Rulebook on collection, processing and protection of Personal Data

GENERAL PROVISIONS

Article 1.

(1) The company Pripreme iuridica d.o.o. (hereinafter: "Company") this Ordinance determines the purpose and means of personal data processing and protection of individuals in terms of personal data processing and rules related to the free movement of personal data in accordance with the General Data Protection Regulation (EU) 2016/679.

(2) Terms used in this Ordinance, which have a gender meaning, refer equally to both genders.

DEFINITIONS

Article 2.

For the purposes of this Ordinance, and pursuant to the provision of Article 4 of the General Data Protection Regulation (EU) 2016/679, certain terms have the following meanings:

  • “personal data” means all data relating to an individual whose identity has been established or can be established (“respondent”); an identifiable individual is a person who can be identified directly or indirectly, in particular by means of identifiers such as name, identification number, location data, network identifier or by one or more factors specific to physical, physiological, genetic, mental , the economic, cultural or social identity of that individual;
  • “processing” means any operation or set of operations performed on personal data or on sets of personal data, whether automated or non-automated, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, inspection, use , detection by transfer, dissemination or otherwise making available, harmonization or combination, restriction, deletion or destruction;
  • “restriction of processing” means the marking of stored personal data with the aim of restricting their processing in the future;
  • “storage system” means any structured set of personal data available according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
  • “controller” means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State;
  • “processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  • “recipient” means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a particular investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing;
  • “third party” means a natural or legal person, public authority, agency or other body other than the respondent, the controller, the processor or persons authorized to process personal data under the direct authority of the controller or processor;
  • “consent” of the respondent means any voluntary, special, informed and unambiguous expression of the respondent's wishes by which he or she gives consent to the processing of personal data relating to him or her by a statement or clear affirmative action;
  • “personal data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed;

PRINCIPLES OF PERSONAL DATA PROCESSING

Article 3.

Pursuant to this Ordinance, personal data must be:

  • processed legally, fairly and transparently with respect to the respondent;
  • collected for special, explicit and lawful purposes and may not be further processed in a manner inconsistent with those purposes;
  • appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and up to date as required;
  • kept in a form that allows the identification of respondents only for as long as is necessary for the purposes for which personal data are processed;
  • processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage through the application of appropriate technical or organizational measures;

LEGALITY OF PROCESSING

Article 4.

Processing is lawful only if and to the extent that at least one of the following is met:

  • the respondent has consented to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of the contract to which the respondent is a party or in order to take action at the request of the respondent prior to the conclusion of the contract;
  • processing is necessary to comply with the legal obligations of the processing manager;
  • processing is necessary to protect the key interests of the respondent or other natural person;
  • processing is necessary for the performance of a task of public interest or in the performance of the official authority of the controller;
  • processing is necessary for the legitimate interests of the controller or a third party, except where those interests are stronger than the interests or fundamental rights and freedoms of the respondent requiring the protection of personal data, especially if the respondent is a child.

Article 5.

(1) Consent by which the respondent consents to the processing of personal data relating to him is voluntary, in writing with easy-to-understand, clear and simple language, clearly indicated for the purpose for which it is given and without unfair conditions.

(2) In the case of the processing of personal data of a child under the age of 16, the consent in the manner described in paragraph 1 of this Article shall be given by the holder of parental responsibility over the child (parent or legal guardian of the child).

(3) In the process of personal data processing, the company shall provide the respondent in an appropriate manner (in writing or directly orally) with all information related to the processing of his personal data, and in particular on:

  • purpose of data processing,
  • the categories of personal data in question,
  • legal basis for data processing,
  • recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or international organizations,
  • the intended period in which personal data will be stored or, if this is not possible, the criteria used to determine that period,
  • the existence of the right to request the controller to correct or delete personal data or to restrict the processing of personal data relating to the respondent or the right to object to such processing,
  • the right to lodge a complaint with the supervisory authority; if personal data is not collected from respondents, any available information about their source
  • etc.

RESPONDENT'S RIGHTS

Article 6.

(1) The company shall, no later than one month from the day of submitting the request of the respondent or his legal representative or proxy:

  • inform the respondent about the purpose of processing his personal data, the categories of personal data being processed, the recipients or categories of recipients to whom personal data have been or will be disclosed, the intended period in which personal data will be stored and in case personal data are not collect from respondents about their source
  • provide the respondent with a printout of personal data contained in the storage system relating to him
  • correct inaccurate data or supplement data
  • carry out the deletion of personal data relating to the respondent provided that the personal data are no longer necessary in relation to the purposes for which they were collected or if the respondent withdraws the consent on which the processing is based.

(2) The time limit referred to in the preceding paragraph may be extended by an additional two months, taking into account the complexity and number of requests.

(3) The company shall without delay, and no later than within one month from the receipt of the request, inform the respondent about the reasons for rejecting the request referred to in paragraph 1 of this Article.

(4) The company shall provide the information referred to in this Article free of charge.

Article 7.

A respondent who considers that a company has infringed some of its rights guaranteed by the General Data Protection Regulation (EU) 2016/679 has the right to submit a request for a violation of rights to the competent authority.

RECORDS

Article 8.

(1) The company keeps the following records of personal data:

  • records on natural persons-users of our services such as: name and surname, OIB, address,
  • contact details such as: e-mail address, telephone number (mobile and / or fixed number),
  • level of education - institution where the education was completed
  • records on legal entities-users of our services such as: identification data: name, seat, OIB,
  • contact information: address, telephone number, e-mail address, information regarding the workplace / department in connection with which our services are engaged

(2) The records referred to in paragraph 1 of this Article shall contain at least the following information:

  • respondents to whom the records relate
  • personal data collected
  • purpose of personal data processing
  • the basis for the processing of personal data
  • users of personal data
  • description of technical and organisational security measures for data protection
  • time period for keeping personal data
  • deadlines for deleting different categories of data

(3) The management of the company shall make a decision on the persons in charge of processing and protection of personal data referred to in this Article

(4) Persons in charge of personal data processing are responsible for the protection of personal data against accidental loss or destruction, against unauthorized access or unauthorized alteration, unauthorized disclosure and any other misuse.

PERSONAL DATA PROTECTION

Article 9.

In order to avoid unauthorized access to personal data, organizational and technical measures have been taken in order to preserve personal data.

TRANSITIONAL AND FINAL PROVISIONS

Article 10.

In the part on protection, control over the collection, processing and use of personal data which is not regulated by this Ordinance, the General Regulation on Personal Data Protection (GDPR) is directly applicable.

This Ordinance shall enter into force on the day of its adoption.

PREPARATIONS
 IURIDICA

Company info

Preparations iuridica d.o.o.

Supilova 7/b

42000 Varaždin

VAT: 20834886651

Contact

Mob: +385 99 7362 000

Mail: [email protected]

Web: www.pripreme-iuridica.hr

 

Personal data protection

Web by eSENTIO

This website uses cookies, and by using it you accept the use of cookies
Ok
More information