top of page

Data protection

Polyclinic Bicakcic respects the privacy of visitors to its website and provides its Statement on data privacy protection on the website. This Privacy Statement on the website applies only to the functioning of the website owned by Poliklinika Bicakcic, which provides a direct link to this Statement when you click on the "Data Protection Statement" at the foot of the website.

With this Statement, we confirm that the collection, storage and transfer of personal data is carried out in accordance with the provisions of the Personal Data Protection Act, which regulate the protection of personal data, their transfer and prevention of unauthorized access and use of personal data. Please read this Statement carefully in order to fully understand our position and practices regarding your personal data and how we treat it.

If you have additional questions about how we handle your data, please contact us at



We may collect your personal data in the following ways:

  • We may collect and store personal data that you enter when you fill out forms on our website, such as sending inquiries, requests to send offers, and the like.

  • If you contact us, we may collect and keep records of such correspondence, including any personal information you provide in the course of the correspondence.

  • We may collect and store personal data that you have provided to us as part of surveys that we have asked you to complete, although you are not obliged to answer them.

  • We may collect and store personal data related to your visit to our websites, such as traffic data, location data and other communication data for our own security, diagnostic purposes, authentication and billing and invoicing.

We store the personal data we collect on our own servers in our own data center in BIH. However, we may share this data with third parties with whom we cooperate in business for the purpose of fulfilling the contract for the provision of services to you, and who may be located outside the European Economic Area.

By sending your personal data, you consent to the processing of that data outside the European Economic Area. We will take all necessary steps to ensure that all personal data, regardless of where it is processed, is secure and treated in accordance with this Data Protection Statement and the GDPR.




Regulations on the protection of personal data govern the assumptions under which personal data can be collected and which we use as the legal basis for collection and processing. Those legal bases are as follows.

Execution of contractual obligations
When you contract for the provision of some of our services or the delivery of some of our products, we must collect personal data from you in order to fulfill our contractual obligations (for example, to issue invoices for services).

Compliance with legal obligations
The regulations in force in the Republic of Croatia oblige us to collect and process data for certain purposes, such as accounting purposes (e.g. issuing invoices) and submitting data in accordance with the requirements of judicial authorities.

Legitimate interests
As part of our daily business, we collect data for legitimate interests in a reasonable manner. For example, we collect and record IP addresses for fraud protection and security protection, as well as to analyze the use of our website.

In some cases, we may collect and process personal data with your consent, for example when sending our newsletter and promotional e-mail messages. You can withdraw your consent to receive them at any time.



We pay the greatest possible attention to the security of all data and take all appropriate steps in accordance with the regulations on the protection of personal data that are valid in the Republic of Croatia.

  • The collection of all personal data is carried out via an encrypted connection (https).

  • All personal data is stored behind a firewall in accordance with the highest IT standards, which is taken care of by our staff specialized in information security.

  • Physical access to all personal data is protected according to appropriate standards.

  • There are access logs for all systems that store personal data.

  • All passwords are encrypted at rest.

  • Penetration tests are regularly performed on all systems and they are constantly monitored to detect possible vulnerabilities and attacks.

We use the personal data we collect about you to:

  • verification of your identity

  • delivery of products and provision of services that you have contracted with us

  • fulfilling our obligations arising from the contract you entered into with us

  • displaying web page content in the most efficient way on your device

  • responding to your inquiries

  • providing information, delivering products and providing services that you request from us, in cases where you have given your consent for us to contact you

  • sending notifications about changes related to our services

  • sending promotional e-mail messages, in cases where you have given your express consent

  • fraud prevention

  • detecting, preventing and diagnosing potential security breaches.


We only keep your data for as long as is necessary to fulfill the purpose for which it was collected. At the end of the retention period, we will either delete or anonymize personal data so that they can no longer be linked to anyone.

We may place links on our website to the websites of our business partners. If you follow that link to any of those websites, please note that their own privacy policies apply to those websites and that the Croatian Laryngectomized Community has no responsibility for those policies. Please review such rules before entering or submitting your personal information on those websites.



We collect data about IP addresses for security reasons (prevention of DDoS attacks, hacking, fraud, etc.), for the purposes of diagnostics and statistical analysis of traffic in order to improve the quality and usability of our services. In accordance with the GDPR, we collect this information for the purposes of our legitimate interests as a controller.

A cookie is a small file stored on your computer that is used to store your preferences and other information, and which is used by the websites you visit. We use cookies for:

  • user authentication when logging in or logging out of interfaces related to our services

  • analysis of traffic to our website using the Google Analytics tool (see below Google Analytics)

  • tracking preferences related to websites.


If you enter into a contract with us on the provision of services or continue to use our website, you give your consent to the use of cookies. You can block cookies by activating the settings in your Internet browser that allow you to refuse the installation of all or some cookies. However, if you set your internet browser settings to block all cookies, you may not be allowed access to all or some parts of our website. If you do not set your internet browser settings to reject cookies, our system will send cookies as soon as you visit our website.


Like many other websites, we use Google Analytics to collect anonymous data about users of our websites to find out how often they visit our websites, what pages they visit, what time they visit them, how long they stay and what country they come from. These data are collected using cookies and IP addresses, and the obtained statistics are used to improve the usability of websites, monitor the success of marketing campaigns, and analyze behavioral patterns.

If you do not want Google Analytics to collect this information, you can install a Google plugin for your browser that will prevent this. You can download the plugin here:

More information about how Google uses data collected from our websites can be found here:


According to the GDPR, from May 25, 2018 onwards, you have certain rights related to your personal data, which we briefly describe below.

Right to restriction of processing
You have the right to request the restriction of the processing of your personal data when there is no legitimate interest for us to do so, when you dispute the accuracy of the personal data, for the period during which we as the controller enable us to check the accuracy of the personal data, when you have lodged an objection to the data processing (see below Right to object) , and we consider whether our legitimate reasons exceed your reasons, when the processing is unlawful, and you object to the deletion of personal data and instead request the restriction of their use, and when we no longer need the personal data, but request it for the establishment, exercise or defense of legal requests.

You can exercise your right at any time by contacting us (see Contact Us below).

Right of access
GDPR gives you the right to ask us what your personal data we have and how we process it, and the right to give you access to that data. You can exercise your right by contacting us (see Contact Us below). Please note that before processing any data access request we must confirm your identity, and we may contact you further to make sure we understand what data you are requesting. Once we have verified your identity, we will provide you with the requested information within 30 days.

We will provide the information free of charge, however, we may charge an administration fee if the request is manifestly unfounded or excessive, and particularly if it is repeated. In any case, if you are our existing user, you can access your personal data through your user interface.

Right to erasure (Right to be forgotten)
As a natural person, you have the right to request the deletion of all your personal data that we have. However, please note that this is not an absolute right, so, for example, it does not exceed our legal obligations to keep accounting data. You can request the deletion of your personal data when your data is no longer necessary in relation to the purpose for which it was originally collected or processed (for example, if you cancel all the services you used with us). You can exercise your right by contacting us (see Contact Us below).

Right to rectification
GDPR gives you the right to correct any personal data that is inaccurate or incomplete. If you need to correct your personal data, you can contact us (see Contact Us below).

Right to data portability
You have the right to request the delivery of personal data that you have made available to us in a machine-readable form. If you would like to receive a printout of your data in JSON format, please contact us (see below Contact Us).

The right to object
You have the right to object to the processing of your personal data when there is no legitimate or legal reason for us to do so.



Your questions, comments and requests related to this Data Protection Statement are welcome and in this regard you can contact us at

We may update this Website Privacy Statement from time to time. When we refresh it, we will make the refreshed version available on this page for your benefit.

Last updated: 15.3.2020.


You are aware that the processing and collection of data by the Bicakcic Clinic is voluntary. By using the website, you accept this Statement of Consent to the collection and processing of your data and thereby give your consent to the collection and processing of your data in accordance with this statement.

bottom of page