• Home
  • Privacy and personal data protection policy

Last updated: June 21, 2024

Privacy and personal data protection policy

General

This Privacy and Personal Data Protection Policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals regarding the processing of personal data, the free movement of such data, and the repeal of Directive 95/46/EC. It outlines how your personal data provided in connection with the use of the website https://isa-ninkovic.com (hereinafter referred to as the “website”) through your cooperation with us is used and protected. Specifically, when processing personal data for the Inaugural meeting of the International Surgical Academy, we adhere to the principles of legality, honesty, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

The manager of personal data processing is Žito d.o.o., headquartered at Đakovština 3, Osijek, OIB: 03834418154, registered in the court register of the Commercial Court in Osijek, for the Inaugural meeting of the International Surgical Academy. All personal data (hereinafter referred to as “data”) are considered strictly confidential and are processed in accordance with the applicable legal provisions in the field of personal data protection. Žito d.o.o. is the responsible authority for handling data related to online sales, product delivery, and fraud prevention. The processing of personal data by Žito d.o.o. can be delegated to a processor. For all information regarding the processing of personal data, including a list of processors, please contact https://isa-ninkovic.com.

The security of your personal data is a priority for us. We pay adequate attention to personal data and their protection. All employees and business partners of Žito d.o.o. are responsible for respecting the principles of personal data processing.

In this Personal Data Security and Protection Policy (“Policy”), we aim to inform you about what personal data we collect about you and how we use it.

Personal Data and Their Processing

Žito d.o.o. will keep personal data confidential and will not distribute, publish, give it to third parties for use, or in any other way make it available to any third party without your prior consent or contrary to GDPR rules.

Categories of Personal Data

We collect different data depending on which of our services you use. Žito d.o.o. processes personal data that you, as a user, voluntarily and knowingly provide on the website of the Inaugural meeting of the International Surgical Academy (https://isa-ninkovic.com) or through contacts with employees or other authorized persons representing Žito d.o.o. We also collect personal data from other sources, such as data from forms and surveys you fill out as a user on the website and/or social media profiles, including Internet Protocol (IP) addresses or automatically collected data using web cookies, which are necessary to achieve the purposes described in this Privacy Policy.

If you use the website owned by Žito d.o.o., send inquiries/requests by e-mail, post, participate in sweepstakes and contests, or enter into cooperation agreements, your personal data is collected. This data includes, but is not limited to, the following:

  • Name and surname
  • Residential address
  • OIB
  • Date of birth
  • Sex
  • Mobile number
  • E-mail address

The data controller may also collect data that does not belong to the group of personal data, including, but not limited to, the following:

  • Data about the device through which you connect to the Internet
  • The type and version of the Internet browser you are using
  • Ways of using the website for the Inaugural meeting of the International Surgical Academy

Purposes of Personal Data Processing

Provision of Services and Their Improvement

In order to provide our services, as well as to improve them, we collect some of your personal information as follows:

  1. Customer Support – to provide customer service and address potential issues, we process your personal data necessary for fulfilling our contract.
  2. Communication – we use the data we collect to communicate with you and personalize our interactions
  3. Service Improvement – we utilize data to continuously enhance our services and systems, including adding new features. We make informed decisions using aggregated analytics and business intelligence, all based on our legitimate interest in improving the services we offer to succeed in the market. To protect your rights and interests, we use personal data that is maximally anonymized.
  4. Protection, Security, and Dispute Resolution – we may also process data based on our legitimate interest in ensuring the protection and security of our systems and customers, detecting and preventing fraud, resolving disputes, and enforcing our agreements.
  5. Marketing Offers – we send you marketing notices about our services. You can always opt out of these communications by following the unsubscribe link in each email. If you unsubscribe, we will no longer use your email for this purpose unless you re-subscribe. You can always subscribe again and start receiving marketing offers again. Marketing offers may be selected based on additional information we have about you, such as contact information, demographic information, preferences, and usage of our services and websites (cookies, IP address, click data provided by your browser, displayed marketing offers). We do not perform automated data processing that would have legal effects on you. If you are not our client, we will process your data only with your consent. You have the right to refuse data processing at any time.
  6. Processing of Cookies – If your web browser includes cookies, we process records of procedures from the cookie files published on the website to ensure optimal operation and for online advertising purposes.
  7. Logs – when you visit our website, certain data about your usage is automatically sent via the browser you use on your device to our server and temporarily stored in log files. log datoteci. This includes the IP address of your device, the date and time of connection, the name and URL of the file you are accessing, the URL of the website or application through which you connected to us, information about the browser you are using, and possibly information about the type of operating system on your device. The IP address indicates the location of your device on the Internet, and the URL is a link to specific content. Based on this data, your identity cannot be determined, making it non-personal data except in exceptional cases. Processing this data, especially your IP address, is necessary for the legitimate interests of Žito d.o.o. or third parties according to Article 6, paragraph 1, point (f) of the Regulation. We collect and process this data to enable quicker connections to our website, improve your user experience, assess the security and stability of our systems, and for other administrative purposes.

Transfer of Personal Data to Third Parties

Your personal data may be transferred to third parties only if necessary for fulfilling the purchase contract, based on a legitimate interest, or with your prior consent:

  • To other partners providing additional data processing services
  • To third parties, such as legal or financial representatives
  • Public authorities (e.g., the police)
  • To third parties (e.g., for user surveys)

Security of Personal Data and Retention Period

Security of Personal Data

Your personal data is transmitted to us in encrypted form using the HTTPS (HyperText Transfer Protocol Secure) system. We secure our websites and other systems with technical and organizational measures to protect against data loss, destruction, unauthorized access, modification, or dissemination.

We implement appropriate technical, physical, and organizational measures to protect data from security risks such as accidental, unauthorized, illegal, or otherwise unwanted access, destruction, loss, or disclosure. We ensure a security level corresponding to the risks of data processing.

Your data is stored on a protected internal server infrastructure inaccessible from the outside. Access to the server infrastructure is granted only to authorized personnel for maintenance, and access to personal data is limited to our authorized employees or contractual collaborators with restricted processing rights in accordance with this Privacy Policy.

We require our processes to comply with GDPR.

Processing Period

We collect and store personal data for the following durations:

  • For the time necessary to ensure all the rights and obligations of the website user.
  • For the duration required by Žito d.o.o. to comply with legally binding regulations as a trustee.

• In other cases, the processing period depends on the purpose of processing or is determined by legal acts in the field of personal data protection.

Rights of Respondents

Who Has Access to Your Data and To Whom Is It Disclosed?

We may disclose your personal data or provide access to it to competent authorities in accordance with legal obligations and to some of our business partners, such as marketing agencies for organizing promotional activities, IT service providers maintaining our information and communication networks and systems, and business banks. We have contracts with these partners ensuring appropriate technical and organizational measures for protecting your personal data, including obligations to process them exclusively according to our instructions, maintain their confidentiality, and refrain from using your personal data for any purposes other than those specified in the corresponding contract.

If you access our website from another region, by using our website you expressly consent to your personal data being transferred to the Republic of Croatia and processed there in accordance with Croatian regulations governing the protection of personal data.

Exceptionally, data collected by social network cookies and other third parties from the United States of America (USA) may be transferred to their servers located in the USA. In such cases, the transfer of personal data will be carried out either within the European-American privacy protection system Privacy Shield or based on a contract with the recipients of your personal data in such countries aligned with the Standard Contractual Clauses for the Transfer of Personal Data approved by the European Commission, guaranteeing a level of protection for your personal data in accordance with European law requirements.

Your Rights Regarding Our Processing of Your Personal Data

Your rights related to our processing of your personal data include:

1. Right to Access: You have the right to receive confirmation about whether your personal data is being processed, and if so, to access that data. This includes detailed information about the purpose of processing, the types/categories of personal data processed, recipients or categories of recipients, and the anticipated period of data storage. (Access may be limited by Union law or national legislation to respect the fundamental rights and freedoms of others.) To exercise this right, contact the data controller in writing.

2. Right to Correction: You have the right to correct or supplement inaccurate personal data about you without delay by providing an additional statement. Send your request to the data controller in writing.

3. Right to Deletion (“Right to be Forgotten”): You can request the deletion of your personal data, particularly in cases where:

  • The data is no longer necessary for the purposes it was collected or processed.
  • You withdraw consent for processing, and there is no other legal basis for processing.
  • You object to the processing, and there is no overriding legitimate interest for processing.
  • The data was processed illegally.
  • The data must be deleted to comply with legal obligations

4. Right to Restrict Processing: You can request the restriction of data processing in the following cases:

  • If you dispute the accuracy of your personal data, for the period during which we can verify its accuracy.
  • If processing is illegal and you oppose the deletion of data, requesting restriction of its use instead.
  • If we no longer need the data for processing purposes, but you need it to establish, exercise, or defend your legal rights.
  • If you have objected to the processing based on legitimate interests or for direct marketing purposes until it is confirmed whether the legitimate interests override your reasons for objection.

5. Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes, including profiling related to such marketing.

If we process your personal data, you can request free information about the processing of your personal data at any time.

If you believe that we are processing personal data in violation of your privacy rights and applicable laws, you can request clarification. You can also request that we rectify the situation, particularly by requesting the correction, addition, deletion, or blocking of your personal data.

To exercise your rights, contact us at the email address provided on our website: https://isa-ninkovic.com or reach out to the Office for the Protection of Personal Data at https://ec.europa.eu/.

You can withdraw your consent to the processing of personal data at any time. If you withdraw your consent, your personal data will be deleted. However, this does not apply to data that the Inaugural Meeting: International Surgical Academy needs to fulfill legal obligations or protect its legitimate interests. Personal data will also be destroyed if it is no longer necessary for the intended purpose or if legal restrictions require its deletion.

Minors

Žito d.o.o. advises all parents and guardians to teach their children how to use personal data safely and responsibly on the Internet.

Minors should not provide any personal data on the website of Žito d.o.o. without the permission of a parent or guardian. Žito d.o.o. will never intentionally collect information from minors, use it in any way, or disclose it to a third party without permission, unless required by law.

Žito d.o.o. requires that minors do not engage in legal transactions related to our services without the consent of a parent or legal guardian. While we do not wish to receive personal information directly from minors, it may sometimes be impossible to determine the age of individuals providing such information. If a minor (as defined by applicable laws) provides us with personal data without parental or guardian consent, we ask the parents or guardians to inform us so that we can remove the information.

Cookies

Our site uses cookies to make our services relevant, interesting, and user-friendly. Cookies are small text files stored on your computer, smartphone, or other device and used in your browser We use cookies for the following purposes:

  • To ensure the proper functionality of the shopping cart for easy order completion.
  • To remember your login details so you don’t have to enter them multiple times.
  • To tailor our website to your preferences by tracking traffic, site navigation, and feature usage.


Learn more about cookies in our Cookie policy.

Changes to the Privacy Policy

Žito d.o.o. reserves the right to change this Privacy Policy at any time by publishing the amended text on the website. Changes to the Privacy Policy will become effective upon publication on the Inaugural Meeting: International Surgical Academy website.

Skip to content