Toggle Nav

Privacy Policy

Welcome to the website www.mediformapharma.com/mediformapharmaweb_hr/.

We care about the protection of personal data and user privacy, and we want to inform you how we collect, use and provide information in a lawful and fair manner.

These policies determine and regulate how we use and protect all personal data that visitors to the www.mediformapharma.com/mediformapharmaweb_hr/ website provide when using the www.mediformapharma.com/mediformapharmaweb_hr/ website.

Personal data is any information relating to an identified or identifiable natural person, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Before a visitor to the website www.mediformapharma.com/mediformapharmaweb_hr/ enters an e-mail address for the purpose of receiving the newsletter, we have enabled the visitor to be informed about all necessary information regarding the protection of personal data, as follows.

Personal Data Protection Statement

General Information:
MEDIFORMA PHARMA d.o.o. collects and processes personal data. In doing so, it pays special attention to their adequate protection. This Statement describes what data we collect, how we process it, and for what purposes we use it, as well as your rights related to your data.

Responsible for data processing:

MEDIFORMA PHARMA d.o.o.

HQ: Froudeova ulica 7, 10 000 Zagreb
OIB: 60341964325

Contact: [email protected]


Types of personal data:
We process the following personal data, in relation to our employees, contractors performing student work, respondents (employees, contractors performing student work, customers, suppliers, contractual partners) whose data is contained in accounting documents, submitters of inquiries and/or complaints, customers, suppliers, recipients of marketing content, and in relation to job candidates at MEDIFORMA PHARMA d.o.o.

In relation to workers, we process the following personal data: name, surname, address, OIB, citizenship, gender, date of birth, title, professional qualifications, education, contact number, bank account number; salary information, official e-mail, photo, video recording, and all other data determined by regulations or necessary for the execution of the contract or compliance with legal obligations. In relation to contractors who perform student work, we process the following personal data: name, surname, OIB, gender, day, month and year of birth, place of residence or temporary residence, personal data contained in the proof of compliance with the prescribed conditions for performing these jobs, contact number, e-mail. In relation to those submitting inquiries and/or complaints, we process the following personal data: name, surname, OIB, address, contact information (contact number, e-mail) and other personal data that the person submitting the inquiry and/or complaint provides to MEDIFORMA PHARMA d.o.o. In relation to suppliers, we process the following personal data, namely: name, surname, OIB, address, employment information of persons authorized to represent and/or contact person if the suppliers are legal entities, as well as name, surname, contact number, e-mail and OIB of the contact person if the suppliers are natural persons performing a registered activity. In relation to recipients of marketing content, we process the following personal data, namely: e-mail address and contact number. In relation to job candidates, we process the following personal data, namely: first name, last name, address, OIB, gender, date of birth, citizenship, education data, data on previous work experiences, contact number, e-mail address, photo and other data contained in the resume and application of the job candidate. In addition to this data, we automatically collect data from your computer, which may include your IP address, and there are also situations in which we automatically collect other types of data such as the date and time of access to the website, information about the hardware, software or internet browser you are using, as well as about your computer's operating system, application version and your language settings.

Purposes of personal data processing and legal basis for processing:
The legal basis for processing personal data of employees is the Ordinance on the content and manner of keeping records of employees for the purpose of establishing an employment relationship and fulfilling legal obligations of MEDIFORMA PHARMA d.o.o. The data processed on this basis are: name, surname, OIB, date, place and country of birth, citizenship, address, occupation, education data, data on work experience, data on employees' children, health data in the event of an injury at work and/or occupational disease and other data prescribed by the Ordinance on the content and manner of keeping records of employees for the purpose of establishing an employment relationship and fulfilling legal obligations. An additional legal basis for processing personal data of employees is an employment contract, all for the purpose of fulfilling rights and obligations arising from employment. The data processed on this basis are: bank account number, salary information, official e-mail, official contact number, employment information. The legal basis for processing personal data of contractors performing student work is a contract for performing student work, and processing is necessary for the purpose of concluding and performing the same. The data processed on this basis are: name, surname, OIB, gender, day, month and year of birth, place of residence or temporary residence, personal data contained in proof of compliance with the prescribed conditions for performing these jobs, contact number, e-mail. The legal basis for processing personal data of respondents (workers, contractors performing student work, customers, suppliers, contractual partners) whose data is contained in accounting documents is Article 10 of the Accounting Act, which stipulates the preservation of accounting documents, all for the purpose of complying with legal obligations, namely obligations prescribed by the Accounting Act. The legal basis for processing personal data of the person submitting the inquiry and/or complaint is the Consumer Protection Act, all with the purpose of complying with the legal obligations of the controller, namely the obligations prescribed by the Consumer Protection Act. The data processed on this basis are: name, surname, OIB, address, contact details (contact number, e-mail) and other personal data that the person submitting the inquiry and/or complaint provides to MEDIFORMA PHARMA d.o.o. The legal basis for processing our customers' data is a contract, all with the purpose of fulfilling the rights and obligations arising from the contractual relationship. The personal data we process on this basis are: name, surname, address, employment details, contact details (contact number, e-mail) of persons authorized to represent and/or contact persons if the customers are legal entities, as well as the name, surname, contact number, OIB, e-mail and employment details of the contact person if the customers are natural persons carrying out a registered activity, and the name, surname, address, e-mail address, telephone number of the customers.

The legal basis for processing our suppliers' data is a contract, all with the purpose of fulfilling the rights and obligations arising from the contractual relationship. The personal data we process on this basis are: name, surname, OIB, address, employment information of persons authorized to represent and/or contact persons if the suppliers are legal entities, as well as the name, surname, contact number, e-mail and OIB of the contact person if the suppliers are natural persons carrying out a registered activity. The legal basis for processing the personal data of recipients of marketing content is legitimate interest, and the data is processed for marketing purposes. The personal data we process on this basis are: e-mail address and contact number. The legal basis for processing the personal data of job candidates is consent, all with the purpose of employment at MEDIFORMA PHARMA d.o.o. The data processed on this basis are name, surname, gender, e-mail address, address, contact number, date of birth, educational information, photo, and other data specified in the CV or motivation letter.

Forwarding of personal data:
Employee personal data is delivered to authorized recipients of data, namely the labor inspector in inspection procedures, the HZMO in the employee registration procedure, and the courts within the framework of various procedures, all in accordance with legal obligations. In the event of a request from any other potential recipient of data, the necessary measures will be taken to assess the justification of the submitted request in a way that an assessment will be made whether the applicant's interest in delivering data or the employee's interest in preserving the right to privacy prevails. The Data Controller will not deliver customers' personal data to any third parties. Exceptionally, the Data Controller is authorized to provide customers' personal data for use in the event that they need to serve as evidence in a court, administrative, arbitration or other equivalent procedure, and to recipients only and exclusively based on the recipient's written request and only if necessary for the purpose of performing tasks within the scope of the recipient's legally established activity, and for the purpose of implementing contracts with providers of goods distribution and delivery services with whom it has a permanent contract.

Transfer to third countries:
MEDIFORMA PHARMA d.o.o. will not transfer the personal data of the data subjects outside the borders of the European Union. In the event of the transfer of the personal data of the data subjects to countries that do not have an adequate level of personal data protection, the Data Controller will take all necessary protection measures in accordance with the provisions of the GDPR.

Retention period:
MEDIFORMA PHARMA d.o.o. has prescribed in its internal acts (records, consents, etc.) the period for which certain personal data is to be stored. Employee data whose processing is prescribed by the Ordinance on the content and manner of keeping records of employees is stored as documentation of permanent value. Employee data processed for the purpose of concluding an employment contract, but also for the purpose of fulfilling rights and obligations arising from employment, is stored until the termination of the employment relationship, except for employment data and salary data, which are stored as a document of permanent value. Data of contractors performing student work that are processed for the purpose of concluding and performing a contract for performing student work are stored until all contractual obligations are duly fulfilled in a peaceful manner. Personal data in relation to which the controller is obliged to keep records pursuant to Article 4, paragraph 2 of the Ordinance on the content and manner of keeping records of employees, states that such data shall be kept for at least 6 years from the start of work. Data of employees, contractors performing student work, customers, suppliers, contractual partners whose data is contained in accounting documents and which are processed for the purpose of complying with legal obligations, namely obligations prescribed by the Accounting Act, shall be kept for 11 years in accordance with the provisions of Article 10 of the Accounting Act, provided that pay slips and analytical records of salaries for which mandatory contributions are paid are kept permanently. Data of the submitter of inquiries and/or complaints which are processed for the purpose of complying with legal obligations, namely obligations prescribed by the Consumer Protection Act, shall be kept until the inquiry and/or complaint is resolved, and for a maximum of 1 year from the date of receipt of the complaint and/or inquiry, in accordance with Article 10, paragraph 6 of the Consumer Protection Act. Customer data (from contracts, offers, and e-mail correspondence related to a specific customer) that are processed for the purpose of concluding and executing the contract are kept: a) in case of improper fulfillment of contractual obligations, MEDIFORMA PHARMA d.o.o. has the right to keep all documentation related to a specific customer (contract, offer, e-mail correspondence with the customer, invoice) until the end of the dispute; b) in regular situations when there is no dispute or no special deadline is set by regulation, MEDIFORMA PHARMA d.o.o. will keep all documentation within 6 months from the completed purchase, or one year if the customer has created a user profile. Invoices issued on the basis of concluded contracts are kept for 11 years in accordance with the provisions of the Accounting Act. The data of suppliers that are processed for the purpose of entering into and executing contracts are kept until all contractual obligations have been properly fulfilled in a peaceful procedure. Invoices issued on the basis of concluded contracts are kept for 11 years in accordance with the provisions of the Accounting Act, unless there are exceptions listed below. Contracts, offers, and e-mail correspondence related to a specific supplier can be kept: a) in case of improper fulfillment of contractual obligations, the Data Controller has the right to keep all documentation related to a specific supplier (contract, offer, e-mail correspondence with the supplier, invoice) until the dispute is resolved; b) in regular situations when there is no dispute or no special deadline is set by regulation, the Processing Manager will keep all documentation within 4 years (limitation period + additional time for payment) from the issuance of the last invoice under the concluded contract. The data of recipients of marketing content that are processed for marketing purposes are kept until deregistration, unless personal data is required for processing on another legal basis. Data of job candidates processed for the purpose of employment at MEDIFORMA PHARMA d.o.o. are stored in the following manner: personal data of job candidates, if they have not signed a special consent to remain in the database for 2 years from the moment of giving consent, may be stored in the Controller's database for a maximum of 30 days after the end of a specific competition. The term "end of competition" means the moment of concluding an employment contract with the employee selected in that specific competition or the moment of making an internal decision that there is no satisfactory candidate.

Obligation to provide personal data:
When concluding an employment contract, we transparently indicate to our employees which personal data is necessary for the purpose of concluding the contract, and which personal data is not required in the event that we collect and process data that is not a condition for concluding and exercising the rights and obligations under the employment contract. We transparently indicate to contractors who perform student work at MEDIFORMA PHARMA d.o.o. which personal data is necessary for the purpose of concluding and exercising the contract for performing student work. We also indicate to job candidates that for the purpose of conducting the employment procedure, the delivery of certain data is mandatory, without which we are unable to conduct the selection procedure for employment in a quality manner. Our customers and suppliers are obliged to provide us with certain personal data for the purpose of concluding and executing contracts, i.e. for the purpose of exercising the rights and obligations under concluded contracts. We transparently indicate to those submitting inquiries and/or complaints which personal data is necessary for the purpose of exercising their rights under the Consumer Protection Act. We transparently indicate to the recipients of the newsletter and sms messages of marketing content which personal data are required for marketing purposes (e-mail for the purpose of sending the newsletter, mobile phone number for the purpose of sending sms messages of marketing content).

Data subjects' rights:
a) Right to rectification: If we process your personal data that is incomplete or incorrect, you can ask us to correct or supplement it at any time.

b) Right of access: You have the right to receive confirmation of whether we are processing your personal data or not, and where this is the case, you have the right under the conditions of Art. 15 of the General Data Protection Regulation to request access to that data.

c) Right to erasure: You can request that we delete your personal data if we have processed it unlawfully or if the processing constitutes a disproportionate interference with your protected interests. Please note that there are reasons that prevent immediate deletion, for example due to the existence of a retention obligation in accordance with legal obligations.

d) Right to restriction of processing: You can request that we restrict the processing of your data: if you contest the accuracy of the data for a period that allows us to verify the accuracy of the data, if the processing of the data was unlawful but you refuse to delete it and instead request a restriction of the use of the data, if we no longer need the data for the intended purposes, but you still need it to assert legal claims or if you have lodged an objection.

e) Right to data portability: You can request that we provide you with the data you have entrusted to us for archiving purposes in a structured, commonly used machine-readable format: if we process this data on the basis of your consent, which you can revoke, or for the performance of a contract with us and if the processing is carried out by automated means.

f) Right to object: If we process your data for the performance of tasks in the public interest or in the exercise of official authority or when processing them we refer to our legitimate interests, you may object to such data processing if there is an interest in protecting your data.

g) Right to complaint: If you believe that we have violated Croatian or European data protection regulations when processing your data, please contact us so that we can clarify any issues. You certainly have the right to file a complaint with the competent supervisory authority.

h) Exercise of rights: If you wish to exercise any of the above rights, please contact us using our contact details in Article 1 of this Statement.

i) Identity verification: In case of doubt, we may request additional information to verify your identity. This serves to protect your rights and privacy.

j) Abuse of rights: If you use any of the above rights too often and with a clear intention to abuse them, we may charge an administrative fee or refuse to process your request.

10. Automated Decision Making: We do not carry out automated decision making processes with respect to your personal data.

11. Changes to this Statement: We may change this statement, of which you will be notified in a timely manner.