PRIVACY POLICY

The purpose of this Privacy Policy is to inform the users (hereinafter: the individual) of the mobile application eMR (hereinafter: the application), who can also provide certain information at each visit, which can directly or indirectly identify the individual (personal data), so we want to clarify how we will process, store, protect this data and also what the rights are regarding personal data. This Privacy Policy also applies to the processing of personal data, which we also obtain via telephone or e-mail communication.

All personal data are processed, stored and protected in accordance with the applicable legislation governing the protection of personal data, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data. free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, hereinafter: GDPR) and the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07 - official consolidated text and 177/20, hereinafter: ZVOP-1). Please read our Privacy Policy in detail to understand how we protect your privacy.

By providing your personal data and using the application, you declare that you have read our Privacy Policy and are aware of the methods of processing and the legal basis for the processing of personal data. If you do not agree with the processing methods, please do not provide us with your personal data or use the application.

Your data controller: 
INFOTIM RŽIŠNIK-PERC D.O.O.

Authorized person for personal data protection:
INFOTIM RŽIŠNIK-PERC D.O.O., e-mail: Sebastijan@infotim.com. 

Types of personal data, purposes of processing your personal data and legal basis:

All personal information you provide to us will be treated confidentially and will only be used for the purposes for which we obtained it. In the event that there is a need to further process your data for another purpose, we will contact you in advance and ask for your consent.

Data we collect based on the use of the application:

a.	non-personal data: these are technical data that we obtain automatically when you use the application, including device data or other log data. Data collected: IP address of your mobile device, date and time of access to the application, data collected based on the inclusion of the location on your mobile device. This information alone cannot be used to identify or contact you. We can automatically combine collected and other, non-personal data with personal data. In this case, we will treat the aggregated data as personal data in accordance with this Privacy Policy.

The purpose of processing non-personal data is to enable technical accessibility of the application, enable security of the application, detect and prevent abuse, statistical purposes to improve the application, using data in anonymized form, optimizing the application, ensuring security of IT systems, analysis of application use in anonymized form. 
As long as you entrust us with personal information (such as first and last name, e-mail, etc.), all information we automatically obtain when you use the application is anonymous information and we cannot and do not identify an individual. 

b.	personal data: we process personal data upon your registration of a user account in the application, thus giving your consent and acceptance of the General Terms of Use of the application, or if we have a contract or take action at your request before concluding the contract, by law or if our legal interest. The personal data we process are: e-mail address, your telephone number, name and surname.

If you believe that someone has provided us with your personal information and you do not wish us to process it, please let us know at info@infotim.com. All your personal data will only be kept for as long as is necessary to achieve the purpose for which it was collected, or we will only keep it for the period prescribed by law in certain cases.
If the purpose of personal data processing is prescribed by law, we will process your personal data to meet our legal obligations, e.g. obligations imposed by tax law. The legal basis for such processing is therefore the law (Article 6 (1) (c) of the GDPR).
If circumstances so require, we may process your personal data on the basis of a legitimate interest which we pursue, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, for example for the following purposes:
-	application optimization,
-	ensuring the security of IT systems,
-	prevention of abuse and / or fraud.

Transfer of personal data to third parties and to third countries

The controller does not pass on the collected personal data to third parties, except to the extent specified in this Privacy Policy.

Your data is only processed in an area within the European Union.

Children data 

We are committed to protecting children's online privacy and Internet security. We do not offer goods and services to children or we do not knowingly collect or request personal data from children under the age of 15.

We will not feed any communications that we reasonably and reasonably believe are coming from a child under the age of 15. Parents or guardians of children under the age of 15 are encouraged to regularly check and monitor whether children use e-mail and other online activities.

We use all available technology and strive to verify that the holder of parental responsibility for the child has given or approved consent.

Automated decision making and profiling

An individual's personal data is not subject to automated decision-making, nor is it subject to profiling.

How do we protect data

We appreciate that you trust us and share your personal information with us. We are committed to protecting them and therefore take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices - both security and physical measures. We restrict access to personal information to our employees, service providers and agents who need to know it in order to develop or improve our services.

We strive to ensure the security of personal data. Your personal information is protected at all times from loss, destruction, falsification, manipulation and unauthorized access or unauthorized discovery. We use an appropriate level of protection and have reasonable physical, electronic and administrative measures in place to protect the data collected.

Despite efforts to ensure security, an intrusion into our system may occur. In the event of altered, disclosed or destroyed personal data of an individual, we will notify the individual via e-mail or in the application itself. 

Each individual is responsible for protecting their user account (username and password), which they create for the purpose of using the application.

PERSONAL DATA MANAGEMENT AND LOGIN

You can change, update or remove personal information in the application at any time.
-	Updates and changes: If you want to change your personal information, you can do so in the app below your account settings.
-	Deletion of personal data: deleting your user account will completely delete your personal data. In case of problems with deleting the user account, send us a request for deletion to info@infotim.com. 

Information on the rights of the individual whose data we process

With regard to your personal data that we process, you have the right:
to revoke the consent to the processing of personal data at any time (revocation of the consent does not affect the lawfulness of the processing of data carried out on the basis of the consent until its revocation). If you only want to update personal information, you can do so in the application,

-	to obtain confirmation or we process your personal data;
-	to access: to request confirmation whether we process your personal data relating to you, and if so, to request a copy of that personal data, to ask about purposes of processing, categories of personal data concerned, whether personal data is transferred to a third country or international organization etc.;
-	to rectification: to request that we rectify or update any personal data that is inaccurate, incomplete or outdated;
-	to erasure (Right to be forgotten): to request that we erase your personal data in certain circumstances, such as when the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or where we collected personal data on the basis of your consent and you withdraw your consent etc;
-	of restriction of processing: to request that we restrict the use of your personal data in certain circumstances, such as when accuracy of the personal data is contested by you;
-	to data portability: to request that we provide a copy of your personal data to you in structured, commonly used and machine-readable format in certain circumstances and you have the right to transmit that personal data to another controller in certain circumstances;
-	to object: at any time to processing of personal data for our legitimate interest, to direct marketing and profiling connected with direct marketing;
-	to state that a decision based solely on the automated processing of personal data, including profiling, has legal effects that affect you or significantly affect you in a similar way or does not apply to you. If the decision (1) is necessary for the conclusion or implementation of the contract between you and us or (2) is justified by your explicit statement, we will take appropriate measures to protect rights and freedoms and your legitimate interests and ensure at least the right to personal intervention of the data controller, views and challenges to the decision;
-	to appeal, independent of the above stated rights, to a supervisory authority if you believe that processing of your personal data violates the data protection regulations. You may file a complaint to the competent state authority: Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address: gp.ip@ip-rs.si, phone: 00386 1 230 97 30, website: www.ip-rs.si. 

For all stated rights, you may, at any time, contact us at: info@infotim.com. 

We shall promptly ensure that the request is complied with immediately, but no later than in one (1) month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, each additional copy we may charge a fee to cover cost of preparing the copy.

Time of storage of personal data

We will store the individual's personal data for as long as is necessary to achieve the purpose for which the personal data was collected and further processed.

In some cases, anonymised data is stored longer, but always in a way and in a form from which the data cannot be traced back to you and consequently identify or profile you.

The retention period of personal data may vary depending on the applicable sectoral legislation (eg tax legislation, accounting regulations). In the event that the applicable sectoral legislation sets mandatory deadlines for the storage of personal data, personal data shall be deleted after the expiry of the period prescribed by law.

Cookies

This application does not currently use any cookies.

Security  

We strive to ensure the security of personal data. Your personal information is protected at all times from loss, destruction, falsification, manipulation and unauthorized access or unauthorized disclosure. We use an appropriate level of protection and have reasonable physical, electronic and administrative measures in place to protect the data collected.

Despite efforts to ensure security, an intrusion into our system may occur. In the event of altered, disclosed or destroyed personal data of an individual, we will notify the individual via e-mail.

Each individual is responsible for protecting their user account (username and password), which they create for the purpose of using the application.

Links to third-party sites

The application may contain links to third party websites. These sites have their own privacy policies, which you should familiarize yourself with, as we do not assume any responsibility for them.

Updates to this Privacy Policy

We reserve the right, in our sole discretion, to update, change or replace any part of the Privacy Policy, by posting an update or change in the prior notice application. Any change is effective from the date of the public announcement of the amended Privacy Policy in the application.

This Privacy Policy was last updated on: 15.04.2022.