‍DATA PROCESSOR 
‍
‍In accordance with the General Data Protection Regulation 2016/679 (GDPR) and the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter collectively referred to as the "regulations"), we inform you that the Company (hereinafter "Euromedfin") acts as the Data Processor for the personal data processed on this website on behalf of the Data Controller. Euromedfin transmits your personal data to the data controller in order to facilitate obtaining personal financing. Data controllers can be banks/financial institutions or financial intermediaries/brokers.

Company: Euromedfin LLC

Identification number: Registered with the court register of the Commercial Court in Zagreb under no. 081615959, Croatian PIN (OIB): 69160506433

Address: Radnički dol 23, 10 000 Zagreb, Croatia

PURPOSE OF PROCESSING AND LEGAL BASIS

When you have expressly consented to the processing of your personal data your data are used to be sent to our financial partners, Euromedfin being only an intermediary acting on behalf of the Data Controller.

To these ends, we process the following personal data:

Types of Personal Data

For website maintenance and improvements; we might use the following data: technical data such as IP address, browser type and version, operating system used; connection data such as functions used, pages visited, configurations selected & timestamps of visits.
‍
WHEN NECESSARY FOR COMPLIANCE WITH A LEGAL OBLIGATION
‍
When the processing of your personal data is based on your consent, you have the possibility to withdraw it at any time. At the time of collecting your personal data, you will be informed if they must be provided to achieve the expected result. Failure to provide these mandatory details may render the request execution impossible. If the user is not the owner of the data provided (data of dependents, employees, family members, etc.), they guarantee that they have the right and have obtained the consent of the owner for their transmission and will be responsible to Euromedfin.

HOSTING SERVICES & DATA RETENTION

To the host of our site (Hetzner, whose cloud servers are located within the European Union) for the purposes of database maintenance and hosting. Privacy policy of Hetzner can be obtain here: Hetzner Privacy policy
‍Data Retention

‍COOKIES
‍
Our website uses cookies to offer you relevant, personalized content adapted to your interests and geographical location. You can view our Cookie Policy if you want to know more about how we manage the personal data we collect.

SECURITY MEASURES

Euromedfin adopts the security levels required by regulations, depending on the nature of the data processed at any given time. However, the technical security of a medium like the Internet is not invulnerable, and there may be malicious actions by third parties, although Euromedfin does everything possible to prevent such actions.

FORM PROTECTION

Our platform uses the most advanced techniques to prevent SQL injection through web forms:

- JavaScript and PHP Validation: Information collected in forms is processed using rules that prevent the entry of undesirable data and require the user to enter it in a specific format. For example, phone numbers must always respect the country's format. Another example, numbers cannot be entered in text fields such as name and surname. If incorrect data is entered, it does not allow you to proceed as it marks the error in red and does not let you continue until it is corrected.

- CSRF: Technology that verifies the origin of data to ensure it is a legitimate user. Brief explanation of its operation: "CSRF tokens must be generated server-side. They can be generated once per user session or for each request. Tokens per request are safer than tokens per session, as the time interval for an attacker to exploit stolen tokens is minimal. When the client makes a request, the server-side component must verify the existence and validity of the token in the request against the token found in the user's session. If the token is not found in the request, or if the provided value does not match that of the user's session, the request is canceled."

All data collected from the user is not stored in the database until the process is complete. During the process, the data is stored in session, and if the entire procedure is successful, it is stored in the database. This way, we avoid unfinished records and also reduce the number of database accesses.

YOUR RIGHTS

You can exercise your rights to access, rectification, deletion, restriction, portability, and, where applicable, opposition. To this end, please send a written request either by email to: info@euromedfin.com or by postal mail to: Radnički dol 23, 10 000 Zagreb, Croatia, in a sealed envelope addressed to our Data Protection Officer.

Your request must contain a detailed and precise description of the data you wish to access. In case of reasonable doubt about your identity, you may be asked to provide a copy of a document to help us verify it. This could be your ID card or passport. This document should mention your name and address, and this data must be clear to allow your identification, while all other data - picture, any distinctive feature - can be deleted/hidden.

The use we make of the information on your identification document is strictly limited: the data is only used for verifying your identity and is only stored for the time necessary for this purpose.

You also have the right to file a complaint with the Croatian Data Protection Authority if you believe your rights are not being respected:

Either by writing to the postal address below:

Agencija za zaštitu osobnih podataka,
Ulica grada Vukovara 54,
10 000 Zagreb
‍
Or by clicking on the following link: https://azop.hr/zahtjev-za-utvrdivanje-povrede-prava/

‍The Privacy Policy was last updated on 06/01/2024