Data privacy and security statement
DATA PRIVACY AND SECURITY STATEMENT
ARENA Dental Polyclinic (hereinafter: ARENA); OIB: 00416500880, at its business premises in Zagreb, Remetinečka gaj 2k (business unit: Strmec Samoborski (Town of Sveta Nedjelja), Ulica Bagrema 2) as the data controller for your personal data, uses and protects all the information that Users provide it when they use the website www.arenapoliklinika.hr and our other services, especially regarding the processing of personal data in providing its services.
Personal data is any information on a particular physical person or a physical person that can be determined. Specifically, personal data is considered all the information that identifies a user’s identity (e.g. name and surname, e-mail address, address of residence, etc.).
The processing of personal data is any action or set of actions performed on personal data, whether by automatic means or not, such as collecting, recording, organising, saving, adapting or modifying, retrieving, inspecting, using, revealing during transmitting, posting, or otherwise made available, categorised or combined, blocked, deleted or destroyed, as well as the implementation of logical, mathematical and other operations with these data.
How we collect personal data
ARENA collects your personal data, among other things, in the following cases:
- If you contact us directly through any website of ARENA Dental Polyclinic to request information or an offer for our services using our contact form
- If you buy the service directly from us
- If you respond to our direct marketing campaigns, for example by filling out the contact form for entering the information on our website
- If our partners provide your information in a permitted manner
- If you are under the age of 16, please do not provide us with any information without the consent of your parent or guardian.
How your data may be used
The use of personal data in accordance with the stipulations on personal data protection must be justified on the basis of one of the legal “bases”, and we hereby establish such bases for each use of personal data.
The legitimate grounds for processing data are, among other things, include legitimate interest, contractual obligation, legal basis and consent. ARENA’s uses legitimate interest-based processing to promote and provide information about its services, to maintain the highest standards for the sale of services from its offer. Fundamental rights and freedoms of existing and potential buyers are measured in relation to ARENA’s interest in processing the data for the stated purpose.
ARENA will collect contact information, data on rendered services, warranties, as well as information on the history about you as a patient when using our services for the purposes of processing claims due to warranties or technical support for services rendered.
Personal data may be transferred to third parties provided there is a reasonable basis for the transfer, such as rendering a service or transportation.
ARENA uses direct marketing based on your personal information to inform you about news and promotions from our offer, special shopping benefits, presentations of new products, as well as our appearances at fairs, conferences and other events only with your consent.
Your consent for direct marketing may be withdrawn at any time. A person may also at any time lodge a complaint about the processing of data for purposes described above.
ARENA is subject to and are bound by the laws of the Republic of Croatia as well as supranational laws, and is obliged to adhere to them, including the provision of your data to law enforcement agencies, regulatory and judicial bodies, and third parties regarding procedures or investigations anywhere in the world where required. Where permitted, we will direct such a request directly or notify you before receiving a reply, unless it may affect the prevention or detection of a crime.
Providing personal data for compliance with obligatory requirements for your data is a legal obligation that depends on the specific application.
How we protect your data secure
We use various security measures, including encryption and authentication, to protect and maintain the security, integrity and availability of your data.
Among other things, we also use the following measures:
- Strictly limited personal access to your data on the principle of “necessary access”
- Secure transfer of collected data,
- Setting up a firewall on IT systems to prohibit unauthorised access
- Permanent monitoring of access to IT systems for detection and prevention of misuse of personal data.
All your data is stored on our secure servers and the secure servers of our partners and is accessed and used in accordance with our policies and safety standards. The privacy of your data is permanent, and ARENA takes all the necessary steps to protect them. We handle personal data in a safe manner, including protection against unauthorised or illegal processing and loss.
By registering or filling out the contact form at www.arenapoliklinika.hr, you provide us with special consent (approval) to process your personal data listed in the registration or contact form for a particular purpose as well as the information available in the process of delivering documentation in the form of orthopaedic footage and similar. The purposes that ARENA may point out in the registration or contact form requires a separate consent for each.
We undertake to maintain the privacy of your personal data and act in accordance with the General Data Protection Regulation (679/2016), Act on Implementation of the General Data Protection Regulation (Official Gazette 42/2018) and other applicable regulations. The collected personal information of users and visitors to the website, as well as other patients or potential patients, we are not allowed, nor shall we disclose without authorisation to third parties, unless such special law permit, if laws impose such an obligation on us or is otherwise necessary for fulfilment of contractual obligations.
We undertake not to misuse personal data from a registration or other type of form or collected through cookies, nor passed on to third parties without your consent, except as expressly provided by the law and in cases where this is required to meet such obligations. Personal data is considered all data identifying the User’s identity (e.g., name and surname, e-mail address, address of residence etc.) used for answering customer inquiries, statistics and possibly sending special offers and newsletters, and in particular obtained permission.
All user information is strictly kept and only available to employees who require the data to do their job. All ARENA employees and business partners are responsible for compliance with the principles of privacy. We are obliged to provide protection of your personal data by collecting only the basic information necessary for fulfilling the purpose of given or legitimate interest, contractual or legal basis. Data that is automatically recorded when accessing the website (IP address, domain name, browser type, number of visits, time spent on webpages, etc.) will be used solely to evaluate website visibility as well as improve its content and functionality or for statistical purposes.
ARENA informs Users of the way collected data is used and uses it for marketing campaigns solely upon receiving special permission. In the event of any change to personal data (e.g., place of residence, delivery address) which are recorded during registration, the User is also obliged to make changes in the user data.
In accordance with applicable national and supranational legislation, with the aim of protecting confidentiality of personal data, we undertake to treat your data in accordance with law and good faith, collect data solely for specific and legitimate purposes, will not forward data to any third party without your prior permission, will not forward personal data to countries outside the EU area if that country does not provide an adequate level of data protection; ensure adequate, secure storage of personal data, so that it does not go beyond the purpose for which the data have been collected and processed; ensure the accuracy of personal data; ensure the processing of personal data only during the time and for the purpose it is necessary; take all necessary and appropriate technical and organisational measures to prevent the destruction, damage or loss of User’s personal data.
In case you no longer want us to process your data in any way, if you request deletion, correction or transfer of your data, please notify us by e-mail at the e-mail address of the data protection officer: email@example.com or phone number: 01/3535 – 405.
ARENA may contact the User to verify authenticity of the request.
A user who is a natural person can at any time ask ARENA to:
- Enable access to the catalogue for collecting personal data;
- Verify whether the data is processed with respect to the User and provide inspection of personal data contained in the personal data storage system and to copy them;
- Forward the personal data contained in the data storage system;
- Provide a list of third parties to whom personal data was transferred, when it was transferred, and for what purpose;
- Provide information on the sources upon which evidence is based as to which personal data the storage system contains on the individual and the manner of processing;
- Provide information as to the purpose of processing and the type of personal data processed, as well as all the necessary explanations in that regard;
- Provide an explanation as to the technical or logical-technical procedure in decision-making if performing automated decision making as to the processing of an individual’s personal data.
The period which ARENA retains the User’s data is for the entire life or upon receiving a request for deleting the personal data relating to the particular individual, after which the personal data is deleted. ARENA retains personal data longer than this period only if it is obliged to do so due to the applicable regulations of the Republic of Croatia or supranational legislation.
Personal data that is no longer required are either irrevocably anonymised or destroyed in a safe manner.
If the User has objections to ARENA processing their data, they may file an objection with the competent supervisory body in accordance with the General Data Protection Regulation and the Act on Implementation of the General Data Protection Regulation.