Privacy policy
Dental Center Ostojic d.o.o. has aligned its operations in accordance with GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
This Privacy Policy aims to explain how we access patients’ personal information. It explains how personal information is collected, processed, and for what purposes it is used. The privacy policy informs visitors (patients) of this site about their rights in the collection and further processing of personal information, all for the purpose of protecting their personal information and privacy.
The privacy policy is based on the following principles of processing personal data: the principle of legality, transparency and best practice, the principle of limited processing and reduction of data, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of data integrity and confidentiality, the principle of responsibility, the principle trust and fair treatment, the principle of opportunity (processing purposes), the principle of processing in an unnamed (anonymized) form.
Collection of personal information
Patients can visit our website without revealing personal information about themselves. This means that we do not process patient information (name and contact details) unless the patient voluntarily submits his or her personal information to our official mailing address for the purpose of contacting or sending an offer. This gives tacit consent to the processing of personal data
The information collected will not in any way be made available to unauthorized third parties except for the purpose prescribed by law. All personal information is used solely for the purpose for which it was collected.
Manage consent
When a patient arrives at the Dental Center, an FDI form (Health Questionnaire) is signed, with the text of the consent (consent) for the processing of personal data. The consent to the processing of personal data may be given by persons over the age of 16 or over, while for persons under 16, the consent may be given by the parent or guardian. Consent is a voluntary, specifically informed and unambiguous expression of the patient’s wishes by which he or she consents to the processing of personal data. Consent management implies the ability for a patient to consent or withdraw consent to the processing of personal data. Consent is given for one or more purposes.
Information that is automatically collected on our website
We automatically collect information in server log files, such as your IP address, browser type, redirect pages, and other technical information we use to manage our websites and technical solutions. It allows us to better understand our site visit and improve the visitor experience.
Cookies
A cookie is a small data file that is stored on a computer or mobile device when you visit a particular web page. Cookies are used to provide a better user experience for visitors, with the aim of making web pages work more efficiently, as well as to monitor and test the use and visitation of our site.
By turning off and / or blocking cookies, the visitor can still browse our web pages. However, it is likely that some features or functionality of the website will not be accessible to the visitor, so the time taken to access certain features of the website will be longer than usual.
The length of time personal data is stored and processed
Depending on the purpose and legal basis on which the personal data of visitors (patients) are collected. Dental Center Ostojic d.o.o. in some cases is obliged to keep personal data for a time (period) prescribed for the specific purpose by the relevant legal regulations in medicine. If the retention of data is not legally defined then the retention of personal data is limited by the termination of the purpose for which it was collected. The deletion of personal data (patients and employees) is due to the expiry of the statutory period, which obliges the Dental Center Ostojic doo to store certain personal data.
Technical and organizational measures
Within our organization, according to the estimated risks to personal data, we have established a number of technical and organizational measures for the protection of personal data. These measures are related to the protection of office documents, computer security, anti-virus policies, data destruction, employee conduct rules, contractual relations with our external service providers, periodic audits of personal data management systems, video surveillance and numerous other measures.
Visitor (Patient) Right
The patient has the following rights at any time:
• the right to access and view data
• the right to be informed about the processing of personal data
• the right to data portability
• the right to withdraw the privilege
• the right to file a complaint
• the right to correct and change personal data in case the data is incomplete or incorrect
• the right to be deleted in cases such as termination of the purpose of processing, withdrawal of the privilege or in case of objection
How to access your rights
If you wish to access any of these rights, please contact our Personal Data Protection Officer on +385 (0)1 2944 371 or by email: info@dcostojic.hr
Changes to the Privacy Policy
Dental Center Ostojic d.o.o. reserves the right to amend this Policy at any time without giving any special notice to interested persons. For this reason, it is recommended that all interested parties regularly check the content of the Dental Centar Ostojić d.o.o. web site for information on the updated content of this Policy.
How we handle your data
The data you upload will be used to match your customers to Google accounts and report the online conversions driven by Google ad interactions. We’ll keep your data confidential and secure using the same industry-leading standards we use to protect our own users’ data.
Here’s how the data you upload is handled:
- Limited data use. Google will only use the data you shared for Enhanced Conversions to provide you services, including technical support. The data can be used to provide measurement for all Google media (search, video, display) and platforms (AW, DV360, SA360, GA). For example, we’ll match the transaction data that you upload with Google ad event data to report conversions. As another example, per your instructions, Google may also combine your enhanced conversions data with data from other measurement products you use, such as standard conversion tracking, to improve the accuracy of your conversion measurement. We may also make available to you other optional features that use your enhanced conversions data that you can opt-in to, such as incrementality studies. Google uses aggregated and anonymized conversion event data for the overall benefit of advertisers for certain features such as automated bidding to improve their overall quality and accuracy, as well as for spam and fraud detection. Google may use anonymized conversion event data to ensure compliance with our Enhanced Conversions policies.
- Limited data access. Google uses encryption and employee access controls to protect your data from unauthorized access.
- Limited data sharing. Google won’t share your data with other advertisers. Where required, we may share this data to meet any applicable law, regulation, legal process or enforceable governmental request.
- Data Security. Google is committed to ensuring that the systems we use to store your data remain secure and reliable. We have dedicated security engineering teams to protect against external threats to our systems, and we store all your data in an encrypted format to protect against unauthorized access.
About the data sharing process
Here are more details about the matching process and how we process the data shared to Google. When using the Google tag:
- Google will always hash any personally identifiable data (for example, email, phone number, first & last name, street address) prior to the data being sent to Google.
- We only allow tags to share conversion events if sent using an HTTPS protocol, the industry standard for secure data transmission.
- Email, phone number and address matching: For matching based on your customers’ data, Google maintains the email addresses for Google accounts and the corresponding hashed strings. After you’ve uploaded your data with hashed email addresses, Google Ads will compare each hashed string in your data with the hashed string of Google accounts. If there’s a match, we’ll mark those transaction records as matched.
- Google will use the matched transaction records to combine with ad click / event information in your account to report online conversions driven by Google ads.
If you are using enhanced conversions API to deliver data to Google, you will be responsible for putting together your data:
- Customer data needs to be hashed using the SHA256 algorithm, which is the industry standard for one-way hashing.
- Only the personally identifiable customer data, such as email, phone numbers, first name, and last name and street address should be hashed. Please don’t hash country, state, city and zip code data.
- Email matching: For matching based on your customers’ email addresses, Google maintains the email addresses for Google accounts and the corresponding hashed strings for those email addresses. After you’ve uploaded your data with hashed email addresses, Google Ads will compare each hashed string in your data with the hashed string or email address of Google accounts. If there’s a match, we’ll mark those transaction records as matched.
- Address matching: For matching based on your customers’ mailing addresses, Google joins hashed name and address information for Google accounts to construct a matching key. After you’ve sent data with hashed customer names and addresses (don’t hash zip code, city, state and country data), Google constructs a similar key based on your data and then compares each key in your data with the keys based on Google accounts. If there’s a match, we’ll mark those conversions as matched.
- Phone matching: Similar to email matching, Google maintains the phone numbers for Google accounts and the corresponding hashed strings for those phone numbers. After you’ve uploaded your data with hashed phone numbers, Google Ads will compare each hashed string in your data with the hashed string or phone numbers of Google accounts. If there’s a match, we’ll mark those conversion records as matched.
- Google will use the matched transaction records to combine with ad click / event information in your account to report online conversions driven by Google ads.
About enhanced conversions for leads
How we handle your data
The data you upload will be used to match your offline customer transactions to clicks that landed on your website and submitted a lead form. This matching allows you to report offline conversions driven by Google ad interactions. We’ll keep your data confidential and secure using the same industry-leading standards we use to protect our own users’ data.
Here’s how the data you upload is handled:
- Limited data use. Google will only use the data you shared for enhanced conversions for leads to provide you services, including technical support. The data can be used to provide measurement for all Google media (search, video, display). For example, we’ll match the transaction data that you upload with Google ad event data to report conversions. As another example, per your instruction, Google may also combine your enhanced conversions for leads data with data from other measurement products you use, such as standard conversion tracking, to improve the accuracy of your conversion measurement. We may also make available to you other optional features that use your enhanced conversions data that you can opt-in to, such as incrementality studies. Google uses aggregated and anonymized conversion event data for the overall benefit of advertisers for certain features such as automated bidding to improve their overall quality and accuracy, as well as for spam and fraud detection. Google may use anonymized conversion event data to ensure compliance with our Enhanced Conversions policies.
- Limited data access. Google uses encryption and employee access controls to protect your data from unauthorized access.
- Limited data sharing. Google won’t share your data with other advertisers. Where required, we may share this data to meet any applicable law, regulation, legal process or enforceable governmental request.
- Data Security. Google is committed to ensuring that the systems we use to store your data remain secure and reliable. We have dedicated security engineering teams to protect against external threats to our systems, and we store all your data in an encrypted format to protect against unauthorized access.
About the data sharing process
Here are more details about the matching process and how we process the data shared to Google. When using the Google tag:
- Google will always hash any personally identifiable data (for example, email, phone number, first & last name, street address) prior to the data being sent to Google.
- We only allow tags to share form events if sent using an HTTPS protocol, the industry standard for secure data transmission.
- Email, and phone number storage: Google maintains the corresponding hashed strings of email addresses or phone numbers from configured website form events.
- Google will use the hashed strings for matching to uploaded offline transactions, combined with ad click/event information in your account to report offline conversions driven by Google ads.
When using enhanced conversions for leads API or file upload to deliver offline data to Google, you will be responsible for putting together your data:
- Customer data needs to be hashed using the SHA256 algorithm, which is the industry standard for one-way hashing.
- Only the personally identifiable customer data, such as email, phone numbers, should be hashed.
- Email matching: After you’ve uploaded your data with hashed email addresses, Google Ads will compare each hashed string in your data with the hashed string sent from previous website form events. If there’s a match, we’ll mark those transaction records as matched.
- Phone matching: After you’ve uploaded your data with hashed phone numbers, Google Ads will compare each hashed string in your data with the hashed string sent from previous website form events. If there’s a match, we’ll mark those conversion records as matched.
- Google will use the matched transaction records to combine with ad click or event information in your account to report offline conversions driven by Google ads.
Data security certifications
ISO 27001
Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving a number of Google products, including enhanced conversions. Download the Google Ads/Analytics Scope Expansion Certificate — ISO27001 (PDF)
Collecting customer data
When using Customer Match, you may only upload customer information that you collected in the first-party context, such as information you collected from your websites, apps, physical stores, or other situations where customers shared their information directly with you.
Examples:
- You collected information from a customer who had purchased an item from your website.
- You collected information from a customer who registered to receive marketing messages through your apps.
- You collected information from a customer who signed up for your loyalty program in your physical store.
You must also:
- Ensure that:
- Your privacy policy discloses that you share customer data with third parties to perform services on your behalf, and
- You obtain consent for such sharing where required by law or any applicable Google policies governing personalized ads and/or user consent including Google’s EU User Consent Policy.
- Only use Google’s approved API or interface to upload customer data.
- Comply with all applicable laws and regulations, including any self-regulatory or industry codes that may apply.
Additional Requirements
You are prohibited from:
- Running ads that collect personally identifiable information, except for Gmail ads with HTML forms that comply with the Gmail ads policy.
- Uploading information for any customer who is under the age of 13 or that was collected from any site or app directed to children under the age of 13.
- Creating ad content which implies knowledge of personally identifiable information or sensitive information about your customers (see below for more information).
- Using a customer list that targets an overly narrow or specific audience. For example, you can’t combine a customer list with other targeting criteria (such as geographic limitations) if it results in an ad targeted to a relatively small number of users.
- Advertising for products related to sensitive information, such as pharmaceutical products, in a Customer Match campaign (see below for more information) or
- Running any ads that are prohibited by our Google Ads policies.
Restrictions on sensitive categories
As defined under the Personalized advertising policy principles applicable to remarketing, advertisers can’t use sensitive interest categories to target ads to users or to promote advertisers’ products or services.These policies also apply to remarketing with Customer Match.
Additionally, you can’t use data from your Customer Match campaigns to identify sensitive interest categories related to your customers.
For comprehensive information about what’s considered a sensitive interest category under Personalized ads and Customer match policies, see the Personalized advertising policies.
What happens if you violate our policies
- Compliance review: We may review your business for compliance with the Customer Match policy at any time. If we contact you to request information related to compliance, you’re required to respond in a timely manner and swiftly take any corrective action needed to comply with our policies. If you’re a manager account, we may also contact your managed accounts to verify compliance.
- Notification of non-compliance: If we believe that you’re violating Customer Match policy, we’ll contact you to request corrective action. If you fail to make the requested corrections you may be denied the ability to use Customer Match, or your access to your Google Ads accounts may be suspended. You can contact us if you want to appeal your Customer Match policy violation. In cases of serious or repeated violations, your account may be suspended immediately and without notification. Learn more about suspended accounts