Privacy policy

Medorion d.o.o., Ulica Janka Draškovića 5, Samobor, OIB: 39248305297 (hereinafter: Medorion and / or processing manager) represented by director Rastislav Baričevac

In order to exercise the right to the protection of personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council from 27th April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as the repealing Directive 95/46 / EC (General Data Protection Regulation)) in this document we explain when and why we collect and process personal data.


Please read this document carefully to be familiar with the conditions and ways of using your personal data in MEDORION, as the Head of Personal Data Processing.

Purpose of collecting personal data

In contacting you, we may ask you to share your personal information with us for the following purposes:

• Receive information about MEDORION services and news
• Participation in MEDORION web activities on the Internet, including our channels / pages on social networks and the like
• Saving your data for future interactions and communication with MEDORION
• Assistance in the development of services tailored to you and their continuous improvement
• Helping to improve our services and enabling MEDORION to keep you informed
• Troubleshooting service issues
• Receive customized messages, special offers and promotional content in accordance with your interests, based on the information you have shared with us, as well as based on information we have collected through cookies or similar techniques concerning your use of MEDORION websites / social media networks. If you want more information on how we use cookies, click HERE.

When doing business with MEDORION as a customer, supplier or business partner, we will ask you to share your personal information with us for the following purposes:

• Fulfillment of the legal obligation towards state bodies in terms of information on the status of the contractual relationship
• Customer relationship management
• Ensuring access to information
• Employment
• Other types of communications
• Analysis and understanding of customer interaction
• Answering questions or resolving requests for service
• Going to congresses (sponsorship)
• Maintaining a contractual obligation

In accordance with its activities, the company communicates with healthcare professionals, where personal data may be collected, and the amount of personal data collection is minimal. This is done in accordance with the law, and if the data is transferred to third parties, it is stated in the DPA contract. The respondent is directly informed about this and consent is sought for this purpose.

In general, we process your personal information only for the purposes for which we have informed you. These purposes may be on the basis of legal regulations that MEDORION must comply with, on the basis of the contract that MEDORION has concluded with you, and on the basis of personal consent.

Personal data that MEDORION may collect

When interacting with MEDORION in person, via e-mail, telephone, web or social networks, we may request or receive certain information such as:

• Name and surname
• Date and year of birth
• Gender
• Name of company and / or trade – if it is a legal entity
• Address of the person
• State
• City / Municipality, County
• Contact phone and cell phone number
• Contact e-mail
• Contractual obligation
• Working place
• Debts
• History of the business relationship
• Consent data (not just consent)
• Information on downloaded documentation
• Payment information
• Data on visits
• A message or inquiry from a User that may include information about a past or current business relationship

We may also collect personal information through cookies or similar techniques, including, but not limited to, the following:

• IP address
• Cookie ID
• The Internet browser you are using

When you communicate with MEDORION as a supplier or business partner, we may collect the following information:

• Name and surname
• Email address
• Phone number
• Business address
• Name and address of the company you work for
• Job title
• ID card information
• Passport information
• Personal details that may be relevant to the business relationship, e.g., your professional experience and the like.

Ways of collecting personal data

You can share personal information with MEDORION through (not limited to):

• Communication with MEDORION (may be related to the service, through an inquiry or request you have sent us)
• Communication with any of the MEDORION employees in person, by e-mail, telephone or in writing or orally
• By using the website and its functionalities such as ChatBot, etc.
• Ordering services and / or products through delivery services
• Participation in activities on social networks related to the promotion of MEDORION
• Request to receive messages on a mobile phone / device
• By subscribing to the MEDORION Newsletter
• Voluntary participation in surveys
• Cookies placed on your computer or mobile device when visiting our website
• Social media monitoring: MEDORION can search the Internet for relevant and publicly available content and use it to improve its services, address customer requirements and provide targeted marketing content.

When you communicate with MEDORION as a supplier or business partner, potential employee and similar data collection is done through:

• Concluding cooperation and / or employment agreements
• Provision of MEDORION services
• Communication with MEDORION
• Developing partnerships
• When accessing MEDORION business premises
• Participation in fairs, congresses, events or promotions
• Voluntary participation in surveys

If you do not want MEDORION to use personal data that you did not provide yourself, you can let us know at any time at the e-mail address: and our Personal Data Protection Officer (DPO) will refer you to the procedure for exercising the rights of respondents.

Sharing personal information with others

We may share your personal information with service providers, business partners and other third parties, in accordance with applicable law and the business agreements we have with such institutions. In certain cases, when not required by law, your personal information may be passed on to third parties such as an accounting service, a company that provides customer record software, a company that analyzes the wishes and interests of our website, delivery service and the like.

MEDORION hereby confirms that it has warned all suppliers (third parties) it uses in business that they themselves are obliged to comply with the GDPR, and that all collected and processed data that are not part of legal obligations must be resolved by concluding contracts for the transfer and processing of personal data. data (so-called DPA contract) which clearly prescribes the obligations of suppliers to treat personal data in this relationship in accordance with the law and other positive regulations and that they themselves are fully compliant with the GDPR, and to apply adequate organizational and technical data protection measures.

If we are required by law to obtain your consent or for any other reason believe that your consent is required in certain circumstances, we will request it before sharing your personal information.

After you provide us with your personal data, it is possible to update, change or request their deletion via the e-mail address: You can ask other privacy questions or submit your privacy complaints through the same address. In order to prevent unauthorized requests, in the process of exercising your rights, we will ask you to fill in the form for exercising the rights of the respondents (natural persons) and forward them to us.

Internet-related scope

Social networks

If you are a member of various social networks such as Facebook, Twitter, Instagram, LinkedIn, etc., you should be familiar with the tools provided by these sites and choosing how to share personal information on social media profiles.

In addition, depending on the choice related to settings on various social networks, certain personal data may be shared with MEDORION; for example, information about your online activities, social media profiles (for example interests, marital status, gender, username, photo, comments and content you have posted / shared, etc.).

Links to other websites

On the MEDORION website you can find links to other websites with useful information. Such websites may operate independently of MEDORION and may have their own privacy notices, statements or policies.

We strongly recommend that you review them to find out how your personal information may be processed in connection with those websites, as we are not responsible for the content of websites that are not owned or operated by MEDORION, nor for their use or privacy practices.

Please note that we accept and take seriously our responsibility to protect the personal information you entrust to us from loss, misuse or unauthorized access.

For all additional information, contact us via e-mail address

Video surveillance

MEDORION is located in the business premises that uses its own video surveillance to protect property and persons, and informs visitors in advance (existing and potential customers, visitors, suppliers, external associates and others who access the business premises) in a way that there are prominent signs and that MEDORION has publicly announced in its Privacy Policy that video surveillance monitors access to the business premises and within the premises. Video surveillance is used exclusively for that and only that purpose.

The basis for conducting video surveillance in terms of protection of valuable property and protection of persons accessing the area was declared an institute of legitimate interest and for the same purpose a Proportionality Test and adequate DPIA risk analysis and impact assessment were conducted.

The manner of use, management and archiving of recordings is regulated by the internal Ordinance on video surveillance and adequate organizational and technical data protection measures are applied.

There are prominent notices on the site that the space is under video surveillance.

Children and minors

MEDORION does not communicate in any way with children and / or minors. In the event of accidental contact, all contact and communication with children and minors is carried out in a way that communicates, talks, negotiates and contracts exclusively with the parent / guardian. The contract, consent, consent and any other legally binding document are signed exclusively by the parent / guardian.

How do we store data?

We store and process only those data and from those users who have given personal consent for their processing and / or in accordance with contractual obligations or we have obtained this data on the basis of law or contract. The protection of personal data privacy is permanent and we take all measures to protect them in accordance with the General Regulation on Personal Data Protection.

How do we protect the User’s personal data?

MEDORION d.o.o. according to the assessed risks for personal data, it has established a number of technical and organizational measures for the protection of personal data. These measures are related to the protection of office documents, computer protection, rules of conduct for employees, contractual relations with external service providers. In addition, financial transactions are regulated by law and are supervised by the CNB, which means that data is protected exactly as financial institutions must do. Also, MEDORION d.o.o. applies certain and applicable data protection methods in accordance with ISO / IEC 27001: 2013 standards.

The rights you have

We want to get to know you better so that we can provide you with a better service, while respecting your choice as to how we use your personal information.

  1. Consent

You may be asked to give your consent for the collection of data and their use.

  1. Right of deletion

You may request the deletion of all your personal data for which you have previously given your consent to use, unless there is a legal impediment to the deletion of which we will inform you adequately.

  1. Data portability

You have the ability to transfer your personal data from one electronic processing system to another without interfering with the data controller.

  1. Revocation of consent

It is your right that you completely or partially, without consequences and explanations, give up the given consent and request the termination of the activities of processing your personal data and marketing activities directed towards you. You can file a revocation in person, by e-mail or by mail to Ulica Janka Draškovića 5, Samobor or by e-mail at

  1. The right to limit data processing

The respondent has the right to obtain a processing restriction from the processing manager if:

• the respondent disputes the accuracy of personal data, for the period during which the controller is allowed to check the accuracy of personal data;
• the processing is illegal and the respondent opposes the deletion of personal data and instead requests a restriction on their use;
• the controller no longer needs personal data for processing purposes, but the respondent requests them in order to set, realize or defend legal claims;
• the respondent has lodged an objection to the processing pursuant to Article 21 (1) of the Regulation on Personal Data Protection, awaiting confirmation as to whether the legitimate reasons of the controller exceed the reasons of the respondent.

For all additional questions related to the collection and processing of personal data, you can always contact us at MEDORION d.o.o., Ulica Janka Draškovića 5, Samobor or by e-mail at