Medicofit, fizioterapija d.o.o., registration number: 8826820000, with registered address at Koprska ulica 106h, 1000 Ljubljana (hereinafter: Company), as the data controller, hereby informs you of the processing and protection methods of your personal data.
1. What data do we collect about you?
When you contact us, we collect and process your personal data (for example, information you provide by filling in forms on our website (hereinafter: Website) or by telephone, email or otherwise). This includes data you provide when you register to use our Website, when you subscribe to our service (place an order on our Website, enter a prize draw or promotion, or fill out a survey or a registration form), and when you report a problem with our Website. The data you provide to us may include your name, address, email address, telephone number, personal description and photograph, age, date of birth and gender, and any other data necessary for the purpose specified in each case.
In some cases, we obtain your personal data from third parties, such as business partners, subcontractors for technical and payment services, and analytics service providers, provided that the aforementioned categories have a legal basis for providing your personal data to our company as a user.
2. How do we use your personal data and on what legal basis?
General: We can process your personal data for the purposes of executing a contract we have concluded with you; when we are required to comply with a legal obligation (for example, under legislation governing the provision of healthcare); when it is necessary for our legitimate interests (or the legitimate interests of a third party) and your interests (for example, to detect and prevent fraud or to ensure network and information technology security), unless your fundamental rights override those interests; when it is necessary to protect your vital interests (or the vital interests of others); or when it is necessary for the public interest or official purposes.
We process your personal data for various technical, administrative and operational reasons, for example to ensure that content is presented to you in the most effective way for your computer; to improve our Website, including its usability; for Website administration purposes; for internal purposes, including troubleshooting, data analysis, testing, research, statistical and investigation purposes; for marketing, including targeted marketing, to show you content that may be of interest to you; and as part of our efforts to keep our Website safe and secure.
In some cases, we will only process your personal data with your consent. In such cases, we will separately ask for your explicit consent when you provide us with your personal data. You can withdraw your consent at any later time. However, this does not affect the lawfulness of any processing that took place before your consent was withdrawn.
When we request personal data to fulfil legal or contractual obligations, you are required the provide your personal data. This means that if you do not provide such personal data, we will not be able to manage our contractual relationship or fulfil the obligations imposed on us by such relationship. In all other cases, the provision of personal data is optional and you are not obliged to provide it.
We may also process your personal data, such as identification data, contact details and your address of residence, for the purpose of potentially exercising our rights against you in the future. This processing is based on our legitimate interest in exercising our rights in potential disputes.
For the purposes of providing services and payments in accordance with relevant contracts, we may process your personal data, such as identification data, contact details and bank details. Such processing is based on the performance of a contract to which the individual is a party or on a legal obligation imposed on us. We will use contact information, such as your phone number and email address, to inform you of your treatment appointments or for other purposes necessary to perform the ordered service.
If you fill out an application form at the reception of our centre, we will collect personal information from you about your first and last name, address, date of birth, telephone number, email address, and a general description of your health issues. We need this information for the purpose of providing services in accordance with our general terms and conditions. You do not need to provide information about how you found out about MEDICOFIT clinic, but it will be useful for us to determine how customers most often reach us. If you give your consent to be photographed and your images and videos publicly published, we may take photos and videos of you during your treatment and publicly publish them for the purpose of marketing our services.
As part of your diagnostic examination appointment and our provision of services such as medical treatment, rehabilitation and training, we may also collect and process special categories of personal data, i.e. data about your health condition. We will ask you about your symptoms, the location of your pain, any previous surgeries or other medical procedures, MRI diagnostics, and other relevant information regarding your medical condition. Without this information, we cannot provide the requested services. In these cases, data processing is justified on the basis of point h) of the second paragraph of Article 9 of the General Data Protection Regulation, as the processing is necessary for medical diagnosis, the provision of medical care or treatment, or the management of healthcare or social security systems and services on the basis of the law of the Republic of Slovenia or in accordance with a contract with a healthcare professional, and is subject to the condition that the professionals responsible for their processing are obliged to maintain confidentiality in accordance with the law.
We may process personal data to provide you with information about goods or services that we believe may be of interest to you. If you are already our customer, we will contact you via email only with information about goods and services that are similar to those that have been the subject of a previous sale (direct marketing), unless you have previously informed us that you do not wish to receive such communications. If you would like your data to be used in this way, please check the appropriate box on the form used as the basis for data collection. If you consent to us sending information about MEDICOFIT offers of goods or services via email, SMS messages or phone calls, which will be tailored to your interests, age, gender and other personal data, we may create your profile using the personal data provided for the purpose of direct marketing based on your consent. For this purpose, we may also process special categories of personal data, i.e. data concerning your health.
If you subscribe to the electronic newsletter, we will, based on your consent, process your first name, last name and email address for the purpose of sending the newsletter. If you wish, you can add information about your year of birth in your profile settings so that we only send you news that we think will be of interest to you.
3. How and to whom do we disclose your personal information?
We will not sell your personal information to third parties.
Only a limited number of Company employees have access to your personal data on a need-to-know basis or based on for executing business processes, such as employees in the marketing and IT departments. These employees are bound by confidentiality regarding personal data. We take appropriate technical and organisational measures to protect personal data. Company employees have the right to process personal data only on the instructions of the Company and, if necessary, in connection with their work obligations.
We may share personal information with government or law enforcement authorities if required by applicable law or if necessary to enforce our rights, including our terms and conditions, or to protect our legitimate interests (including legitimate interests of third parties) in accordance with applicable law.
We may also disclose your personal information to third parties, including:
• service providers who provide administrative, expert and technical support to the company in the areas of IT, security and business resources;
• business partners, suppliers and subcontractors for any contract we conclude with you;
• analytics and web search engine providers who help us improve and optimise our Website;
• the Company may also share personal data with external consultants (e.g. lawyers, accountants, auditors) if necessary. We may share personal data with third parties as part of specific types of transactions, including any transactions involving a change in control of the Company, sale of a substantial portion of its assets, or restructuring. The Company strives to exercise due diligence in the selection of external service providers and requires that these service providers maintain appropriate technical and organisational security measures to protect personal data, and process personal data only in accordance with the Company’s instructions. Service providers may use subcontractors to provide services to the Company, provided that the subcontractor meets the same data protection requirements as the service provider itself.
4. Storage of personal data and its transfer abroad
The Company may, within the framework of its contractual relationships, transfer data to countries outside the European Economic Area (EEA) and store data, among other things, in databases managed by entities acting on behalf of the Company.
Only personal data processed for the purpose of sending electronic newsletters (direct marketing) will be transferred to the United States of America (USA). There is currently no valid European Commission decision on the adequacy of personal data protection in the USA. The personal data processor to which the data will be transferred has committed itself to the standard data protection provisions adopted by the European Commission and has also adopted additional organisational and technical data protection measures. You can read more about how your data is protected when transferred to the USA by following these links:
Mailchimp:
https://mailchimp.com/en-gb/legal/data-processing-addendum/
https://mailchimp.com/about/security/
5. Your rights
You can request confirmation from us as to whether or not your personal data is being processed, a copy of your personal data, or its modification/correction. In certain circumstances, you have the right to request that we erase your personal data or that we transfer some of your personal data to you or to other entities based on the right to portability. You also have the right to object to certain processing of your personal data (for example, processing for direct marketing purposes or certain decisions taken solely by automated processing, including profiling). If we have asked for your consent to process your personal data, you have the right to withdraw this consent without incurring any negative consequences. If we process your personal data based on our legitimate interest (as explained above), you have the right to object to such processing. You also have the right to restrict the processing of your personal data in certain circumstances.
Please note that in some cases your rights described above may be limited and subject to applicable data protection laws and regulations; for example, your right to object to the processing of your personal data may be limited if we demonstrate that we have compelling legitimate grounds for processing your personal data which may override your interests. When submitting your request, you will be required to prove your identity and provide us with other information that will enable us to respond to your request. We will not charge any fees for responding to your request, unless we are permitted to do so by law; if we do charge fees, they will be reasonable and proportionate to your request.
If you wish to exercise these rights, please contact us using the contact details provided below. In any case, you have the right to submit a complaint to the competent data protection authorities. You can file a complaint with the Information Commissioner of the Republic of Slovenia.
6. Period of retention of your personal data
We intend to retain your personal data only for as long as is necessary to carry out the purposes set out in this notice, or as required by applicable law, taking into account applicable minimum statutory retention periods, or as necessary to enforce our legal rights (and the legal rights of others).
When we process your personal data based on your consent, we will only process it for the period specified in your consent, unless you withdraw or restrict your consent before the expiry of that period. In such cases, we will cease processing the relevant personal data for the relevant purposes, taking into account any legal obligation to process such personal data or the need to process such personal data for the purposes of our legitimate interests (including the legitimate interests of others). After the retention periods have expired, personal data will be deleted or anonymised.
7. Data security
We store your data on our servers and on servers hosted by third parties (including third-party cloud-based services). For this purpose, we have implemented appropriate technical and organisational measures to protect your personal data and prevent unauthorised access to it. In relation to services hosted by third parties, we have concluded contractual agreements that include obligations regarding the organisational and technical security of personal data.
Upon receiving your data, we will implement strict procedures and security measures to prevent unauthorised access.
8. Privacy of children
On its Website, the Company does not (knowingly) collect personal data from persons under the age of 15. For any transmission of personal data of children, for example for the purpose of providing medical treatment, the Company always requires the presence and approval of parents or legal representatives.
If a parent or guardian discovers that their child has provided their personal information to the Company, they should immediately notify the Company. If the Company determines that a person under the age of 15 has provided the Company with their personal data, the Company will immediately delete this data from its servers, unless the parent or guardian authorises the Company to process the child’s personal data for specific purposes.
9. Cookies
For detailed information about the cookies we use, how long we use them for, and for what purposes we use them, please see our Cookie Policy, which is published at the bottom of each webpage.
10. Links to other websites
Our webpages may contain links to websites that are not under the control of the Company. When you click on a third-party link, you will be redirected to their website. If you visit any of these linked websites, please read their privacy notices. We are not responsible for the policies and practices of other companies. Our Company has no control over and assumes no responsibility for the content, privacy policies and notices, or practices of third-party websites or services.
11. Data protection officer
The Company’s data protection officer can be reached at info@medicofit.si.
12. Contact us
If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of your rights, please contact us by phone at 041 410 360, by email at info@medicofit.si or by letter addressed to Medicofit d.o.o., Koprska ulica 106h, Ljubljana, 1000 Ljubljana.
Please do not disclose special categories of personal data that are not strictly necessary (e.g. information about racial or ethnic origin, political opinions, religion or other beliefs, or trade union membership), your tax number, or criminal record information when contacting us.
We may update the notice from time to time. We will post the new notice on the “Privacy Policy” link on all of our webpages.
Last update: 3 May 2023