Privacy Policy


In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (Official Journal of the European Union L 119 , 4.5.2016, page 1, hereinafter: General Regulation on Data Protection), which is in full application from 25 May 2018 in the Republic of Croatia and all EU Member States, as well as the Law on Implementation General Regulation on Data Protection (Official Gazette No. 42/18, hereinafter: the Act) or in accordance with the legal framework for personal data protection in the Republic of Croatia and the European Union and European best practice, ASEF Health, Established in Croatia, Radnička cesta 75, HR-10000 Zagreb (hereinafter: “ASEF Health”), as the Data Controller of users of its services and customers, has developed this Privacy Policy.

This Privacy Policy ("Policy") explains how ASEF Health (Data Controller) collects, uses and manages your personal data that is located on the web site

This Privacy Policy applies to all services offered by ASEF Health, with the aim of the rules in a clear and transparent way to acquaint our visitors, partners and users of our services (hereinafter: Data Subjects) with the processing of their personal data and their rights.

ASEF Health is dedicated to respecting and protection of your privacy. Regarding the data we collect, ASEF Health is a Data Controller, that is, the one that determines the purposes, needs and means for which personal data is processed.

ASEF Health as a website service provider is committed to protecting the privacy of personal information.

If you wish to contact us regarding this Policy or regarding your personal data, please use the following contact information:

ASEF Health
Radnička cesta 75, 10000 Zagreb, Hrvatska

Data Protection Officer:
Presido d.o.o., Ulica Republike Austrije 23, 10000 Zagreb,

How and when do we collect your personal data?

We collect your personal information when necessary to meet your needs and requirements, perform services or for the purposes of our business:

a) when you access the page, we will also collect your IP address, which is also considered personal data,

b) situations in which we collect other types of data such as the date and time of access to the page, information about the hardware, software or Internet browser you use, as well as about the operating system of your computer and the version of the application and your language settings. We may collect information about the clicks and your access to the page displayed to you,

c) when you contact us and ask for help or ask a question in order to exercise one of your rights guaranteed by applicable regulations,

d) when you send us a request/inquiry for data and services of ASEF Health, we will process your contacts and/or other data that you provide when sending an inquiry,

e) if you want to send a job application, we will process data such as your name, surname, age, title, occupation, work experience, contact phone number and other data contained in your application,

We collect the above specific categories of your personal data either on the basis of the consent obtained when you visit through a pop-up window, or based on our legitimate interest (for example, in cases where cookies are necessary for the functioning

If the processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent must be notified to the data controller at e-mail: or at the following addresses: Radnička cesta 75, 10000 Zagreb or Ulica Republike Austrije 23, 10000 Zagreb. Such withdrawal will not affect the lawfulness of processing based on consent prior to its withdrawal.

Please pay attention to the mandatory scope of data that we are asking you for, because in the event that you do not provide the required information that is determined as mandatory in order to carry out the requested or expected activity for you, unfortunately, you will not be allowed to participate in the same, without the requested data, the activity will not be technically feasible.

What data and for what purpose do we collect directly from you?

Typical categories of data that we collect from users are the following: first name, last name, e-mail address, telephone.

We collect your personal data for:

  • performance of the service, fulfillment of the contract or other means of ensuring the provision of the requested service
  • of using all services on the website
  • to respond to your inquiry and process your requests as efficiently as possible
  • statistical data processing
  • improving the quality of content, functionality and services

What privacy rights do you have?

Please note that at any time you have the right to request the following from ASEF Health:

Access to your personal data

You can ask ASEF Health which of your personal data it uses, and you can also request access to this personal data. You have the right to know the purpose of the processing, which categories of your personal data we keep, the organizations or categories of organizations with which we share your personal data, the data retention period, as well as the source of the data in case the data is collected indirectly.

You can contact us if you want a copy of some or all of the personal data we keep about you.

Correction of incorrect data

We want your personal information to be accurate and up-to-date. You can ask us to correct or remove information that you think is inaccurate or out of date.

Deletion of personal data

You can ask ASEF Health to stop processing or even delete your personal data. If we need your personal data to perform some contractual obligation towards you, ASEF Health could cease to be able to perform such contractual obligations. Also, if your personal data is necessary to fulfill certain legal obligations (e.g., tax obligations), your request may not be fulfilled.

Limiting access to your data (to us and/or third parties) in certain processes or completely

If you want to dispute the accuracy of the data, or we no longer need personal data for the purpose of processing, but you need them for the establishment, execution or processing of legal requirements, or you objected to the processing on a basis that we consider legitimate, you have the right to request the restriction of the processing of personal data.

Object to our use of your data

Remember that you have the right to object to the processing of personal data based on a legal basis that ASEF Health considers legitimate.

Request the transfer of data to another processor (transferability of rights)

If the processing is based on your consent or is done by automatic means, you have the right to ask ASEF Health to transfer the data to another processor.

In order to exercise any of the above rights, please use the contact information provided at the beginning of this Privacy Policy.

If you believe that your rights are not being respected, you have the right to file a complaint with your local data protection authority according to your country of residence.

Where is your personal information stored?

We store the personal data we collect about you in a secure environment. Your personal information is protected from unauthorized access, disclosure, use, alteration or destruction by any organization or individual.

The processed data is stored in our premises and secure IT systems, but sometimes we store the data on the servers of our trusted service providers located in the EU.

ASEF Health will ensure that personal data is kept in a secure location (which includes reasonable administrative, technical and physical protection to prevent unauthorized use, access, disclosure, copying or modification of personal data), which can only be accessed by authorized persons. All authorized persons have signed a confidentiality statement.

Data collected for the purposes specified in these rules will be stored only for as long as is necessary to fulfill the specified purposes. Your personal data will not be stored in a form that allows you to be identified for longer than ASEF Health reasonably considers necessary to achieve the purpose for which it was collected or processed. ASEF Health will store certain personal data for the period prescribed by the law or the regulation that obliges ASEF Health to store data (more under “How long will ASEF Health keep your personal data?”).

In the event that you have given us your consent (for example, selected a certain category of cookies to use), we will process your personal data until you withdraw your consent. If you declare a well-founded objection to the processing of personal data based on a legitimate interest, we will not process your personal data in the future.

In addition to all the above, it is important to point out the following; if judicial, administrative or extrajudicial proceedings have been initiated, personal data may be stored until the end of such proceedings, including the possible period for filing legal remedies.

Does ARSANO MEDICAL GROUP exchange data with third parties?

Privacy protection is important to us, so we will never share your personal information with third parties except for the purposes described in this policy. We will always inform you about the sharing and transfer of data.

ARSANO MEDICAL GROUP is the largest group of private healthcare institutions in Croatia.

Regarding the growth and development of ARSANO MEDICAL GROUP, and all in order to provide our clients with the widest possible range of health services, it is possible that other private health institutions will join ASEF Health, of which we will timely inform you.

With whom do we process your data as joint controllers?

In addition to ASEF Health, Radnička cesta 75, 10 000 Zagreb, the following is information on joint data controllers (members of ARSANO MEDICAL GROUP) who have agreed that, in terms of carrying out business activities, they will jointly decide on the purposes and methods of processing the personal data of their respondents and will therefore be jointly responsible in accordance with Article 26, paragraph 1 of the General Data Protection Regulation in relation to the processing of which the purposes and method of processing are jointly decided by:

  • Polyclinic for Radiology and Neurology Dijagnostika 2000, Martićeva ulica 63A, 10000 Zagreb, OIB: 82332911055,
  • Polyclinic Aviva, Trpinjska ulica 7, 10000 Zagreb, OIB: 01916835772,
  • Special Hospital Dr. Nemec, Dalmatinskih brigada 30A, 51211 Matulji, OIB: 33728852158,
  • Special Hospital Arithera, Bukovačka cesta 1, 10000 Zagreb, OIB: 56449003085,
  • Polyclinic Uro centar, Ulica Vjekoslava Heinzela 20, 10000 Zagreb, OIB: 66095616969,
  • Arsano Medical d.o.o., Ilica 1a, 10000 Zagreb, OIB: 85122341604,

The categories of subjects whose data are jointly processed are:

  • Employees
  • Patients of joint controllers
  • Employees and responsible persons of third parties, contractual partners, clients
  • Advisors, associates and other professional experts

Purposes of data processing that are exchanged:

  • more efficient record keeping and patient care
  • implementation of revised technical, security and organizational data protection measures of the Agreement Parties
  • provision of health care in accordance with the business conditions of the Parties to the Agreement
  • enabling the procedure for calculating fees for work performed and fulfilling legal obligations and for the purpose of fulfilling rights and obligations between the Agreement Parties or on behalf of an individual Agreement Party
  • collection and processing of data for the purpose of co-organization of the common part of the business
  • sharing and processing of data related to the joint provision of a wider range of services to third parties.

When we share your personal data, we use secure IT systems. When we act in this way, the data is transferred to servers located in the EU or in a country that provides an adequate level of protection in accordance with EU legislation.

In some cases, our partners who provide services on behalf of or on behalf of ASEF Health may process your data outside the European Union. However, the contracts we conclude with such entities oblige them to handle your data with special security measures in accordance with the regulations in force in the member states of the European Union.

On 10 July 2023, the European Commission adopted a new adequacy decision under which personal data can be freely transferred from the European Union to companies in the US participating in the Data Privacy Framework.

The adequacy decision is based on Article 45 of the General Data Protection Regulation. The General Data Protection Regulation (GDPR) is a mechanism that ensures the secure and lawful transfer of data to third countries. Companies in the U.S. that wish to participate in the Data Protection Framework must undergo a self-certification process and enrol in the list of companies that have accessed the Data Privacy Framework.

Also, if our contract partner is based in the US, we will review existing contracts and check the security standards that our partner guarantees to ensure the protection of all our data subjects with the latest standards approved and suggested by the relevant institutions.

The purposes for which we share data with our trusted partners are, for example, marketing needs, website maintenance, fulfillment of contractual and legal obligations and others. These service providers are obliged, according to the relevant contracts, to use the data entrusted to them only in accordance with our guidelines and exclusively for the purpose that we have strictly determined. We also oblige them to adequately protect your data and to consider it a business secret.

Once a year, we conduct an audit of all our partners so that they know that the protection of your personal data is still at the required level and that it is in accordance with the applicable regulations.

How long will ASEF Health keep your personal data?

ASEF Health will not keep your personal data longer than the period for which the data is necessary to fulfill the purpose of its use.

You can find out more about data retention periods by contacting our data protection officer.

What will we use your data for?

We may use your personal information in several different ways, mainly to fulfill our legal and other obligations to you, but sometimes to improve your experience of using the website and for security reasons.

The purposes for which we use your data are described in these rules, and if your data is processed for other purposes, you will be notified before such (new) processing is carried out.


To maintain the website and ensure that its functionality is uncompromised ASEF Health uses the technology known as "cookies".

Cookies are small files that we send to your computer and can access them later. They can be temporary or permanent. Thanks to cookies, you can browse our pages without difficulty. Cookies show us what interests you and other visitors to our website, which helps us improve it.

Read more about cookies in the Cookie Policy.

Other websites

Other websites that can be accessed via the website have their own declarations on confidentiality and data collection, as well as ways of using and publishing them.

ASEF Health is not responsible for the methods and conditions of functioning of third parties.

ASEF Health collects and processes personal information through user interactions on social networks such as LinkedIn. ASEF Health or authorised persons appointed by ASEF Health have access to messages and/or posts on the mentioned social networks, however personal data collected through them, especially those contained in messages, is not stored, and further processed by ASEF Health except for the purposes specified in this Policy.

ASEF Health uses a business profile within the services of LinkedIn and you can view their Privacy Policy or Privacy Statements as well as the way they use your personal data at:


LinkedIn Ireland Unlimited Company, Wilton Plaza,
Wilton Place, Dublin 2, Ireland

Contact of the Data Protection Officer:

If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority for LinkedIn Ireland, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

Entry into force and changes to the privacy policy

These Rules enter into force upon publication on the website.

ASEF Health reserves the right to amend the Privacy Policy and revisions will be published on the website.