Dental Esthetic Centar d.o.o., Nova Ves 7, 10 000 Zagreb, OIB: 48896095877 (hereinafter: DEC); in the capacity of Data controller of your personal information, uses and ensures security and safety of any information provided by the users of the web-site and when they use any of our other services, which particularly applies to processing personal information and rendering services.

Within this Policy, the Personal information means any information that refers to identified or identifiable natural person. In particular, personal information is any information that can be used to identify a user (i.e., first and last name, e-mail address, home address etc.).

Personal data processing is any action or series of actions performed on personal data, whether by automated means or otherwise, such as collecting, recording, organizing, storing, adjusting, modifying or retrieving the data, as well as by gaining insight into the data, using the data or disclosing the contained information through transmission, publishing or otherwise, as well as by sorting or combining, sorting deletion or destruction. The processing also can imply performing logical, mathematical and other operations on such data.

How we collect personal information

DEC collects your personal information, inter alia, in the following case

  • if you contact us directly through any website of the dental clinic Dental Esthetic Center (hereinafter “DEC”) with the purpose to request information about our services or if you are looking to receive cost estimate from us and you do it using our contact form or in any other way
  • if you buy our service directly
  • if you respond to our campaigns of direct marketing, where such response may be, inter alia, completing the contact form and providing data on our website
  • if we legally obtain such information from our partners
  • if you are under 16 years of age, please refrain from provision of any personal information without the consent of your parent or guardian

How your data can be used

Pursuant to applicable data protection regulation, personal information may only be used and processed if a lawful basis exists thereto. This policy specifies a lawful basis for each of our uses of personal information.

Lawful bases for data processing are, inter alia, legitimate interest, contractual obligation, legal basis and consent. On the grounds of DEC’s legitimate interests to promote and provide information about its services and to maintain the highest standards of sales of services provided, the personal information are processed for the purpose of promotion and delivery of information. The fundamental rights and freedoms of existing and potential clients are not disproportionally adversely affected by DEC’s pursuit of its lawful interests to process data for the stated purpose.

DEC will collect and/or store contact information and information about services performed and the warranties. We will also record, collect and store information concerning our services provided to you in your capacity as a client and/or patient. In general, such information will be used to process your warranty claims or to provide technical assistance.
Personal data may be transferred to third parties provided that there is a reasonable basis for the transfer, such as rendering a service or transport.

If you give your consent, DEC will use your personal information that you provided to promote its services, to inform you on updates and promotions, is used by direct marketing based on your personal information to inform you about the news and promotions in our offer, about special benefits related to certain purchases, presentations of new products or services, and our participation at fairs, conferences and other events.

You can withdraw your consent to direct marketing at any time. Also, any person may at any time give an objection to the processing of data for the above purpose.
DEC is subject to the laws and regulations of the Republic of Croatia, as well as to supranational regulations. DEC is committed to maintain full compliance with all applicable regulations at all times, which means that DEC will duly respond to any request from enforcement agencies, regulatory and judicial authorities from any jurisdiction where proceedings ae being conducted. Where permitted, we will directly inform you to that effect, unless this could affect prevention or detection of a breach of law.

Disclosing your personal information for the purpose of complying with requests for your information constitutes a legal obligation that depends on the specifics of that request.

How we keep your data safe

In order to protect and maintain the security, integrity, and availability of your data we employ various security measures, including encryption and authentication.

The measures we employ include:

  • access to your personal information is strictly limited on the “need-to-know” basis,
  • secure transfer of collected data,
  • firewalls on IT systems for the purpose of control of unauthorized access,
  • permanent monitoring of access to IT systems for detecting and preventing the misuse of personal data.

All your data is stored on our secure servers and secure servers from our partners and is accessed and used in accordance with our security policies and standards. Privacy protection of your data is continuous and DEC takes all the measures necessary for their protection. We process personal information in a safe way, including protection against unauthorized or unlawful processing and loss.

By registering or filling out a contact form on the website, you give us a specific agreement (consent) to process your personal information in the registration or contact form for a specific purpose, as well as the information available in the process of supplying documentation in the form of medical records and such. You must give specific consent for each of the purposes that DEC may list in the registration or contact form.

We undertake to safeguard the privacy of your personal data and to comply with the General Data Protection Regulation (679/2016), the Act on the Implementation of the General Data Protection Regulation (Official Gazette of the Republic of Croatia, No 42/2018) and other applicable regulations. Collected personal data of users and visitors of the website, as well as data pertaining to other patients or potential patients, must not and will not be used by us or by any third party without due authority to do so, unless such actions are based in a legal or contractual obligation.

We undertake not to misuse your personal information obtained in the course of your registration, collected by the use of contact form or by the cookies, nor will we forward such information to any third party without your consent, except in cases expressly provided for by the law, and in cases where it is necessary for compliance with our obligations. Personal information is any information that can be used to identify a user (i.e., first and last name, e-mail address, home address etc.), which information we use to respond to user's inquiries, collect statistical information and, where appropriate, send special promotions and newsletters, subject to obtaining specific consent.

All user information is stored securely and accessible only to employees who need that information for performance of their work duty. All DEC employees and business partners are responsible for upholding the principles of privacy protection. In order to further facilitate protection of your privacy, we undertake to collect only the personal information necessary for the purpose for which you gave your consent, the information required for pursuit of our legitimate interests and to comply with contractual or legal obligations. Data that is automatically recorded on the web page (IP address, domain name, browser type, number of visits, time spent on pages etc.) will be used exclusively for the purpose of evaluating the user visits and in order to improve its content and functionality as well as for statistical purposes.

DEC will inform the users on the manner of collected data use and will use the data for marketing campaigns only on the basis of specific consent. In the event of a change in any of the personal data (e.g., the place of residence, the delivery address etc.) which was recorded at the time of registration, the user is also required to make the change in the user information section of the website.

Pursuant to applicable national and supranational legislation, in order to protect the confidentiality of personal information, we expressly undertake (1) to handle your information lawfully and in good faith, (2) to collect data exclusively for specific and legitimate purposes, (3) not to forward the information to any third party without your prior consent, (4) not to forward personal data to countries outside the EU if that country does not provide an adequate level of data protection, (5) provide adequate, secure storage for data pertaining to your personal information in a way that does not exceed the purpose for which the data was collected and is being processed, (6) ensure accuracy of personal information, to ensure that the data is processed only to the necessary extent and within necessary time period, (7) take all necessary and appropriate technical and organizational measures to prevent the destruction, damage or loss of user’s personal information.

In the event that you no longer consent to processing of your personal data in any way or you wish the data to be deleted, corrected or transferred, please inform us via e-mail addressed to the Data Protection Officer's e-mail address: or phone number: +385 1 3535 - 405.

DEC may contact the user to verify the authenticity of the request.

A user who is a natural person may at any time request that DEC:

  • Enables access to the catalogues of personal data collection;
  • Confirms whether the data concerning the user is processed and enable the inspection of personal data contained in the personal data storage system and to copy them;
  • Transfers the personal information contained in the data storage system;
  • Provides a list of third parties to which the personal information have been transferred along with the time and the purpose of the transfer;
  • Provides information on the sources on which the records rely, and which personal information is contained in the storage and the methods used for their processing;
  • Provides information on the purpose of processing and the type of personal data being processed, as well as all necessary explanations in this regard;
  • Explains technical or logically-technical decision-making procedures if they are automated, by processing personal data.

DEC is obligated to keep the user's data indefinitely or until he/she makes a requests for its deletion, after which the personal data is deleted. DEC keeps personal data longer than the stated deadline only if it is binding by the applicable regulations in the Republic of Croatia or supranational legislation.

Personal data that is no longer required is irreversibly anonymised or destroyed in a safe way.

If the user has objections to the processing of his data by DEC, he may file his complaint to the competent state body in accordance with the General Regulation on the Protection of Personal Data and the Law on the Implementation of the General Data Protection Regulation.