Date of last amendment to the Directive: Thursday 5 April 2018
This Directive sets out the principles for the protection of personal data collected.
Denis Čišič hereby undertakes to comply with the general data protection applicable as of 25 May 2018, in accordance with the European Commission Regulation 679 / 2016, the so-called GDPR (hereinafter referred to as GDPR) and the national legislation related thereto.
Furthermore, Denis Čišič undertakes to take such steps to comply with the GDPR and the national legislation related thereto at all times.
Data subject - is the natural person to whom the personal data relates. that person is identified or identifiable by reference to data (e.g. name, identification number, location data, network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
Personal data - is any data used to uniquely identify a specific natural person.
Sensitive data - is a special category of personal data revealing national, racial or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, biometric and genetic information, health and sex life of the data subject.
Controller - is the entity (natural or legal person, public authority or other body) which determines the purposes and means of processing personal data, obtains and further processes personal data of natural persons and is responsible for the processing. It may entrust the processing to a Processor if the law so provides.
Processor - is another entity, different from the Controller, which processes personal data of natural persons for the Controller on the basis of a pre-agreed purpose, does so on the basis of the law or on the basis of a mandate from the Controller.
Recipient - is a natural or legal person or other entity that receives the personal data provided for a pre-agreed purpose, and does not further process the data. A public authority which receives personal data in the context of its investigative powers is not considered a recipient, but its processing practices must comply with the applicable data protection rules according to the purpose of the processing.
Location - is the physical storage location where the personal data is stored (e.g. filing cabinet, cupboard, rack)
Legal title - is the legal basis, listed in the GDPR, on which a natural or legal person, public authority or other body records personal data.
Purpose of processing - is the justification for why the personal data is required and that it will be used for the purpose so defined and only for that purpose.
Period of processing - is the period of time for which we record specific personal data, this period is to be reasonable unless specified by law.
Data minimisation - is the process that leads the controller to request only the personal data that is necessary for the performance of its activities.
Restriction of processing - is the creation of a situation in which personal data is inaccessible for a certain period of time and cannot otherwise be processed.
Destruction of personal data - is the irretrievable destruction of personal data
Suitably secure buildings and rooms are:
- CDRmarket warehouse+offices with rooms Corridor, Office 1
Suitably secured IT devices are: SERVER-POHODA server, Binargon data storage, Ecomail data storage, Camera system data storage with HDD.