top of page

Privacy Policy

A legal disclaimer

PRIVACY POLICY

Last updated: 13.02.2026.

This Privacy Policy explains how VetKat Approved acting as Data Controller (“Practice”, “we”, “us”), processes personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”)

  • Croatian Act on the Implementation of the General Data Protection Regulation

  • Other applicable EU and national legislation

By using our services or submitting your personal data, you acknowledge that you have been informed about the processing of your personal data as described in this Policy.

1. PRINCIPLES OF PROCESSING

We process personal data in accordance with Article 5 GDPR principles:

  • Lawfulness, fairness and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

Personal data is processed only to the extent necessary for clearly defined purposes.

3. CATEGORIES OF PERSONAL DATA

We may process the following categories of personal data:

3.1 Client Identification and Contact Data

  • Full name

  • Residential address

  • Email address

  • Telephone number

  • OIB (where legally required for invoicing)

3.2 Animal and Veterinary Data

  • Animal identification details

  • Medical history and clinical findings

  • Diagnostic results

  • Treatment records

  • Behavioural assessments

  • Nutrition and integrative therapy plans

Note: Veterinary records primarily concern animals and do not constitute special categories of personal data under Article 9 GDPR unless they indirectly reveal sensitive personal data about the owner.

3.3 Financial and Transaction Data

  • Invoicing details

  • Payment records

  • Bank transaction confirmations

3.4 Technical Data (Website Use)

  • IP address

  • Device/browser information

  • Log data

  • Cookies (see separate Cookie Policy, where applicable)

4. LEGAL BASIS FOR PROCESSING (ARTICLE 6 GDPR)

Personal data is processed on one or more of the following lawful bases:

4.1 Performance of a Contract (Art. 6(1)(b))

Processing necessary for:

  • Booking appointments

  • Providing veterinary services

  • Preparing treatment plans

  • Communicating regarding care

4.2 Compliance with Legal Obligations (Art. 6(1)(c))

Processing necessary to comply with:

  • Tax and accounting laws

  • Veterinary regulatory obligations

  • Record-keeping requirements

4.3 Legitimate Interests (Art. 6(1)(f))

Processing necessary for:

  • Practice administration

  • Legal protection and defence of claims

  • Service improvement

  • Prevention of misuse

Where legitimate interest is relied upon, a balancing test is performed to ensure that your rights and freedoms are not overridden.

4.4 Consent (Art. 6(1)(a))

Where required (e.g., optional communications), processing is based on your consent. Consent may be withdrawn at any time without affecting prior lawful processing.

5. PURPOSES OF PROCESSING

Personal data is processed exclusively for:

  • Provision of veterinary and integrative medical services

  • Appointment scheduling and communication

  • Medical documentation and follow-up care

  • Invoicing and financial record keeping

  • Compliance with professional and legal obligations

  • Establishment, exercise, or defence of legal claims

We do not sell personal data to third parties.

6. DATA RECIPIENTS AND PROCESSORS

Personal data may be shared only where necessary with:

  • Accounting and tax service providers

  • IT service providers and hosting providers

  • Payment processors

  • Legal advisors

  • Competent public authorities when legally required

All external processors are engaged under written Data Processing Agreements in accordance with Article 28 GDPR.

7. INTERNATIONAL DATA TRANSFERS

Personal data is not transferred outside the European Economic Area (EEA) unless:

  • The European Commission has issued an adequacy decision; or

  • Appropriate safeguards under Articles 44–49 GDPR are implemented (e.g., Standard Contractual Clauses).

8. DATA RETENTION

Personal data is retained only for as long as necessary for the purposes described above and in accordance with legal retention requirements.

Typical retention periods include:

  • Accounting data: as required by Croatian tax law

  • Veterinary documentation: in accordance with professional regulations

  • Contractual data: for the duration of the contractual relationship and statutory limitation periods

After expiry of retention periods, data will be securely deleted or anonymised.

9. DATA SECURITY

We implement appropriate technical and organisational measures pursuant to Article 32 GDPR, including:

  • Controlled access to personal data

  • Password-protected systems

  • Secure storage solutions

  • Regular evaluation of data security measures

  • Limitation of data access to authorised persons only

Despite these measures, absolute security cannot be guaranteed due to the nature of electronic communications.

10. DATA SUBJECT RIGHTS

Under GDPR, you have the following rights:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17), where applicable

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right not to be subject to automated decision-making (Art. 22)

Requests may be submitted to: vetkatapproved@gmai..com
We may request identity verification before responding.

Requests will be handled within the statutory time limits under GDPR.

11. RIGHT TO LODGE A COMPLAINT

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority:

Croatian Personal Data Protection Agency (AZOP)
Martićeva 14
10000 Zagreb
Croatia
Website: www.azop.hr

12. MANDATORY DATA PROVISION

Where personal data is required to:

  • Enter into a service contract

  • Provide veterinary care

  • Issue invoices

  • Comply with legal obligations

Failure to provide such data may result in inability to provide services.

13. DATA BREACH NOTIFICATION

In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, we will:

  • Notify the competent supervisory authority without undue delay and, where feasible, within 72 hours (Article 33 GDPR); and

  • Notify affected data subjects where required under Article 34 GDPR.

14. POLICY UPDATES

This Privacy Policy may be amended to reflect legal, regulatory, or operational changes. The latest version will always be published on our website.

15. ACKNOWLEDGEMENT

By booking an appointment, submitting your data, or engaging our services, you acknowledge that you have been informed about the processing of your personal data in accordance with this Privacy Policy.

Where consent is required, it is obtained separately and explicitly.

bottom of page