PIRAMIDA limited liability company for the production of pharmaceutical packaging

This Personal Data Protection Notice (“Notice”) describes how PIRAMIDA limited liability company for the production of pharmaceutical packaging (“Piramida d.o.o.”) collects, uses and discloses personal data during its business operations. This Notice does not apply to the processing of personal data of Piramida d.o.o. employees, which is subject to special rules.
The term “personal data” refers to all data relating to an individual whose identity is identified or can be identified (“data subject”). It means any information by which the identity of individual can be directly or indirectly determined, such as name, personal identification number, postal address and email address. Determining the identity can be done directly by the information itself or in connection with any other information that we have or is likely to come into our possession.

Piramida d.o.o. is the data controller in relation to the processing of personal data specified in this Notice.

1. Which personal data we collect and how we use these personal data

Related to the regular business operation of Piramida d.o.o., we collect and process personal data in accordance with laws and regulations. We also process the personal data of our business partners, customers, suppliers and service providers. In addition, Piramida d.o.o. also processes personal data as a part of the employment process and through video surveillance.
We emphasize that we collect and continue to process only those personal data that are necessary in relation to the purposes for which they are being processed and we process them in a manner consistent with these purposes.

2. Personal data collected during our business operation

Piramida d.o.o. is a specialized producer of pharmaceutical glass packaging (ampoules and vials made of tubular glass). More than 90% of our production is exported to the European Union and other markets, we are certified for quality management system according to ISO 9001, environmental management system according to ISO 14001 and ISO 15378 standard which defines the conditions for primary packaging material for medical products.

In order to effectively satisfy our customers/business partners, Piramida d.o.o. collects information related to potential or actual business relationship, and such information may include different personal information.

We collect and further process personal data pertaining to the potential or existing buyers/suppliers and/or their employees/representatives and/or other connected persons (e.g. company members, consultants). These personal data usually include name, postal address, personal identification number, date/place of birth, identification document, phone/fax number, email address, function, payment information and other details related to potential or real relationships.

The source of personal data collected during our business operation may contain information and documentation collected through personal contacts and other means of communication (e.g. correspondence, phone, email, website) with potential or existing buyers/suppliers, state authorities or other sources (e.g. network sources, official registers).
In order to ensure the best performance and the most efficient way of performing the activity of Piramida d.o.o., we can hire business partners outside the company and third party service providers such as external consultants, court interpreters, attorneys, IT service providers, accountants, etc. for provision of these services. Therefore, we may collect and further process personal data about such business partners/service providers and/or their employees/representatives, which may include name, postal address, personal identification number, date/place of birth, telephone/fax number, email address and payment information. These personal data are collected through personal contacts and other means of communication (e.g. correspondence, phone, email, our website) with these business partners and third party service providers.

3. Personal data collected through business contacts

In our regular business contacts (e.g. at trade shows and other similar events, via e-mail correspondence) between our company and others (e.g. potential buyers/suppliers, agents/intermediaries and other interested parties) we may collect the personal data of these other stakeholders and/or their agents. The same personal data usually includes name, postal address, phone/fax number, email address and function. Usually this kind of information is collected through personal contacts (e.g. exchange of business cards) and/or further communication (e.g. by email or phone). Personal data about these other stakeholders and/or their representatives is entered into the database that we keep and use if necessary or appropriate.

4. Personal data collected in the employment process

As part of the employment process we collect personal data of potential employees. Personal data of potential employees includes resumes and/or other information that resume usually contains and/or are usually connected to the employment process such as name, postal address, personal identification number, date/place of birth, telephone/fax number, email address, information on education and previous work experience and photographs. The same information may also include special categories of personal data (e.g. health status).

Personal data collected through personal contacts and other means of communication (e.g. correspondence, phone, emails, our website) with candidates who apply for job advertisements published by Piramida d.o.o. The interested candidates also send open job applications, usually via email or via our website. If we consider it necessary for the employment process, apart from the information provided to us by the candidates, we may also collect information about them from other sources (e.g. network sources). Also, we may occasionally hire third-party service providers (e.g. employment agencies) to assist us in the employment process and in collection of information, including personal data about potential employees.

If a candidate is not offered a job on a particular occasion, but we think that this candidate might be appropriate for another job in the future, we can also keep the information for future consideration with the candidate’s consent.

5. Personal data collected through video surveillance

Our business premises are under video surveillance in order to ensure adequate protection of people and assets. Through video surveillance we can collect personal data of our visitors, including potential/existing buyers/suppliers and their representatives, other business partners and service providers. These personal data mainly contain video images of visitors, and are stored in our IT system for a specified period of time after which they are deleted. Only authorized personnel of Piramida d.o.o. have access to these personal data and we have established a login registration system for the purpose of protecting these data, as required by laws and regulations.

6. Personal data collected through our website/use of IP address

Visitors of our website are not required to provide personal data in order to use its best functionality. However, visitors who want to submit a query via our website must provide their name and email address.

In addition to the information which we collect from our website as described above, we use the technology to automatically collect information about the use of our website. For example, our website server automatically registers when visitors visit our website, their IP addresses, and which web browsers are used by our visitors. We use this information in order to manage our website and our technical solutions, to understand how visitors go through our website and improve your experience of using our website and services.

7. Cookies

In order to automatically collect the data described in the previous section, we use “cookies”. The cookie is a small amount of information that is sent to your browser and stored on your computer’s hard disk. Please see our Cookies Policy for more information on cookies and how you can change your settings to delete or reject cookies.

8. For what purposes we use personal data

We use personal data for these purposes:
• For the purpose of performing our activity (delivery of our products to buyers, procurement of raw materials from suppliers)
• For the purpose of enabling regular business operations of Piramida d.o.o.
• For employment purposes;
• For the purpose of protecting persons and assets (e.g. in case of video surveillance);
• To inform our buyers and business partners about the news or activities from our business operations;

9. Legal basis for the collection and processing of personal data

The legal basis for our processing of personal data for the purposes described above shall usually include the following:
• Processing is required for the fulfilment of contract whose contracting party is a buyer/supplier
• Legitimate interest (e.g. in the case of performing our activity, in case of processing via video surveillance, in the case of processing for the purpose of maintaining the business network or in case of realization of our claims);
• Explicit consent of data subject (e.g. in case of potential employees who give us the consent for keeping their personal data for later use).

10. With whom do we share your personal data

Piramida d.o.o. does not share or distribute personal data unless otherwise is stated in this Notice or as otherwise is required or permitted by applicable laws and regulations:
• We share, transfer or disclose personal data with the relevant state authorities (e.g. courts), translators, court interpreters and/or counterparties and their representatives, if it is necessary for and in order to perform our activity;
• Furthermore, we may also share, transfer or disclose personal data to the relevant authorities in order to comply with legal requirements (e.g. we may need to disclose data relating to individual transactions to tax inspection);
• In addition, we can disclose personal data to our service providers in order to enable proper functioning of our company and to protect the security and integrity of our IT systems and website.

If we transfer personal data outside the European Economic Area, we shall, as required by the applicable laws and regulations, ensure that the rights of the data subject are adequately protected by appropriate safety measures such as standard contract clauses.

11. What are your rights according to data protection laws and regulations?

Unless exceptions apply to them pursuant the applicable laws and regulations on data protection, the data subjects have the following rights in respect to their personal data which are being processed by Piramida d.o.o.:

• The right to obtain from Piramida d.o.o. confirmation on whether or not personal data relating to data subject in question are processed or not, and if they are, to access such personal data (“Right of access by the data subject”);
• The right to request that Piramida d.o.o. rectifies or completes any personal data if they are found to be inaccurate or incomplete (“Right to rectification”);
• The right to request the erasure of personal data if they are no longer necessary for the purposes for which Piramida d.o.o. proceses the same data (“Right to erasure”);
• The right to withdraw the consent at any time if the processing takes place on the basis of the consent;
• The right to request that Piramida d.o.o. provides you your personal data and, if possible, to directly transmit these data to the other controller, if applicable (“Right to data portability”);
• The right to request restriction of further processing, if applicable (“Right to restriction of processing”);
• The right to object to the personal data processing, if applicable (“Right to object”);
• The right to complain to the supervisory body.

If the Data subjects decide to exercise one of the above mentioned rights, Piramida d.o.o. shall without unnecessary delay, act upon the request of the party. We shall provide information about taken actions to the Data subjects without unnecessary delay and in any case within one month from the receipt of the request. This deadline may, if necessary, be extended for additional two months, taking into account the complexity and number of requests. We will notify the Data subject about any such extension within one month from receipt of the request accompanied with the reasons for the delay. This information is provided free of charge.

12. Keeping period of personal data

We will keep personal data as long as it is necessary for processing purposes and this period shall vary depending on a particular purpose. For example, any accounting documentation must be kept for a period of 11 years. Once personal data is no longer needed for the purpose for which it was collected, we shall destroy or anonymize such personal data so that it is no longer in a form that allows the identification of the Data subject.

13. Further processing for new purposes

If we intend to use your personal data for a new purpose, which is not covered by this Notice, then we will provide you with a new notice explaining this new use before the beginning of processing and determining relevant purposes and processing conditions. If and whenever necessary, we will ask for a prior consent for such new processing.

14. Security measures we use to protect personal data

We respect obligations based on applicable laws and regulations on data protection by secure storage and destruction of personal data, protection of personal data from loss, misuse, unauthorized access and disclosure, and ensuring the implementation of appropriate technical measures for the protection of personal data.
We have implemented reasonable technical, administrative and physical measures designed to protect the personal data that we were entrusted with and over which we have control, from unauthorized access, use, modification and disclosure.
Even though we implement of the highest security measures on our website, you should know that 100% security is not always possible with regard to our website and electronic communications.

15. Change of the Personal Data Protection Notice

We are constantly following and improving our data protection practices. Because of these continuous changes, changes in law and the changing nature of technology, our data protection practices shall occasionally change. All updates to this Personal Data Protection Notice will be posted on this website.

16. How can you contact us about your personal data?

In order to realize all relevant rights, send inquiries or complaints, please contact us at:

Resnička 10
10306 Sesvete, Croatia
Tel .: +385 12000 884
Fax: +385 12027 971
E-mail: piramida@piramida.hr

You can contact the Croatian Personal Data Protection Agency at 00385 (0) 1 4609-000 or by email azop@azop.hr or at the address of Personal Data Protection Agency, Martićeva ulica 14, HR – 10 000 Zagreb, Croatia.

This Personal Data Protection Notice was last updated in February 2019.


Contact Info

Piramida d.o.o.

Resnička 10
10360 Sesvete, Hrvatska

Phone: +385 1 2000 884
Fax: +385 1 2027 971