KATUNAR Estate Winery
Sv. Nedilja bb, 51516 Vrbnik, Hrvatska
tel. +385 51 857 393
fax. +385 51 857 391
This Policy establishes a responsible and transparent framework for ensuring compliance with the General Regulation on Personal Data Protection.
The policy applies to all organizational units of Villa Maris (hereinafter referred to as COURSE MANAGER) and all employees, including honorary and temporary workers, as well as all external associates acting on behalf of the processing manager.
The manager of the processing is committed to doing business in accordance with all laws, regulations and the highest standards of ethical business.
This policy sets forth the provisions of the anticipated retention of the employee of the processing manager and his / her external associates engaged in the collection, use, storage, transmission, disclosure or destruction of any personal data belonging to the employees, business partners of the processing manager and other physical persons. The purpose of the policy is to standardize the protection of the rights and freedoms of the respondents by preserving the privacy of their personal data in all aspects of business management operations that include personal information. This policy determines that COURSE MANAGER will not disclose personal information to third parties or act in a manner that threatens them.
Principles of personal data processing
The Manager of Processing adopts the following principles to be followed when collecting, using, retaining, transmitting and destroying personal data:
LEGITIMATE, RIGHTS AND TRANSPARENCY
Personal data will be processed legitimately, fairly and transparently against the respondent. This means that the manager of processing in all relevant situations will inform the respondent on how to process the data (transparency) and processing will take place solely in accordance with (fairness) and in accordance with the purpose stipulated in the applicable law on protection personal data (legitimacy).
LIMITATION OF WRONG
Personal data will be collected for clearly defined and legitimate purposes and will not be processed in any manner that is not in accordance with these purposes. This means that the processing manager must clearly state what data collected will be used and limit the process of processing personal data to the only processes that are required to achieve those purposes.
MINIMIZATION OF DATA
Collected personal data will be relevant and limited to what is necessary to achieve the purpose of their processing. This means that the handler will not collect, process or store more personal data than is necessary.
Collected personal information will be accurate and up-to-date, which means that the handler will have developed procedures for detecting and solving obsolete, inaccurate and unnecessary personal data.
WARNING POINT OF DATA
Personal data will not be kept in a form that allows the identification of the respondent for longer than is necessary for the purpose of processing. This means that the manager of the processing will keep the personal data wherever possible, in a way that limits or prevents the identification of the respondent.
Personal data will be processed and stored in a manner that ensures adequate protection from injuries such as unauthorized and unlawful processing and accidental loss, destruction or damage to the data. The Processing Manager will implement the appropriate technological and organizational measures described in the Personal Data Security Policy to ensure the integrity and confidentiality of personal data at any time.
PRIVACY CONNECTED TO DESIGN SYSTEM
When designing new ones and reviewing and extending the existing systems and process management, care will be taken to apply all these principles in order to maximize the privacy of the respondent.
The rights of the respondent
All respondents whose data is collected and processed by the processing manager have the following rights:
THE RIGHT TO ACCESS INFORMATION
Each respondent has the right to a copy of the data that the master of the processing has in his archive for the purpose of insight. In addition to the right to inspect your own data,
the respondent has the right to information about:
the purpose of processing and the legal basis for processing
legitimate interest, if it is based on processing
types and categories of collected personal data
third parties to whom the data is transmitted
data retention period
the source of personal data, if not collected from the respondent
All information to the respondent should be provided in clear and simple language to ensure understanding and must be clearly indicated and visible as the respondent should not overlook.
There is a possibility that providing the requested information to the respondent may reveal information about another person. In such cases, this information should be anonymised or completely denied in order to protect the rights of that person.
RIGHT TO DATA REVIEW
Each respondent has the right to correct inaccurate or incomplete information that the processing manager has in his / her archive.
THE RULE OF FAILURE
Respondents may request that data be removed from the archive. The request will be taken into consideration and will be met if it does not object to the legal basis for the processing of personal data.
THE RIGHT TO LIMIT THE PROCESS
Respondents have the right to limit the scope of processing, where applicable.
THE RIGHT TO TRANSMIT THE DATA
Respondents are entitled to a copy of the data for transfer to another processing manager.
THE RIGHT OF COMPLAINT
Respondents have the right to complain, especially if the processing is based on the legitimate interest of the processing manager. Then it is necessary to revise the purpose of the processing and to establish its legal basis and, where applicable, to allow the respondent to withdraw data processing privileges and / or terminate processing of his data.
RIGHT TO ASSESS:
Respondents have the right to ask the supervisory authority to assess the violation of the provisions of the Regulation and the internal policies of the processing manager.
THE RIGHT TO APPLY TO PROFILING
Respondents have the right to complain about automatic profiling and other forms of automated decision-making.
In case the processing manager refuses the respondent's request, the response will include the reason for the refusal, which the respondents may complain to the competent authority for the protection of personal data (AZOP).
The legal basis for the collection and processing of personal data of the respondents is as follows:
Laws regulating the business of taxpayers prescribe data sets that are necessary for the fulfillment of the legal obligation. For the collection and processing of data prescribed by the law, the processing manager will not ask for the privilege of the respondents, but will only collect data prescribed by law and will not use them for other purposes. This applies in particular to the data collected under the following laws and the relevant regulations, among which we mention:
Value Added Tax Act
The Income Tax Act
Ordinance on the content and manner of keeping records of workers
EXECUTION OF CONTRACT OBLIGATIONS
The personal data necessary to fulfill the contractual obligation will be collected by the processing manager without the consent of the respondent, to the minimum extent necessary for the fulfillment of the obligation.
The Processing Manager will publish a list of legitimate interests on the basis of which it collects and processes personal data for the purpose of enabling and / or enhancing its services or products.
PROTECTION OF VITAL INTERESTS OF ISPITANTS
The processing manager may collect and process personal data without the consent of the respondent if it is to protect his or her vital interests.
PUBLIC INTERESTS OR EXECUTION OF OFFICIAL OFFICERS OF THE DEVELOPMENT COORDINATOR:
Where the activity of a processing manager involves action on behalf of the public interest or the processing of data is based on another type of official authority, it is not always necessary to inform the interviewee about the collection of personal data.
In all other cases, the processing manager will seek the consent of the data subject to collect and process personal data in which the purpose of the processing will be clearly stated. The respondent may at any time withdraw the privilege and thus his data must be automatically removed and the processing terminated.
Processing Manager keeps records of active and withdrawn entrants to ensure business accuracy.
The Manager of Processing announces the following legitimate interests:
PERSONAL DATA PROTECTION GDPR
Respondents have the right to object to processing of personal information based on these legitimate interests.
Terms and Definitions
GENERAL PERSONAL DATA PROTECTION AGREEMENT (GDPR)
The General Regulation on Personal Data Protection (Regulation (EU) 2016/679) is a decree by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and consolidate the process of protecting personal data of all individuals within the European Union. The Regulation also refers to the disclosure of personal data outside the EU.
An entity that determines the purpose, conditions and manner of processing of personal data.
An entity that processes data processing on behalf of the processing manager.
PERSONAL DATA PROTECTION AGENCY
A State Agency whose task is to protect data and privacy, oversee the implementation of the Regulation and actively implement the Regulation on the Protection of Personal Data within the European Union.
PERSONAL DATA PROTECTION OFFICER
A data protection expert who acts independently to ensure that a business entity operates in accordance with the policies and procedures set out in the Regulation.
A physical person whose personal data is processed by a data controller or data processor.
Any information that is related to a physical person, ie a respondent, that can be used to directly or indirectly identify a person.
PERSONAL DATA PROCESSING
Any activity carried out on personal data, whether automatic or not, which includes the collection, use, production of records and the like.
Any automated data processing for the purpose of assessing, analyzing, or predicting the behaviors of the respondent
THE RIGHT OF ACCESS TO PERSONAL DATA
Known as the 'right of access', it allows the respondent access to the personal information that concerns him / her and is in the possession of the processing manager.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the non-application of Directive 95/46 / EC (General Data Protection Act)
Implementation Act of the General Data Protection Act.