Poliklinika i dnevna bolnica IMEDPoliklinika i dnevna bolnica IMED

Book an Appointment

Legal Information

CookiesPrivacy PolicyTerms of Use

Privacy Policy

PRIVACY POLICY FOR VISITORS OF THE WEBSITE www.imed.hr

I-MED d.o.o. (hereinafter: the “Controller” or “Polyclinic I-MED”) is committed to protecting the privacy and personal data of visitors of the website www.imed.hr and users of the services provided by the Controller through the website (hereinafter: the Data Subject/Data Subjects).

We process your personal data in accordance with the General Data Protection Regulation (hereinafter: GDPR), the Act on the Implementation of the GDPR, and other applicable legislation in this field. This Privacy Policy explains the categories of your personal data we process, the purpose and legal basis for such processing, how your personal data are used, and what rights you have as a Data Subject.

Personal data include all information relating to an identified or identifiable natural person. The processing of personal data includes any operation performed on personal data – collection, organization, storage, adaptation, use, transfer, erasure, or destruction – whether by automated or non-automated means.

1. Controller Details

I-MED d.o.o.
Registered office: Selska cesta 90A, 10000 Zagreb, Croatia
Company registration number (MBS): 080626368
PIN (OIB): 68891266197

Contact:
E-mail: info@imed.hr

Data Protection Officer:
Mrs. Sanja Bach
E-mail: bach@imed.hr

2. Categories of Data Subjects and Personal Data Processed

The Controller processes personal data in accordance with the principles of data minimization, lawfulness, and transparency. Below is an overview of the categories of data subjects and types of personal data we collect and process:

  • Website users via online form: name and surname, e-mail address, phone number, and other information you voluntarily provide through the form.

  • Newsletter subscribers: e-mail address.

  • Website user technical data: location data, IP address, and other technical data necessary for the functioning of the website.

  • Users applying for courses/educational programs: name and surname, contact information, type of course/education, payment records.

  • Job applicants: name and surname, contact information, CV, cover letter, qualifications, prior experience, skills and any other information submitted in the application.

3. Purposes and Legal Bases for Processing Personal Data

Your personal data are processed solely for the following purposes and based on the corresponding legal grounds:

  • Communication, appointment scheduling, responses to inquiries – includes responding to questions and comments, processing requests, receiving and sending messages via contact form, and exchanging uploaded documentation.
    Legal basis: steps taken at the request of the data subject prior to entering into a contract.

  • Sending notifications and marketing communication via newsletter – if you subscribed to our newsletter.
    Legal basis: consent of the data subject.

  • Direct marketing – for promoting services, informing about industry updates, and maintaining relationships with existing clients.
    Legal basis: legitimate interest of the Controller.

  • Promotion of the Polyclinic – publication of patient photos including treatment results only with prior explicit consent.
    Legal basis: consent of the data subject.

  • Organization of courses and professional training – processing applications via web form or phone.
    Legal basis: steps taken at the request of the data subject prior to entering into a contract.

  • Recruitment process – processing job applications submitted voluntarily.
    Legal basis: steps taken at the request of the data subject prior to entering into a contract.

  • System security and fraud prevention – including processing IP addresses and device data.
    Legal basis: legitimate interest of the Controller.

Providing personal data is voluntary. However, if you refuse to provide the required information, we may not be able to provide certain requested services or information.

4. Data Retention Period

Your personal data will be retained only for the time necessary to fulfill the purposes described above unless otherwise specified in this Privacy Policy.

5. Your Rights as a Data Subject

You have the following rights in accordance with GDPR:

(I) Right of access – to information on whether your personal data are processed and access to such data.
(II) Right to rectification/completion – to correct inaccurate or incomplete personal data.
(III) Right to erasure (“right to be forgotten”) – subject to conditions under Article 17 of the GDPR.
(IV) Right to restriction of processing – under specific circumstances.
(V) Right to data portability – where processing is based on consent or contract and technically feasible.
(VI) Right to objection – to processing based on legitimate interest.
(VIII) Right to lodge a complaint with a supervisory authority
Supervisory authority contact information:
Croatian Personal Data Protection Agency (AZOP)
Ulica grada Vukovara 54, 10000 Zagreb
E-mail: azop@azop.hr
Phone: +385 (0)1 4609-000
Website: www.azop.hr

(IX) Right to withdraw consent – at any time without affecting the lawfulness of processing before withdrawal.

6. Exercising Your Rights

You may exercise your rights by submitting a request:

  • By mail: Selska cesta 90A, 10000 Zagreb

  • By e-mail: bach@imed.hr

We may require proof of identity before proceeding with your request to ensure data protection.
We will respond without undue delay, and no later than one month from receipt of the request, with possible extension if necessary.

7. Sharing Data with Third Parties

We share personal data with third parties only when necessary to provide our services, comply with legal obligations, or protect our legitimate interests.
Third parties may include:

  • External partners and service providers (e.g., IT support, accounting services)

  • Providers of certain software solutions (e.g., cloud services)

  • Competent authorities when legally required

Where data are transferred outside the EEA, appropriate safeguards such as Standard Contractual Clauses are applied.

8. Data Security

The Controller applies appropriate technical and organizational security measures including:

  • Strict security protocols and restricted access to data

  • Antivirus protection, firewalls, system updates, strong passwords

  • Encryption and pseudonymization where applicable

  • Employee confidentiality obligations and regular training

  • Contracts with processors ensuring GDPR compliance

9. Use of Cookies

Our website uses cookies to ensure proper functionality and improve user experience. Details are provided in our Cookie Policy.

10. Updates to the Privacy Policy

The Controller reserves the right to modify or update this Privacy Policy to remain compliant with legal requirements and ensure improved data protection.
Any changes will be promptly published on our website.

Date of last update: 27 October 2025