GDPR
Introduction
Glumičić Medical Group, headquartered at Prilaz Gjure Deželića 56, 10 000 Zagreb, OIB 63317468078 (hereinafter referred to as: Glumičić Medical Group), must collect and use certain data about individuals in its operations.
The purpose of this policy is to ensure that Glumičić Medical Group fully complies with legal, organizational, and technical obligations regarding the protection of personal data.
All employees of Glumičić Medical Group are fully acquainted with the contents of this policy and ensure its implementation when handling personal data or processing personal data. Employees whose tasks include handling personal data are adequately educated regarding their tasks related to the protection of personal data.
This policy applies to all personal data held by Glumičić Medical Group regarding any individual, whether they have been, currently are, or will be a client, supplier, or contact.
This policy is designed to prevent the occurrence of potential harm to Glumičić Medical Group and its employees, as well as to respondents, and to ensure that the processing of personal data by Glumičić Medical Group fully complies with the law and other regulations.
Definition and Application
Personal data includes all data relating to an individual whose identity is determined or can be determined, namely an individual who can be directly or indirectly identified, especially by using identifiers such as name, identification number, location data, network identifier, or by using one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
The processing of personal data includes any operation or set of operations performed on personal data or sets of personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction, as well as logical, mathematical, and other operations with such data.
The Glumičić Medical Group primarily collects and processes personal data for the purpose of providing services in its business operations. Therefore, Glumičić Medical Group has a need to collect and process certain types of data about individuals who come into contact with Glumičić Medical Group (respondents). Glumičić Medical Group handles this personal information appropriately, regardless of how it is collected, recorded, stored, and used – whether on paper, computer, or other material.
At the time of providing data to Glumičić Medical Group, the respondent agrees that Glumičić Medical Group processes their personal data in accordance with the specified purpose. Data privacy protection of the respondents is ongoing, and at any time, the respondent can exercise their rights listed and explained below.
Glumičić Medical Group collects and processes personal data of respondents in accordance with the Personal Data Protection Act (NN 103/03, 118/06, 41/08, 130/11, 106/12), other Croatian regulations, Directive 95/46/EC, and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016).
Glumičić Medical Group stores the collected data appropriately and ensures their confidentiality. Glumičić Medical Group will not disclose collected data to third parties without the consent of the respondent, except in cases where it is necessary to fulfill the legal obligations of Glumičić Medical Group, in cases where it is necessary to fulfill tasks performed in the public interest, or in cases where the respondent themselves has disclosed such data, as well as in other cases specified by applicable regulations.
Respondent Rights:
Explanation
Right to Information:
The respondent has the right to request information at any time about whether their personal data is being processed, for what purpose, who is the data controller, contact details of the data protection officer, what categories of personal data are being processed, for what period they are being processed or stored, the source of obtaining their personal data, who are all the recipients of their personal data, as well as the right to information about other rights listed in this policy (right of access, right to rectification, right to erasure, right to restriction of processing, and others).
Right of Access:
The respondent has the right to obtain confirmation from Glumičić Medical Group as to whether personal data concerning them is being processed, and to have access to that data and information about: - the purpose of processing, - categories of personal data being processed; - recipients or categories of recipients to whom the data have been or will be disclosed; - if possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; - to request from Glumičić Medical Group rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; - the right to lodge a complaint with the supervisory authority; - if the personal data is not collected from the data subject, any available information as to their source; - the existence of automated decision-making, including profiling, with the consequences.
Right to Rectification:
The respondent has the right to obtain from Glumičić Medical Group without undue delay the rectification of inaccurate personal data concerning them. The respondent has the right to have incomplete personal data completed, including by providing a supplementary statement.
Right to Erasure / Right to be Forgotten:
The respondent has the right for Glumičić Medical Group to erase personal data concerning them without undue delay if the personal data is no longer necessary for the purposes for which they were collected or otherwise processed, if the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing, if the data subject objects to the processing, if personal data has been unlawfully processed, if personal data must be erased for compliance with a legal obligation in Union or Member State law to which Glumičić Medical Group is subject, if personal data has been collected in relation to the offer of information society services to a child.
This does not apply if processing is necessary (and to the extent necessary) for the exercise of the right to freedom of expression and information, for compliance with a legal obligation requiring processing under Union or Member State law to which Glumičić Medical Group is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Glumičić Medical Group, for reasons of public interest in the area of public health, for archival purposes in the public interest, for scientific or historical research purposes, or for the establishment, exercise or defense of legal claims.
Right to Object to the Supervisory Authority:
The respondent has the right, based on their particular situation, to object at any time to the processing of personal data concerning them, including profiling, in cases where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Glumičić Medical Group, or where processing is necessary for the purposes of the legitimate interests pursued by Glumičić Medical Group or a third party.