DENTAL IN PULS, a limited liability company for the operationofthedental techlaboratoryin Rijeka, Mihanovićeva 35, PIN - OIB 96469660606, represented by the memerbs of the board Sandi Trkulja and Mauro Ahmić is the processing manager of personal data in the sense of the General Data Protection Regulation (GDPR).
These privacy regulations (PrivacyPolicy) arean integral part of the Personal Data Protection Policy of this Company.
In order to process the personal data properly and with the appropriate level of data protection, we have adopted the following data processing principles:
- Personal data are processed legally, fairly and transparently.
- Personal data is collected only for special, explicit and legitimate purposes and may not be processed in a manner that is inconsistent with these purposes.
- Personal data must be appropriate, relevant and limited to what is necessary in relation to the purposes for which they are being processed.
- Personal data must be accurate and, if necessary, up-to-date, and inaccurate or incomplete personal data must be corrected or deleted and their further processing suspended.
- Personal data should not be kept in a form that allows identification of the respondentlongerthannecessary for thepurposes for which the personal data are collected or processed further.
- Personal data must be processed in a manner that ensures an adequate level of personal data security.
- We are obliged to notify you about the collection and processing of your personal data unless there is a justified reason not to do so.
INFORMATIONS ABOUT PERSONAL DATA PROCESSING
Dental InPuls d.o.o. collect, process, and use personal data whenever this is necessary to perform the service in order to take action on your request before the service is performed and when processing is necessary to comply with legal obligations.
In addition to the above mentioned collection and processing purposes, we may process data for our legitimate interests when such processing would be of significant interest to you and for the sake of solving court disputes. You will be notified about such processing in advance and you will be able to point out the objection to processing and then processing will not apply to you.
There may also occur a need to use consents for one or more specific purposes. In that case, when you give us the consent of using your particular personal data, this information will be processed solely for the purpose for which you have given us your consent. You have the right to withdraw the consent at any time and then no further processing of that data will be made.
Please note that retreatment of the consent does not affect the legitimacy of the consent-based processing prior to its withdrawal. In the event that your personal data is intended to be processed for purposes other than those described herein or outside the purpose for which you have given the consent, prior to such processing we will provide you with information about that other purpose and otherrelevant processing informations.
This Company regularly keeps record of the activity of processing personal data in paper and electronic form with the relevant Evidence of consents.
In the case of providing a service after the execution of which we no longer have a legitimate basis for further processing of your personal data and services of the kind that you may need a subsequent correction,modification or supplement, and the stored data will make it much easier to realize the other potentially possible service in connection with the provided service , then your personal data may be stored for a period of two years.
TYPES OF PERSONAL DATA
Certain personal data should be provided for processing, so we can provide you the services you are looking for, such as your contact information or dental imprint (biometric data) and to comply with legal obligations while other personal data may be provided voluntarily when it is not necessary for us performing the service or respecting legal obligations. In case the data is not necessary then we will collect them by your consent.
Biometric data (dental imprint) is collected when necessary to provide our services for the purpose of realizing your special rights in the area of health and social protection rights, to the extent and insofar as it is approved by the law.In accordance with the rules of the profession we treat all biometric data and all the health data of our service users as a professional secret. The professional secret is considered to be all the data that we know through the performance of our services aboutservice users, about his / her personal, family and social circumstances, as well as other data related to dental practice.
When collecting data, it is necessary that you are informed about what information is required for the realization of the service and which are not the consequences of not providing the data.
The personal informations we collectandprocessareusuallydividedinto the following categories:
- Contact information, such as name, address, phone number, email address;
- Data you provide when contacting us via online contact forms, email, or phone;
- "biometric data" such as a dental print when it is necessary to provide the service;
- "health-related information" when necessary to provide the service;
DATA WHICH YOU PROVIDE WHEN CONTACTING US VIA FORM ON OUR WEBSITE OR E-MAIL
When you send usaninquiryviaform on our website or send us an e-mail with personal data, we use this data only for the purpose of meeting your requirements.
In the event that we are unable to act on your request or for any other reason, no further cooperation is required and you do not request that we store your data in the event of future potential co-operation, the data will be deleted within 30 daysfromyourlastcontact.
DATA COLLECTED THROUGH SOCIAL NETWORKS
The websites and profiles we manage on socialnetworks (Facebook, Instagram, etc.) are always under accurate and full name of this society.
Personal data about your contacts which we collect by using them will only be used when responding to a query or comment and for no other purpose the data isprocessedorstored.
CATEGORIES OF PERSONAL DATARECIPIENTS
We commit ourselves to the confidentiality and preservation of your personal information and we will not disclose or make it available to third parties without your special consent, except:
- to serviceprovidersthat we engage as processexecutorsrelated to the performance of the service (contract) in which you are a party (eg, contractualpartners for laboratory diagnostics, accounting, IT services, etc.)
- to competent authorities for the purpose of carrying out their duties (for example, a dental practitioner with whom we have concluded a business cooperation agreement, a ministry of health, state administration authorities in accordance with special regulations, the Chamberorthejudiciaryauthority).
- when this information is required by the ministry, the court or the relevant state prosecution office or other authorities in equally valuable legal proceedings
- when the legal standard isbindingus on providingof data.
When we pass personal information, we only do this to third parties who provide reasonable assurance and have taken appropriate technical and organizational measures to ensure the protection of your rights.
PERIOD OF DATA STORAGE
Your personal data will be stored:
- during the provision of services and as long as they are necessary for the purposes for which they were collected;
- until the revocation of consent, if the data are processed on the basis of the consent;
- until the invocation of complaint on the basis of a legitimate interest if it is based on the same ground;
- while this is necessary to meet legal obligations (for example, certain accounting records are required to be kept for 11 years in accordance with the Accounting Act)
For the purpose of protecting your personal data, we have provided the appropriate technical and organizational measures that ensure a level of safety appropriate to the risks involved in data processing and the nature of personal data being protected, bearing in mind the characteristics and costs of their introduction.
After risk assessment, we have taken all appropriate measures to protect personal information from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, especially in cases where processing involves the transfer of personal data over the network and of any other illegal forms of processing.
YOUR RIGHTS BASED ON THE GENERAL REGULATION ON PERSONAL DATA PROTECTION
The right to access
At any time you can ask us to confirm that your personal data is being processed and, if processed, you have the right to request access to that information and processing information.
The right to correction
You have the right to request from us to make corrections to inaccurate and incomplete personal data without delay.
Theright to deletion
You have the right to request a deletion of your personal data. In the case of the justification of the request and if we do not undertake statutory regulation to store the data, the data will be deleted without unnecessary delay. If there are reasons that prevent or limit us to comply with the requirements, we will notify you as soon as possible in response to the request.
The right to limit processing
You have the right to request a restriction on the processing of your personal data if you dispute the accuracy of this data (for a period of time that allows us to verify the accuracy of your personal data), if processing is illegal and you are opposed to the deletion of your data, if you have filed a complaint about processing your data, and if data is no longer needed and can be extracted, but it is necessary for you to set up, enforce, or defend your legal requirements and therefore want to keep it stored.
The right to withdraw the consent
In case we process your data based on your consent, you can withdraw the same consent at any time without affecting the legitimacy of the processing based on the consent.
Yourrights are exercised free ofcharge, and only exceptionally withcharge of administrative expense.
We will notify you of the administrative expense if the prerequisites for your billing are met prior to your billing.
The right to complaint and objection
If you have complaints and objections about processing your personal data, you can at any time submit a complaint and, based on yourparticularsituation,submittheobjectionon the processing of personal data we are conducting.
We will review and evaluate your complaint and we can contact you for additionalinformationsifnedeed.
We try to handle all complaints orobjectionswithinonemonth. If we fail to make a decision within a month, we will notify you of the reasons for the delay and the deadline for making the decision (not longer than 2 months after the receipt).
Notification of changes
We conduct regular audits of the processing procedureof personal data so that employees and other entities comply with the company's binding policies and accordingly process personal data.
INFORMATIONS ABOUT THE EXERCISING OF YOUR RIGHTS
In accordance with the organizational measures undertaken to meet the obligations arising from the General Data Protection and other regulatory provisions, this company has appointed an appropriately educated and trained personal data protection officer.
On your requests for exercising the right to access to data, objections, and answers to other inquiriesandrequiredinformations, the Data Protection Officer will deliver to you in electronic form (e-mail) unless you have specified your e-mail address in your request or explicitly request mail delivery.
When submitting a request, please provide us withthenecessaryinformationsweneed to process your request and your identification.
Each request will be answered as soon as possible and no later than within one month.
Personal Data Protection Officer: Nikolina Šušak
If you feel that your rights have been violated, you may submit a complaint with the Personal Data Protection Agency, Martićeva ulica 14, Zagreb.
- January 25th, 2019 - conducting an internal audit and identifying the required elements for the purpose of regulating the rules for dealing with personal data;