Last updated: 8 October 2025
1.1. The website www.totopharma.com (the “Website”) is operated by Toto Pharma d.o.o. (“we”, “us”, “our”), a company registered in the Republic of Croatia, VAT ID/OIB: 07750994105, with its registered office at Kneza Domagoja 12, 44000 Sisak, Croatia.
1.2. We are committed to protecting your privacy and complying with Regulation (EU) 2016/679 (GDPR) and applicable Croatian data protection laws.
1.3. When you use the Website, we act as the controller of your personal data. This Policy explains what personal data we collect, why and on what legal basis, how long we keep it, with whom we share it, and your rights.
1.4. We may update this Policy from time to time by publishing a new version on the Website. Please check it periodically; changes apply from the date of publication.
For any questions about this Policy or our data processing: info@totopharma.hr
Postal address: Toto Pharma d.o.o., Kneza Domagoja 12, 44000 Sisak, Croatia
We collect only the data necessary for a specific purpose. A summary table is provided in Section 12 below. Examples include: identification data (first and last name), contact data (e-mail), technical and cookie data (IP address, device identifiers, cookie settings), purchase and communication data.
4.1. We share data only where necessary and lawful, e.g., with IT service providers, hosting, analytics and advertising tools, accounting, and competent authorities where legally required.
4.2. We may provide anonymised aggregated data to third parties (from which you cannot be identified).
5.1. We use cookies and similar technologies on the Website for site functionality, audience measurement, and content/advertising personalisation.
5.2. Categories of cookies:
Strictly necessary – required for basic functions (e.g., login, cart).
Analytics – to understand how the site is used (e.g., traffic, performance).
Marketing/advertising – to show relevant ads and measure their effectiveness.
5.3. On your first visit (and occasionally thereafter) we will request your consent for all cookies except strictly necessary ones.
5.4. You can change cookie settings via the cookie preferences banner or in your browser settings. Disabling cookies may affect the Website’s functionality.
5.5. Learn more at www.allaboutcookies.org.
Our Website may contain links to other websites we do not control. We are not responsible for their privacy practices. We recommend reviewing their privacy policies separately.
Under the GDPR you have the right to:
access your data,
rectify inaccurate/incomplete data,
erase data (“right to be forgotten”) in prescribed cases,
restrict processing,
data portability (machine-readable format),
object to processing based on legitimate interests or for direct marketing purposes (including profiling for marketing) — in which case we will stop such processing immediately,
withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).
To exercise your rights, contact us as per Section 2. We may reasonably verify your identity.
If you believe your rights are infringed, you may lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), Martićeva 14, 10000 Zagreb, azop@azop.hr, www.azop.hr.
We keep data only as long as necessary for the purpose of processing, or as required by law. Specific retention periods are set out in the table (Section 12).
We process your data:
lawfully, fairly and transparently;
for specified, explicit and legitimate purposes (and any further processing is compatible with the original purpose);
to the minimum extent necessary;
accurately and, where necessary, kept up to date;
for a limited time (no longer than necessary);
securely (with appropriate technical and organisational measures).
Where providing data is a legal or contractual requirement, we will clearly inform you and explain the consequences of not providing it.
We rely on one or more of the following bases:
Consent (Art. 6(1)(a) GDPR),
Contract / steps at your request prior to entering into a contract (b),
Legal obligation (c),
Vital interests (d),
Task carried out in the public interest / official authority (e) — rarely, if applicable,
Legitimate interests (f), unless overridden by your rights and freedoms.
Transfers outside the EEA occur only with appropriate safeguards (e.g., EU Standard Contractual Clauses).
We implement technical and organisational security measures (access controls, encryption where applicable, least-privilege principle, retention policies).
Our Website is not intended for children under 16. We do not knowingly collect their data without parental consent.
| Data category | Examples | Purpose of processing | Legal basis | Retention | Typical recipients |
|---|---|---|---|---|---|
| Identification & contact | First/last name, e-mail, phone | Responding to enquiries, quotes, support | Legitimate interest (effective communication) or consent; contract if contacting us regarding a purchase | Up to 12 months from last interaction, or longer if a contractual relationship arises; statutory periods where applicable | IT/hosting, CRM/e-mail providers |
| Purchase & payment | Order details, delivery address, transaction data (we do not store full card numbers) | Delivery of products/services, billing, accounting | Contract; legal obligation (accounting) | As required by accounting laws (typically 10 years) | Couriers, accounting, payment processors |
| Technical & cookie | IP address, device IDs, visit logs, cookie settings | Site functionality, security, analytics, personalisation/marketing | Legitimate interest (security, necessary cookies); consent (analytics/marketing cookies) | Per cookie settings and technical log policies (e.g., 14–26 months for analytics; necessary session cookies until browser is closed) | Analytics & advertising providers, IT/hosting |
| Communications & support | E-mail/form content, ticket history | Handling enquiries and complaints, evidentiary purposes | Legitimate interest; legal obligation where applicable | Up to 24 months after case closure, or longer where there is a legal basis | Helpdesk IT systems, legal advisers if needed |
Last updated: 8 October 2025
1.1. The Website www.totopharma.com is operated by Toto Pharma d.o.o., OIB 07750994105, Kneza Domagoja 12, 44000 Sisak, Croatia.
1.2. These Terms apply to all use of the Website, regardless of the method of access.
By using the Website you acknowledge that you have read and accept these Terms. If you do not agree, do not use the Website. We may amend the Terms by publishing a new version; please check them periodically.
Content on the Website (text, design, trade marks, graphics, etc.) is protected by copyright and other intellectual property rights. Commercial use is prohibited without our prior written consent. Only personal, non-commercial use is allowed in accordance with applicable law.
You may use the Website only for lawful purposes, in a way that does not infringe the rights of others or restrict/impede their use of the Website.
Accessing and using the Website is at your own risk. We do not warrant that the content will be error-free, uninterrupted, or free of malicious code, nor do we guarantee the accuracy, completeness, or timeliness of information. To the fullest extent permitted by law, we exclude liability for any direct or indirect loss or damage arising from use of or inability to use the Website.
We do not undertake to ensure uninterrupted Website availability. We may limit or terminate access at any time for any reason.
The Website may include links to third-party websites for your convenience. We do not control their content and accept no responsibility for them. Linking to our Website is permitted only with our prior written consent; we reserve the right to withdraw consent at any time.
For information on how we process personal data, see our Privacy & Cookies Policy (above).
These Terms constitute the entire agreement between you and us regarding the Website and supersede any prior arrangements to the fullest extent permitted by law.
These Terms are governed by the laws of the Republic of Croatia. The competent courts in the Republic of Croatia shall have exclusive jurisdiction over any disputes.
Questions regarding these Terms: info@totopharma.hr.
Toto Pharma d.o.o. is a wholesale pharmaceutical company founded in 2015 with the goal of being a reliable partner to the healthcare system – especially when it is needed the most.
