top of page

Privacy Policy

Last updated: August 7, 2025

This Privacy Policy describes how M Design (hereinafter: "we", "us", or "our") collects, uses, and protects the personal data you provide when using our website physioeduca.com.

1. Data Controller

 

The entity responsible for processing your personal data is: M Design Address: Crljenik 32b, Crljenik, Croatia

Email: prodaja.physioeduca@gmail.com

2. What Personal Data Do We Collect?

 

When you make a purchase on our website, we collect the following information:

  • Identification Data: First and last name, address.

  • Contact Information: Email address, phone number (optional).

  • Billing Information: Personal Identification Number (OIB) – applicable for business (R1) invoices.

  • Transaction Data: Information regarding purchased products (courses, online books).

  • Technical Data: IP address, browser type, and cookie data.

Important Note on Payment Data: We do not store your credit or debit card details. Payments are processed securely through our payment partner, Stripe, which complies with the highest security standards (PCI DSS).

3. Purpose and Legal Basis for Data Processing

 

We process your personal data for the following purposes:

Performance of a Contract (Article 6(1)(b) of the GDPR):

  • Processing your orders and payments.

  • Delivery of digital products (online books, course tickets) via email or through user account downloads.

  • Sending invoices to your email address.

  • Communicating with you regarding your order.

Compliance with Legal Obligations (Article 6(1)(c) of the GDPR):

  • Issuing and storing invoices in accordance with the accounting and tax regulations of the Republic of Croatia (Accounting Act).

Consent (Article 6(1)(a) of the GDPR):

  • Sending marketing notifications (newsletters) about new courses, books, and offers, exclusively if you have given us your express consent. You may withdraw your consent at any time.

4. Who Do We Share Your Data With?

 

We share your data only with third parties necessary for the execution of our services:

  • Payment Service Providers: For the secure processing of your transactions.

  • Accounting Service: To fulfill legal bookkeeping obligations.

  • State Authorities: Based on legal requirements (e.g., the Tax Administration).

5. Data Retention Period

 

Personal data collected for the performance of a contract is kept for the duration of the business relationship. Data indicated on invoices must be stored for 11 years, in accordance with the Croatian Accounting Act. Data collected based on consent (for marketing purposes) is stored until you withdraw your consent.

6. Your Rights

 

In accordance with the GDPR, you have the following rights:

  • Right of Access: You may request confirmation as to whether your data is being processed and access that data.

  • Right to Rectification: You may request the correction of inaccurate personal data.

  • Right to Erasure ("Right to be Forgotten"): You may request the deletion of your data under certain conditions.

  • Right to Restriction of Processing: You may request that we limit the processing of your data.

  • Right to Data Portability: You may request the transfer of your data to another controller.

  • Right to Object: You may object to the processing of your personal data.

If you wish to exercise any of these rights, please contact us at: prodaja.physioeduca@gmail.com. Additionally, you have the right to lodge a complaint with the supervisory authority, the Croatian Personal Data Protection Agency (AZOP).

7. Cookies

 

Our website uses cookies to enhance the user experience. For more information, please refer to our Cookie Policy.

bottom of page