Privacy policy

General

MASSAGE AND HEALTH IMPROVEMENT STUDIO "VITA" owned by ANA BANIĆ, MALI LOŠINJ, DR. DINKA KOZULIĆA 1

In our business, we process certain personal data, which is why we adopt this Privacy Policy, which refers to the processing of data obtained through our website (www.abanic-physio.com; hereinafter: Website), but also through regular business. In addition, this Policy describes the basis and purpose of such processing and the rights of the data subjects.

All terms used in this text are defined in the same way as they are defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: GDPR).

Please read this Policy carefully to learn how we collect, process, protect or otherwise use your personal information.

Data controller

The data controller is the STUDIO FOR MASSAGE AND HEALTH IMPROVEMENT "VITA" owned by ANA BANIĆ, MALI LOŠINJ, DR. DINKA KOZULIĆA 1 (hereinafter: the Data Controller, i.e. we, ours, mine, etc.).

Contact data

E-mail: anabanic16@gmail.com

Who is the data subject?

Within the framework of the Website, a data subject is any visitor to the Website. In the framework of the ordinary course of business, a data subject may be our client (existing or potential), our suppliers and/or business partners, our employees and job candidates.

How do we collect data?

In relation to the website, we collect data using the contact form, phone call or response via e-mail or analytical cookies. You can find out more about this in our Cookie Policy, which can be found on our website. In the normal course of business, we usually collect your personal data when you provide it to us.

What data do we collect?

We ensure that we collect only those data that are absolutely necessary for the performance of contractual and legal obligations, i.e. for the quality and efficient provision of our services. In relation to our regular business, the data we collect can be found in the display below.

Personal data we collect as part of providing services

The services provided by the trade are the improvement of health through the Bowen technique and an educational program, and if you are our customer, i.e. client, we will certainly process your personal data.

The personal data we collect may be (depending on the circumstances): name and surname, address of residence (residence), personal identification, registration or other appropriate number under which they are registered in official registers, telephone, mobile or fax numbers, e-mail addresses, as well as all other data relevant to the action we are taking.

Personal data we collect as part of our business

In addition to the processing of personal data that is part of the business operations of a trade, we process some data in the course of business operations that are part of the everyday life of every business entity. For example, we may cooperate with third parties who provide us with certain services, such as bookkeepers/accountants, IT service providers, tax advisors, consultants and other business partners.

Why do we process data?

We process data primarily to fulfill contractual obligations in relation to the activity we are engaged in. We also process data to enable the trade to operate regularly: to maintain our business contacts, respond to inquiries from respondents, etc. It is not excluded that we may be contacted with requests by official bodies that, within the scope of their powers, have the right to access documentation that may contain personal data. In relation to our website, the data we collect is necessary for the personalization of your user experience and the general improvement of our website. We do not make decisions based on automated data processing.

What is the legal basis for processing?

The legal basis for processing depends on the circumstances of the case, and below is an overview of common situations:

If you are a client (or potential client), the basis for processing personal data is the performance of a contract (or the performance of pre-contractual actions) to which you are (or will potentially be) a party.
If you contact us to submit a complaint, processing is necessary to comply with our legal obligations, primarily the applicable provisions of the Consumer Protection Act if you are a consumer.
Data processing on the Website via cookies is carried out based on your consent (with the exception of so-called functional cookies without which the Website cannot function properly).
We process data to fulfill legal obligations that we are obliged to comply with.
The legal basis may also be our legitimate interest, such as in the case of maintaining business contacts.
A possible basis is the explicit consent of the data subject (e.g. job candidates to store their personal data for future job applications).

Who do we share your data with?

Our main goal is not to share your data, or to share it with a minimum number of entities, and only if there are justified circumstances for this (usually a contractual or legal obligation). We make sure that we always share only the minimum of absolutely necessary personal data. We do not share the data we receive through the Website, however, please note that in the event of cooperation, we must further process the same data in order to fulfill our contractual obligations towards you, and in certain circumstances, share it.

We share data in such circumstances - that is, if there is a necessary need for the above - with:

Courts and other public authorities, arbitration bodies, certified translators, experts, tax advisors, the Financial Agency, other parties in court or other proceedings.
IT service providers engaged in the maintenance and protection of information technology and our information systems and for website maintenance;
Notaries, tax advisors, accountants, auditors, consultants, banks, etc.
Tax/legal/accounting advisors (provided they are bound by professional secrecy, contractual confidentiality clauses, etc.)

We do not transfer data to third countries, i.e. outside the borders of the European Union or the European Economic Area. Should such a need arise, we will ensure an adequate level of protection of the personal data of the respondents (e.g. the application of standard clauses on the protection of personal data).

How long do we keep personal data?

Of course, we aim to process your data only for as long as necessary, and then permanently delete/destroy it, however, some data are required by law to be stored for a longer period. We must certainly process your data at least as long as the statute of limitations for your claims that you may have in the event of dissatisfaction with the service or goods. If there are legal or other proceedings to which you are a party, your data will be processed for as long as these proceedings last. When data is processed for accounting purposes, or is contained in an accounting document such as an invoice, it is stored for at least 11 years, all in accordance with legal accounting regulations.

Protecting your data

In order to protect personal data, we use physical, technical and organizational security measures. We continuously upgrade and test our security technology. We have also ensured personal data protection measures, which include: placing equipment in rooms with limited access, access to equipment using the 2FA system, the existence of a backup system for computer data, the engagement of IT experts who maintain and assess the effectiveness of technical measures to protect personal data, using passwords on computers used in business, and others. We limit access to your personal data only to those employees who need to know this information in order to provide you with certain benefits or services. In addition, we educate our employees about the importance of data confidentiality and maintaining the privacy and protection of your data.

Rights of individuals

Please send all inquiries for the purpose of exercising your rights (related to personal data, including cookies) to anabanic16@gmail.com, and we will fulfill your request free of charge. We respond to your inquiries and requests within 30 days. If for some reason we are unable to fulfill your request, we will send you an explanation of why we could not fulfill it.

Subject to the requirements contained in the GDPR, you have a number of rights, which we describe below:

If you would like to know whether we hold and process your personal data (and what that data is and what we do with it), or if you would like to access the personal data we hold about you, please contact us at anabanic16@gmail.com (right of access). You have the right to have the personal data we hold about you corrected if it is inaccurate or needs to be updated.

Under certain circumstances, with certain exceptions, you may request that we delete your data or cease processing it. Please note that deletion may prevent us from providing certain services or reduce the quality of them. We must process certain data for a certain period of time, either due to legal obligations or contractual obligations.

You have the right to request restriction of processing of your data, in the event of (i) your contestation of the accuracy of the data for a period in which the Law Firm is enabled to verify the accuracy of the personal data, (ii) unlawful processing of data without requesting its deletion, (iii) if you object to processing based on our legitimate interests until it is confirmed that our legitimate interests in processing override your interests, rights and freedoms (iv) and if the personal data are no longer necessary for processing, but you require them for the exercise/defense of legal claims (Right to restriction of processing);

In addition to the right to access, you may also exercise the right to data portability. This means that we transfer your data to you in a structured, commonly used, machine-readable format if we process it on the basis of your consent, which you can withdraw, or for the performance of a contract with us, and if the processing is carried out by automated means.

You have the right to object (among other things) if we process your data for the performance of tasks in the public interest or in the exercise of official authority or if we rely on our legitimate interests when processing them.

If the processing is based on your consent, you can withdraw it at any time. Withdrawal of your consent will have effects only for future processing. The processing carried out before the withdrawal of consent remains valid.

If you are not satisfied with our response to your inquiry, or if you have not received a response within 30 days of submitting your request, you have the right to file a complaint with the supervisory authority, i.e. the Personal Data Protection Agency. A request for establishing a violation of rights shall be submitted to the Agency (i) in person (orally on the record), or (ii) in writing to the address: Personal Data Protection Agency, Selska cesta 136, 10 000 Zagreb, or (iii) by filling out the online form on the Agency's website (www.azop.hr), or (iv) by e-mail: azop@azop.hr, or (v) by fax to: 01/ 46-090-99.

Please note that we have the right, if your requests are manifestly unfounded (even if there is only one) or excessive, in particular due to their frequent repetition: (a) to charge a reasonable fee taking into account the administrative costs of providing the information or notification or acting on the request; or (b) to refuse to act on the request.

The text of the EU standard contractual clauses on data protection as well as adequacy decisions can be found on the website of the European Commission, the EU standard contractual clauses on data protection at Standard Contractual Clauses (SCC) | European Commission (europa.eu), and the adequacy decisions at Adequacy decisions | EU-Kommission (europa.eu).

Changes to our Privacy Policy

This Policy was last updated on 03.07.2025. In the event of changes to this Policy, we will inform you about it on this page.