INFO

Dental Crnić
Ive Tijardovića Street 1B

MBS:80520979

Dental Crnić respects privacy and protects the personal data of all data subjects (employees of the Company, candidates participating in the recruitment process for employment in the Company, and business partners — natural persons, sole proprietors, authorized representatives of legal entities), whose personal data it collects and processes in its daily business operations.

With this Privacy Policy, Dental Crnić (hereinafter: the Company) provides you with basic information regarding the processing of your personal data, in accordance with the General Data Protection Regulation (GDPR). We kindly ask you to read the following text carefully, and to contact us in case of any ambiguities or if you require additional information regarding the processing of personal data.

This Policy defines the basic principles and rules for the protection of personal data in accordance with the Company’s business and security requirements, as well as with legal regulations, best practices, and internationally accepted standards. In order to ensure fair and transparent processing, the Company aims to provide clear information about the processing and protection of personal data it collects and processes, and to enable easy supervision and management of personal data and consents.

Through this Privacy Policy, we ensure an adequate level of data protection in accordance with the General Data Protection Regulation and other applicable laws related to the protection of personal data.

OBJECTIVES OF THE POLICY

The purpose of this Privacy Policy is to explain to our employees, job candidates, and business partners:

• which personal data we collect and process
• how we collect personal data, for what purposes, and on what legal grounds
• how long we store them and with whom we share them;
• what rights they have regarding data protection and how we protect them.

PRINCIPELS OF DATA PROTECTION

The Company pays special attention to the protection of the privacy of the data subjects, who can always contact us in case of any inquiries regarding the processing of their personal data. Data subjects can exercise their rights in accordance with the regulations on the protection of personal data free of charge by contacting us at the email address: info@dentalcrnic.com

The Company applies the following principles regarding the processing of personal data.

Personal data must be:

• Lawfully, fairly, and transparently processed with respect to the data subject ("lawfulness, fairness, and transparency").
• collected for specific, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes
• appropriate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");
• accurate and, where necessary, kept up to date; every reasonable measure must be taken to ensure that personal data which are inaccurate, taking into account the purposes for which they are processed, are erased or rectified without delay ("accuracy");
• kept in a form which permits identification of the Data Subject for no longer than is necessary for the purposes for which the personal data are processed, and thereafter erased from all records, unless a longer retention period is required by applicable laws. Exceptionally, personal data may be stored for longer periods if a legitimate interest of the Company is established or the Data Subject has given consent ("storage limitation");
• processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by applying appropriate technical or organizational measures ("integrity and confidentiality").

CATEGORIES OF PERSONAL DATA PROCESSED BY THE COMPANY

In the course of its operations, the Company processes various categories of personal data of respondents, business partners (customers and suppliers), and employees who are not covered by this Privacy Policy.

We process the following personal data of business partners:

• identification data (name and surname, job title)
• contact details (email address, phone/mobile number)

In addition to the usual communication in person, by phone, and via email, our website has a "Contact" page and a questionnaire. Through this questionnaire, we collect your personal data (name, surname, phone number, mobile number, email address) which you voluntarily provide by filling out the questionnaire on our website. The collected data will be used for the purpose of contact, responding to your inquiries, providing information upon your request, and maintaining a record of users of this website. These details are necessary for us to respond to your inquiry and provide the requested service.

LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA

The company processes your personal data based on the following grounds:

• the processing is necessary for compliance with the legal obligations of the Company
• the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract
• the processing is necessary for the purposes of the legitimate business interests of the Company or a third party, unless those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data
• The data subject has given consent to the processing of their personal data for one or more specific purposes.

STORAGE OF PERSONAL DATA

The Company is authorized to retain data only for as long as it is necessary for the purposes for which the personal data is being processed.

After that, all data will be deleted, unless a specific retention period is prescribed by law, in which case the data will be stored for the prescribed period. The data will not be used for any other purposes except those prescribed by law. An exception applies to legal disputes, which may extend the retention period.

TRANSFER OF DATA TO RECIPIENTS

The transfer of personal data to other recipients is permitted only with the written consent of the data subject. The data subject must be fully informed beforehand about the personal data being transferred, the purposes of the processing, the identity of the recipients, and the reasons for the transfer.

RIGHTS OF DATA SUBJECT

The company respects the right to privacy, collecting and processing data only when there is a legal basis for processing. Data subjects retain certain rights at all times in relation to the processing of their data.

Data subjects have the following rights:

Right to Information

Data subject has the right to obtain information from the Company about the processing of their personal data, regardless of whether the data is collected directly from the Data Subject or not. The information must be provided in a clear and

understandable manner. It is considered that the data subject is informed about their rights in a publicly accessible way, through this Privacy Policy.

Right to erasure ("right to be forgotten") – the data subject has the right to request the deletion of personal data concerning them from the Company. The Company is obliged to delete personal data without undue delay if one of the following conditions is met:

• personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, unless a longer retention period is required by law
• the processing is based on the consent of the data subject, and the data subject has withdrawn their consent, with no other legal basis for processing existing;
• the data subject has objected to processing based on the legitimate interests of the company, unless the company demonstrates that there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims
• the personal data have been unlawfully processed;
• the personal data must be erased in order to comply with a legal obligation under Union law or the law of the Republic of Croatia;

​

​Right of access to data - the data subject has the right to obtain confirmation from the Company as to whether personal data concerning them is being processed, and if such personal data is being processed, to gain access to the personal data and receive information on the purpose of processing, categories of personal data, recipients to whom the personal data has been or will be disclosed, the retention period, the data subject's right to rectify or erase personal data, the right to restrict processing, the right to object to processing, and the right to lodge a complaint with a supervisory authority. Upon request, the data subject has the right to be informed about the existence of automated decision-making, including profiling, along with meaningful information about the logic involved, as well as the significance and consequences of such processing for the data subject. Furthermore, the data subject has the right to be informed, upon request, whether their personal data is transferred to third countries or international organizations, and about the protective measures taken in such transfers.

In addition to the information described above, the Company is obliged, upon request of the data subject, to provide access to and a copy of their personal documentation stored by the Company.

The data subject has the right to know the source of the data. The data subject has the right to be informed about automated decision-making and the potential consequences of such processing.

Right to rectification - the data subject has the right to obtain from the Company, without undue delay, the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her. Additionally, data subjects are obliged to update their personal data.

The right to data portability – In cases where the Company carries out automated data processing based on the consent of the data subject or when it is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract, the Company is obliged, upon the request of the data subject, to provide the personal data concerning him or her in a structured, commonly used, and machine-readable format, and is required, upon the request of the data subject, to transfer such data to another data controller, provided that this does not adversely affect the rights and freedoms of others.

Right to object - In cases where the processing of personal data of the data subject is based on the legitimate interests of the Company, the data subject has the right to object to such processing at any time. The Company, upon receiving the objection, will assess on a case-by-case basis whether the legitimate interests of the Company for continuing the processing outweigh the interests, rights, and freedoms of the data subject. The Company is authorized to continue the processing only if it determines that its legitimate reasons for processing prevail over the interests, rights, and freedoms of the data subject. Otherwise, the Company is obliged to cease further processing.

Pravo na ograničenje obrade - the data subject has the right to request the restriction of processing from the Company in the case that they contest the accuracy of personal data, when they believe the processing is unlawful and oppose the deletion of personal data and instead request a restriction on its use, in the case when the data subject has lodged an objection to the processing and is awaiting confirmation as to whether the legitimate reasons of the data controller override the data subject’s reasons, and when the Company no longer needs the personal data for processing purposes, but the data subject requests it for the establishment, exercise, or defense of legal claims. Upon submitting a request to exercise the right to restriction of processing, the data in the Company’s database will not be changed while the process is underway regarding the data subject’s request. Upon resolving the subject case, the Company will inform the data subject about the termination of the restriction of processing.

HOW TO EXERCISE YOUR RIGHTS

A request to exercise any of the above-mentioned Data Subject rights must be submitted via email to the following address:  info@dentalcrnic.com

The written request must contain at least the following information:

• The Data Subject’s personal information (name, surname, and personal identification number – OIB) for the purpose of identification when establishing the facts and responding to the inquiry related to that specific Data Subject's personal data.
• Which of the aforementioned rights the Data Subject wishes to exercise
• The address for delivering the response to the request

The Company is responsible for acting upon the Data Subject’s request within one month of receiving the request. This period may be extended by an additional two months if necessary, taking into account the complexity and number of requests. The Data Subject who submitted the request will be informed of any such extension.

PERSONAL DATA PROTECTION

In order to protect the personal data we collect, the Company implements appropriate physical, technical, and organizational security measures, taking into account the nature, scope, context, and purposes of processing, as well as the latest technological developments and the cost of implementation, in accordance with its capabilities.

REPORTING A PERSONAL DATA BREACH

The Company will notify the supervisory authority of the personal data breach no later than 72 hours after becoming aware of it, if the breach is of such a nature that it may result in a risk to the rights and freedoms of the Data Subject (e.g., financial losses, disclosure of a professional secret, discrimination, damage to reputation, or any other significant social and economic harm).