POLIKLINIKA SMILE d.o.o. (hereinafter “the Company”) implements personal data protection measures in compliance with statutory obligations and the new General Data Protection Regulation (GDPR).

Data controller: POLIKLINIKA SMILE d.o.o., M. Tita 129, HR-51410 Opatija.

If POLIKLINIKA SMILE d.o.o. is a joint controller of the processing of personal data pursuant to art. 26 of the European Regulation on the protection of personal data, on the basis of a commercial partnership and / or based on the use of some common services and / or legitimate interests of the Poliklinika Smile, further information relating to the protection and processing of your data personal data, in addition from POLIKLINIKA SMILE, may also be requested from the other joint data controller mentioned in this Notice under the title of the Policy on co-ownership in the processing of personal data.

POLIKLINIKA SMILE d.o.o. has appointed a DPO (Data Protection Officer) of the processing of personal data.

With regard to all matters relating to the processing of the user’s personal data and the exercise of the rights provided for by the European regulation on the protection of personal data, it is possible to contact a DPO in one of the following ways:

  • in writing to the address: POLIKLINIKA SMILE d.o.o M. Tita 129, HR-51410 Opatija, delivery by the short hand (brevi manu) to the DPO.
  • by e-mail to: [email protected]

We are committed to continuous and effective decision making, and we also expect our employees and business partners to do so.

This policy determines the intended behavior of the Company, its permanent, temporary and occasional employees as well as business partners and third parties in relation to the collection, use, storage, transfer, disclosure or deletion of personal data processed in the Company’s business processes.

The integral part of this policy is as follows:

PERSONAL DATA PROTECTION POLICY defines the purpose and methods of use of personal data, the categories of personal data we collect, the period of time in which we process them and the methods of processing information in relation to data processing;

ONLINE PRIVACY POLICYdefines the methods of collecting and storing the data we collect through the Company’s website;

EMPLOYEE PRIVACY POLICY explains what types of personal information we may collect about our employees and how it may be used.

JOINT CONTROLLERSHIP POLICY defines the joint data controllers, their actions and a point of contact for people.



This policy covers customer privacy practices that apply to all of the Company’s contracts, services and websites. This privacy policy is defined to clarify the purpose and methods of use of personal data, categories of personal data we collect, the period of time in which we process them and to let you know all the ways to inform you about the processing of your data.



During various forms of interaction with the Company (‘use of the website of which the Company is a publisher, sending requests by e-mail, by post, participation in prize games and competitions, conclusion of the subscription contract, conclusion of the contract advertising, collaboration agreement), personal data is collected, which includes, but not limited to the following:

  • Name, surname
  • Residence address
  • Tax Code
  • Account number
  • Email address
  • Telephone number

During various forms of interaction, the Company may also collect data that does not belong to the personal data group, which includes, but not limited to the following:

  • Data about the device through which you connect to the Internet
  • Type and version of the browser you are using
  • How to use the Company’s website



We process and use personal data only for the purposes for which it was collected. Processing is lawful only if and to the extent that at least one of the following conditions is met:

  • The processing is necessary to fulfill the legal obligations of the Company – which implies but does not limit the processing of data for the purpose of issuing invoices for the purpose of resolving complaints on the basis of the relevant regulations (consumer protection law);
  • The processing is necessary for the execution of a contract with the User and / or the execution of pre-contractual measures – for example, at the conclusion of a subscription contract, in organizing delivery services in accordance with a concluded contract, for publish an obituary;
  • The processing is necessary for the pursuit of the legitimate interest of the Company or of third parties, provided that the interests or fundamental rights and freedoms of the interested party that require the protection of personal data do not prevail – for example the processing of data for purposes marketing, when we notify of special promotions or invite to events which we expect might be interesting;
  • Based on the information on the scope of the processing, there is an explicit consent from the user – for example the consent of a parent or legal guardian for the processing of children’s under 16 years of age data



The Company uses personal data for the following purposes:

  • Provision of services in accordance with contractual obligations – the Company may use personal data during the provision of contracted services and to provide different forms of communication during the process of implementing the cooperation.
  • Marketing and sales activities – The Company may use personal data for the purpose of informing customers of promotions and special offers, services, discounts or similar activities;
  • Protection of Company Employees – The Company may disclose personal data of individuals if it deems it necessary or appropriate to protect the health and safety of employees, visitors, property and / or user;
  • Legal obligations for communication and data processing


Data collection methods

Personal data are collected in one of the following ways:

  • Provided directly by the User: all personal data in any case provided by the User (including those entered on the Site) for any other reason to the company, including those communicated in the course of events organized or participated by / by the undersigned company, or which in any case are provided to it in any way directly by the User (such as, by way of example, filling in forms or correspondence);
  • Indirectly: personal data collected automatically through websites (which do not belong to the Company), or through “cookies” are usually the data relating to the User’s navigation.



The Company guarantees the exercise of rights by the user in relation to:

  • Access to information
  • Objections to processing ;
  • Limitation of processing;
  • Data transfer;
  • Rectification ;
  • Cancellation ;

The user submits requests for exercising the right in writing or orally. If an individual files a claim relating to any of the above rights, the Company will consider any such claim in accordance with all applicable data protection laws and regulations. The Company reserves the right to charge costs for processing user requests in exceptional cases when the requests are unreasonable.

Users have the right to be informed based on the request, and after successful verification of their identity, of the following:

  • Purpose of the processing of personal data ;
  • Source of personal data, if not provided by the user;
  • Category of personal data ;
  • Recipients or categories of recipients to whom the personal data have been or may be transferred together with the location of such recipients;
  • The envisaged period for which the personal data will be stored or an explanation for determining the retention period;
  • Automated decision making, including profiling ;

All requests for access or correction of personal data must be addressed to the Dana Protection Officer who will register each request upon receipt. The response is sent to the user within 30 days of receiving the written request.


In some cases, the Company may request consent from the User or his / her parent / legal guardian / legal representative for the processing of personal data for a particular purpose. When the processing of personal data is based on consent, the user / parent / legal guardian / legal representative has the right to withdraw the consent given at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.


The Company must keep personal data for a period not exceeding that necessary for the purposes for which the personal data are processed.

The Company will keep personal data for as long as necessary to provide the User with goods and / or services; the Company will keep personal data relating to the execution of the contract for the fulfillment of contractual and legal obligations; subsequently, the personal data relating to the execution of the contract will be kept for a period not exceeding the statutory limitation period to possibly assert or defend a right in court.

Upon expiry of the retention period, personal data must be automatically deleted, or made anonymous permanently and not reversibly.


The Company implements physical, technical and organizational measures to ensure the security of personal data (for example, prevention of loss and damage, modification, unauthorized access or processing, and other threats to which personal data may be exposed caused by human activity or by physical / natural environment).

The security measures implemented are aimed at:

  • Prevent unauthorized persons from accessing the processing system in which data is processed ;
  • Prevent persons who have the right to use the data processing system from accessing personal data that go beyond their needs and authority;
  • Ensure that personal data during electronic transmission or during transmission cannot be read, copied, modified or removed without authorization;; Privacy Policy, Version 1.00 Page 6 of 12
  • Ensure system availability in order to determine who has entered, modified or removed personal data from the processing system;
  • Ensure that, when the processing is carried out by the DPO, the data can only be processed in accordance with the instructions of the Data Processing Manager;
  • Ensure that personal data is protected from accidental destruction or loss;
  • Ensure that personal data collected for different purposes are treated separately;
  • Ensure that personal data are not kept longer than necessary.


In certain circumstances, it is permissible to share personal data without your knowledge or consent. When disclosure of personal data is required for any of the following purposes:

  • Prevention or detection of crimes
  • Arrest or detection of offenders
  • Estimation or collection of taxes or fees.
  • By order of a court or any law.


If you have any questions or complaints in relation to this Privacy Policy or to exercise your privacy rights described above, please email us at [email protected] In the event of complaints, we will investigate the situation regarding the use and disclosure of personal data in accordance with this policy, and we will try to resolve them as soon as possible.


Although the Company is geared towards informing the general public, we are well aware that minors deserve special protection in all respects, including the protection of personal data, as they may be less aware of the risks and possible consequences of disclosing their data. .

Pursuant to article 19, paragraph 1 of the Law on the application of the General Data Protection Regulation, the Company, with regard to the protection of personal data, considers minors who is under the age of 16 and does not request or collect personal data of minors without the consent of the parent / guardian / legal representative. The Company will make every reasonable effort to ensure that data received from minors is processed only with the consent of the parent / legal guardian / legal representative.

If the Company discovers that the personal data of minors is sent, but without the valid consent of the parent / legal guardian / legal representative, the Company, to a reasonable extent, undertakes to do the following:

  • delete this personal data from your files as soon as possible;
  • ensure, in the event that the cancellation is not possible, that such personal data are not used for any purpose;
  • in no case will it transfer the data provided by the user to third parties.

If the parent or legal guardian has questions regarding the processing of personal data, please contact the address of DPO.


We process your data within the European Economic Area. In the event of a possible transfer of personal data outside the area, such transfer will only take place if the European Commission has confirmed that the third country meets a certain level of data protection or if appropriate protection measures are in place under applicable law (eg binding corporate rules, standard contractual rules).



At any time, if you believe that the processing of your data violates data protection laws or that your privacy rights have been otherwise violated, you can file a complaint about the processing of your personal data with the authority. supervisory authority, the Personal Data Protection Agency, Martićeva 14, Zagreb, [email protected]



The Company recognizes and respects your right to data privacy and undertakes to keep the personal data of users collected through the Company’s website confidential.

Your personal data is collected and used only on the basis of the data that you have voluntarily provided to the Company, through registration (at the time of registration, personal data such as: name and surname, address, city, e-mail, date of birth will be used) or using the website.

The personal data collected are stored in electronic format and all appropriate technical and organizational measures are applied to prevent breaches of personal data. Emails received with your personal information will only be used by the Company to meet your needs.


Cookies allow the collection of statistical information on user behavior and use of services (for example its ‘duration’ or, the indication of the moment in which it expires), the web browser used (e.g. Internet Explorer , Opera, Safari, Google Chrome, Firefox) and so on.

Cookies are small text files that are placed on your computer by websites that you visit. The main purpose of a cookie is to make the Site work more effectively and to enable certain features. Cookies are used to improve the user’s global navigation. The cookies on the Company’s web pages are anonymous and are not used to access user data or to track user activity after leaving our website.

The Company’s website monitors statistics and data relating to accesses and visits to obtain the necessary information on the attractiveness and effectiveness of their sites.

Users of the World Wide Web have the possibility, through the tools made available by the browser developers, to have full control over cookies Read more at the following links.

For other browsers, consult the relevant documentation provided by the respective company that owns the search engine.


The Company sends promotional materials through digital communication channels to people who at some point have reached a form of cooperation (subscribers, patients and potential patients) and who have provided us with contact information for this form of communication. Users of the Company’s services have the right at any time to unsubscribe from promotional services and the Company will provide tools to perform the deletion from the database The legal basis for carrying out this activity is the legitimate interest of the Company.

Contact information, such as name and e-mail address, are necessary for the purpose of sending promotional material by the Company. Promotional materials include information on services, special offers and newsletters.

The user will be informed at the time of first contact or at any stage of the use of his data for digital marketing purposes.

The possibility of a general exclusion is not available for some forms of non-marketing communication, such as communications relating to product download, sales transaction, prize winning, declarations of compliance with legal obligations and (where permitted by law).

The Company may use the technical services of external business partners for sending newsletters. In this case, only the e-mail address you provided to receive the Newsletter is processed. We also ensure that the selected business partner uses it only for the delivery of our Newsletters, during the period while you are subscribed to it, and may not use it for other purposes. Except in the stated case and under the stated conditions, the Company will not share your contact information, which you provided for subscribing to the Newsletter, with third parties.


The Company takes all security measures to protect user data, during input and transmission, data processing, and during retention period. Access to data is limited and is available only to those employees who need it to perform business activities.

Personal data provided to the Company during registration will be retained during the existence of the website or during the registration of users. All data provided to the Company upon registration on the Website will be destroyed at the latest upon termination.

Users have the right at any time to request notification of which of their personal data is processed by the Company, or to have them changed or deleted, by sending a request to a DPO.



We regularly review our privacy policy and check that they reflect the way the Company processes personal data. The current version is always available on our website www.smile.hr, and if there are significant changes that affect your rights and freedoms, we will inform you directly.



These rules define how the Company collects and uses your personal information related to employment activities. Personal data will be used in accordance with the rules prescribed below.

By sending personal data required with employment or job application, you voluntarily provide personal data to the Company.

Collection of personal data.

The Company requires certain information, including information on education and work experience, contact information, job qualifications for which you are applying. Some additional / more detailed information such as a CV is also needed; employment recommendations etc. Furthermore, the Company may collect data from third parties, during the validation of the data provided by the candidate (eg to verify the validity of the diploma, work experience and / or recommendations).

Confidential personal data.

The Company will not require sensitive personal information (eg, religion, health, sexual orientation, or political affiliation) during employment.

Voluntary disclosure.

Personal data during the recruitment process are made available to the Company voluntarily. The Company will request only data necessary for a proper and legally compliant recruitment procedure.

Use of personal data.

The data may be used to communicate with you, to manage the selection and recruitment process, and to comply with corporate, legal and regulatory requirements. If you are eligible for employment, we may use your data for employment and corporate governance.

Recipients of data and sharing with third parties.

The Company may share your personal data internally and with service providers and other third parties if necessary in the process of selecting candidates, recruiting, corporate governance, procurement and legal or regulatory obligations, to respond to public sector or administrative requirements, for national security purposes and / or law enforcement.

The Company obliges such service providers and third parties to maintain the confidentiality of your personal data and to use personal data only in accordance with the specific purpose for which they were disclosed.

Security and confidentiality.

The Company maintains a high level of administrative, physical and technical security measures designed to protect the confidentiality of personal data and requires the same from its service providers. Employees of the Company who, due to the nature of their work, may access personal data must maintain the confidentiality of such data.

The Company may apply security procedures in its facilities and on its computer systems to monitor and maintain security. Any supervision of the Company’s facilities, systems or assets is carried out in accordance with applicable laws.

Your obligations.

Each candidate is responsible for the data he submits to the Company. All data must be accurate, true, precise, and in no way misleading.

Applicants must ensure that the data submitted does not contain inappropriate, defamatory or content that infringes the rights of third parties. In the case when the personal data of another person are submitted (eg a person who can give a recommendation), the candidate is responsible to inform the person whose data he / she submits in a timely manner and obtain consent.



Data on joint processing managers with which POLIKLINIKA SMILE d.o.o. mutually and jointly determines the purposes and methods of data processing:

Top adria turistička agencija d.o.o.
M. Tita 129
HR-51410 Opatija
PIN: 59624272240

Smile Adria Italia S.r.l.
Via Giosuè Carducci 22
IT-34125 Trieste
PIN: IT04211200276

The Company reserves the right to transfer personal data within its business group, as well as to third parties, respecting the principle of an appropriate level of legal protection for the rights and freedoms of users.

The transfer of personal data is carried out if at least one of the following conditions is met:

  • The transfer is necessary for the performance of contractual obligations / services;
  • The transfer is necessary for the implementation of pre-contractual measures taken in response to the beneficiary’s request;
  • The transfer is necessary for the conclusion or execution of a contract concluded with a third party in the interest of the user;
  • The transfer is legally required based on important public interests;
  • The transfer is necessary for the establishment, exercise or defense of legal claims;
  • The transfer is necessary to protect the vital interests of the user;
  • The transfer is necessary for the connection of business processes within the business group.

In order to conduct business efficiently, it is necessary to transfer personal data from one of the companies listed above to another. In these cases, POLIKLINIKA SMILE d.o.o. is responsible for the protection of personal data transmitted.

Opatija, 7th of May 2018