Medicofit, fizioterapija d.o.o. , registration number 8826820000, with its registered office at Ulica Ivana Roba 27, Ljubljana, 1000 Ljubljana (hereinafter referred to as the company), as the data controller, hereby informs you of the manner in which we process and protect your personal data.
1. To what processing does this notice refer?
This notice deals with the processing of personal data:
Visitors to our websites (medicofit.si, medicofit.co.uk) (hereinafter referred to as Users);
If you do not fall into any of the above groups, please contact firstname.lastname@example.org and we will provide you with the relevant privacy notice that applies to you.
2. What information do we collect about you?
When you contact us, we collect and process your personal information (for example, information you provide to us by filling in forms on our website (the “Website”) or by telephone, email or otherwise). This includes information you provide when you register to use our Website, when you subscribe to our service (place an order on our Website, participate in discussions or other social media features on our Website, enter a prize game, promotion or participate in a survey, fill out an opt-in form, such as to participate in a recording), and when you report a problem with our Website. The information you provide to us may include your name, address, email address, telephone number, personal description and photographs, age, date of birth and gender, and any other information identified.
We do not collect or process specific types of (sensitive) personal data (for example, information about your health, sexual orientation, race or ethnicity) unless (i) the sensitive personal data is relevant for the specific purpose for which we are processing it; (ii) we are required to do so by law; or (iii) you have separately provided us with your explicit consent. Where you voluntarily provide us with personal data (including sensitive personal data) through contact with our website (for example, by voluntarily submitting sensitive personal data to us through the comments section of the website) of your own volition and not at our request, we will delete such personal data from our systems if we consider that the processing of such data is not necessary for a lawful purpose, unless you have made such data available to the public (for example, through a post on a forum that is publicly visible); in which case we will only delete the data from our websites if required to do so by law or if we do not wish to retain it.
We automatically collect the following information each time you visit our website:
– Technical data, which may include the Internet Protocol (IP) address used to connect your computer to the web, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device type and make of mobile device; this information may be in the third-party cookies may be collected and processed on our behalf. You can find more information about this at the link at the bottom of each web page.
– Information about your visit, which may include, for example, the full chain of “Uniform Resource Locators (URLs)” used to access to, through and from our website (including date and time), information about the pages you have viewed or searched (including articles read, categories accessed), page response times, download errors, duration of visits to specific pages (including average time spent on specific pages, viewing specific content or videos), the average time spent using an application and the number of views from such applications, the average number of articles viewed on our website, information about your interaction with the website (such as scrolling, clicks and mouse movements), the methods used to navigate away from the website, user behaviour information and any telephone number to call, or any email address to access our customer service representatives.
In some cases, we obtain your personal information from third parties, such as business partners, subcontractors for technical, payment and delivery services, advertising networks, analytics service providers, search information providers, credit rating agencies. When you visit and register on one of our online platforms, we may obtain your personal data from an unaffiliated social media provider (Facebook, Gmail) if you voluntarily choose to register through the unaffiliated social media provider’s platform.
3. How do we use your personal data and on what legal basis?
General: We may process your personal data for the purposes of performing a contract we have entered into with you; where we are required to comply with a legal obligation (for example, under legislation governing criminal liability for publicly inciting hatred, violence or intolerance); where it is necessary for our legitimate interests (or the legitimate interests of a third party) and your interests (for example, to detect and prevent fraud or to ensure the security of our network and information technology), unless your fundamental rights override those interests; where it is necessary to protect your vital interests (or the vital interests of others); or where it is necessary in the public interest or for official purposes.
We process your personal data for a variety of technical, administrative and operational reasons, such as to ensure that the content is presented to you in the most effective way for your computer; to improve our website, including its usability; to administer our website; for internal purposes, including troubleshooting, data analysis, testing, research, statistical and survey purposes; for marketing, including targeted marketing to show you content that may be of interest to you; and as part of our efforts to keep our website safe and secure.
In some cases, we will only process your personal data with your consent. In such cases, we will separately seek your explicit consent when you provide us with your personal data. You may subsequently withdraw your consent at any time via the email you receive or by setting up your profile on the individual website. However, this does not affect the lawfulness of any processing that took place before you withdrew your consent.
Where we require personal data to comply with legal or contractual obligations, the provision of personal data to you is mandatory. This means that if you do not provide such personal data, we will not be able to manage our contractual relationship or to comply with the obligations imposed on us by such relationship. In all other cases, the provision of personal data is optional and you are not obliged to provide it.
We may also process your personal data, such as identification data, contact data and residential address, in order to exercise our rights against you in the future. This processing is based on our legitimate interest to assert our rights in any disputes.
We will most often use your personal data in the following circumstances:
a. Users and customers:
For the purposes of providing services, delivering goods and making payments in accordance with relevant contracts (including subscription agreements), we may process your personal data such as identification data, contact data and bank details. Such processing is based on the performance of a contract to which users (in particular subscribers) are parties or on a legal obligation imposed on us.
We may process personal data in order to provide you with information about goods or services that we think may be of interest to you. If you are an existing customer, we will only contact you by email with information about goods and services that are similar to those that have been the subject of a previous sale or sales negotiation with you (direct marketing), unless you have previously told us that you do not wish to receive such communications. If you wish us to use your information in this way, please tick the appropriate box on the form on which we collect your information (order form OR registration form).
We will not share your personal data with third parties for marketing purposes without your prior explicit consent.
We may also use your personal information to measure or understand your preferences regarding programming content and to provide you with relevant content; to enable you to participate in interactive features of our services when you choose to do so; to measure or understand the effectiveness of advertising we display to you and others and to display relevant advertising; and to provide you and other users of our website with suggestions and recommendations about products or services that may be of interest to you.
In connection with your participation or attendance in the production or filming of television programme content or other media production, we may collect and process your personal data for the purposes of registration, participation or attendance at such production or filming, and to communicate with you accordingly. Such processing is based on the performance of a contract that you have entered into as a participant (for example, where you have voluntarily completed and submitted the relevant participation form prior to such participation).
Depending on the nature or character of a particular television programme or other media production, we may, with your consent, transmit or otherwise publish photographs, video recordings, sound recordings or audiovisual recordings of you, but in many cases we are not obliged to seek your consent and permission to process your personal data in connection with a particular production, recording or communication of such recordings to the public for certain journalistic, artistic or literary purposes. For the avoidance of doubt, nothing in this Notice affects our copyright and other intellectual property rights in relation to such productions and recordings.
4. How and to whom do we disclose your personal data?
We will not sell your personal data to third parties.
Only a limited number of employees in the company have access to your personal data on a need-to-know basis or to carry out business processes, such as employees in the marketing, legal, production, news and IT departments. These employees are bound by confidentiality obligations in relation to personal data. We take appropriate technical and organisational measures to protect personal data. Employees of the Company are only entitled to process personal data as directed by the Company and, where necessary, in connection with their work obligations.
We may also disclose your personal information to third parties, including:
(i) service providers who provide administrative, professional and technical support to the Company for IT support, security and business resources;
(ii) business partners, suppliers and subcontractors for the performance of any contract we enter into with you (including subscription to our services);
(iii) advertisers and advertising networks who need your information to select and display relevant advertisements. We do not disclose information about identifiable individuals to advertisers, but we do provide them with aggregate information about our users (for example, we may inform them that 500 men under the age of 30 clicked on their advertisement each day). Such aggregate information may help advertisers to reach a particular type of their target audience. We may use the personal data we collect from you to meet the preferences of our advertisers by showing their advertisements to the desired target audience;
(iv) [analytics and search engine providers to help us improve and optimize our website; the Company may also share personal information with outside advisors (e.g., lawyers, accountants, auditors) as necessary. In some cases, we may disclose personal information as necessary to our affiliates (including any of our subsidiaries or our ultimate holding company and its subsidiaries), which are listed at the following link: http://www.cetv-net.com. We and our affiliates have put in place appropriate safeguards against potential disclosure of personal information. We may share personal information with our affiliates and with other third parties in connection with certain types of transactions, including any transaction involving a change in control of the Company, a sale of a substantial part of the Company’s assets, or a restructuring.The Company uses due diligence in selecting non-affiliated service providers and requires that such service providers maintain appropriate technical and organizational security measures to protect personal information, and process personal information only in accordance with the Company’s instructions. Service providers may use subcontractors to provide services to the Company, provided that the subcontractor must comply with the same data protection requirements as the service provider itself.
5. Storage and transfer of personal data abroad.
We will not intentionally transfer your personal data outside the EEA unless appropriate safeguards are in place, including: (i) a decision by the European Commission on the adequacy of the recipient country or countries; (ii) a “Privacy Shield” certificate; (iii) appropriate binding corporate rules; (iv) an approved code of conduct together with binding and enforceable commitments by the controller or processor in the non-EU and non-EEA country; (v) an approved certification mechanism together with a binding and enforceable commitment by the controller or processor in the non-EU and EEA country to apply appropriate safeguards; or (iv) EU standard contractual clauses approved by the European Commission.
If you would like more information about any such transfer and the appropriate safeguards we have put in place prior to the transfer, you may contact the Data Privacy Officer or CME’s Data Protection Officer using the contact details below.
6. Your rights
You can ask us to confirm whether or not your personal data is being processed, to provide you with a copy of your personal data, or to amend/correct it. In certain circumstances, you have the right to request that we delete your personal data or that we transfer some of your personal data to you or to other entities on the basis of the right to data portability. You also have the right to object to certain processing of your personal data (for example, processing for direct marketing purposes or for certain decisions made solely by automated processing, including profiling). If we have asked for your consent to process your personal data, you have the right to withdraw that consent without any negative impact on you. If we process your personal data on the basis of our legitimate interest (as explained above), you have the right to object to such processing. You also have the right to restrict the processing of your personal data in certain circumstances.
Please note that in some cases your rights described above may be limited and subject to applicable data protection laws and regulations; for example, your right to object to the processing of your personal data may be limited if we demonstrate that we have compelling legitimate grounds for processing your personal data which may override your interests. When you make your request, you will be required to prove your identity and provide us with other information that will enable us to respond to your request. We will not charge any fees for responding to your request unless we are permitted to do so by law; if we do charge fees, they will be reasonable and proportionate to your request.
If you wish to exercise these rights, please contact us using the contact details below. We hope to be able to respond satisfactorily to any queries you may have about how we process your personal data. In any event, you have the right to complain to the competent data protection authorities. You can lodge a complaint in the Member State where you reside, work or where the alleged breach of data protection law occurred.
7. Retention period of your personal data
We intend to retain your personal data only for as long as is necessary in accordance with our Data Retention Policy, to carry out the purposes set out in this notice or in accordance with applicable law, subject to applicable minimum statutory retention periods, or as is necessary to exercise our (and others’) legal rights. We will retain the personal data of App Users for the duration of the use of the Mobile App or for as long as is required under the relevant applicable law, in accordance with our Data Retention Policy. If you would like further information about how long we retain your personal data, please contact us at email@example.com. Please note that we may process any of your personal data that has been anonymised without further notice.
Where we process your personal data on the basis of your consent, we will only process it for the period stated in your consent, unless you withdraw or restrict your consent before the end of that period. In such cases, we will cease to process the personal data concerned for the relevant purposes, subject to any legal obligation to process such personal data or the need to process such personal data in order to pursue our legitimate interests (including the legitimate interests of others).
8. Data security
We store your personal data on our own servers and on servers hosted by third parties (including third party cloud-based services). To this end, we have put in place appropriate technical and organisational measures to protect your personal data and prevent unauthorised access to it. In relation to services hosted by third parties, we have contractual arrangements in place which include obligations relating to the organisational and technical security of personal data. You are solely responsible for maintaining the confidentiality of any authentication methods (e.g. passwords) that you use to access particular parts of our websites.
The transmission of data over the Internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information that you transmit through our website; any transmission is at your own risk. Once we receive your information, we will implement strict procedures and security measures to prevent unauthorised access.
9. Children’s privacy
The Company does not (knowingly) collect personal data from persons under the age of 15 on its website. If a parent or guardian becomes aware that his or her child has provided personal information to the Company, he or she should inform the Company immediately. If the Company becomes aware that a person under the age of 15 has provided personal data to the Company, the Company will immediately delete such data from its servers, unless the parent or guardian expressly permits the Company to process the personal data of the child for certain purposes.
All sites affiliated with the Company’s group (including any subsidiaries or our ultimate holding company and its subsidiaries), collect and process limited personal data of children (as defined by applicable law) for services directed to children (information such as name, age and email address may be collected to assess eligibility for contest participation in connection with programs directed to children). In connection with these Sites, we ask (and encourage) children to obtain parental or guardian consent on these Sites, and the Company has taken reasonable steps to verify the validity of such consents.
10. Cookies and social media plug-ins
Our websites may include social media features such as Instagram, Facebook, LinkedIn or YouTube buttons. These features may collect information about you, such as your IP address and the websites you visit, and may set a cookie to ensure the feature works properly. The processing of this data through interactions with these features is governed by the privacy notice/policy of the company providing the service.
11. Links to other websites
Our websites may contain links to websites that are not under the control of the Company. When you click on a third party link, you will be redirected to that third party’s website. If you visit any of these linked websites, please read their privacy notices. We are not responsible for the policies and practices of other companies. Our company has no control over, and assumes no responsibility for, the content, privacy policies and notices, or practices of any third party websites or services.
12. Contact Us
If you have any questions or concerns about the processing of your personal data or if you wish to exercise any of your rights, please contact us by telephone on 041 410 360, by email at firstname.lastname@example.org or by letter addressed to Medicofit d.o.o., Ulica Ivana Roba 27, Ljubljana, 1000 Ljubljana.
Please do not disclose sensitive personal data (e.g. information about racial or ethnic origin, political opinions, religious or other beliefs, health or trade union membership), your tax number or criminal record information when contacting us.
Last updated: 05 May 2021