Menu
 

General Data Protection Regulation (GDPR)

PRIVACY POLICY
ST. CATHERINE SPECIALTY HOSPITAL
DATA PROTECTION OFFICE

ABOUT PRIVACY POLICY

The company St. Catherine Specialty Hospital, with its headquarters in Zagreb at Ulica kneza Branimira 71E, entered in the court register of the Commercial Court in Zagreb under number (MBS) 080741338, OIB: 41170172944. (hereinafter: "St. Catherine Specialty Hospital") as a provider of services of the website https://www.stcatherine.com/ is committed to protecting the privacy of personal data.

St. Catherine Specialty Hospital is dedicated to protecting and respecting your privacy. Please read this Privacy Policy carefully to understand why and how St. Catherine Specialty Hospital collects your personal data and how it will be used. Regarding the personal data St. Catherine Specialty Hospital is the "Data Processing Officer", that is, the one who determines the needs for which and the means by which personal data is being processed.

This Privacy Policy explains how St. Catherine Specialty Hospital collects, uses and manages your personal data places on the website and which is available to St. Catherine Specialty Hospital by using the website https://www.stcatherine.com/

Accoridng to Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (Official Journal of the European Union L 119 , 4 May 2016, p. 1, hereinafter: "General Data Protection Regulation"), which has been in full force since May 25, 2018 in the Republic of Croatia and all member states of the European Union, as well as the Act on the implementation of the General Regulation on Data Protection (Official Gazette No. 42/18, hereinafter: "The Law"), i.e. in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union and the best European practice, the St. Catherine Specialty Hospital is, as the Data Protection Officer, processing data of users of its services, created this Privacy Policy.

The Privacy Policy is based on the following principles of personal data processing:

• the principle of legality, transparency and best practice;

• the principle of limited processing and reduction of the amount of data;

• the principle of accuracy and completeness of personal data;

• principle of limited storage;

• the principle of wholeness and confidentiality of data;

• the principle of responsibility;

• the principle of trust and fair processing;

• the principle of opportunity (purpose of processing); and

• the principle of processing in an unnamed (anonymized) form.

    This Privacy Policy applies to all services offered by St. Catherine Specialty Hospital , where the goal of the Privacy Policy is to familiarize you as a user with the procedures for processing your personal data and your rights in a clear and transparent manner. First of all, you as a user can at any time contact the St. Catherine Specialty Hospital with a request to change or supplement and/or update the data relating to you, as well as with a request for a statement about the purposes for which you want or do not want to your data is being processed. 

    If you would like to contact the St. Catherine Specialty Hospital regarding these Privacy Policy or regarding your personal data, please use the following contact information:

    St. Catherine Specialty Hospital

    Ulica Kneza Branimira 71E

    10,000 Zagreb

    OIB: 41170172944

    You can contact the Data Protection Officer at: dpo@svkatarina.hr

    HOW AND WHEN DOES ST. CATHERINE SPECIALTY HOSPITAL COLLECT YOUR PERSONAL DATA? 

    St. Catherine Specialty Hospital collects your personal data when it is necessary to meet your needs as a user of the service or for the business needs of St. Catherine Specialty Hospital:

    a) at the moment you access the website https://www.stcatherine.com/, St. Catherine Specialty Hospital will collect your IP address, which is also considered personal data;

      b)   situations in which St. Catherine Specialty Hospital collects other types of data such as (i) date and time of access to the website, (ii) information about the hardware, software or Internet browser you use, as well as about (iii) the operating system of your compute, app version and your language settings. St. Catherine Specialty Hospital may collect information about clicks and your access to the website https://www.stcaherine.com/;

      c)   during the procedure of making an appointment on the website, St. Catherine Specialty Hospital will request the provision of certain information (personal data), such as name and surname, e-mail address and telephone number;

      d)   when you give your consent on the website https://www.stcatherine.com/ to receive newsletters or other information about special benefits for patients, discounts, promotions and news within the St. Catherine Specialty Hospital. As the processing manager, St. Catherine Specialty Hospital will ask you to enter personal data such as e-mail address, first and last name, and phone number. The legal basis for processing this data is consent. So, when you sign up to receive notifications about special benefits for patients, discounts, promotions and news within the St. Catherine Specialty Hospital, by entering your data on the website https://www.stcatherine.com/,  you give your consent to the processing of your personal data. You can withdraw your consent at any time by sending a notification to the e-mail address of the Personal Data Protection Officer dpo@svkatarina.hr,

      e) when you contact the customer service of the St. Catherine Specialty Hospital and ask for help or ask a question in order for St. Catherine Specialty Hospital to realize one of your rights guaranteed by current regulations;

      f) when you make an appointment through the virtual clinic, we will process your personal data such as name, surname, test results and diagnosis that you upload to the site, bank card data required to pay for the service;

      g) when you contact the St. Catherine Specialty Hospital via social networks, St. Catherine Specialty Hospital collects the data you have made available when making inquiries or requests;

      h) when you make any inquiry related to the service offer, St. Catherine Specialty Hospital will process your contacts and/or other data that you submit when sending the inquiry. This data includes basic data (name and surname, e-mail address), as well as the interests of potential service users who contact the Data Controller with the desire to be informed and/or offered a specific healthcare service.

      i) at the time of performing the requested professional service, which includes data management, sending communications related to the performance of the requested service and possibly managing the procedures for compensation for professional services, St. Catherine Specialty Hospital processes your health data;

      j) when there is an obligation to communicate data for reasons of public interest in the public health sector, St. Catherine Specialty Hospital may process and share your personal data, including your health data;

      k) when you submit a request for a copy of the medical documentation;

      l) when you complain about the quality, content and type of health service provided;

      m) when you contact the St. Catherine Specialty Hospital by phone, we process personal data by recording phone calls.

      The above-mentioned specific categories of your personal data are collected by St. Catherine Specialty Hospital either on the basis of the consent shown to you when you come to the website https://www.stcatherine.com/ via a pop-up window, or on the basis of legitimate interest (for example, in cases where it is about cookies that are necessary for the functioning of the website https://www.stcatherine.com/ or when St. Catherine Specialty Hospital sends you some interesting notifications as a user), or in order for St. Catherine Specialty Hospital to fulfill its obligations arising from valid regulations of the Republic of Croatia.

      At the time of performing the requested professional service St. Catherine Specialty Hospital processes your health data based on Article 9, paragraph 2, point (h): processing is necessary for the purpose of preventive medicine or occupational medicine for the purpose of assessing the employee's work capacity, medical diagnosis, providing healthcare or social care, or treatment or management of health or social systems and services on the basis of Union Law or the Law of a Member State or in accordance with a contract with a healthcare worker.

      When there is an obligation to communicate data for reasons of public interest in the public health sector, St. Catherine Specialty Hospital processes your personal data, including health data, on the basis of Article 9, paragraph 2, point (i): processing is necessary for reasons of public interest in the area of public health.

      If the processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent must be notified to the Data Protection Officer by e-mail: dop@visioncompliance.eu or at Ulica Republike Austrije 23, 10 000 Zagreb. Such withdrawal will not affect the lawfulness of processing based on consent prior to its withdrawal.

      Please pay attention to the mandatory scope of data that St. Catherine Specialty Hospital requests from you, because in the event that the user does not provide the required information that is determined as mandatory in order to perform the requested or expected activity for them, such a user will unfortunately not be allowed to participate in it, because without the required data, the activity will be technically unfeasible.

      St. Catherine Specialty Hospital does not collect information about children. If St. Catherine Specialty Hospital becomes convinced that such data has been transmitted without the consent of parents or guardians of children under 16 years of age, St. Catherine Specialty Hospital will remove them without delay. Minors under the age of 16 can not use the website https://www.stcatherine.com/ for the purpose of making an appointment.   

      WHAT DATA AND FOR WHAT PURPOSE DOES THE ST. CATHERINE SPECIALTY HOSPITAL COLLECT DIRECTLY FROM YOU?

      Typical categories of data that St. Catherine Specialty Hospital collects from users are the following: name, surname, e-mail address, phone number and other information that you provide when filling out the form on the website https://www.stcatherine.com/ or when you communicate with St. Catherine Specialty Hospital by phone or e-mail. 

      St. Catherine Specialty Hospital also collects the user's personal health data: hospital record, registration number of the insured person (MBO), insurance information (category of insurance, regional office of the HZZO, country of insurance, supplementary insurance card number, EU health insurance card number, if applicable), data on health status and treatment, diagnosis (referral/final) and necessary parameters needed for performing particular health care services (height, weight, allergies, blood type, RH factor, etc.), physicians data (referred specialist's code/referred health care institution code/code of the doctor who treated the patient), medical documentation, work injury number (if applicable).

      The St. Catherine Specialty Hospital collects your personal data for:

      • performance of the service, fulfillment of the contract or other way of ensuring the provision of the requested service;

      • use of all services on the website https://www.stcatherine.com/

      • responding to your inquiry and processing your requests as efficiently as possible;

      • statistical data processing;

      • sending materials, offers and contacting;

      • improvements in the quality of content, functionality and services;

      • possible communication of data for reasons of public interest in the public healthcare sector;

      • internal purposes: The Data Protection Officer uses certain data of service users exclusively for the needs of its own records, for the purpose of protecting the legitimate interests of service users and/or St. Catherine Specialty Hospital. For example, the aforementioned includes the use of personal data for the purpose of creating offers that meet the needs and wishes of service users, market research and analysis;

      • collecting data on potential service users.

        We collect the following data directly from service users for the purpose of providing health services. The user of the service is obliged to submit to the Data Protection Officer the following information via a form, which is necessary for the provision of individual healthcare services from registered activities. By filling out the form, users confirm that their data is correct. The form collects the following personal data:

        a) name and surname;

        b) address;

        c) personal identification number (OIB) or registration number of the insured person (MBO)

        d) date of birth;

        e) gender;

        f) telephone and/or cell phone number;

        g) e-mail contact information (e-mail address);

        h) medical data

        i) bank account data or credit card number for the purposes of regulating the payment obligation;

          St. Catherine Specialty Hospital collects personal data from other sources and cooperating institutions. Personal data of patients - insured persons of the HZZO using health care based on a referral (based on the Acts of the HZZO, regulations controlled by CEZIH and the mandatory legal relationship on the implementation of health care with HZZO) are being forwarded, depending on the functionality, through CEZIH (medical records on the performed health service) and certain personal data for the purpose of accounting to the HZZO.

          St. Catherine Specialty Hospital collects personal data of people who contact the Company by phone. St. Catherine Specialty Hospital records phone conversations, and users are informed that the phone conversation is being recorded. St. Catherine Specialty Hospital does not share recordings of conversations with third parties, and only responsible persons employed in the Company have access to the recordings.

          WHAT PRIVACY RIGHTS DO YOU HAVE?

          Please note that at any time you have the right to request the following from the St. Catherine Specialty Hospital:

          • Access to your personal data

          You can ask St. Catherine Specialty Hospital which of your personal data it uses, and you can also request access to this personal data. You have the right to know the purpose of processing, which categories of your personal data are stored, the bodies or categories of bodies with which your personal data is shared, the retention period of your personal data, as well as the source of the data in case the data is collected indirectly.

          You can contact St. Catherine Specialty Hospital if you want a copy of some or all of the personal data it keeps about you.

          • Request the correction of incorrect data

          You can ask St. Catherine Specialty Hospital to stop processing or even delete your personal data. If your personal data is needed by St. Catherine Specialty Hospital to perform some contractual obligation towards you, St. Catherine Specialty Hospital could cease to be able to perform such contractual obligations. Also, if your personal data is necessary to fulfill certain legal obligations (e.g. tax obligations), your request may not be fulfilled. 

          • Limit the access to your personal data (to St. Catherine Specialty Hospital and/or third parties) in certain processes or completely

          If you want to dispute the accuracy of the data, or St. Catherine Specialty Hospital no longer needs your personal data for the purpose of processing, but you need them for the establishment, execution or processing of legal requests, or you objected to the processing on grounds that the St. Catherine Specialty Hospital considers legitimate, you have the right to request restriction of personal data processing.

          • Submit a complaint about the way St. Catherine Specialty Hospital uses your personal data

          Remember that you have the right to object to the processing of personal data based on a legal basis that St. Catherine Specialty Hospital considers legitimate.

          • Request the transfer of personal data to another processor (transferability of rights)

          If the processing is based on your consent or is carried out by automatic means, you have the right to ask St. Catherine Specialty Hospital to transfer data to another processor.

          In order to achieve any of the above rights, please use the contact information provided at the beginning of the Privacy Policy.

          If you believe that your rights are not being respected, you have the right to file a complaint with the Personal Data Protection Agency.

          WHERE IS YOUR PERSONAL DATA STORED?

          The personal data that St. Catherine Specialty Hospital collects about you is stored in a secure environment. Your personal data is protected from unauthorized access, disclosure, use, alteration or destruction by any organization or individual. The website was created in accordance with PCI standards, and the collected data is in electronic form and protected by an [SSL certificate that encrypts the data], thus ensuring that communication between the customer's or user's computer and St. Catherine Specialty Hospital takes place using a secure protocol. St. Catherine Specialty Hospital takes data protection seriously and takes various precautions to protect personal data.

          The processed data is stored in the premises and IT systems of the St. Catherine Specialty Hospital.

          St. Catherine Specialty Hospital will ensure that personal data is kept in a secure place (which includes reasonable administrative, technical and physical protection to prevent unauthorized use, access, disclosure, copying or modification of personal data), which can only be accessed by authorized persons. All authorized persons sign a confidentiality statement.

          Data collected for the purposes specified in this Privacy Policy will be stored only for as long as is necessary to fulfill the specified purposes. Your personal data will not be stored in a form that allows you to be identified for longer than St. Catherine Specialty Hospital reasonably considers necessary to achieve the purpose for which it was collected or processed. St. Catherine Specialty Hospital will store certain personal data for the time period prescribed by the law or regulation that obliges St. Catherine Specialty Hospital to store data (more under ˝How long will St. Catherine Specialty Hospital keep your personal data? ˝). 

          In case that you have given your consent to the St. Catherine Specialty Hospital (for example, you have subscribed to the newsletter, selected a certain category of cookies to use), your personal data will be processed by St. Catherine Specialty Hospital until you withdraw your consent. If you declare a well-founded objection to the processing of personal data based on legitimate interest, St. Catherine Specialty Hospital will not process your personal data in the future.

          In addition to all of the above, it is important to highlight the following; if judicial, administrative or extrajudicial proceedings have been initiated, personal data may be stored until the end of such proceedings, including the possible period for filing legal remedies.

          DOES ST. CATHERINE SPECIALTY HOSPITAL SHARE DATA WITH THIRD PARTIES?

          Hospital will never share your personal data with third parties, except for the purposes described in this Privacy Policy. St. Catherine Specialty Hospital will always inform you about the sharing and transferring of data.

          St. Catherine Specialty Hospital cooperates with other companies. This means that it sometimes shares your personal data, using secure IT systems. In this case, the data is transferred to servers located in the EU or in a country that provides an adequate level of protection in accordance with EU legislation.

          In some cases, partners of St. Catherine Specialty Hospital who provide services on behalf of or at the expense of St. Catherine Specialty Hospital may process your data outside the European Union. However, the contracts that St. Catherine Specialty Hospital enters into with such entities oblige them to handle your data with special security measures in accordance with the regulations in force in the member states of the European Union. In the case of data transfer to the USA, the St. Catherine Specialty Hospital will ask for your permission in view of the consequences of the ˝Schrems II˝ verdict and the declaration of the Privacy Shield as invalid. Also, if the contractual partner of St. Catherine Specialty Hospital is based in the USA, St. Catherine Specialty Hospital will revise the existing contracts and check the security standards guaranteed by its partner in order to ensure the protection of all subjects with the latest standards approved and suggested by the competent institutions.  

          The purposes for which St. Catherine Specialty Hospital shares data with trusted partners are, for example, marketing needs, maintenance of the website https://www.stcatherine.com/ and other services. These service providers are obliged, according to the relevant contracts, to use the data entrusted to them only in accordance with the guidelines and exclusively for the purpose strictly determined by St. Catherine Specialty Hospital. Also, St. Catherine Specialty Hospital obliges them to adequately protect your data and to consider it a business secret.

          The St. Catherine Specialty Hospital will communicate personal data related to the health of the respondent only to the respondent and to persons expressly specified by the respondent.

          Personal data related to the health of the respondents will be communicated by the St. Catherine Specialty Hospital to the following categories of subjects:

          • public or private bodies for reimbursement of medical expenses;

          • health authorities, if prescribed by law;

          • to other specialists for advice necessary to perform the requested health service;

          • to a deputy doctor or associate.

            St. Catherine Specialty Hospital may share data related to the health of respondents for reasons of public interest in the public health sector.

            Based on your consent, we can pass on the personal data of users (medical documentation) - insured persons of voluntary health insurance of insurance companies to insurance companies of which you are the insured for the purpose of performing the contractual relationship and accounting for the performed health services to the insurers.

            Personal data may be forwarded to cooperating healthcare institutions with which the Data Protection Officer has a contractual relationship for the purposes of performing part of the service (for example, individual laboratory tests, PHD analysis, etc.), and in order to fully perform the requested healthcare service. The same cooperating institutions are themselves subject to and obliged to keep personal data according to the Personal Data Protection Regulation (GDPR).

            HOW LONG WILL ST. CATHERINE SPECIALTY HOSPITAL KEEP YOUR PERSONAL DATA?

            St. Catherine Specialty Hospital will not keep your personal data longer than the period for which the data is necessary to fulfill the purpose of their use, and for a maximum period of 3 years, except in exceptional cases when a longer data retention period is prescribed by Law (for example, data related to the exercise of your privacy rights will be kept permanently, account information will be kept for 11 years, while medical data will be kept for 10 years from the end of the treatment).

            You can find out more about data retention periods by contacting the Data Protection Officer of the St. Catherine Specialty Hospital at the e-mail address dpo@svkatarina.hr.

            FOR WHAT PURPOSES WILL ST. CATHERINE SPECIALTY HOSPITAL USE YOUR PERSONAL DATA?

            St. Catherine Specialty Hospital may use your personal data in several different ways, mainly to fulfill its legal and other obligations towards you, but sometimes also to improve your experience using the website https://www.stcatherine.com/ and for security reasons.

            The purposes for which St. Catherine Specialty Hospital uses your personal data are described in these Privacy Policy, and if your data will be processed for other purposes, you will be notified before such (new) processing is carried out.

            Newsletter

            St. Catherine Specialty Hospital wants to send you information about special benefits for patients, discounts, promotions, news within St. Catherine Specialty Hospital or for educational purposes. Please note that you can opt-out of receiving them at any time using your rights set out in this Privacy Policy. To sign up for the newsletter, St. Catherine Specialty Hospital collects and processes the following personal data: name and surname, e-mail address and phone number.

            St. Catherine Specialty Hospital may use the contact information of the service user whose personal data it already owns, based on a legitimate interest to send promotional notices about all the information and services it provides, using all available channels for promotion, unless the service user objects to such processing.

            Cookies

            In order to maintain the website and ensure that its functionality is at the expected level, St. Catherine Specialty Hospital uses technology known as "cookies".

            Cookies are small files that are sent to your computer and that St. Catherine Specialty Hospital can access later. They can be temporary or permanent. Thanks to cookies, you can easily search the website of the St. Catherine Specialty Hospital. Cookies show what interests you and other visitors to the website, which helps to improve the website.

            Read more about cookies in the Cookie Policy. 

            Other websites

            This Privacy Policy only applies to the use and data use that St. Catherine Specialty Hospital collects from users (respondents). Other websites that can be accessed through the website https://www.stcatherine.com/ have their own statements on confidentiality and data collection, and the ways of their use and publication.

            St. Catherine Specialty Hospital is not responsible for the ways and conditions of work of third parties.

            St. Catherine Specialty Hospital collects and processes personal data through user interactions on social networks such as Facebook, Instagram, YouTube, LinkedIn, Twitter and TikTok. St. Catherine Specialty Hospital, i.e. responsible persons appointed by St. Catherine Specialty Hospital, have access to messages and/or posts on the mentioned social networks, however, personal data collected through them, especially those contained in messages, are not stored or additionally processed by the St. Catherine Specialty Hospital, except for the purposes specified in these Privacy Policy.

            St. Catherine Specialty Hospital uses a business profile using the services of Facebook, YouTube, Instagram, LinkedIn, Twitter and TikTok. You can look about their Privacy Policy, i.e. confidentiality statements, as well as the way they use your personal data, at:

            FACEBOOK ONLINE

            https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

            YOUTUBE ONLINE

            https://www.youtube.com/howyoutubeworks/policies/community-guidelines/

            INSTAGRAM ONLINE

            https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

            LinkedIn

            https://www.linkedin.com/legal/privacy-policy

            Twitter

            https://twitter.com/en/privacy   

            TikTok

            https://www.tiktok.com/legal/page/eea/privacy-policy/en

            In case you have questions regarding the collection and processing of data by Facebook, YouTube, Instagram, LinkedIn, Twitter and/or TikTok, or wish to exercise any of your rights guaranteed by the General Data Protection Regulation, contact:

            FOR FACEBOOK:

            Contact of the Data Protection Officer:

            https://www.facebook.com/help/contact/540977946302970

            If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority of Facebook, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

            FOR YOOTUBE:

            Contact of the Data Protection Officer:

            https://cloud.google.com/contact

            If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority of YouTube, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

            FOR INSTAGRAM:

            Contact of the Data Protection Officer:

            https://www.facebook.com/help/contact/540977946302970

            If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority of Instagram, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

            FOR LinkedIn:

            Contact of the Data Protection Officer:

            https://www.linkedin.com/help/linkedin/ask/TSO-DPO

            If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority of LinkedIn, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

            FOR Twitter:

            Contact of the Data Protection Officer:

            https://twitter.com/en/privacy#x-privacy-9.1

            If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority of Twitter, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

            FOR TikTok:

            Contact of the Data Protection Officer:

            https://www.tiktok.com/legal/report/DPO

            If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority of TokTok, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

            ENTRY INTO FORCE AND PRIVACY POLICY CHANGES 

            These Privacy Policy enter into force upon publication on the website https://www.stcatherine.com/ 

            St. Catherine Specialty Hospital reserves the right to amend the Privacy Policy, and the same will be published on the website.

            Eu Logo
            ESIF Logo
            Hamag-Bicro Logo
            europski strukturni i investicijski fondovi
            Privacy policy | Cookie Declaration | Sitemap