Privacy Policy

Introduction

astralpulse d.o.o. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website astralpulse.top and use our medical practice management software services.

We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data We Collect

The data we collect includes personal information that you voluntarily provide to us when you register for our services, contact us, or interact with our platform. This data collection is essential for providing our medical practice management services.

Information You Provide

• Contact information (name, email address, phone number, postal address)
• Professional information (medical licence details, practice information)
• Account credentials and preferences
• Communication records and support requests
• Payment and billing information

Information Automatically Collected

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, features used)
• Technical data (log files, error reports, performance metrics)
• Location data (general geographic location based on IP address)

How We Use Your Information

We use of your data is governed by legitimate business interests and legal obligations. Our primary purpose is to provide and improve our medical practice management services whilst ensuring compliance with healthcare regulations.

Service Provision

• Providing access to our medical practice management platform
• Processing account registrations and managing user accounts
• Facilitating communication between users and our support team
• Processing payments and managing billing

Legal and Security Purposes

• Complying with legal obligations and regulatory requirements
• Detecting and preventing fraud, abuse, and security incidents
• Maintaining audit trails and system logs for compliance
• Protecting the rights and safety of our users and business

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our platform and providing services
• Legal Requirements: When required by law, regulation, or valid legal process
• Business Transfers: In connection with a merger, acquisition, or sale of business assets
• Consent: With your explicit consent for specific purposes

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security practices
• Incident response procedures and monitoring systems

Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our data retention practices consider:

• The nature and sensitivity of the personal data
• Legal and regulatory requirements
• The purposes for which we process the data
• Whether we can achieve those purposes through other means

Account data is typically retained for 7 years after account closure to comply with healthcare record-keeping requirements. Marketing data may be retained for up to 3 years unless you withdraw consent.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the contact information provided below.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules or certification schemes

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local data protection authority if you believe we have not handled your personal data in accordance with applicable law.