- ABOUT THE PRIVACY POLICY
At Vidvana d.o.o., we are aware of the responsibility of handling personal data and we respect your privacy. The purpose of this Privacy Policy is to inform visitors of the website maha.si and (potential) users of the services provided by Vidvana d.o.o. about the processing of your personal data.
Vidvana operates in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “General Regulation”), the Personal Data Protection Act (ZVOP-2, Official Gazette of the Republic of Slovenia, No. 163/2022), the Electronic Communications Act (ZEKom-1, Official Gazette of the Republic of Slovenia, No. 109/2012, as amended), and other regulations governing personal data protection.
By using the website maha.si, its subdomains and functionalities (hereinafter: the “Website”), the visitor accepts this Privacy Policy and confirms that they are familiar with and agree to it.
This Privacy Policy may be amended or supplemented at any time without prior notice. By continuing to use the Website after such changes, the visitor confirms their agreement with the amendments.
- DATA CONTROLLER
The controller of personal data is Vidvana d.o.o., Slovenska cesta 54, 1000 Ljubljana (hereinafter: the “Controller” or the “Provider”). If you have any questions, please contact us at info@maha.si.
- HOW WE OBTAIN YOUR DATA
Personal data is obtained when you visit or use the website maha.si or when you provide personal data through the Website’s functionalities, such as subscribing to online news, newsletters, etc., or booking an initial appointment. We also obtain your personal data when you provide it via other means (e.g., by phone or email) in connection with an examination at our clinic.
- LEGAL BASES FOR PROCESSING YOUR DATA
Processing based on your consent. The Provider collects and processes your personal data when you give your consent. Consent is given electronically by clicking the appropriate link on the Website, thereby confirming that you have read this Privacy Policy and agree to the collection and processing of the submitted data. Consent may also be given in another clear and demonstrable manner (e.g., via email).
Processing based on legitimate interest. The Provider may also process data on the basis of legitimate interests pursued by the Provider, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual. When relying on legitimate interest, the Provider conducts an assessment in accordance with the General Regulation.
Processing based on law and contractual relationships. Where the provision of personal data is a contractual obligation or necessary for entering into and performing a contract with the Provider, or a legal obligation, you must provide the personal data. If you do not provide the data, you cannot enter into a contract with the Provider, and the Provider cannot perform services or deliver products.
- TYPES OF PERSONAL DATA WE PROCESS
| Website visit | Newsletter subscription | Initial appointment booking | |
| Type of personal data processed | Data about the user’s use of the Controller’s Website: IP address, dates and times of visits, visited pages or URLs, time spent on individual pages, number of pages visited, total duration of the visit, etc. | Contact details: First name, Last name, Email, Address. |
Contact details: First name, Last name, Email, Address, Phone number. Data regarding your communication with the Controller: date, time and content of postal or email communication, booking details, date and location of the reserved appointment, etc. Other data obtained by the Provider or provided by the individual in connection with the initial examination. |
| Purpose | Ensuring the operation of the Website, network and information security, detection and prevention of unauthorized access that could compromise availability, integrity or confidentiality of stored or transmitted personal data, maintenance and improvement of the Website, content and usability, and analytics. |
Sending e-newsletters, information about promotions, events, promotional offers, the printed newsletter “Word of Mouth” or other publications and printed materials. Participation in prize contests. |
Booking the initial examination at the clinic and exchanging information related to the appointment. |
| Legal basis | Legitimate interest – Article 6(1)(f) GDPR | Consent – Article 6(1)(a) GDPR |
Processing necessary for the performance of a contract or steps prior to entering into a contract – Article 6(1)(b) GDPR. Processing necessary to comply with a legal obligation applicable to the Controller – Article 6(1)(b) GDPR. |
| Type of processing | Collection, storage, structuring, analysis, access, deletion. | Collection, storage, organization, access, use, deletion. | Collection, storage, organization, access, use, deletion. |
| Recipients of personal data | Controller, legal representative, employees or contractual partners managing the Website. | Controller, legal representative, employees or contractual partners assisting with newsletter distribution. | Controller, legal representative, employees or contractual partners assisting with booking or performing the initial examination. |
- DATA RETENTION PERIOD
The Provider will process your personal data only for as long as necessary to fulfill the purpose for which it was collected and further processed.
Personal data processed on the basis of law is retained for the period prescribed by law.
Personal data processed in connection with a contractual relationship is retained for the duration of the contract and for five years after its termination, unless a dispute arises.
Personal data processed on the basis of your consent is retained until you withdraw your consent or until the purpose has been fulfilled. You may withdraw your consent at any time.
After the retention period expires, the Controller will permanently delete or anonymize the data.
- PROTECTION OF PRIVACY AND PERSONAL DATA
We implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, or misuse of personal data.
- CONTRACTUAL PROCESSORS
The Provider may entrust certain data processing tasks to contractual processors. They may process personal data only on behalf of the Provider and within the scope of written authorization.
Contractual processors include:
Service providers
- Website hosting and maintenance providers;
- Data processing and analytics providers;
- IT system maintenance providers;
- Email service providers (e.g., InfusionSoft and others);
- Online advertising providers (e.g., Google, Facebook).
Processors may not use personal data for their own purposes.
The Provider will not disclose your personal data to unauthorized third parties.
- COOKIES
The Website uses cookies. Cookies are small text files placed on your device when you visit our Website.
Essential cookies ensure proper functioning and cannot be disabled.
With your consent, optional cookies (functional, analytical, and advertising) may be set.
For a list of cookies used, contact info@maha.si.
We may also use related technologies such as web beacons and tracking pixels.
- CHANGES TO PERSONAL DATA AND EXERCISE OF RIGHTS
If your personal data changes, please notify us at info@maha.si. You may also unsubscribe from newsletters via the same email.
You have the right to access, rectify, erase, restrict processing, object to processing, and request data portability.
To exercise your rights or file a complaint, contact Vidvana d.o.o., Slovenska cesta 54, 1000 Ljubljana or info@maha.si.
You also have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana.