PRIVACY POLICY – Personal Data Protection Policy
International Medical Center PRIORA, Čepin (hereinafter: IMC Priora), as the Controller, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and in accordance with the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18, hereinafter: the Act) has drawn up the Privacy Policy – Personal Data Protection Policy.
The Personal Data Protection Policy has been adopted to clearly communicate how the Controller collects, uses, shares and otherwise processes the personal data of its clients, employees, business partners and other persons who can be identified directly or indirectly (hereinafter: Data Subjects), and to familiarise Data Subjects with all methods of obtaining information for data processing purposes.
The Personal Data Protection Policy is based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.
Personal data sent via the website https://www.priora.eu/ (hereinafter: Website) will be processed applying personal data safeguards in accordance with the GDPR and legal and regulatory obligations.
PERSONAL DATA WE COLLECT
Personal data is collected through various interactions with the IMC Priora (using web pages owned by the IMC Priora, sending inquiries/requests by e-mail or mail, participating in prize games or competitions, concluding collaboration agreements), including but not limited to:
- First name, last name
- Address
- PIN
- Date of birth
- Sex
- Phone/mobile phone number
- E-mail address
- Bank number/Card details
Personal health data:
- Hospital record
- ID number of the insured person (MBO)
- Insurance data
- Health condition and treatment data
- Diagnosis (referral/final)
- Parameters required to provide certain medical services (height, weight, allergies, blood type)
- Medical documentation
- PIN
- Date of birth
- Sex
- Phone/mobile phone number
- E-mail address
Through various interactions, IMC Priora may also collect data not falling within the category of personal data, including but not limited to:
- Information about the device used to connect to the internet
- Type and version of the browser you are using
- How IMC Priora’s Website is used
HOW IS DATA COLLECTED?
Personal data is collected in one of the following ways:
- Directly from the individual – data provided for the purpose of concluding or carrying out a contract, during a visit to the IMC Priora’s offices, over a phone conversation, or by participating in charity and other campaigns organised by the IMC Priora.
- Indirectly – public data available on websites not belonging to IMC Priora (e.g., posts on social media and open forums), data collected by using cookies, links and similar technologies.
We collect your personal data either on the basis of consent or on the basis of legitimate
interests (e.g., in case of using cookies necessary for the Website to function).
While browsing the internet in general, websites use the option of storing cookies on your
computer to provide you with a fast, simple and efficient service.
Following new legal obligations imposed by the EU, which are applicable to Croatian
websites, to collect such data/files it is necessary to obtain the user’s consent prior to their storage.
Like other websites in Croatia, IMC Priora uses cookies to provide you with a
high-quality service. IMC Priora considers that users have given their consent for the storage of cookies by continuing to use this Website.
If you block cookies, you can still browse the Website, but some of its features will not be
available to you.
Cookie settings can be managed and configured in your web browser. For more information about cookie settings, please select the web browser you are using. • Chrome • Firefox • Internet Explorer 9 • Internet Explorer 7 and 8 • Opera • Safari
If you disable cookies, you will not be able to use some of the Website features.
If you do not want to store cookies on your computer, we suggest visiting the following
websites to find out how to delete or disable them:
- www.allaboutcookies.org
- www.youronlinechoices.eu
The WEBSITE PRIVACY POLICY defines how the data we collect on the IMC Priora’s Website is collected and kept.
Your personal data is collected and used only on the basis of the data you have provided to the Priora freely, either by registering or filling out a contact form (at the time of registration, personal data such as first and last name, address, city/town, e-mail address and birth year will be used), or by using the Website. E-mails containing your personal data that IMC Priora receives will be used solely for the purpose of fulfilling your requests.
FOR WHAT PURPOSE IS DATA COLLECTED?
The Controller processes and may use personal data only for the purposes for which it has been collected. Personal data processing is allowed only if and to the extent that it is necessary for compliance with a legal obligation to which the Controller is subject, for the performance of a contract or in order to take steps at the request of the Data Subject prior to entering into a contract, and if processing is necessary for the purposes of the legitimate business interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data.
PERSONAL DATA PROCESSING ON THE BASIS OF THE CLIENT’S CONSENT
IMC Priora may require the client or the holder of parental responsibility over the client to give their consent to the processing of their personal data for specific purposes. Where processing of the client’s personal data is based on consent, the client/holder of parental responsibility may withdraw their consent at any time, but this will not affect the lawfulness of processing based on consent before its withdrawal.
PROTECTION OF CHILDREN’S PERSONAL DATA
In accordance with Article 19, paragraph 1 of the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18), in terms of personal data protection, IMC Priora considers all persons under the age of 16 as children and it does not require nor collect children’s personal data from or about them without consent from the holder of parental responsibility. IMC Priora will always make an effort to process data obtained from children only with consent from the holder of parental responsibility.
RIGHT TO PRIVACY
You may exercise the following rights at any time:
- right to be informed about data processing
- right to erasure.
If any of the following conditions are met:
- The personal data is no longer necessary in relation to the purposes for which it was
collected or otherwise processed - The Data Subject withdraws consent on which the processing is based
- The Data Subject objects to the personal data processing based on the legitimate
interests pursued by the Controller or a third party, including profiling based on these
grounds - The personal data has been unlawfully processed
- The personal data has to be erased for compliance with legal obligations under other
regulations - Right of access
At any time, the Data Subject has the right to request access to their personal data from the Controller and to obtain detailed information about how their personal data is processed. Exercising the right to access personal data may not adversely affect the rights and freedoms of others.
- Right to rectification
The Data Subject has the right to rectification of inaccurate personal data. The Data Subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement. The Controller will take every reasonable step to verify the accuracy of personal data and to rectify it.
- Right to lodge a complaint with a supervisory authority
The Data Subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data when the data processing is based on legitimate interests.
The Data Subject also has the right to lodge a complaint with the competent supervisory authority in the Republic of Croatia – Croatian Personal Data Protection Agency, Selska cesta 136, 10 000 Zagreb.
- Right to restriction of processing
Where:
- The accuracy of the personal data is contested by the Data Subject
- The processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of its use instead
- The Controller no longer needs the personal data for the purposes of the processing, but it is required by the Data Subject for the establishment, exercise or defence of legal claims
- The Data Subject has objected to the personal data processing based on the legitimate interests, including profiling based on that data, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject
- Right to data portability
The Data Subject also has the right to transmit their personal data to another controller.
The IMC Priora will provide the forms for Data Subjects to exercise the aforementioned rights at its offices.
VIDEO AND AUDIO SURVEILLANCE
IMC Priora, as the data controller, exclusively for the purposes of protecting the safety of our patients and employees, as well as all persons covered by the legal parameters of recording, and for the purposes of protecting property and preventing illegal acts against property such as theft, robbery, break-ins, violence, destruction, etc., in accordance with our legitimate and documented legitimate interests, exclusively monitors the acceptable area around and inside IMC Priora at the location Kralja Tomislava 153, 31431 Čepin, the recording parameters of which are clearly marked with easily visible notices. Video surveillance recordings are stored for up to one month as a rule, depending on the amount of recorded data on the storage medium, but for no longer than 6 months.
The audio surveillance system is implemented exclusively for the purpose of improving the service.
PERSONAL DATA RETENTION PERIOD
Depending on the purpose and legal basis on which the client’s personal data is collected, in certain cases, the Controller is obligated to keep personal data for a period of time specified by applicable regulations for a particular purpose.
We are obligated to keep personal data contained in medical documentation for 10 years after the treatment has been completed, in accordance with Article 23 of the Act on Medical Practice, or until all legal obligations to retain personal data have expired, except for personal data that we are obligated to keep permanently under the Act.
WHO TO CONTACT
If the Data Subject has any questions about how the Controller uses their personal data or wishes to object to the processing of personal data, they may contact the data protection officer in writing at the following address:
International Medical Center PRIORA
Kralja Tomislava 153
Čepin, 31431
or by e-mail at: [email protected].
The Privacy Policy – Personal Data Protection Policy will become effective upon its
publication on the Website.
The International Medical Center PRIORA reserves the right to amend the Privacy Policy – Personal Data Protection Policy. Any such amendments will be published on the Website.