Privacy policy
Last updated: 12 April 2026.
1. Introduction
mojausluga.hr ("we", "our", "the platform") is committed to protecting your privacy. This policy explains which data we collect, the legal bases on which we process it, how long we keep it, and what rights you have as a data subject under the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).
This policy applies to all visitors to the mojausluga.hr website.
2. Data we collect
We collect the following categories of data:
a) Basic first-party page-view analytics
From the moment you open the website, we record basic visit data through our own first-party analytics system:
- Pages you visit and the time of the visit
- Referrer domain and UTM tags if you arrived through a campaign or another website
- Device type (mobile phone, tablet, desktop computer)
- A temporary session identifier needed to count page views within a single visit
Note: This basic first-party analytics is used to count page views and understand basic traffic sources. We do not use it for personalized advertising or to create marketing profiles of users.
We load Google Analytics 4 immediately in a limited consent mode for basic page-view measurement without analytics cookies. If you accept analytics cookies, GA4 switches to full analytics. If you reject them, GA4 remains in limited, cookieless mode.
We do not load Google AdSense ads until you choose "Accept" or "Reject" in the consent dialog (Google Funding Choices). AdSense loads only after you have made a consent decision. You can learn more about how Google uses data on the How Google uses data page.
b) Google Analytics 4 and Google Signals
We use Google Analytics 4 in two modes. The first is limited consent mode for basic page-view measurement without analytics cookies. The second is full analytics mode, which is enabled only after your consent for analytics cookies. If Google Signals features are also enabled, Google may provide us with aggregated demographic data, such as age group, gender and interest categories, for users who are signed in to a Google account and have ad personalization enabled.
We receive this data only in aggregated form. We cannot identify individual users from these reports. We may use aggregated anonymous audience-demographic statistics in internal reports and in communication with potential advertising partners.
c) Contact data
If you contact us by email, we collect your email address and the content of your message.
d) Data from the "Report incorrect data" feature
If you use the "Report incorrect data" option on provider or location pages, we collect:
- The type of reported problem (for example opening hours, phone, address)
- An optional description of the problem
- The practice name and city the report refers to
- An anonymized IP-address marker (to protect against abuse)
This data is sent to our server and kept until the report is resolved, and for no longer than 12 months.
Note: We do not require user-account registration, we do not collect payment data, and we do not process special categories of personal data.
3. Legal basis for processing
We process your data on the following legal bases (Article 6 GDPR):
| Type of processing | Legal basis |
|---|---|
| Technically necessary cookies | Legitimate interest (Art. 6(1)(f)) |
| Basic first-party page-view analytics | Legitimate interest (Art. 6(1)(f)) |
| Google Analytics 4 in limited consent mode | Legitimate interest (Art. 6(1)(f)) |
| Google Analytics 4 full analytics (after consent) | Consent (Art. 6(1)(a)) |
| Advertising cookies and ad personalization (Google AdSense) | Consent (Art. 6(1)(a)) |
| Aggregated demographic data (Google Signals) | Consent (Art. 6(1)(a)) |
| Responding to your email inquiries | Legitimate interest (Art. 6(1)(f)) |
| Displaying publicly available data about providers | Legitimate interest (Art. 6(1)(f)) |
| Processing reports about incorrect data | Legitimate interest (Art. 6(1)(f)) |
4. Data about healthcare providers
mojausluga.hr is an informational directory that displays professional data about healthcare workers (practice name, doctor's name, address, specialty, phone, opening hours). This data relates only to the provider's professional activity, not to their private life.
Data sources
We collect data from the following publicly available sources:
- HZZO (Croatian Health Insurance Fund) contracted-partner registry
- NRPZZ (National Register of Healthcare Providers)
- Official websites of health centres and county public-health institutes
- Google Maps platform (supplementary data such as phone number, opening hours and reviews)
- Data submitted to us by providers themselves
Note: HZZO and NRPZZ are the primary data sources. Other sources are used only to supplement contact information and never replace official registry data.
Legal basis
We base the processing of professional data about healthcare workers on legitimate interest (Art. 6(1)(f) GDPR). The legitimate interest is the public's right to access information about available healthcare services, which is in the public interest. This approach is consistent with informational directories such as the HZZO contracted-partner search and Google Maps.
The data controller is Tomislav V., Krapina, Republic of Croatia. For all questions related to personal-data protection, you can contact us at info@mojausluga.hr.
Provider rights
Healthcare providers whose data is displayed on the platform have the right to:
- Right to rectification (Art. 16 GDPR) of inaccurate data
- Right to object (Art. 21 GDPR) to processing based on legitimate interest
- Right to erasure (Art. 17 GDPR) of all data from the platform
To exercise any of these rights, contact us at info@mojausluga.hr. We process correction requests as soon as possible, and no later than within 30 days. We process profile-removal requests without additional questions.
5. Cookies and local storage
We use necessary technical mechanisms for session handling and basic page-view counting. Google Analytics 4 starts in limited consent mode without analytics cookies, and switches to full analytics only after your consent. Google AdSense ads are not loaded until you choose "Accept" or "Reject" in the consent message.
Phone-number votes
On practice pages, you can vote whether the displayed phone number is correct. When you vote:
- Your vote (correct/incorrect), practice name and displayed phone number are sent anonymously to our server for data-quality review. We do not collect personal data with the vote.
- We store a voting record on your device (mu_phone_votes in localStorage) so that you can vote only once for the same displayed practice number.
| Storage | What is stored | Duration |
|---|---|---|
| Your device (localStorage) | Practice marker, displayed-number key and vote direction | 2 years |
| Our server | Anonymous vote (practice marker + displayed-number key + correct/incorrect) | 2 years |
Necessary cookies and first-party analytics
| Name | Purpose | Duration |
|---|---|---|
| mu_sid | Session marker for counting page views within one visit | 30 minutes (rolling) |
| mu_vid | Visitor marker for returning-visit analytics (set only after consent) | 365 days |
Google Analytics 4 cookies (only with consent)
The following cookies are set only if you accept analytics cookies in the cookie banner. You can change your choice at any time through "Cookie settings" in the page footer.
| Name | Purpose | Duration |
|---|---|---|
| _ga | Google Analytics visitor identifier | 2 years |
| _ga_* | Google Analytics 4 session cookie | 2 years |
Advertising cookies (only with consent)
If you accept advertising cookies, Google AdSense may set cookies to show personalized ads. We manage consent through the Google Funding Choices platform. Without consent, contextual ads without cookies are shown. You can change your choice at any time through "Cookie settings" in the page footer.
| Partner | Purpose | Privacy policy |
|---|---|---|
| Google AdSense | Advertising network for displaying ads | Google privacy |
Google and its certified partners may use cookies to measure ad performance, limit ad frequency and show relevant ads. The full list of partners is available in the consent dialog.
6. Sharing data with third parties
We do not sell your personal data. Data is shared with the following service providers that are necessary for the operation of the platform and the display of ads:
| Provider | Purpose | Data location |
|---|---|---|
| Cloudflare Inc. | CDN, DNS, DDoS protection and anonymous analytics (Web Analytics) | Global / EU* |
| Google LLC (Google Analytics 4, AdSense) | Visit analytics, displaying ads and consent management (Funding Choices) | EU / USA* |
| Netcup GmbH | Server hosting | Germany (EU) |
* Transfers of data to the USA are based on the EU-U.S. Data Privacy Framework. Cloudflare and Google are certified under that framework. Advertising networks process data only if you have given consent for advertising cookies.
We may share aggregated anonymous audience-demographic statistics (age groups, gender) with potential advertising partners as part of promotional materials. This data does not contain personal data and does not enable identification of individual users.
7. Data retention periods
We keep data only as long as needed for the purpose for which it was collected:
- Analytics data (first-party analytics, GA4) - aggregated anonymous data without personal identifiers
- Contact data (email) - until the inquiry is resolved, and for no longer than 12 months
- Reports about incorrect data - until the report is resolved, and for no longer than 12 months
- Data in localStorage - until deleted by the user
- Server logs - up to 30 days
8. Your rights
Under the GDPR (Articles 15-22), you have the following rights:
- Right of access (Art. 15) - you can request information about whether we process your personal data
- Right to rectification (Art. 16) - you can request correction of inaccurate data
- Right to erasure (Art. 17) - you can request deletion of your data
- Right to restriction of processing (Art. 18) - you can request restriction of processing in certain cases
- Right to data portability (Art. 20) - you can request transfer of data in a machine-readable format
- Right to object (Art. 21) - you can object to processing based on legitimate interest
- Right to withdraw consent (Art. 7) - you can withdraw consent to data processing at any time
To exercise any of these rights, contact us at info@mojausluga.hr. We will respond to your request no later than within 30 days.
9. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data is not in accordance with the GDPR, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP):
Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb
Phone: +385 1 4609 000
Web: azop.hr
10. Data security
We apply appropriate technical and organizational measures to protect your data from unauthorized access, loss or misuse, including:
- SSL/TLS encryption of all data in transit
- Hosting within the EU (Netcup, Germany)
- Cloudflare protection against DDoS attacks
- Regular software updates and security patches
11. Changes to this privacy policy
We reserve the right to amend this privacy policy. All changes will be published on this page with an updated date. In the event of significant changes, we will notify you through a prominent notice on the website. We recommend checking this page from time to time.