Based on the provisions of the Act on the Implementation of the General Data Protection Regulation (“Official Gazette” no. 42/2018) [hereinafter: GDPR IA], on 17.08.2018 the director of Dubrovnik Sea Sun Hotels d.o.o. adopts the following
REGULATION ON COLLECTING, PROCESSING, AND USE AND PERSONAL DATA PROTECTION
The Employer collects, processes, and uses the personal data of Employees in order to exercise the rights and obligations from the employment, i.e. with regard to the employment, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council from 27 April 2016 on the protection of individuals with regard to the personal data processing and free movement of such data, the Labour Law and other laws and bylaws.
The Employer provides certain prescribed personal data of the Employee to third persons as recipients in order to exercise the rights and obligations based on the obligatory insurance and in order to exercise the rights and obligations of the Employee as the taxpayer. These data are delivered to the Croatian Pension Insurance Fund, Croatian Health Insurance Fund, Tax Administration and other recipients in cases prescribed by law or bylaws. The Employer collects and processes the following personal data about
- First and last name
- OIB (personal identification number)
- JMBG (unique citizen’s number)
- Current account number
- Photocopies of the following documents: ID, evidence of education (school certificate, diploma, etc.), certificate of health capacity
- Confirmation of the Pension Insurance Institute on the established record of employment (years)
Collecting, processing, and delivery of personal data from paragraphs 1 and 2 is prescribed as obligatory; in case the provision of such personal data is rejected, the Employer will not be able to ensure that the Employee may exercise his or her employment rights and will not be able to register him or her for the obligatory insurances.
The Employer keeps the personal data permanently, i.e. within the deadlines prescribed by the regulations regulating employment and accounting.
The Employee is entitled to seek from the Employer access to his or her personal data, correct, delete, limit the processing or object to it.
Apart from the personal data processed in accordance with paragraph 1, the Employer may decide to collect and process also other personal data of the employees in which case he must obtain explicit consent from the Employee.
If the personal data processing is based on consent, the Employee may withdraw such consent at any moment.
In order to exercise his or her personal data protection rights, the Employee may address the request to the personal data protection officer, who is appointed based on the Decision of the Head of Processing, by e-mail: [email protected], i.e. to the address of the seat of the Head of Processing: Dubrovnik Sea Sun Hotels d.o.o., Šipčine 1, Dubrovnik.
If the Employer does not act upon the request of the Employee from paragraphs 6 and 7 within a month since receiving the request, the employee may submit an objection to the Personal Data Protection Agency.
The processing is any procedure based on which the personal data are processed automatically or non-automatically. The Employer processes all the data of the employees, clients, suppliers, and business partners.
The basic principles that the Employer is obliged to abide by are the following: limited purpose, legitimacy, avoiding and reducing the size of the data, deletion, and limitation of storage, updating data, data confidentiality and safety as well as transparency.
Providing Personal Data for Use by Other Users The personal data are provided for use based on the explicit consent to other users if this is necessary in order to carry out the tasks within the
activity of the user established by law. The examinee will be informed about providing personal data for use to other users before doing so(verbally, in writing, or electronically).
Special records are kept on the personal data provided for use to another user, on another user, and on the purpose for which the data were
Personal Data Protection Measures The professional and administrative personnel processing personal data is obliged to undertake technical, human resources, and organizational measures for the protection of personal data necessary to protect the personal data against accidental loss or destruction, against impermissible access or impermissible change, the prohibition of publication, or any other abuse, and establish the obligation of the persons employed in the data processing. Personal data referring to minors may be collected and processed in accordance with the General Data Protection Regulation and with the special protection measures prescribed by special laws. In case of an incident, the supervisory body will be informed of it within 72hours from finding out about it without any undue delay.
The head of processing is obliged, within 30 days from the request, to provide the information to any examinee upon his or her request, i.e. his or her legal representatives or proxies in a short, transparent, understandable and easily available form in a clear and simple language in a written or verbal form, and submit a confirmation if the personal data referring to him or she will be processed or not, enable insight into the personal data processing records, and deliver excerpts or confirmations of personal data contained in the processing records, which must contain the purpose and the legal bases for the collection, processing, and use of such data.
The Examinee is entitled to:
The head of the collection has undertaken all technical, human resources, and organizational measures for the protection of personal data against accidental loss, destruction, impermissible access, change, publication, and any data abuse.
The head of processing keeps records of the processing activities on the personal data provided for use.
This Regulation goes into force on the day it is adopted and will be published on the official website.
In Dubrovnik, 17.08. 2018
By submitting this form, I agree to having my personal and contact information processed and used for the purpose of marketing communications.
You can unsubscribe at any time by clicking the "Unsubscribe" link included in the newsletter.