Personal data protection

Confidentiality statement

Please read this confidentiality statement very carefully and thoroughly. The official website https://www.derma.hr is operated by Derma d.d., a joint-stock company for the production of casings (hereinafter: Derma d.d.), headquartered in Varaždin at Podravska ulica 13, registered with the Commercial Court of Varaždin, MB: 3024857, OIB: 16891143389.

By accessing our website, you confirm that you have read, understood, and agree to all data confidentiality terms and methods of use. Your personal data, such as name and surname, address, phone number, or e-mail address, are not collected by browsing our official website.

Derma d.d. collects user data only as necessary to fulfill the services we provide and is committed to protecting the personal data of current and future users in accordance with the General Data Protection Regulation (GDPR Regulation EU 2016/679) and the Croatian Act on the Implementation of the General Data Protection Regulation (NN 42/18). All user data is strictly protected and accessible only to employees who need such data to perform their duties.

All employees of Derma d.d. are responsible for adhering to confidentiality principles. Before collecting data, Derma d.d. informs users about how the collected data will be used and gives users the option to choose how their data is used, including the option to decide whether or not their name should be removed from lists that may be used for marketing campaigns.

Under no circumstances will we transfer, sell, or assign users’ personal data to third parties without your explicit consent, except in cases where we are required to do so by law and under the conditions set by the laws of the Republic of Croatia. All questions regarding the processing of personal data, any complaints, requests for deletion, updating, or correction of personal data should be directed to the Data Protection Officer. This statement applies from 28.05.2018. until revoked by Derma d.d.

Personal data protection – GDPR Policy

Privacy policy of Derma d.d. Varaždin

Derma d.d., a joint-stock company for the production of casings, trade, import-export, OIB: 16891143389, Podravska ulica 13, 42000 Varaždin, Croatia, respects the privacy of every individual whose personal data it collects. We would like to inform you about which personal data Derma d.d. collects, how we protect it, and what your rights are. In performing its registered activities and as part of the execution of certain projects and programs, Derma d.d. collects and processes personal data in compliance with all relevant laws and regulations.

Scope of application

This Policy applies to all processing of personal data by Derma d.d., unless otherwise specified by another policy of Derma d.d. Exceptionally, regarding the processing of service users’ data, this Policy prevails over other policies if those policies prescribe different rights and obligations regarding data processing.

Data controller and legal framework

Derma d.d., as the data controller, respects your privacy and is committed to protecting your personal data. Data collection and storage are carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Croatian Act on the Implementation of the General Data Protection Regulation (NN 42/2018), and other applicable regulations in the Republic of Croatia.

What information do we collect about you and how do we use it?

In general, you can visit our website without revealing any personal information about yourself. We do not collect personal data about you (such as your name and contact details) when you visit this website, unless you voluntarily submit information using one of the available forms for a specific purpose (contact form, registration form, purchase form, newsletter subscription form), thereby giving your consent for the collection and use of your personal data for the stated purposes.

Application of data protection principles

Derma d.d. applies the core data protection principles in line with the EU General Data Protection Regulation (GDPR) and Croatian law. These principles ensure that personal data is:

Processed lawfully – Data is processed only if permitted by law and within legal boundaries.
Processed fairly – All specific relationships are respected, adequate measures are taken to protect personal data and privacy, and data subjects’ rights are not hindered.
Processed transparently – Data subjects are informed about how their personal data is processed.
Purpose limitation – Data is processed only for the purposes for which it was collected, or for other purposes only if allowed by the Regulation.
Storage limitation – Data is kept in a form that permits identification only as long as necessary for the processing purposes, unless longer retention is legally allowed.
Data minimization – Only data that is adequate, relevant, and limited to what is necessary is processed. Unnecessary data is not collected.
Accuracy – Efforts are made to ensure data is accurate and up-to-date, with incorrect data deleted where possible.
Integrity and confidentiality – Appropriate technical and organizational measures are implemented to secure personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage, considering the risk level of each processing activity.

Data sharing with Third Parties

Derma d.d. does not share personal data with third parties except where specifically required by Croatian law.

Purpose of data collection

Personal data is collected and processed for the following purposes:

fulfillment of employment contracts
complying with legal requirements relevant to Derma d.d.’s business
direct marketing purposes
sending offers
contacting purposes
improving and personalizing services
protection of property and individual safety through video surveillance measures

Contacting

If you contact us with inquiries, the data you provide will be processed solely to provide the requested information. After responding to your inquiry, the provided data will be deleted. Personal data necessary for resolving product complaints are kept for 12 months from the date of receipt, in accordance with consumer rights regulations.

Open job applications

Data sent through open job applications are processed exclusively for recruitment selection purposes and are retained for up to one year.

Cookies and internet technologies

Like many other websites, ours may use “cookies” (small files stored on your computer when you access our website to enable basic or additional functionality) and other technologies that help us deliver content based on your interests, process reservations or requests, and/or analyze characteristics of your visits. Cookies cannot be used to discover your personal identity. When you access our website, this information identifies your browser characteristics to our servers, but not you personally.

Derma d.d. stores cookies in its database for up to one year for the purpose of informing you about special and personalized offers, news, and events organized through online channels (email, internet, online promotions).

If you have given explicit consent to receive the Newsletter, we may send you an electronic bulletin containing advertising content about our products. The data you provided to subscribe to the Newsletter will only be used for sending the Newsletter. If you wish to unsubscribe, you can do so at any time via the unsubscribe option in the Newsletter. Upon unsubscribing, we will stop processing your personal data for this purpose. Collected data is stored only for the period during which you receive the bulletin and have not withdrawn your consent.

Video surveillance system

Derma d.d., as the data controller, has a legitimate interest in implementing video surveillance measures to protect property and individuals, and for certain job positions, a legal obligation to install cameras that record employees and all persons within the camera’s field of view. Derma d.d. marks all locations with video surveillance as required by law.

Recipients of personal data

Derma d.d. will forward your personal data to other recipients only on the basis of a legal obligation. Derma d.d. guarantees that the collected data will be used solely for the stated purposes. Derma d.d. may use depersonalized data for statistical purposes.

Legal basis for collection

The legal bases for collecting personal data are:

legal obligation,
contractual obligation,
vital interests of the data subject,
legitimate interest overriding the interests of the data subject, or
consent or explicit consent of the data subject, depending on the purpose of processing and the type of personal data.

Places of Data Collection

Derma d.d. collects your data during:

the conclusion of an employment contract
newsletter sign-up on the website
and at locations under video surveillance

Data retention period

Data collected by Derma d.d. on the basis of law must be kept for as long as required by the specific law or other applicable regulation. Data collected on the basis of a contractual relationship will be kept only as long as necessary for the fulfillment of the contract or provision of the service. Data on name, surname, and e-mail address collected on the basis of consent for direct marketing purposes will be kept in the database for up to 1 year or until consent is withdrawn.

Data subject rights

Our users have the following rights at any time:

the right to access and review their data
the right to be informed about the processing of personal data
the right to data portability
the right to withdraw consent
the right to lodge a complaint
the right to correct and amend personal data if the data is incomplete or inaccurate
the right to erasure in cases such as the end of the processing purpose, withdrawal of consent, or in the event of a complaint

If you wish to exercise any of these rights, please contact us. You can also contact us by phone as listed on our website or by sending mail to our address provided on the website.

Security of Your personal data

We are committed to taking appropriate technical and organizational measures to protect your personal data from unauthorized or unlawful processing and from accidental loss, destruction, or damage. When you provide your personal data via our website, this information is securely transmitted over the internet using high-quality encryption and stored on our secure servers located in the EU.

Transparency

This Privacy Policy is available on the Derma d.d. website, as well as on Derma d.d. notice boards.
If we decide to change our privacy policy, we will post and publish the changes on our website.

For this reason, we encourage you to regularly check Derma d.d.’s privacy policies.
Podravska street 13, 42000 Varaždin
+385 42 405 555
gdpr@derma.hr
Office hours for customer service are Monday to Friday from 07:00 to 15:00.

Data Protection Officer

The Data Protection Officer is responsible for ensuring the lawfulness of personal data processing and the exercise of the right to personal data protection. The duties of the Data Protection Officer are prescribed by Article 18a, paragraph 8 of the Personal Data Protection Act, according to which the Data Protection Officer:

ensures the lawfulness of personal data processing in terms of compliance with the provisions of the Personal Data Protection Act and other regulations governing personal data processing,
warns the controller of personal data collections about the necessity of applying data protection regulations in cases of planning and actions that may affect privacy and personal data protection issues,
informs all persons involved in the processing of personal data about their legal obligations for the purpose of data protection,
ensures the fulfillment of obligations under Articles 14 and 17 of the Personal Data Protection Act,
enables the exercise of data subjects’ rights under Articles 19 19. and 20 of the Personal Data Protection Act,
cooperates with the Personal Data Protection Agency regarding the supervision of personal data processing.

The Data Protection Officer is obliged to maintain the confidentiality of all information and data learned while performing their duties. This obligation continues even after the Data Protection Officer ceases to perform their duties.

Use of Cookies

This website uses cookies to provide a better user experience and functionality. You can control and configure cookie settings in your web browser. If you agree to the storage of cookies on your computer, click I AGREE. If you do not want data collected through the use of cookies, most browsers have a simple procedure that allows you to refuse the use of cookies. Cookies may be necessary to provide you with some of our online services. We collect the following key information about the use of our website, which includes: