Privacy policy.

1. Data controller

Poliklinika za stomatologiju i estetiku lica Ars Salutaris d.o.o., Otona Župančića 16, 10000 Zagreb, Croatia. Email: upiti@ars-salutaris.hr. Phone: +385 1 4095 250.

2. What data we collect

Through the lead form on this site we collect: first name, last name, email address, mobile phone number, the procedure you are interested in, and optionally a photo or X-ray you choose to upload. We also collect technical data automatically (IP address, browser type, pages visited) via first-party Vercel Analytics.

3. Why we collect it (purposes)

To prepare a written treatment quote, to schedule and coordinate your consultation, to send appointment reminders, and to respond to clinical questions you raise. We also use aggregate technical data to improve the website. We do not sell, rent, or share your personal data with third parties for marketing.

4. Legal basis (GDPR Art. 6)

Processing is based on (a) your explicit consent when you submit the lead form, (b) performance of a contract once a treatment agreement is signed, (c) our legitimate interest in operating the website securely, and (d) compliance with Croatian healthcare-record retention law.

5. Recipients and processors

We work with the following EU-based data processors: GoHighLevel (lead-form routing), Vercel (website hosting and first-party analytics), Google reCAPTCHA (spam protection on the form). All processors are bound by data-processing agreements under GDPR Art. 28. Patient clinical records remain on EU servers under Croatian healthcare-data law.

6. International transfers

Personal data stays within the European Economic Area. reCAPTCHA may briefly transmit IP data outside the EEA under standard contractual clauses.

7. Retention period

Lead-form data of patients who do not proceed to treatment is deleted after 6 months. Patient treatment records are retained for the period required by Croatian healthcare law (typically 10 years for adult patients). Aggregate analytics data is retained for 24 months.

8. Your rights

Under GDPR you have the right to access, correct, delete, port, or restrict processing of your data, and to withdraw consent at any time. To exercise any right, email upiti@ars-salutaris.hr. You may also file a complaint with the Croatian Personal Data Protection Agency (AZOP, azop.hr) or with the supervisory authority in your country of residence.

9. Cookies

This website uses a small number of cookies. See our cookie policy for the full list and opt-out instructions.

10. Changes to this policy

We will update this policy as our processing activities change. The current version is always available at this URL. Material changes will be communicated to patients with an active treatment agreement.

11. Contact

For any data-protection question, contact our Data Protection Officer at upiti@ars-salutaris.hr.

This is a draft template pending review by Croatian and EU data-protection counsel. It will be replaced with the lawyer-reviewed version before public launch.