GDPR - General Data Protection Regulation

RIGHTS OF DATA SUBJECTS

Users of the services provided by the Implant Centre Martinko d.o.o. (hereinafter: “data subjects”) are hereby presented and explained the rights regarding the protection of their personal data which are processed by the Implant Centre Martinko d.o.o. (hereinafter: “controller”) for the purpose of providing registered services.

INTRODUCTION

  • The data subject provides his or hers personal data in order for the controller to fulfil their contractual obligation i.e. to provide registered services to the data subject. If the data subject does not provide the requested, complete and accurate personal data, the controller cannot fulfil their contractual obligation.
  • The controller shall grant access to data subject’s personal data to the public administration bodies only for the purpose and in the scope necessary to fulfil the obligations towards these bodies as prescribed by law.
  • The data subject can at any time withdraw their consent based on which the data subject’s personal data are being processed. Withdrawal of the consent shall not bring into question the lawfulness of processing which was based on this consent before it was withdrawn.
  • The data subject has the right that the decision, which is based solely on automated processing, including development of a profile, which produces legal effects that affect the said data subject or which significantly affects the data subject in a similar manner shall not apply to him or her i.e. the data subject has the right to contest such decision.

PERSONAL DATA CATEGORIES

  • The data subjects are informed of the fact that the personal data which are being processed by the controller and which are related to the data subject’s health condition fall into a special category of personal data, and therefore they enjoy higher level of protection.

RIGHT TO ACCESS

  • The data subject has the right to receive confirmation from the controller on whether his/hers personal data are being processed and if such personal information is being processed, the data subject has the right to access this personal data, as well as to information on his or hers rights.

RIGHT TO RECTIFICATION AND ERASURE

The data subject has the right to request rectification and completion of inaccurate and/or incomplete personal data. Data subject’s personal data shall be kept in the controller’s systems during the time needed for the performance of the registered activity of the controller.

The data subject has the right to obtain from the controller an erasure of personal data which pertain to him or her. The controller shall erase the data subject’s personal data without undue delay if:

  • Personal data are no longer necessary for the purposes for which they were collected or if they have been otherwise processed;
  • The data subject withdraws consent for data processing and if no other legal basis for processing exist,
  • The data subject files a complaint against the processing;
  • Personal data have been unlawfully processed;
  • If this is necessary in order to act in accordance with legal regulations of the European Union or a member state.

RIGHT TO RESTRICTION OF PROCESSING

Data subject has the right to obtain restriction of processing from the controller if one of the following requirements has been met:

  • The data subject disputes the accuracy of the personal data, for the period for which the controller is granted the right to verify the accuracy of personal data;
  • The processing is unlawful and the data subject objects to the erasure of personal data and request restriction of their use instead;
  • Controller no longer needs personal data for processing but the data subject requests the data for the establishment, exercise or defence of legal claims;
  • Data subject filed a complaint against the processing expecting confirmation on whether the legitimate reasons of the controller override the reasons of the data subject.

RIGHT TO DATA PORTABILITY

  • The data subject has the right to receive personal data which pertain to him, which he or she gave to the controller, and has the right to smooth transmission of such data between controllers if this is technically feasible.

NOTIFICATION ON PERSONAL DATA BREACH

In case of a personal data breach which is likely to cause a high risk to the rights and liberties of an individual, the controller shall, without undue delay, in a clear and simple manner, inform the data subject on the personal data breach. Notification on the breach must as a minimum contain the following:

  • Name and contact information of the data protection officer or other point of contact from which additional information can be obtained;
  • Description of likely consequences of the personal data breach;
  • Description of the measure which the controller has taken or proposed to be taken in order to solve the problem of the personal data breach, including as needed measures to mitigate potentially harmful consequences of such a breach.

REQUEST FOR THE PURPOSE OF EXERCISING RIGHTS

  • At the request of the data subject, the controller shall provide all information regarding the above rights of the data subject to personal data protection, within one month from receiving the request. In the event of a large number of submitted requests and/or complexity of such requests, the controller can extend the deadline for the reply to each request submitted by the data subject by another two months, where the controller must inform the data subject of such extension without delay with providing the reasons for the delay.
  • In the event of a failure to act on the request of the data subject the controller shall, without delay and no later than one month from receiving the request, inform the data subject of the reasons why he did not act and on the possibility to file a complaint to the supervisory body (Personal Data Protection Agency).

For the purpose of responding to the request of the data subject, the controller is authorised to request from the data subject additional information which are necessary in order to verify the identity of the data subject.

  • In order to exercise his or hers rights, the data subject can contact the competent data protection officer, namely:

Daniel Pikl,+385 91 5185643,daniel@health-tourism-martinko.com, Zagrebačka cesta 126, 10000 Zagreb
Siniša Dugorepec,+385 91 1544452,sini@health-tourism-martinko.com, Zagrebačka cesta 126, 10000 Zagreb
Fanika Krešić,fanika@implant-centre-martinko.com, Zagrebačka cesta 126, 10000 Zagreb

  • Data subjects can also contact the controller with questions and demands regarding protection of their personal data which are being processed to e-mail, telephone, postal address.