Privacy policy

This privacy policy is harmonized with Regulation (EU) 2016/679 OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (Data protection regulation) and other applicable personal data protection laws.
With this Policy, we want to provide you with more detailed information on the processing of personal
data we collect about you, if you are a healthcare professional, visitor to our website, employment
candidate, student, external associate or a contact person with our business partners.
Furthermore, with this Policy, we want to provide you with information about the rights you can
exercise in relation to the processing of this data.

Protecting your privacy is extremely important to us, so please read this Privacy Policy carefully.

 

Who is responsible for processing your data?
Since we determine the purpose and means of processing your personal data, we are, in accordance
with the General Data Protection Regulation (Regulation (EU) 2016/679), the Controller of your
personal data:

Makpharm d.o.o.
Trnjanska cesta 37/1
HR-10000 Zagreb

For questions about the processing of your personal data or regarding exercising your data protection
rights, please contact our data protection officer:
Name and surname: Luka Jelčić
Phone number: +385 1 4840342
E-mail address: dpo@makpharm.hr

 

For what purposes and on what legal basis do we process your personal data?
We process your personal data in accordance with the provisions of the General Data Protection
Regulation (Regulation (EU) 2016/679), the Act Implementing the General Data Protection
Regulation and other applicable regulations on personal data protection.
We process your personal data for the purposes set out in this Privacy Policy (or for purposes
consistent with those purposes) and only in accordance with the following legal bases:

a) Undertaking actions prior to concluding contracts, concluding and executing contracts.

We process personal data that you provide to us through proposal for the conclusion of contracts, the contract itself and other documentation for the purpose of concluding and executing the contract.
Furthermore, we process personal data in order to carry out the process of preventing potential negative surprises after concluding (contracts) / cooperating with you.
Based on your orders, we communicate with you regarding the contractual obligations, check
transactions, as well as perform quality control through appropriate documentation, respond to
complaints, grievances, claims, commendations, and other procedures related to goodwill.
If you are a candidate for employment, we process your personal data for the purposes of the
employment procedure. During the employment procedure, we process your personal data for the
purposes of assessing job applications and employment at open positions.

b) Fulfilment of legal obligations
Apart from the actual fulfilment of (pre) contractual obligations, we also process your data for the
purpose of fulfilling legal obligations. Like all other pharmaceutical companies operating in the
business environment, we are subject to a number of legal obligations. Personal data are processed
for the purposes of fulfilling obligations in accordance with the Medicines Act and related bylaws
related to pharmacovigilance, publishing data regarding transfer of knowledge by medicine
manufacturers to health professionals and health organizations, compliance with audit and
information obligations in accordance with tax laws, archiving data for protection and data security, as
well as for audit purposes by tax advisors / auditors, fiscal and other authorities.

c) Legitimate interests
We have the right to process your personal data for the purposes of our legitimate interests, except in
cases where your interests or your fundamental rights and freedoms that require the protection of
personal data are stronger than those interests. In doing so, we will take into account your
reasonable expectations about the processing of personal data.
Our legitimate interest is to process personal data for the purpose of resolving disputes or
complaints, regulatory investigations and dealing with requests from competent authorities,
realization of legal claims or defending against other people's requests and providing information to
individuals who visit our website and contact us via online contact forms.
Furthermore, our legitimate interest is the processing of your personal data for the purpose of
preventing fraud and criminal offenses and protecting the security of our information system and for
the purpose of proving business transactions, security of employees and property.

d) Consent
We also process your personal data for the purpose of sending e-mail notifications and invitations to
seminars and symposia, advertising, notifications of news and possible opportunities you may be
interested in. We send notifications by following means: by e-mail, telephone, text messages, social
networks, posts or in person.
To fulfil the above purposes, we need your consent to the processing of personal data.
If we process your personal data on the basis of the given consent, we inform you that you have the
right to withdraw the consent at any time, in the manner described in point 7. "What are your rights
regarding the processing of your personal data?".

If we intend to further process your personal data for a purpose other than that for which we collected
it, we will provide you with all the prescribed information about that other purpose before that
additional processing.

What categories of personal data do we process?
Because we collect only data that we need to achieve a particular purpose, in some cases it is
possible to achieve the purpose of processing and using a smaller range of data than described.
Relevant categories of personal data can be:

• General information (name and surname, title, specialization, job title, message content, etc.)
• Contact information (address, e-mail, phone number, mobile phone number, etc.)
• Information about your use of the websites we provide (eg access times to our websites,
applications or newsletter, our pages / links you have clicked on or entries and similar
information)
• Data on job candidates (data from the employment procedure documentation if provided by
the candidate: gender, date of birth, portrait photography, professional career, professional
knowledge, education data, professional qualifications and licenses, knowledge of foreign
languages, attended courses for training, status of residence permit and work permit,
citizenship and identification dana, at a later stage of the employment procedure (OIB, bank
and account details)

To whom will your personal data be disclosed?

If necessary, in order to achieve the aforementioned purposes of processing, or if determined by
regulations, we may disclose your personal data to natural and legal persons, public authorities or
other bodies (recipients).
No matter to which recipients we provide your personal data, we will only provide the data which is
necessary to achieve the specific purpose of the processing.
In accordance with special regulations, we may provide your personal data to public authorities for
the purpose of performing their official tasks, such as the tax authority, the Croatian Health Insurance
Fund, courts, and others.
We may also provide your personal data to other recipients, i.e., natural and legal persons who are in
a business relationship with us in connection with the provision of IT and other services (e.g., IT
service providers, lawyers, etc.).
When we hire other natural or legal persons to process your personal data in accordance with the
regulations, they will process your personal data exclusively on our behalf and according to our
instructions (Processors), we will, based on a written contract, hire only those Processors who
sufficiently guarantee the implementation of appropriate technical and organizational measures that
meet the requirements of the General Regulation on Data Protection and regulations on personal
data protection and ensure the protection of your rights.

 

Where will your personal data be processed?
Your personal data is processed within the European Economic Area (EEA) or in third countries (non-
EEA countries).

.
If we provide your personal data to recipients in third countries, we will only do so if the European
Commission has decided that these countries ensure an adequate level of personal data protection
prescribed by the General Data Protection Regulation or if appropriate safeguards are in place (e.g.,
standard clauses of data protection). You can contact our data protection officer for information on
the security measures taken.

 

How long do we keep your personal data?

We keep your personal data for as long as necessary to fulfil the purpose for which it is processed,
unless we are bound by additional legal stipulations for their storage.
The retention period may also be determined by the duration of the contractual relationship.
However, since we are also subject to legal obligations to retain data about you, we may keep
personal information after the expiration of the contractual relationship. The periods and deadlines for
data retention set out above are up to ten years after the end of the contractual relationship or pre-
contractual legal relationship.
In addition, we retain personal information as long as there is a legal possibility for you to provide
claims based on the contractual relationship.
If we process certain personal data on the basis of consent, in the event of withdrawal of consent we
will delete your personal data, unless there is another legal basis for processing or if the processing
of your personal data is necessary to claim, perform or defend legal claims.

What are your rights regarding the processing of your personal data?
As the person whose personal data we process, we are informing you that, under the conditions
prescribed by the General Data Protection Regulation, you have the following rights regarding the
processing of your personal data:

• right of access – the right to receive information whether we process your personal data
and if such personal data is processed, access to personal data and information, inter alia, on
processed personal data, purpose of processing, storage period, export to third countries, etc.
• the right to rectification – the right to correct inaccurate data and the right to supplement
incomplete personal data
• right to erasure (“right to be forgotten”) – the right to erase personal data relating to you
if, inter alia, personal data is no longer necessary for the purposes for which it was collected,
if you have withdrawn consent to processing and if there is no other legal basis for the
processing, if your personal data is illegally processed, etc., this right has limitations and
cannot be applied if the processing of your personal data is necessary to claim, perform or
defend legal claims or to comply with our legal obligations which requires processing
according to regulations
• the right to restriction of processing – the right to ask us to restrict the processing of your
personal data (e.g., when you dispute the purposes of processing, accuracy of data, etc.) with
the exception of storage and some other types of processing
• the right to object to the processing of data – the right to object to the processing of
personal data relating to you that we process on the basis of a legitimate interest, including
profiling. In this case, we may process personal data relating to you only if we prove that our

legitimate reasons for processing extend beyond your interests, rights and freedoms or to
establish, exercise or defend legal claims.
• right to data portability – the right to receive and transfer data to another Controller if you
have provided us with personal data in a structured form and in a commonly used and
machine-readable format if the processing is carried out automatically and based on consent
or contract
• The right to withdraw consent – if the processing of personal data is based on your
consent, you have the right, without any consequences, to withdraw your consent at any time
by giving written notice of withdrawal to the Data Protection Officer. In this case, we may no
longer process your personal data unless there is another legal basis for their processing.
Withdrawal of consent has effect from the moment it is stated, which means that it does not
affect the lawfulness of the processing of your personal data in the period from the granting of
consent to its withdrawal.

To exercise all your rights regarding the processing of personal data, you can contact our data
protection officer via the contact details listed in point 1 – “Who is responsible for the processing of
your personal data?”. You can use the REQUEST FOR EXERCISE OF RIGHTS form for this
purpose. Please keep a copy for your own use.
In order to be able to act on your request for the exercise of rights, we have the right to request
additional information from you in order to confirm your identity. If we are unable to verify your
identity, we have the right to refuse to comply with your request.
If your claims are manifestly unfounded or excessive, in particular due to their frequent recurrence,
we have the right to charge you a reasonable fee or refuse to comply with the claim.

 

The right to lodge a complaint with the supervisory authority
If you believe that the processing of your personal data does not comply with personal data
protection rules, you have the right to lodge a complaint with the supervisory authority of the Member
State in which you have your residence, your place of work or the place of personal data breach.
In the Republic of Croatia, the supervisory body to which you can lodge a complaint is the Personal
Data Protection Agency.
Without prejudice to your right to lodge a complaint with the supervisory authority, we suggest that
you contact our Data Protection Officer before lodging a complaint to clarify any disputes.

.
REQUEST FOR EXERCISE OF RIGHTS

INFORMATION ABOUT THE APPLICANT:
Name and surname:
OIB:
Contact information (e-mail address, telephone):

* NOTE: In order to help us confirm your identity, your request must contain accurate information,
Makpharm d.o.o., Trnjanska cesta 37/1, HR-10000 Zagreb (hereinafter: Makpharm) has the right to
contact you to determine or confirm your identity.

APPLICANT WANTS TO EXERCISE THE FOLLOWING RIGHT (please indicate the type of right in
respect of which you are applying with a cross – one or more rights):

• The right to access personal data, in particular;
– information on whether the applicant’s personal data is being processed
– information which applicant’s personal data is being processed

• The right to rectification of personal data;
– submits a request to change the following data:
Old data:
New data:

– submits a request for correction of the following data:
Incorrect data:
Correct data (supplement to correct data):

– submits a request to supplement the following data:
– Incomplete data:
– Complete data:

Please explain the reasons on which your claim is based and attach additional documents if
necessary:

 

• The right to delete personal data;
– submits a request for deletion of all personal data
– submits a request to delete only certain personal data

Please provide the data requested to be deleted and an explanation of the reasons on which your
claim is based and, if necessary, attach additional documents:

• the right to restriction of processing
– submits a request to restrict the processing of personal data

Briefly explain the reasons on which your request for the exercise of all rights is based and, if
necessary, attach additional documents:

• The right to the portability of personal data
– submits a request for the portability of personal data

Briefly explain the reasons on which your request for the exercise of all rights is based and attach
additional documents if necessary:

• The right to object to the processing of personal data
– is explained as follows:
(Please provide an explanation)
– due to direct marketing

 

– the right not to be affected by a decision based solely on automated
processing of personal data.

Briefly explain the reasons on which your claim is based and attach additional documents if
necessary:

You can find more detailed information about your rights regarding your personal data in the Privacy
Policy document, available on the Company’s website.

IMPORTANT INFORMATION:
By entering your name and surname at the end of this form and signing, you confirm that you are the
applicant of this application and that the information and statements given in this application are
completely true and correct.
Makpharm collects and processes your data in this Request solely on the basis of your Request and
for the purpose of conducting appropriate proceedings to exercise one or more of your rights.
Makpharm will inform you in a timely manner about the further processing and potential fulfilment of
one or more of your rights pursuant to this Request via your contact details provided in this Request.
Date of request:
Signature:
ATTACHMENTS (if applicable)

Cookies

Our website www.makpharm.hr uses cookies and similar technologies for several purposes, depending on the context or product, including:
  1. User input cookies (session-id) and/or persistent cookies limited to a few hours – we use them to store your preferences and settings on your device and to enhance your user experience. For instance, saving your preferences with cookies, which prevents you from having to set your preferences repeatedly.
  2. Authentication cookies used for authentication services for the duration of a session – we use them to authenticate you. This cookie lets you navigate from page to page without having to sign in each time you return to the site.
  3. User centric security cookies, used to detect authentication abuses, for a limited duration – we use them to process information that helps us secure our website, as well as detect fraud and abuse.
  4. Multimedia content player session cookies, such as flash player cookies, for the duration of a session
  5. Load balancing session cookies, for the duration of a session – We use them to remember information you shared with us. When you provide information to us, we store the data in a cookie for the purpose of remembering the information.

 

How can you control cookies?
You can control and/or delete cookies as you wish.

You can delete all cookies already stored on your computer, and the settings of most browsers allow you to block the storage of cookies.

If you block cookies, you may have to manually adjust some preferences each time you visit the website, and certain services and functions may not be available.

 

Other questions
If you want to contact us regarding these Rules or the way the website uses your data, please use the following contact information:

MAKPHARM d.o.o.
Trnjanska cesta 37/1
10000 Zagreb, HR
OIB: 02427849293
MBS: 080582982

Phone: +385 1 4840 342
Fax: +385 1 4819 392

email: info@makpharm.hr

 

Notification of personal data breach

In the event of a personal data breach, we will notify the User whose data is compromised and the competent supervisory authority by e-mail within 72 hours of the extent of the breach, the data covered, the possible impact on our services and our planned measures to secure data and limit any adverse effects by individuals.

 

Changes to our privacy policy

We reserve the right to change this privacy policy in accordance with changes in legal provisions, business policies of the company or other circumstances that affect the area of data protection. In case of changes, we will inform the Users about it on the website and update the date of modification of the privacy policy.

We regularly review these General Business Terms and, if necessary, supplement them with additional information because we care about your privacy. We last changed them on June 26, 2023.

 

The right to complain to the competent authority

At any time, the User can send a complaint to the supervisory authority regarding our collection and processing of personal data. In the Republic of Croatia, he can file a complaint

Agency for the Protection of Personal Data (AZOP)

Agencija za zaštitu osobnih podataka, Martićeva ulica 14, HR – 10 000 Zagreb,

Tel. 00385 (0)1 4609-000, Fax. 00385 (0)1 4609-099

E-mail: azop@azop.hr, Web: www.azop.hr