Privacy policy
PRIVACY POLICY
This Privacy Policy, based on the General Data Protection Regulation (GDPR), explains which personal data is collected in connection with our activities, how we process, use, and protect that data, the purposes for which it is used, as well as your rights related to your personal data.
OUR FUNDAMENTAL PRINCIPLE IS PRIVACY AND THE PROTECTION OF PERSONAL DATA
The privacy of individuals and the protection of personal data are fundamental human rights. It is our duty to safeguard the personal data we collect, process, and store. Your personal data is our responsibility, and we collect and process it only when necessary, ensuring the implementation of security measures for its protection.
ARENA DENTAL d.o.o., a member of Adria Dental Group – the largest dental medicine group in the Adria region, adheres to the following principles to protect the privacy and personal data of its patients and all individuals whose personal data we process:
- We do not collect more personal data than necessary.
- Personal data is not used for purposes you are not informed of in advance.
- Personal data is not retained longer than necessary.
- We never sell, lend, or distribute personal data.
- Personal data is not shared with third parties without your knowledge and unless legally required.
- We do not use any automated processing or profiling for decision-making.
- We do not transfer personal data outside the EU/EEA.
- We continuously ensure that personal data is securely stored and protected.
It is important to read this Privacy Policy, and we hope you take the time and attention to do so. We have made an effort to make it as clear and understandable as possible, aiming to maintain your full trust in how we handle your personal data.
If you have any further questions about data protection at ARENA DENTAL d.o.o. after reading this, please feel free to contact our Data Protection Officer at any time:
Igor Barlek, CIPP/E, Data Protection Officer of Adria Dental Group
- Email: bi@biconsult.hr
- Postal address: ARENA DENTAL d.o.o., Remetinečki gaj 2k, 10020 Zagreb, Croatia
- Postal address: Adria Dental Group, Josipa Marohnića 3, 10000 Zagreb, Croatia
We regularly update our Privacy Policy to enhance and protect your data. This Privacy Policy was updated on January 3, 2025.
WHO WE ARE
ARENA DENTAL d.o.o., located at Remetinečki gaj 2k, 10020 Zagreb, Croatia, is responsible for processing your personal data. We determine the purposes and methods of processing your personal data and ensure all security measures for its protection. Regarding patients' personal data, we also act as joint controllers with affiliated companies, including dental laboratories within Adria Dental Group (10000 Zagreb), our group ADRIA DENTAL GROUP d.o.o. (Josipa Marohnića 3, 10000 Zagreb), and PROVECTUS CAPITAL PARTNERS d.o.o. (Ilica 1A, 10000 Zagreb).
WHAT DATA DO WE PROCESS, HOW, AND FOR HOW LONG?
When registering potential patients for a free specialist check-up
We require your basic personal data (name and surname) and contact details (email and phone number) for effective communication, better understanding of your wishes and needs, and arranging the first appointment. Providing a dental image or orthopantomogram (OPG) is welcome, but only if you have it and choose to share it with us, following GDPR rules regarding health data processing as a special category of personal data, ensuring the highest level of security for such data. If you decide not to proceed with the free specialist check-up, we will permanently delete all your personal data.
When providing dental medicine services to our patients
From the first check-up and throughout the provision of dental services, we are obligated to collect all data about your dental health, including patient records and essential health-related data (such as chronic illnesses, allergies, infections, specifics regarding anesthesia, etc.). This information is necessary for providing dental services and protecting your health during specialist treatments and surgical procedures, all in compliance with GDPR rules for health data processing, ensuring the highest level of security.
During agreed treatments and multiple procedures, we may collect photos of your dental condition to monitor the effectiveness of each phase. These photos are stored solely in the patient’s record.
We retain all relevant data in your patient record to ensure the highest quality of dental health services. By law, this data must be stored for ten years after the completion of treatment, while older data is archived.
Referrals within Adria Dental Group
In your best interest and to ensure the highest quality of dental medicine services, we may refer you to another clinic within Adria Dental Group or use the services of dental laboratories within the group. In such cases, we will share your health documentation in accordance with legal regulations in the field of dental medicine and the protection of professional dental confidentiality.
All members of our team are obligated to treat all information about your health as confidential. Access to your personal data is strictly limited. In compliance with the Healthcare Act, we are required to provide access to your personal data at the request of the competent ministry, other government bodies as per special regulations, the Croatian Dental Chamber, and judicial authorities.
Necessary personal data for invoicing
We retain a minimum set of personal data (name, surname, OIB [personal identification number], address, and services provided) for invoicing purposes, in compliance with accounting and tax regulations.
Video surveillance
To ensure the safety of our patients and employees, protect property, and prevent unlawful actions such as theft, robbery, burglary, violence, or vandalism, we monitor only acceptable areas within and around the clinic premises. These areas are clearly marked with visible notices. Video surveillance recordings are stored for up to one month, depending on storage capacity, and no longer than six months.
Candidate selection and employment
During candidate selection and employment processes, we collect basic personal data (name, surname, residential address, email address, phone number, education, and work experience), as well as any additional data provided through resumes, to conduct the selection process. After the selection process, we retain the data of selected candidates for employment as required by law. For unsuccessful candidates, data is returned upon request or permanently destroyed unless consent is given to retain the data for potential future employment.
We share personal data of job applicants with our group ADRIA DENTAL GROUP d.o.o. and PROVECTUS CAPITAL PARTNERS d.o.o. based on legitimate interest and in accordance with GDPR provisions.
Consumer complaint rights
Every patient has the right to file a complaint or claim regarding the services provided. In such cases, we collect the necessary personal data of the complainant and retain it for up to 12 months, in compliance with consumer rights protection regulations.
Use of your personal data for sending newsletters
We send newsletters containing updates about our clinic, services, and special offers based on your consent or a legitimate interest in using your email address for this purpose. We retain your email address until you withdraw your consent or express a desire to stop receiving further notifications.
Collection of your personal data on our website
Although you can use our website without providing personal data, when you contact us via the contact form for a free specialist check-up, treatment, employment inquiries, establishing a business relationship, or other questions, we collect your name, surname, and email address. Providing your phone number is highly useful for us to better understand your needs in the field of dental health through a follow-up call.
We collect your personal data while communication is ongoing for the purpose of cooperation or scheduling your first appointment. Data is deleted after communication ceases, upon the expiration of legal obligations, or when the lawful basis under GDPR no longer exists.
Our website is not designed for use by individuals under the age of 16 without parental or guardian consent. Such consent is required before providing personal data via the contact form.
Our website also contains links to other websites and social networks (e.g., Facebook, Instagram, YouTube, LinkedIn) that are not governed by this Privacy Policy. We recommend that you read the privacy policies of every website or social network you visit, particularly where you share your personal data.
Cookies
Our website uses small text files (cookies) that are stored on your computer or device to adapt your browser interface. Cookies essential for the functionality of our website cannot be disabled. These are generally set in response to your actions, such as cookie settings, login attempts, or form submissions.
The use of other cookies that collect your personal data requires your prior consent. Even without such consent, you can fully use our website and access all its content.
Necessary cookies used by our website:
- Functional cookies
- __zlcmid (HTTP, 1 year) – Chat functionality
- cookie_control_consent (HTTP, 1 year) – Cookie control
- cookie_control_enabled_cookies (HTTP, 1 year) – Cookie control
- url_cookie (HTTP, 2 days) – Cookie control
Non-essential (statistical and marketing) cookies used by our website:
- Facebook
- _fbp (HTTP, 3 months) – Marketing
- Google Analytics
- _gcl_au (HTTP, 3 months) – Marketing
- _ga_# (HTTP, 2 years) – Analytics
- _gat_# (HTTP, 1 minute) – Analytics
- _ga (HTTP, 2 years) – Analytics
- _gid (HTTP, 1 day) – Analytics
- Hotjar
- _hjAbsoluteSessionInProgress (HTTP, 30 minutes) – Statistics
- _hjd (HTTP, 1 year) – Statistics
- _hjIncludedInPageviewSample (HTTP, 2 minutes) – Statistics
- _hjIncludedInSessionSample (HTTP, 2 minutes) – Statistics
- _hjSession_# (HTTP, 30 minutes) – Statistics
- _hjSessionUser_# (HTTP, 1 year) – Statistics
WHO HAS ACCESS TO YOUR DATA
We collaborate exclusively with trusted business partners who help us deliver and improve our services and make our communication with you more effective. Authorized external processors have access to your personal data solely to process it on our behalf and under our explicit instructions, as per data processing agreements in line with Article 28 of GDPR. These partners are bound to strict confidentiality obligations under this Privacy Policy, our agreements, and GDPR requirements.
Selected external processors include business partners who provide services such as patient communication, staff recruitment, IT services, application and system maintenance, video surveillance, and web and email hosting.
To arrange accommodations for your first check-up and treatment at our clinic, as well as organized transportation to the clinic and lodging locations, we share necessary personal data with trusted business partners providing transportation and accommodation services.
YOUR RIGHTS
At any time, you are free to contact us to exercise your rights regarding the protection of your personal data. Your rights include the following:
Right of Access to Personal Data
You have the right to access your personal data and receive information about what data we process, how we process it, for what purposes, and for how long. You may request a copy of your personal data.
Right to Rectification of Personal Data
You have the right to request corrections or updates to inaccurate or incomplete personal data we have collected about you.
Right to Erasure of Personal Data
You have the right to request the deletion of your personal data when it is no longer needed for the purpose it was collected, if you file a legitimate objection, or if your personal data is being processed unlawfully.
Right to Object
You have the right to object to specific processing of your personal data. For example, you can request that we stop processing your data for direct marketing purposes via newsletters.
Right to Restrict Processing
You may request that we restrict the processing of your data, for example, when deletion, correction, or objection is pending and/or if we do not have a valid basis for processing your data, but you wish us to retain it. When processing is restricted, your data will be stored but not further processed. For example, if you dispute the accuracy of your data, the processing of such data will be restricted until its accuracy is verified.
Right to Data Portability
If the processing is carried out using automated methods based on a contract or consent, you have the right to receive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller of your choice.
Right to Withdraw Consent
If you have previously given explicit consent to publicly share intraoral photos, facial photos, or audio/video recordings on our website or social media, you have the full right to withdraw your consent at any time. Upon withdrawal, we will delete such published photos or recordings.
If you wish to exercise any of the above rights, please submit your request:
- By email: dpo@arenadental.hr or,
- By post: ARENA DENTAL d.o.o., Remetinečki gaj 2k, 10020 Zagreb, Croatia
We will respond to your request as promptly as possible, no later than one month from receipt of your request. If we are unable to securely confirm your identity, we may request additional verification.
If you believe that our processing of your personal data is unlawful, you can file a complaint directly with the supervisory authority:
Agency for Personal Data Protection (AZOP)
Ulica grada Vukovara 54, 10000 Zagreb, Croatia
Phone: +385 1 4609 000
Email: azop@azop.hr
IMPROVEMENTS TO THIS PRIVACY POLICY
We reserve the right to periodically adapt and improve this Privacy Policy, primarily to comply with legislative changes or changes in processing purposes and methods. However, we will not limit or diminish your rights arising from this Privacy Policy or applicable laws. If changes occur that may affect your rights, we will notify you promptly and appropriately.