These Privacy Policies (hereinafter: «Policy» or «Privacy Policy») regulate the rules for using the Meddox mobile application and the Meddox.com Website in the part that concerns the processing of personal data of Users of the Meddox application and the Meddox.com Website and the application of regulations on the protection of privacy and personal data.
The Meddox mobile application (hereinafter: "Application") and the Website Meddox.com (hereinafter: "Website") and its links are the property of Meddox digital d.o.o., a company with its headquarters in Zagreb, Ilica 1A, registered in the court register of the Commercial Court in Zagreb under number (MBS) 081334639, OIB: 05521952379 (hereinafter "Meddox" or "Company"). It is not permitted to copy or use any part of the Website or the Application without the prior written consent of the Company. This Privacy Policy as well as the provisions of the Terms and Conditions and the Cookie Policy published on the Website are valid for all content found on the Meddox mobile Application and on the Meddox.com Website.
The User of the Application in the sense of regulations on the protection of personal data and privacy is any physical person who accesses the Application or the Website and whose personal data is processed during the use of the Application and/or visiting the Website and/or is processed because it is indirectly/directly related to the use of the Application and /or visit to the Site (hereinafter: "User" or "Data Subject").
On the Meddox Application and on the Meddox.com WWebsite,UUser's data is collected and used in accordance with the services for which the UUser has registered and based on the Act on Prohibition and Prevention of Unregistered Activities. In addition to the aforementioned regulations, we have harmonized the Application and our services with all applicable regulations, especially with regulations on privacy and personal data protection.
The processing of personal data is voluntary, it occurs after the decision to use the Application. The above is not the only situation when data is processed, therefore it is important that you read this document so that it becomes clearer to you when, how and why your data as a User or Data Subject is processed.
The Meddox mobile Application, as well as the Meddox.com Website, are compliant with the European General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679. (further: «Regulation»).
You can reach the Data Protection Officer at + 385951234098 or at dpo@meddox.com or by sending a parcel to Ilica 1A, 10 000 Zagreb with the indication ˝n/r Data Protection Officer – Meddox˝.
This Privacy policy applies primarily to the Meddox mobile Application and the Meddox.com Website and the services they provide. In addition to the above, the Policy also applies on the security and privacy of data collected from natural persons who register on the Meddox Application (personal data that can be used to identify a natural persons) or who visit the Meddox.com Website.
In addition to what is stated in this Policy, we will also explain what other processing methods are possible if the processing takes place outside the mobile Application or the Meddox.com Website, and it is not/directly related to the Application or Website.
For personal data covered by this Privacy Policy, the Data Controller is Meddox whose headquarter is in the Republic of Croatia.
This Policy does not apply to legal entities in the part where the applicable regulations on the protection of personal data do not apply.
We collect your personal information when you access the Meddox.com Website, download the Application, create an account and when you use the Application.
Registration on the Meddox Application enables the entry of medical reports, archiving of reports, exchange of reports at the User's request with Meddox's collaborating health institutions, and display certain data and the sharing of documents and performing other services offered by Meddox, which are described in detail in the Terms and Conditions. When registering on Meddox, the User enters his/her data:
E-mail - processing is required for registration, verification and subsequent possible communication with the User via verified e-mail,
Password or and PIN - password and PIN are required to protect User's profile and User's data,
OIB – processing is required in order to use the option of ordering examinations or diagnostic tests in selected health institutions
Date of birth – this category of data is processed because it is data required for the accuracy of reference intervals of medical-biochemical parameters,
Gender - processing is required for accuracy of reference intervals of medical-biochemical parameters.
After registration, the User enters the data needed to create a Profile.
To use the functionality of the separate Medicines and Calendar module within the application, the User enters the following data in Profile Information:
Name – processing is required for the identification of the User
Surname - processing is required for the identification of the User
Date of birth – this category of data is processed because the data is needed for the accuracy of the reference intervals of the medical-biochemical parameters
Gender - data processing is required for the accuracy of reference intervals of medical-biochemical parameters. If the User does not want to declare his gender, he will not be able to compare and graphically display medical-biochemical parameters in relation to reference values.
In order for the User to have the possibility of automatically receiving medical reports from Meddox's collaborating health institutions within the Application, as well as the option of ordering appointments for health check-ups and tests in collaborating health institutions via the Application, the User enters the following data in the Personal Information section of the Profile:
OIB - processing is required for the safe and effective use of the option of automatically receiving reports from selected collaborating health institutions, as well as for the option of ordering appointments for health check-ups or diagnostic tests in selected health institutions, considering that the OIB is the unmistakable identifier of the User
Address - processing is required in order to use the option of ordering appointments for health check-ups or diagnostic tests in selected health institutions
Phone / mobile phone number - processing is required in order to use the option of ordering appointments for health check-ups or diagnostic tests in selected health institutions, all with the aim of communicating with the User and giving instructions related to the examination or diagnostic test/s.
Without using the aforementioned categories of personal data entered in the Personal Information section, it is not possible to use the functionality of automatically receiving medical reports or ordering appointments for health check-ups and tests through the Application because it would not be possible to provide the expected results, nor would the service be in line with your expectations as a User and the very specification of the Application as a product. The User is responsible for entering the correct phone/mobile phone number for ordering health examinations and diagnostic tests in selected collaborating health institutions, otherwise, it will not be possible to complete the ordering process for selected health examinations and diagnostic tests in selected collaborating health institutions. You can find the list of collaborating health institutions of Meddox at the following link: Collaborating Health Institutions.
By filling in the Health Data section within the Profile, the User is provided with a simple and quick overview of all current and previous diagnoses, allergies, medications, operations and procedures. In this section, the User enters the following data:
Weight
Height
Smoking status
Blood group
Diagnoses (current and previous)
Medications
Allergies
Surgeries and procedures
In addition to the above data on the User's profile, the User can additionally enter the data such as:
Information about family members
Information about the doctor/doctors
Information about health examinations
Information on diagnostic tests
Reminders for (control) check-ups
List of medicines, medication reminders, review of medication intake their dosage and the dose of medicine prescribed to the User
Other information from the documentation that he/she wants to store and/or share with the chosen doctor.
Following the above, it is possible to enter data into the Application that is not necessary for the basic functioning of the Application, but is necessary for the accuracy of the analysis. In addition to the accuracy of the analysis, the User can enter some data to make it easier for him to function regularly and act with a lot of examinations and/or medicines that need to be taken, which he may forget. The above is the reason why the Application enables Users to enter medical documentation, health data (for example, symptoms and time of taking medication, daily notes), information about their doctor, etc.
By filling in the data in the Application, the User can calendar that is, create reminders for examinations i taking the medicines or food suplements, how often and in what dose he must take medicines or food supplements, how many pills he has left, etc. The User decides on the use of notifications, as well as the calendar, independently and voluntarily, all depending on his own needs.
All data that the User stores in the Meddox Application is protected by a password, or PIN, set by the User. The User is able to choose a password via PIN.
Data protection is carried out through other login options, namely biometric protection or login via social networks, i.e. via the user's e-mail account (so-called Social Login). In the case of registration through the latter, we especially note that Meddox cannot influence the policies and privacy protection of social networks, as well as the data protection and internal policies of the companies that provide you with e-mail services.
The User who registered on the Meddox Application is responsible for safekeeping all the previously mentioned data in their user environment, such as a mobile or other device.
To summarize, the following data can be collected using the Application or Website:
In contrast to the data in the Application on Website, data is collected on the User's IP address, geolocation, data on Users who choose to contact us via the contact form or contact information published by Meddox on the Website. In addition to the above, data is also collected from the cookies that Meddox uses on the Meddox.com Website, which you can read more about Cookies Policy.
User independently decides on the acceptance of cookies when he visits the Website. User can always change his mind and regulate his cookie selection later. Please note that certain cookies are necessary for the Website to function and are therefore marked as necessary and the User cannot influence their selection.
It is important to emphasize that Meddox, beside for the functioning of the Application, processes personal datadata, to fulfill your needs and requests you as a User, to perform services or for the needs of our business and that is:
a) at the moment User access the Website, Meddox collects User's IP address, which is also considered personal data, and which, if User accepts the categories of cookies related to analytics, is included in the analysis of Website visit statistics,
b) situations in which Meddox collect other types of data such as the date and time of access to the Website, information about the hardware, software or internet browser User uses, as well as about the operating system of User's computer (which we mentioned earlier) and the version of the Application and User's language settings . Meddox may collect information about the clicks and User's access to the Website and/or Application displayed to User, which is important for Meddox to analyze work, statistics and marketing activities,
c) when you contact Meddox and ask for help or ask a question in order for Meddox to realize one of rights as User, guaranteed by the applicable regulations. In the mentioned situations, Meddox will process information about User's e-mail address, name and surname of the User, the problem that is bothering User (content of the problem), all with the aim of solving requests or inquiries sent to Meddox,
d) when you contact Meddox via social networks, Meddox will collect the dana that User's have made available to Meddox when making a query or request, all with the aim of solving the query,
e) when you ask Meddox any question related to services, Meddox will process User's contacts and/or other data that User provides when sending the question,
f) when User sends a request to Meddox for the data and services he offers, we will process User's contacts and/or other data of the User which the User provide to Meddox while sending an inquiry,
g) if User wants to send a job application, Meddox will process data such as User name, surname, age, title, occupation, work experience, contact phone number and other data contained in User application application,
h) Meddox must collect data (proof) on performed deletion or on data changes, as well as given consent if consent or consent is the legal basis of data processing of the User's data; IP address or track ID by which Meddox can know that User has given consent or name, surname or other identifier (e.g. e-mail address) in cases where consent is given in such a way as to contain the mentioned data,
i) when you want Meddox to inform you about various events, health actions, promotional offers of Meddox sponsors or business partners, about the advice of doctors with which Meddox cooperates, etc., all as part of a newsletter or another way of informing you (if you choose it), Meddox will process information about your e-mail address to which you as a User wish, among other, to receive notifications or data that is interesting and relevant to you about another contact if Userwishes to be informed about the aforementioned in a different way than via e-mail,
j) when User attends one of the events that Meddox organizes, and the same is filmed and/or photographed. In the said case Meddox will collect User's dana, but Meddox will additionally inform the User about the taking of photos and/or filming and User will always be given the opportunity not to be photographed and/or filmed or to object to sdanadata processing.
We collect the above specific categories of User's personal data either on the basis of the consent shown to User when he arrives at the Website via a pop-up window, or on the basis of legitimate interest (for example, in cases where cookies are necessary for the Website to function, or in cases when User is already Meddox existing User so Meddox sends his existing certain interesting news to promote public health and other actions).
We divide the ways in which the Meddox app collects data into:
The Application and Website also collect data through the use of cookies and similar technologies. More information about the cookies used can be found in Cookie Policy.
It is important for us that you know that the User can always change his mind about the selected categories of cookies via a pop-up window or here.
User data is used for:
If personal data is shared for scientific purposes or based on legitimate interest, the processing of health data will be carried out in accordance with the rules of the Regulation, and in particular with Article 9, paragraph 2, point j. Regulation (processing for the purposes of scientific research), i.e. Article 6, paragraph 1, point f. Regulation (needs of the legitimate interest of the Data Controller or a third party).
Personal data is generally collected directly from you as a User when you enter it in the Application or when User visits the Website and select one of the functionalities through which some categories of personal data are directly and voluntarily collected.
Meddox provides the User with the ability to share medical/health information with others (via a link or email or directly through the Application). In the latter case, the data is protected by a password known only to User and the person with whom the User share the data (e.g. a doctor).
In the case of the User's request that the data be shared with legal and/or natural persons, it will be done either on the basis of the request of the data subject i.e. the User and consequently in order to fulfill Meddox's obligations or on the basis of consent, all depending on whether it is a request to exercise some right of the User or about other requests of the User that cannot be subsumed under the requirements concerning the protection of personal data.
Data that Meddox collects can also be shared with the services it uses for the purpose of improving the service or to fulfill certain obligations that must be fulfilled in accordance with applicable regulations, and for Meddox it is fulfilled by third parties as its business partners.
Services or service providers used to improve the Application are also called Data Processors, they are used for:
analytical tools (Sentry, Google Analytics, Clarity, Firebase, QuickSight and Apple Developer App Analytics)
Meddox can use the anonymized data to create and distribute reports based on a sample or for a certain period of time, in accordance with the valid regulations and dataprotection principles that do not apply to the processing of personal data considering that have been made anonymous in such a way that the identity of the Data Subject cannot be determined .
In addition, Meddox can, based on legitimate interest, send a customized newsletter to existing Users who are grouped by expressed needs and/or interests or topics of interest, the latter depending on the data and interests that the User enters into the application or expresses them in another way. Users can receive a newsletter adapted to their expectations and needs. Meddox's goal is to provide the User with relevant information that is adapted to him and in this way fulfill one of his business goals of promoting health standards, recommendations, values and goals that, among other things, protect public health and the health of the User or warn the Users of some conditions that can be or are threatening him/her or public health.
In any case, the User has the right to object to the sending of a customized newsletter, which he/she can do by contacting customer support at info@meddox.com or the Data Protection Officer at dpo@meddox.com.
If the User lodges an objection, but declares that he/she still wants to receive the newsletter, he will continue to receive general and non-customized information via the newsletter, of course, only if he/she wishes to do so.
In the event that User have an inquiry regarding the protection of personal data, especially when User sends Meddox a request to exercise one of his rights, Meddox will share the request and/or other inquiry with our external Data Protection Officer.
Content published by Meddox may occasionally contain links to third-party Websites and services (social networks, blogs, advertiser email). The Privacy Policy which refers to the work of the Data Controller, Meddox Application and the Meddox.com Website does not apply to such external services or third parties whose websites may be accessible through links.
In order to make it easier for User to exercise his rights from third parties whose privacy policies Meddox cannot influence, we list the most important links as well as the contacts of their data protection officers.
https://policies.google.com/privacy
| Contact of the Data Protection Officer: | https://support.google.com/policies/contact/general_privacy_form |
https://www.apple.com/legal/privacy/en-ww/
https://www.apple.com/legal/privacy/hr/
| Contact of the Data Protection Officer: | https://www.apple.com/hr/privacy/contact/ |
https://hr-hr.facebook.com/privacy/explanation/
| Contact of the Data Protection Officer: | https://hr-hr.facebook.com/policy.php https://www.facebook.com/help/contact/540977946302970 |
https://www.linkedin.com/legal/privacy-policy
| Contact of the Data Protection Officer: | https://www.linkedin.com/legal/privacy-policy https://www.linkedin.com/help/linkedin/ask/TSO-DPO |
Data collected by Google, Apple and/or Meta Platforms may include unique identifiers, browser type and settings, device type and settings, operating system, mobile network information (including operator name and phone number) and application version number, application interaction data , browser and device, including IP address, crash reports, system activity, and the date, time, and URL of referral requests.
Meddox cannot influence the processing of User's personal data by Google, Apple and/or Meta Platforms, as a result of Users use of the mentioned tools. Meddox asks all Users to be careful because as User you may be using the services of other such similar service providers.
We may provide your personal data to Meddox trusted partners who maintain the Application and IT system or provide services on behalf of Meddox. For example, marketing, finance, advertising, payment processing, delivery and other services. Service providers with whom Meddox has a contractual relationship are obliged, according to relevant contracts, to use entrusted data only in accordance with rules and Meddox instructions and exclusively for strictly declared purposes. The specified service providers also obliged to adequately protect your personal data and keep it as a professional secret. Read more about Meddox business partners under ˝07 Use and sharing of data˝.
Collaborating health institutions that receive data when using the functionality of ordering health examinations and diagnostic tests are also considered data recipients as separate data processors.
Meddox as a data controller cares about the protection of User's data, therefore we inform Users that in some cases, our partners may process User data outside the European Union. However, the contracts Meddox concludes with such entities oblige them to handle User data with special security measures in accordance with the regulations in force in the member states of the European Union. , Meddox regularly checks the security standards that Meddox partner guarantees in order to ensure the protection of all User data subject with the latest standards approved and suggested by the competent institutions.
The purposes for which Meddox share data with our trusted partners are, for example, marketing needs, storage of certain and protected data in the cloud, fulfillment of contractual and legal obligations and others. These service providers are obliged, according to the relevant contracts, to use the data entrusted to them only in accordance with our guidelines and exclusively for the purpose that we have strictly determined. We also oblige them to adequately protect User data and to consider it a business secret.
Once a year, we conduct an audit of all Meddox partners so that they know that the protection of your personal data is still at the required level and that it is in accordance with the applicable regulations.
The Application and Website are subject to various laws and may share the data of its Users at the request of a government authority or some other form of legal obligation.
In the event of a reorganization or transfer of ownership of the Application and Website, Meddox have the right to transfer the User's personal data to an involved third party that will protect it at least to the same extent as Meddox do in this Privacy Policy.
The Application is not subject to the Medical Products Act.
The User has the right to:
The User can change, correct or delete data in his User profile at any time.
With all the above, the User has the right to have the entered personal data forgotten by the Company, that is, to delete the profile. If the User wants to delete his profile, he must do so in the Application settings by clicking on Delete profile or send an e-mail with a request to the e-mail address dpo@meddox.com, after which the User will receive a notification about the deletion of his data, all after considering the User's request. Once a profile has been deleted, it is not possible to restore it or access its data. Read more about the difference between deletion and deactivation in the General Terms and Conditions.
Changing the e-mail for User registration is possible with a written request that must be sent to the e-mail info@meddox.com or dpo@meddox.com. Upon receipt of the request, the User will receive further instructions on the possibility of changing e-mail.
If the User would like to learn more or exercise any of the above rights, the User can always freely address our Data Protection Officer via e-mail dpo@meddox.com.
If the User believes that his rights have been violated, the User have the right to file a complaint with the supervisory authority. With regard to the headquarters and place of decision-making, the competent supervisory body is located in the Republic of Croatia (Personal Data Protection Agency).
In relation to the service providers in chapter ˝08 LINKS TO WEBSITES AND SERVICES˝, considering that they are independent Data Controllers, you can contact, in addition to the supervisory authority in the Republic of Croatia and the supervisory authority in Ireland, that is, the Irish Data Protection Commissioner.
Special note: When the User submits a request for the exercise of rights, especially in terms of the application of regulations on the protection of personal data (for example, the User's request for access to all data), Meddox will have to perform the identification of User before exercising the User right, all in order to remove any doubt and the possibility that the User's data is sent and/or transferred to unauthorized (third) persons (parties). In accordance with Meddox's internal acts, the User identification check must be performed by the data protection officer in the event that Meddox does not have a registered User and/or all the data that the User makes available to Meddox when submitting a request are not in accordance with the data stored in the systems.
When selecting cookie categories in the pop-up window that appears on the Website, the User gives consent. Exceptionally, consent is not a legal basis in the case of necessary cookies, without which it is not possible to operate the Website, especially in the manner expected by our Users or Data Subjects.
When registering in the Application, Users accept the Terms and Conditions of use of the Application and this Privacy Policy. The Cookies Policy is part of the Privacy Policy.
In addition to the above, the legal basis for User data processing of User data, which are stated in these Policies and depending on the purposes, is processing in accordance with Article 9, paragraph 2, item j. Regulation (processing is necessary for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes), that is, processing for the purposes of the legitimate interest of the Data Controller or a third party, in accordance with Article 6, paragraph 1, point f. Regulation.
Meddox may also process User's personal data if this is necessary to comply with a legal obligation to which Meddox is subject.
In the event that additional consent is required for the processing of personal data, the Data Controller will require such consent, and when using consent as a legal basis, a record of the given consents will be kept.
User's personal information that is collected will be stored in a secure environment and is protected from any unauthorized access, disclosure, use, alteration or destruction by any organization or individual.
Data collected for the purposes specified in this Privacy Policy is stored only for as long as is necessary for the specified purposes. User's personal data will not be kept in a form that allows your identification for longer than Meddox reasonably considers necessary to fulfill the purpose for which the data was collected and processed. Meddox will store certain personal data for the period determined by law or regulation that obliges Meddox to store data. request).
More precisely, Meddox stores personal information until the User or Application administrator deletes the account.
Additionally, User's personal data may be processed until the end of judicial, administrative or extrajudicial proceedings, including the deadline for submitting legal remedies.
The new Privacy Policy will be published on the official Website Meddox.com and in the Application, by which is also informing Data Subjets about its entry into force and its application.
Last updated: Zagreb, 25 March 2025
Effective date of the amended Policy: 25 March 2025