Here at Dentalni center Tatalović zobozdravstvo d.o.o. we are aware that the right to privacy is one of the most important human rights in modern society, which is why this Personal Data Protection Policy applies to the processing (usage) of any personal data that we carry out or that a third party carries out on our behalf. We value our customers, we understand their concern for privacy, and we handle personal data responsibly. We are completely committed to a legal, fair, and transparent processing of personal data. By implementing the proper protection measures, we also prevent access to personal data by unauthorized persons, maintain its confidentiality and completeness, and prevent its loss or unintentional destruction during processing.
About Us as the Controller of Personal Data
The personal data that you provide to us is processed at DENTALNI CENTER TATALOVIĆ zobozdravstvo d.o.o. based in Cesta krških žrtev 112, 8270 Krško, registration no.: 6118780000, and VAT ID: SI74607278, tel.: +386 74 922 012, e-mail: firstname.lastname@example.org (hereinafter referred to as DCT d.o.o. or the »Controller«).
The processing of personal data is necessary for our business. Without the ability to obtain and process your personal data, we will not be able to provide our services to you, nor will we be able to conclude contracts with you or fulfill liabilities and obligations arising from those contracts. If your consent is required for the processing of personal data, we shall not demand or induce it by threatening to disregard or terminate our business relationship, nor shall we limit our provision of services or product sales or the fulfillment of any other liabilities.
We handle your personal data according to the generally applicable legal provisions of the Republic of Slovenia and at the European Union level while also endeavoring to prevent unjustified handling or misuse. The protection of personal data, privacy, and individual rights is one of the fundamental principles consistently observed by every employee at our company.
Our employees are fully aware of the value and sensitivity of the personal data that they come into contact with and that they handle. We are fully aware of the scope of damage that a disclosure, destruction, or rectification of this data would cause and what that means for data subjects, i.e. for you.
DCT d.o.o. and each employee of this company who comes into contact with your personal data commits to protecting the confidentiality, access, and integrity of that data, whether we are mandated to do so by law or not. The personal data our employees come into contact with or use for a certain purpose shall never be disclosed, unjustly transmitted to a third party, rectified, or destroyed, and will only be used within the scope of the employee’s required work. To be able to avoid unwanted disclosure, destruction, or rectification of the personal data that they come into contact with or that they use in their work, our employees receive proper education and training on a regular basis.
What Types of Personal Data are Processed and with what Purpose?
The personal data that you provide and that we process is used for specific purposes, e.g. for concluding contracts and fulfilling obligations arising from concluded contracts, for communicating with you regarding the provision of our goods, for holding prize games, for implementing the decisions of the General Meeting, for fulfilling legal obligations, for encouraging the organization of projects in the form of a donation of our beverages, for enforcing any legal claims or for settling disputes, for selecting candidates for job vacancies, for marketing communication (sending e-mails), and so forth. This would not be possible without such data. The following personal data is concerned:
- Basic contact details (name, last name, telephone number, e-mail address).
- Information that we need to fill out the check-up form (date of check-up, subject, etc.)
- Data that we need for filling out other contracts (first name, last name, address, tax identification number).
- Data on the use of websites (clicks on links, visit duration) and data on the response to our e-mails (was the e-mail opened, which link was clicked).
- Your CV and photograph during the recruitment procedure.
- Data for the award ceremony after a prize game and for the calculation of personal income tax to that end, for the implementation of the decision of the General Meeting (in addition to basic contact details, the tax identification number, and, if necessary, the bank account number).
On what Legal Grounds do We Process your Personal Data?
The aforementioned personal data that you provide is processed on the basis of one of the legal grounds below:
- The Conclusion or Performance of a Contract
- Requesting services, invoicing, correspondence.
- Within the necessary scope, even for the purpose of concluding a contract, in the negotiation phase, after receiving an offer or a quote from an individual, or for the purpose of obtaining a contract.
- The Fulfillment of Legal Obligations
- Obligations under Slovenian law or EU law – The Accounting Act, the Employment Relationship Act, the Social Assistance Act, the Consumer Protection Act, the Gaming Act, the Obligations Code, and so on.
- Invoicing of purchased goods.
- Transmission of the personal data of individuals to the national authorities and other administrators in order to fulfill legal obligations or responsibilities.
- Legitimate Interests
- Property protection (with a camera system), mediation within our company/organization for administrative purposes.
- For the purpose of reducing the risk of an intrusion into our website (providing information security, reducing the risk of unauthorized access to important business information, personal data, and the information system).
- When you have given your consent to the processing of your personal data for a specific purpose. You always have the right to withdraw your given consent.
- Vital Interests
- When the processing of the personal data is necessary to protect the vital interests of the data subject or another natural person.
Who Do We Transmit Your Personal Data to?
We do not transmit or disclose your personal data to third parties (outside of DCT) except to those who have concluded a written contract with us and perform certain tasks related to data processing on the basis of that contract and are obligated to follow the legislation on the processing and protection of personal data (the so-called Contractual Processors). The Contractual Processors, to who we transmit personal data to, are:
- creators and maintainers of computer applications, websites, and information services;
- developers and implementers of program solutions;
- processors who DCT d.o.o. hires in order to provide services necessary for the performance of contracts;
- goods carriers that deliver to the addresses of buyers;
- marketing, research, and analytical companies;
- outside marketing agencies and event organizers;
- DCT d.o.o. representatives, present at the conclusion and performance of contracts, including recoveries and possible legal proceedings.
The Contractual Processors may process personal data only in compliance with our instructions and may not process them for their own purposes. They, as well as their employees, are committed to the protection of your personal data.
The Contractual Processors do not transmit personal data to third countries (outside of the European Economic Area – EU member states and Iceland, Norway, and Liechtenstein).
Transmission of your Personal Data into Third Countries
How long Do We Store your Personal Data?
We process personal data until we fulfill its purpose or within the framework of the expired deadlines for obligations that may arise from the processing of this data, especially when the processing of personal data is required for the purpose of concluding or performing a contract, except in cases where the personal data storage deadline is laid down by law. In such cases, DCT d.o.o. stores data in accordance with the legislation.
The personal data that we process on the basis of your consent is stored permanently or until you withdraw your given consent.
We store data on issued invoices for 5 years from the issuing date.
The data necessary for the conclusion and performance of a contract between you and the company is stored for up to 5 years from the performance of the contract (procurement of goods).
After the storage deadline expires, we effectively erase or anonymize your personal data, which means that we process it in such a way that it can no longer be associated or attributed to you.
The Processing of Cookies, Monitoring IP addresses, and other Means of Technological Control
Voluntary Transmission of Data and Consequences if They Are not Transmitted
The transmission of personal data is voluntary. You are not obligated to transmit your personal data to us, but if you choose not to transmit them, you are not eligible for certain services or for concluding a contract with us. The type of data that is subject to the aforementioned consequences if not transmitted shall be stated each time we obtain personal data from you.
DCT d.o.o. is committed to the principles laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “General Data Protection Regulation”) and is prepared to fully cooperate when you decide to exercise your rights.
Regarding your personal data, you have the following rights:
- to request from us at any time:
- confirmation as to whether we are processing your personal data;
- access to the personal data and the following information: the purpose of the processing, the types of personal data, recipients or categories of recipients to who the personal data has been or is going to be disclosed, especially recipients from third countries or international organizations, the foreseen storage period or, if that is not possible, the criteria used to determine this period; the existence of automated decision-making, including profiling and the reasons for it as well as the significance and the envisaged consequences of such processing for the data subject;
- one (free) copy of your personal data in the form of your choosing (where the data subject makes the request by electronic means, and unless otherwise requested, the copy shall be provided in an electronic form). For any further copies requested by the data subject, the Controller may charge a reasonable fee based on the administrative costs;
- a rectification of inaccurate personal data;
- a restriction of processing when:
- you contest the accuracy of your personal data for a period enabling us to verify the accuracy of it;
- the processing is unlawful and you oppose the erasure of the personal data, requesting the restriction of its use instead;
- we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims;
- erase all personal data (the right to be forgotten), if conditions from Article 17 of the General Data Protection Regulation are fulfilled, and especially if you withdraw your consent to the processing of personal data;
- a copy of your personal data in a structured, commonly used, and machine-readable format, retaining the right to transfer this data to another Controller without our interference;
- to stop using your personal data for direct marketing purposes, including profiling;
- to not be subject to a decision based solely on automated processing, including profiling, if conditions from Article 22 of the General Data Protection Regulation are fulfilled.
- the right to file a complaint with the Information Commissioner if you believe that our processing of your personal data violates the General Data Protection Regulation.
Procedure for Exercising your Rights
Please send any requests to exercise your rights regarding personal data to: email@example.com or by regular mail to: DENTALNI CENTER TATALOVIĆ zobozdravstvo d.o.o., Cesta krških žrtev 112, SI-8270 Krško with the postscript: “GDPR”.
To reliably identify you when you decide to exercise your rights regarding personal data, we may ask for additional information. We may refuse to take action only if we can prove that we cannot reliably identify you.
We must respond to your request for exercising your rights regarding personal data without undue delay and no later than one month from receipt of the request.
The data subject may send a written request for a permanent or temporary, complete or partial withdrawal of their given consent to the processing of personal data to: DENTALNI CENTER TATALOVIĆ zobozdravstvo d.o.o., Cesta krških žrtev 112, 8270 Krško with postscript: »GDPR« or by sending an e-mail to: firstname.lastname@example.org. The withdrawal of the consent does not affect the lawfulness of the processing carried out before the withdrawal.
Personal Data Protection
DCT d.o.o. protects your personal data with a security management system that is based on the personal data risk analysis. DCT d.o.o. commits to regularly assess security situations and risks, adapting its security plans with the purpose of keeping your personal data safe. We assure you that the appropriate procedures and technologies are being implemented to protect your information and ensure the physical and administrative protection with organizational as well as technical means. For obvious reasons, we shall not mention these procedures and mechanisms here.
DENTALNI CENTER TATALOVIĆ zobozdravstvo d.o.o.
Cesta krških žrtev 112