General data protection regulation
Q: What is Genkraft d.o.o.’s (operating as PRM) stance on data protection and GDPR compliance?
A: At Genkraft d.o.o., operating under the brand name PRM, we place utmost importance on data protection and privacy. It is a critical part of our business operations and a top priority for our organization. We are deeply committed to handling data responsibly and respecting the privacy of all individuals we engage with.
Q: How does GDPR affect your operations?
A: The General Data Protection Regulation (GDPR), effective from May 25, 2018, represents a significant change in data protection regulation in the European Union. GDPR is focused on data privacy and includes key provisions like data breach notification, accountability, and enhanced individual rights. Although it primarily applies within the EU, it affects all organizations, including ours, that handle the data of persons within the EU.
Q: How does PRM ensure compliance with GDPR?
A: The nature of our business, primarily providing clinical trials management and related services for the pharmaceutical and biotech industry, makes the protection of personal data a critical aspect. To ensure compliance with GDPR, we have implemented a comprehensive privacy program. This program is designed not only to comply with GDPR but also to respect and protect the data privacy rights of all individuals.
We have instituted stringent measures to safeguard personal data, including data breach response mechanisms, accountability measures, and ensuring enhanced individual rights in line with GDPR requirements.
Q: Where can I get more information about your data privacy practices?
A: For more detailed information on our data privacy practices and GDPR compliance, please refer to our Data Privacy Statement. If you have any further questions or require additional information, feel free to contact our Data Protection Officer at [email protected]
Data Privacy Statement for Genkraft d.o.o. (Operating as PRM)
Effective Date: 21 November 2023
Introduction The protection of data subjects in relation to the processing of personal data is a fundamental right. At Genkraft d.o.o., operating under the brand name PRM, we recognize and uphold the right of every individual to the protection of their personal data. Our approach to processing Personal Data adheres to the principles of fairness, lawfulness, and transparency, ensuring respect for the individual’s fundamental rights and freedoms, particularly their right to data protection.
Personal Data Processing at PRM In our regular business activities, PRM collects, processes, and uses various Personal Data from different data subjects for specific, explicit, and legitimate purposes. We ensure that such processing is not incompatible with the original purposes for which the data was collected.
In accordance with the General Data Protection Regulation (2016/679), “Personal Data” refers to any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, particularly by reference to identifiers like names, identification numbers, location data, online identifiers, or factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
We obtain and process these Personal Data fairly and lawfully, ensuring that they are adequate, relevant, and not excessive for the intended purposes. We are committed to keeping the data accurate and up to date, processing it in a manner that ensures appropriate security and confidentiality, including protection against unauthorized access, accidental loss, or destruction.
Data Subject Rights Data subjects have the right to access their Personal Data and can request rectification of any inaccuracies. They can also request erasure of their data (‘right to be forgotten’), restrict processing, or exercise their right to data portability. Additionally, data subjects have the right to withdraw their consent for data processing at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.
Transfers of Personal Data PRM, as a data controller, may transfer Personal Data outside the EU as necessary for contract execution or to fulfill legal obligations. In such cases, we ensure the transfer complies with GDPR requirements and provide adequate levels of data protection, whether through model contracts, binding corporate rules, approved certification mechanisms, or Privacy Shield Frameworks.
Third-Party Processing PRM may engage third parties for data processing. These third parties are carefully selected and are required to provide sufficient guarantees for data security and confidentiality. Mutual obligations are regulated by written agreements, and data subjects are informed of any such arrangements.
Exercising Your Rights Data subjects can manage their rights by submitting a written request to: Genkraft d.o.o., Serdara Nakića Vojnovića 24, 22320 Drniš, Croatia, addressed to “Data Protection Officer.” For any objections or concerns, you can also contact the Croatian Personal Data Protection Agency or the relevant authority in your jurisdiction.
Policy Updates This policy may be updated periodically. We encourage data subjects to review it frequently. Continued use of our services after any changes signifies acceptance of such changes.