FUTURA MEDICAL GROUP d.o.o., located in Zagreb, Ulica Frana Folnegovića 1C, registered with the Commercial Court in Zagreb under registration number (MBS): 081284729, tax identification number (OIB): 95346564252 (hereinafter: “the GROUP”), is the data controller of your personal data. The term “user” or “data subject” in this Privacy Policy refers to all individuals who receive or have received healthcare services, as well as all other individuals who have given their consent to receive notifications from the GROUP for themselves or for children under 16 years of age as holders of parental responsibility. The GROUP collects only the minimum necessary amount of personal data and uses it exclusively for the purpose for which it was collected and about which you have been informed. Similarly, the GROUP does not share data with third parties without informing you. The GROUP always strives to process and store your data only for as long as necessary for the purposes for which it was collected or as required by any contract or applicable law.

1. Data We Collect

The GROUP collects various types of data to provide quality services, namely: (a) data collected directly from you through forms in the GROUP’s premises, through forms on the website www.futuramedical.hr, via email, social media, or by phone; (b) data collected about your use of the GROUP’s services; and (c) data collected from third parties. The GROUP collects the following categories of data from you:

• Identification data (full name, personal identification number, gender, nationality, address of residence/domicile)
• Contact data (email address, phone number, mobile number)
• Health data and information (medical reports, medical history, diagnoses, procedures, etc.)
• Administrative data (insurance number, health insurance card, supplementary insurance card, payment confirmations, etc.)
• Other data voluntarily provided by you as a user of our services

The GROUP also processes your data and/or the data of your child, if the child is under 16 or 18 years of age, depending on the purpose of the processing, and you are the holder of parental responsibility. The GROUP collects data about your use of the website www.futuramedical.hr, i.e., your browsing behavior. Such data is necessary to ensure the proper and quality operation of the website and to provide you with high-quality services, as well as to comply with our obligations and our legitimate interest in providing and continuously improving the services we offer. The website www.futuramedical.hr uses so-called cookies. Details about cookies, how they are used, stored, and blocked are available on the website www.futuramedical.hr under the “Cookies” section, which can be accessed via the link: https://futuramedical.hr/en/cookies/ Furthermore, the GROUP may collect data about your geo-location. Such data may become available when you browse and use the website www.futuramedical.hr based on your IP address or GPS data from your device. This data is used to improve our services and ensure the quality of the services we provide to you. The GROUP highlights that your devices have the option to disable or limit the sharing of your location data, and you are free to use these options. When collecting personal data, certain data may be stored by the Google Analytics platform, about which you are further informed through the cookie usage policy. For more information about the privacy policy of the Google Analytics platform, you can refer to the following link:

• https://policies.google.com/privacy?hl=hr

Some of our services available through the online content allow you to directly contact the GROUP for inquiries and to schedule appointments for treatments within the services provided by the GROUP. In connection with these services, we may ask you for certain information to enable you to use such services and for the GROUP to process your request. In such cases, your personal data is necessary as the GROUP cannot fulfill your request without it, and a form will be displayed for you to confirm that you are aware of the privacy policy. For example, we may ask for your email address, name, surname, mobile number, and more. Some services allow you to communicate with other individuals. These communications will be transmitted through our systems and stored within them. In certain situations, the GROUP collects data about you using other internet platforms and sources, which may be combined with other data that you provide. For example, in order to offer you quality services tailored to your preferences and interests, the GROUP uses the Facebook Pixel tool, which tracks your activity on this website and transmits this data to Facebook. As a result, promotional messages and information tailored to your interests and search results may be sent to you via social media. This allows you to access and stay informed about services that you may not have been regularly aware of, enhancing your user experience and improving the quality of services provided by the GROUP. These tools can be embedded in web content, videos, and emails and may allow servers to read certain types of data from your device, seeing when you have viewed specific content or email messages, determining the time and date of your view, and identifying your devic’s IP address. The GROUP and certain third parties use trackers for various purposes, including service usage analysis and, together with cookies, providing content and ads tailored to your needs and interests. This website uses retargeting (remarketing) technology. Third parties may collect information about your visits to our website and interactions with it, including advertisements. Retargeting technologies analyze cookies and display ads based on your previous behavior when visiting our website. For example, if you have viewed some of our services on our website, retargeting allows reading cookies in your browser and placing ads for those services on social media platforms like Facebook, where you may see our services/ads when using the platform. Data processing collected by these cookies is based on your consent (Article 6(1)(a) of the General Data Protection Regulation). In the Cookie Settings, you will also find a list of all cookies within each category (necessary, statistical, marketing cookies, and cookies for targeted advertising). For more information about these tools, you can check the following links:

• Facebook Business Help
• Facebook Privacy Policy

In addition, the GROUP uses Zendesk Support and Zendesk Chat tools for live communication on the website, which may also contain your personal data. For more information, see here:

• Zendesk EU Data Protection

Regarding the aforementioned, the GROUP does not perform special processing or storage of data provided through these tools, but they are used exclusively for communication. For example, your username created during a chat will not be associated with a specific person. However, if you use communication tools to make a special request, such as scheduling an appointment, our staff may request your contact details to process your request or inquiry made via these communication tools, such as chat. Similarly, if you use the web forms on the website www.futuramedical.hr to submit inquiries, requests, or demands on the wrong web pages, for example, if you use the “Ask the Doctor” form to request information or schedule an appointment, the GROUP may use the personal data you provide to identify you and contact you to act on your request or inquiry. All interactive options, particularly communication through private messages, chat, forums, or other methods of sending messages or communicating, are public in nature and do not have the status of confidential or verified information. Therefore, the GROUP may monitor and remove inappropriate content from user communications without their knowledge or special approval. Since the GROUP is not obliged to monitor or authorize the content of messages or information that may be found on the website www.futuramedical.hr, the GROUP is not responsible for actions taken by the user in any part of the website, nor for content that the user may post. By accessing and using this website, you agree to the use of the described tools and other data on your device. You also agree that the GROUP and third parties may access cookies, local storage technologies, Pixel, and data.

2. Why We Collect Your Data and Who Has Access

Your data is collected and processed for the following purposes:

• To provide you with our services
• To contact you regarding medical procedures
• To fulfill your requests and provide services
• To offer content and recommendations based on your activities on the website
• For advertising and sending promotional materials
• To improve our business and the development of services provided to you
• To assess and analyze activities on this website, our market, users, products, and services
• To communicate with you
• To analyze how individuals (including yourself) use our services and content, in order to improve and develop new products and services tailored to user preferences
• For processing necessary to comply with the legal obligations of the GROUP
• To notify relevant authorities and retain data in accordance with healthcare regulations
• For other purposes with your consent

Your data will not be publicly disclosed. We take special care in determining who we share your data with, and we will not disclose it to third parties for their own independent marketing or business purposes without your consent. In case of data transfer, we will take all necessary measures to protect it, and where possible and reasonable, pseudonymize or otherwise make it difficult to associate the data with you. In exceptional cases, we will strive to anonymize your data completely when we assess that there is a risk to your rights. Disclosure of your data may occur to entities directly involved in the operations of the GROUP, such as FUTURA MEDICAL GROUP d.o.o. (OIB: 95346564252), reliable and secure business partners, whose services and products are integral to the services provided, especially healthcare services. An example of such business partners includes manufacturers of medical devices used in operations by the GROUP, where it is important to note that the GROUP works with top-tier, high-end manufacturers of medical and diagnostic devices. We emphasize that your safety is always our top priority. It is also possible that we will share your data with business partners who provide services on our behalf, such as companies that assist us with billing or send emails on our behalf. These entities are limited in their use of your data for purposes beyond providing services to us. If required by law or by a decision of an administrative or judicial authority, data may be disclosed to the competent authorities and other parties:

• To comply with the law or to respond to mandatory legal procedures (such as a search warrant or other court order)
• To verify or achieve compliance with the rules governing our services
• To protect the rights, property, or safety of users, clients, and the GROUP itself

In some cases, the GROUP may transfer personal data to countries outside the European Union and the European Economic Area, which may have different and potentially lower standards of data protection than those required in Croatia. In such cases, the GROUP will take appropriate protection measures (e.g., using EU standard contractual clauses for the transfer of personal data to third countries) to ensure adequate protection of your personal data in accordance with applicable data protection laws. For transfers that exceed the legitimate interests of the GROUP and are not regular or necessary for ensuring the security and high quality of services provided by the GROUP, your consent will be requested. The GROUP continuously improves its system for collecting and processing personal data to ensure compliance with legal regulations and, of course, your security. To achieve this, we employ reasonable physical and technical measures to protect data and strive to follow the latest technical advancements and guidelines from data protection authorities, both at the national (Croatian) level and at the EU level. However, the GROUP must emphasize that due to the rapid development of technology, every internet user must be aware that no system is absolutely secure, and it is objectively impossible to foresee all potential risks that may arise on the internet. The GROUP, in particular, cannot influence the deficiencies of third-party services essential for the operation of this website. Unauthorized attacks on this website are always possible, but the GROUP takes reasonable steps to minimize any risks that might arise. In any case, the GROUP is committed to making every effort to ensure that its personal data protection system is as secure as possible.

3. Online Payment Security Statement

When making payments on our online store, we use CorvusPay – an advanced system for secure payment card acceptance via the internet. The payment data entry form is secured with an SSL transport encryption of the highest reliability. All stored data is additionally protected with encryption, using a cryptographic device certified according to the FIPS 140-2 Level 3 standard. CorvusPay meets all security requirements for online payments established by leading card brands and operates in accordance with the PCI DSS Level 1 standard – the highest security standard in the payment card industry. When paying with cards enrolled in the 3-D Secure program, your bank additionally confirms your identity through a token or password, along with the card’s validity. CorvusPay treats all collected information as banking secrecy and processes it accordingly. The information is used solely for the purposes for which it was intended. Your sensitive data is entirely secure, and its privacy is guaranteed with the most modern protective mechanisms. Only the data necessary for processing the transaction in accordance with the prescribed online payment procedures is collected. Security controls and operational procedures applied to our infrastructure ensure the immediate reliability of the CorvusPay system. Additionally, strict access control, regular security monitoring, and thorough checks to prevent network vulnerabilities, along with planned information security policies, ensure continuous improvement and maintenance of the system’s security, safeguarding your card data. Thank you for using CorvusPay!

Confidential Data Protection Method

The entry and transfer of personal data and credit card details are protected by the highest security standards provided by the CorvusPay™ online credit card authorization system, in compliance with the requirements of card issuers and brands, as well as the PCI DSS standard. Authorization and payment processing are performed using the CorvusPay™ system in real-time.

Personal Data Protection, Collection, and Use Statement

The GROUP is committed to protecting customers’ personal data by collecting only the necessary basic data about customers/users required to fulfill our obligations. We inform customers about how their collected data will be used and regularly provide them with the option to choose how their data will be used, including the ability to opt-out of marketing campaigns. All customer data is strictly protected and is accessible only to employees who need this data to perform their duties. All employees and business partners are responsible for respecting the principles of privacy protection. To ensure the protection of personal data, the GROUP takes appropriate protective measures in accordance with applicable privacy and personal data protection laws. This includes requiring service providers to implement measures that ensure the confidentiality and security of personal data of individuals. In its operations, the GROUP has implemented technical, physical, and organizational measures to protect the personal data of data subjects from accidental or unlawful destruction, accidental loss, damage, alteration, unauthorized disclosure or access, and all other forms of unlawful and/or excessive processing.

4. Miscellaneous

If, despite the content of this privacy statement and personal data protection, certain matters remain unclear or if you feel that some details have not been sufficiently explained, please feel free to contact our data protection officer with your reasonable inquiries. They will, within the scope of objective possibilities, make an effort to respond to all reasonable inquiries and, in collaboration with our technical teams, always strive to provide you with all reasonably available information to ensure your awareness. In accordance with applicable laws, we are obliged to inform you that you have the right to lodge a complaint regarding the processing of your personal data, both to the GROUP and the Personal Data Protection Agency. Upon your request, the GROUP will provide you with information on how your personal data is processed. If your personal data is inaccurate, upon your request, it will be corrected. In such a case, as well as in other cases provided by applicable regulations, you may request the restriction of processing. You also have the right to request the transfer of your data to another data controller. All your inquiries will be investigated by our data protection officer, and they will strive to respond to them, if possible, within 30 days, provided that your request is legally grounded. The response time depends on the nature of your inquiry and generally on the quantity and nature of other potential inquiries. In the case of unreasonable, excessively detailed, frequently repeated, or otherwise unjustified and burdensome requests, the GROUP reserves the right to charge a reasonable fee for providing a response to your inquiry. In exceptional cases, the GROUP may refuse to respond to your inquiry. The GROUP’s Data Protection Officer (DPO) is: Irena Bosanac Phone: 01/5005-970 Mail: dpo@futuramedical.hr