provide services, the respondents at any time retain certain rights in relation to processing their data and DENTAL CENTAR RADOVIĆ d.o.o. collects and processes the data only with the above-mentioned processing legitimacy.
DENTAL CENTAR RADOVIĆ d.o.o. will provide the following information when collecting information from the respondent:
- identity and contact details of the data processor,
• contact data of data protection officers,
• processing purposes for which personal data are used as well
• legal basis for processing,
• Legitimate interests, recipients or categories of recipients of personal data,
• intent to transfer personal data to third countries (if any),
• the period of data storage or criteria that define that period,
• the potentially existence of automated decision-making, including the creation of a profile (meaningful information about the logic of processing, potential consequences and the importance of processing itself for the respondents) and the existence of the aforementioned rights.
In case the data is not collected directly from the respondent, the source of the personal data is mentioned with the mentioned data.
Right to withdraw (“Right to Forget”) – The Respondent has the right to obtain the erase of personal data relating to him/her, and DENTAL CENTAR RADOVIĆ d.o.o. has the obligation to delete personal data without undue delay if one of the following conditions is met:
a. personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
b. the respondent withdraws the consent on which the processing is based and there is no other legal basis for processing
c. the respondent complains about the data processing and the legitimate reasons for the realization of the erase have a greater weight than the legitimate interest of DENTAL CENTAR RADOVIĆ d.o.o. for the processing and / or storage of personal data
d. personal data have been processed unlawfully
e. personal data must be deleted in order to comply with the legal obligation.
Right to access the data– the respondent has the right to obtain the verification from DENTAL CENTAR RADOVIĆ d.o.o. if his personal data are being processed and, if such personal data are processed, he/she has the rights to access the personal data and processing purposes, data categories, potential recipients to whom the personal data will be disclosed, etc.
Right to rectification – without unnecessary delay, the respondent has the right to obtain from DENTAL CENTAR RADOVIĆ d.o.o. correction of inaccurate personal data related to. Considering the purpose of processing, the respondent may also be able to have incomplete personal data completed, and provide a supplementary statement to the incomplete data.
Right to data portability – The respondent has the right to obtain their personal data from DENTAL CENTAR RADOVIĆ d.o.o. in a structured, commonly used and machine-readable format and have the right to transfer their personal data to another controller of data processiing. It should be taken into account that the transfer right relates solely to the personal data of the respondent.
Right to object – the respondent has the right to to object to the processing of their personal data in certain circumstances. If this is case, DENTAL CENTAR RADOVIĆ d.o.o. is no longer allowed to process the personal data, unlesss there are compealing reasons that go beyond the interests, rights and freedoms of the respondent or for the purpose of establishing, achieving or defending the legal requirements. Furthermore, if personal data is processed for direct marketing purposes, the respondent has the right at any time to file an objection to the processing of personal data relating to it for the purposes of such marketing, including creating the profile associated with such direct marketing.
Right to restrict processing – the respondent has the right to restrict the processing of their personal data to DENTAL CENTAR RADOVIĆ do.o.o when they contests the accuracy of their personal data, the data has been unlawfully processed and opposes erasure and requests restriction instead, the respondent has objected to data processing and considering whether the legitimate grounds override those of the respondent.
The Respondent has the right at any time to request the realization of any of the above rights.
On respondent request, DENTAL CENTAR RADOVIĆ d.o.o. provides information on actions taken under the aforementioned rights, within 3 months of receiving the request (depending on the amount and complexity of the application) – all requests will be addressed within 1 month and will be extended for a maximum of 2 months when necessary. If DENTAL CENTAR RADOVIĆ d.o.o. doesn`t act on the request of the respondent, without delay and no later than one month from the receipt of the request, we will inform the respondent about the reasons of no act.
VII. DENTAL CENTER RADOVIĆ d.o.o. OBLIGATIONS
DENTAL CENTAR RADOVIĆ d.o.o. continuously carries out appropriate technical and organizational protection measures taking into account the nature, scope, context and purpose of processing as well as the risks of different levels of probability and seriousness for the rights and freedoms of the respondent. These measures include the implementation of appropriate data protection policies:
– Personal data of the respondents are kept in accordance with internal safety standards
– Unauthorized collection, processing or use of personal data is not permitted
– Employees are strictly forbidden to use personal data of respondents for any purpose other than those specified in Chapter IV. The regularity of processing.
– Personal data is protected against unauthorized access, use, modification and loss.
– Compliance with this Policy and other policies and procedures related to data protection is also regularly monitored and verified by the Data Protection Officer
VIII. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
DENTAL CENTAR RADOVIĆ d.o.o. doesn`t process data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership or the sexual orientation of an individual. The processing of the above particular categories of personal data will be carried out exceptionally under the following conditions:
– the respondent has given explicit permission to process these personal data for one or more specific purposes
– Processing refers to personal information that is apparently disclosed by the respondent
– processing is necessary for the establishment, realization or defense of legal requirements
DENTAL CENTAR RADOVIĆ d.o.o. specifically protects the personal information of children, as children may be less aware of the risks, consequences and protective measures and their rights in relation to the processing of personal data. Children are considered to be under the age of sixteen.
- TRANSFER OF PERSONAL DATA
At the request of the respondent, the transfer of personal data is possible also to the partners of DENTAL CENTAR RADOVIĆ d.o.o. who are entrusted with performing certain services. When outsourcing data to external partners, the principle of processing limitation is strictly respected with the transfer of the minimum amount of data needed to realize the requested service.
- USE OF PERSONAL DATA IN BUSINESS WITH BUSINESS USERS
Business users within DENTAL CENTAR RADOVIĆ d.o.o. may be any legal person, body of state authority, local or regional self-government unit and their body, association and society (sport, cultural, charitable, etc.) as well as any natural person (not consumer) operating within the scope of their registered economic activity or free occupation.
DENTAL CENTAR RADOVIĆ d.o.o. collects and processes data on business users, transactions, use of products and services and personal data of non-consumer, persons operating within the area of their registered economic activity or freelance profession and personal data of natural persons (consumers) associated with business users.
- DATA PROTECTION OFFICER (DPO)
DENTAL CENTAR RADOVIĆ d.o.o. named a Data Protection Officer who is independent and as such acts in the interest of the protection of the rights of subjects and their personal data. His responsibility is to apply the Personal Data Protection Policy and other policies and procedures that define the rules of procedure when collecting and processing personal data of respondents. He is adequately and on-time involved in all matters relating to the protection of personal data.
The Data Protection Officer performs at least the following tasks:
– to inform and advise DENTAL CENTAR RADOVIC d.o.o. and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
– to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
– to provide advice where requested as regards the data protection impact assessment and monitor its performance
-to cooperate with the supervisory authority;
-to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation, and to consult, where appropriate, with regard to any other matter.
Respondents may contact the Personal Data Protection Officer via an email address
XII. EFFICIENCY ASSESSMENT
The Personal Data Protection Officer is responsible for ensuring the implementation of the “assessment of the effect on data protection”, ie to support it when making estimates. DENTAL CENTAR RADOVIĆ d.o.o.
DENTAL CENTAR RADOVIĆ d.o.o. conducts an assessment of the effect on data protection in the case of:
– systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
– processing on a large scale of special categories of data
– systematic monitoring of a publicly accessible area on a large scale.
– in cases of processing prescribed by the supervisory body (Personal Data Protection Agency)
Data protection impact assessment contains the following:
– a systematic description of the envisaged processing operations and the purposes of the processing
– an assessment of the necessity and proportionality of the processing operations in relation to the purposes;
– an assessment of the risks to the rights and freedoms of data subjects
– the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.
XIII. REGISTRATION OF PERSONAL DATA PROCESSING
DENTAL CENTAR RADOVIĆ d.o.o. keeps records of the processing activities for which is responsible, or in cases where is in the role of a processing manager or a joint processing manager. This record is in electronic form and contains at least the following information:
– the name and contact information of the data controller and Data Protection Officer
– the purposes of the processing;
– a description of the categories of data subjects and of the data relating to them;
– categories of recipients which personal data are disclosed or will be disclosed, including recipients in third countries or international organizations;
– Transfer of personal data to a third country or an international organization, including the name of a third country or the name of an international organization
– If possible, the deadlines for deleting different categories of data
– A general description of technical and organizational security measures
– The Personal Data Protection Officer is responsible for maintaining the processing registry.
XIV. DATA DISCLOSURE AND RIGHT TO OBJECT
DENTAL CENTAR RADOVIĆ d.o.o. takes significant procedural and technological measures to protect the personal data of the respondent. DENTAL CENTAR RADOVIĆ d.o.o. is obligated to to report certain types of personal data breach, within 72 hours of becoming aware of the breach, to the Personal Data Protection Agency.
- FINAL PROVISIONS
This Policy will start to apply on the date of its adoption and is amended from 25 May 2018.