Privacy Policy

The data controller responsible for your personal information is:

For any questions or concerns about this Privacy Policy or how we handle your data, please contact us using the information above.

3.1 Personal Information

We collect the following types of personal information:

• Identity Information: Name, date of birth, gender, identification documents (when required)
• Contact Information: Email address, phone number, postal address
• Health Information: Health history, current health conditions, symptoms, treatment records, chiropractic assessment data, X-ray images, treatment notes
• Appointment Information: Appointment dates, times, preferences, attendance history
• Payment Information: Billing address, payment method details (processed securely through third-party providers)
• Emergency Contact Information: Names and phone numbers of emergency contacts

3.2 Automatically Collected Information

When you visit our website, we automatically collect:

• Technical Data: IP address, browser type, operating system, device information
• Usage Data: Pages visited, time spent on pages, links clicked, referring website
• Cookies and Tracking Technologies: See our Cookie Policy section below

3.3 Information from Third Parties

We may receive information from:

• Other healthcare providers (with your consent)
• Insurance companies (for billing purposes)
• Referring physicians or specialists

We use your personal information for the following purposes:

4.1 Healthcare Services (Legal Basis: Legitimate Interest & Consent)

• Providing Advanced Biostructural Correction™ treatments
• Assessing, diagnosing, and treating health conditions
• Maintaining accurate health records
• Coordinating care with other healthcare providers
• Emergency health situations

4.2 Appointment Management (Legal Basis: Contract)

• Scheduling and managing appointments
• Sending appointment reminders and confirmations
• Managing cancellations and rescheduling
• Maintaining appointment history

4.3 Billing and Administration (Legal Basis: Contract & Legal Obligation)

• Processing payments and managing billing
• Insurance claims processing
• Financial record-keeping
• Tax compliance

4.4 Communication (Legal Basis: Consent)

• Responding to inquiries and support requests
• Sending health tips and wellness information (with consent)
• Practice updates and announcements
• Patient satisfaction surveys

4.5 Website Improvement (Legal Basis: Legitimate Interest)

• Analyzing website usage and performance
• Improving user experience
• Technical support and troubleshooting

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your health information for specific purposes
• Contract: Processing is necessary to fulfill our contract with you (providing healthcare services)
• Legal Obligation: Processing is required to comply with Croatian and EU healthcare regulations
• Legitimate Interest: Processing is necessary for our legitimate business interests (practice management, fraud prevention)
• Vital Interest: Processing is necessary to protect life or physical integrity in emergency situations

We do not sell or rent your personal information. We may share your information with:

6.1 Healthcare Providers

• Referring physicians and specialists (with your consent)
• Other chiropractors or healthcare professionals involved in your care
• Emergency medical services (when necessary)

6.2 Service Providers

• Payment processors (for billing)
• IT service providers (website hosting, data storage)
• Appointment scheduling platforms
• Email service providers (for communications)

All service providers are contractually bound to protect your data and use it only as instructed.

6.3 Legal Requirements

We may disclose information when required by law:

• Court orders or legal proceedings
• Regulatory authorities (Croatian Health Ministry, AZOP)
• Law enforcement (when legally obligated)
• Public health authorities

6.4 International Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place through:

• EU Standard Contractual Clauses
• Privacy Shield certification (where applicable)
• Adequacy decisions by the European Commission

Our website uses cookies and similar technologies to enhance your experience:

7.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality (session management, security)
• Performance Cookies: Help us understand how visitors use our website
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Collect anonymous usage statistics

7.2 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies
• Accept only essential cookies
• Delete cookies after browsing

Note: Blocking essential cookies may affect website functionality.

We implement comprehensive security measures to protect your information:

8.1 Technical Safeguards

• SSL/TLS encryption for data transmission
• Encrypted databases and secure servers
• Regular security audits and updates
• Firewall protection and intrusion detection
• Secure password policies

8.2 Organizational Safeguards

• Staff training on data protection and GDPR compliance
• Access controls (role-based permissions)
• Confidentiality agreements with all staff
• Regular privacy impact assessments
• Data breach response procedures

8.3 Physical Safeguards

• Secure facility access controls
• Locked filing cabinets for paper records
• Secure disposal of physical documents

While we implement industry-standard security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but continuously work to protect your information.

We retain your information for as long as necessary to fulfill the purposes outlined in this policy:

• Health Records: Retained for 15 years after the last treatment (Croatian healthcare regulations)
• Billing Records: Retained for 10 years (tax and accounting requirements)
• Appointment Records: Retained for 5 years
• Marketing Consent: Until consent is withdrawn
• Website Analytics: Anonymized after 26 months

After the retention period expires, we securely delete or anonymize your information. You may request earlier deletion subject to legal and regulatory requirements.

Under GDPR and Croatian data protection law, you have the following rights:

We provide chiropractic services to patients of all ages, including children. When treating minors (under 18 years old), we obtain consent from parents or legal guardians.

For children under 16, parental consent is required before we collect or process their personal data. We take extra care to protect children's information and only collect data necessary for treatment.

Parents have the right to access, correct, or delete their child's information at any time.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notifications for significant changes (if required by law)

Your continued use of our services after changes are posted constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

For questions, concerns, or requests regarding this Privacy Policy or your personal data: