Protecting your privacy is very important to us. This privacy policy (hereinafter the “Policy”) contains information about the processing of personal data collected when you visit mesimedical.com or when you contact us by email or through the contact forms on our websites.

We reserve the right to modify the information provided in this privacy policy without prior notice. The most current version is published on this website.

1. GENERAL INFORMATION

1.1. Identity and contact information of the controller

Mesi Ltd., Leskoškova cesta 11A, 1000 Ljubljana (hereinafter: “MESI”)

Phone number: 00386 (0)1 620 34 87

Email: info@mesimedical.com

1.2. Contact details of the Data Protection Officer (DPO)

Email: dpo@mesimedical.com

2. THE PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED AND THE LEGAL BASIS FOR ITS PROCESSING

Personal data is any information related to a specific or identifiable individual. Data anonymised in a way that does not enable identification of a specific individual is not considered personal data. All personal data is collected, processed, and used in accordance with the currently valid provisions of this Notice on the Protection of Personal Data specifically for the purposes of providing the requested service and for processing your requests.

All personal data is collected, processed, and used in accordance with the currently valid provisions of this Policy specifically for providing the requested services and for processing your requests on one of the legal bases stipulated below, as specified by the General Data Protection Regulation (hereinafter the “GDPR”).

2.1. For processing personal data for which we obtained the consent of the individual

to which the personal data refers (hereinafter the “Individual”), Subsection (a) of Article 6(1) of the GDPR applies: when you consent to receive the e-newsletters, when you contact us via contact forms, or when you consent to the use of cookies and plug-ins (hereinafter “Tools”).

2.1.1 E-newsletter

Based on your subscription to our e-newsletter, we are happy to regularly inform you regarding our latest offers by email. To receive the latest offers, you can subscribe to our e-newsletter and we will provide you with the information regarding our current and upcoming promotions, activities, and other requests for which you have expressed an interest. We use your email address for sending you e-newsletters, specifically intended to inform you about our activities. Registration is made via a double opt-in process. Upon registration, you will receive an email asking you to confirm your subscription.

Your consent for receiving the e-newsletter may be cancelled at any time by clicking the unsubscribe link provided at the end of every e-newsletter that we send you. Due to technical reasons, it may take a few hours for the system to process the unsubscribe request. During this time, you may in some cases still receive our e-newsletters.

2.1.2 Contacting or interacting with us via the online forms

For messages and questions, you may contact us via email and the contact forms (for presentations) published on the website healthyartheries.org.  All personal data on the stated forms is collected, processed, and used for processing your requests. Data used as part of resolving your request via email and data marked as mandatory in the contact form is required for processing your request.

We store data only until the objective has been fulfilled or withdrawal of consent.

2.1.3 Cookies and plug-ins (Tools)

2.1.4.1   Basic information regarding Tools that you agree to use

Tools that are not necessary for the functioning of the website are not used and are activated only after acquiring your express consent by selecting a specific type of consent and clicking “Accept all” or “Save”. In the latter case, cookies or plug-ins are installed on your browser, and their use is permitted only after you have given your express consent.

2.1.4.1   Cookies

Cookies are small text files, saved on your computer or mobile device by the websites that you visit. When visiting the website healthyartheries.org, only the cookies necessary for the functioning of the website are installed. Cookies that are not necessary for the functioning of the website or service are not used and are activated only after acquiring your express consent by selecting a specific type of consent and clicking “Accept all” or “Save”. In the latter case, cookies are installed on your browser and their use is permitted only after you have given your express consent.

With your consent, cookies can also be used to store settings selected on your previous visit, e.g., language, font size, and other settings for viewing the site that you have set on your computer or mobile device, so that you do not have to re-set them every time you visit. These cookies include marketing tools, which are used to collect and evaluate data for analysing user behaviour for the purposes of improving user experience. These cookies can be installed and used only after we acquire your express consent. Cookies that are used on our website are described below.

Most web browsers automatically accept cookies. If you want to revoke your consent for all websites that include mesimedical.com in their domain title, you can deactivate the Tools for which you have already given your consent by suitably adjusting your browser or mobile device settings. You can change the way your web browser operates in its settings, so that the computer or mobile device rejects cookies or that you receive a warning before a cookie is stored. You can also completely prevent the installation of cookies for all the websites you visit in your web browser. You can delete the cookies already stored on your computer or mobile device.

2.1.4.1   Tools for marketing and personalisation

Tools for marketing are usually used to research where the users come from and which parts of our website they access. They are used to collect and evaluate data for analysing user behaviour on our websites for the purpose of providing a better user experience. This is a type of personalised marketing strategy, as it is targeted advertising tailored to the user. By integrating analytic tools, we aim to improve and continuously optimise the website for the user. These cookies can be installed and used only after we acquire your express consent.

2.1.4.1   External service providers

To ensure additional functions and content, third-party content elements and plug-ins are used on our website in some cases. As with any website visit, transmitting information regarding your IP address to the provider of individual extensions is technically necessary. Such transmission is made directly from your browser, and MESI does not process your personal data in this respect. Plug-ins are enabled only with your express consent, which you give either by visiting the website healthyartheries.org or by using the respective plug-in.

2.1.4.1   Overview of Tools on our websites
Cookie typeCookie nameProviderCountryDurationPurpose
marketing or
personalisation
_gaGoogleUSA*2 yearsstatistics
marketing or
personalisation
_gatGoogleUSA*sessionstatistics
marketing or
personalisation
_gidGoogleUSA*sessionstatistics
marketing or
personalisation
_ga_#GoogleUSA*2 yearsstatistics
marketing or
personalisation
lastExternalReferrerFacebookUSA*permanentmarketing
marketing or
personalisation
lastExternalReferrerTimeFacebookUSA*permanentmarketing
marketing or
personalisation
_fbpFacebookUSA*3 monthsmarketing
* Commission Implementing Decision (EU) C(2023) 4745 of 10 July 2023

2.2. For processing personal data necessary for the implementation of the contract

to which the Individual is a party, Subsection (b) of Article 6(1) of the GDPR applies as legal basis for: the conclusion and execution of a cooperation agreement (when you suggest or apply to a call for cooperation). We also process personal data that we acquire when you use the website to apply for cooperation in campaigns and promotional activities. This is only to the extent of the cooperation that you propose (for the implementation of measures at the request of the Individual before the conclusion of the contract).

You are not obligated to provide the required data for this. However, if you refuse to disclose your personal data to us, cooperation might not be possible if disclosing the required data is a condition for cooperation.

This data is stored only until the purpose has been fulfilled or until appeal procedures are possible or have concluded.

2.3. In processing personal data necessary to comply with legal obligations

applicable to MESI, Subsection (c) of Article 6(1) of the GDPR applies as legal basis for: the transfer of data to legally authorised institutions.

2.4. In processing personal data necessary to comply with legal interests

pursued by MESI or a third party, except in cases where the fundamental rights and freedoms of the Individual override such interests, Subsection (f) of Article 6(1) of the GDPR applies as legal basis for: collecting log files (“logfile”) when visiting healthyartheries.org. When accessing or using the healthyartheries.org website and services it offers (e.g., joining a campaign), data related to these actions is collected in a log file (“logfile”) and stored for __ days. Each time they are accessed, the following set of data is stored:

  • IP address,
  • name of the opened file,
  • date and time of access,
  • amount of downloaded data,
  • notification indicating whether access was successful,
  • notification indicating whether access may not have been successful,
  • name of your Internet Service Provider,
  • if applicable, your computer’s operating system and web browser,
  • the webpage through which you came to our website.

Log files are processed for the purpose of ensuring the functioning of the website and the services it offers, system stability, data protection and operational security, and providing support and services.

3. WHETHER THE PROVISION OF PERSONAL DATA IS A STATUTORY OR CONTRACTUAL OBLIGATION

or an obligation necessary for the conclusion of a contract, and whether the Individual to whom the personal data relates is obliged to provide personal data, and the possible consequences if such data is not provided

The provision of personal data:

  • constitutes a contractual obligation for the implementation of the contract (Subsection (b) of Article 6(1) of the GDPR);
  • constitutes a statutory obligation in connection with the performance of an obligation imposed by law (Subsection (c) of Article 6(1) of the GDPR);

if you would not want to disclose your personal data, we would not be able to sign a contract with you or exercise certain rights and obligations under the contractual agreement, as we are required by law to process your personal data (e.g., legislation regarding medical devices and taxes).

Providing personal data for legitimate interests (Subsection (f) of Article 6(1) of the GDPR) is necessary to ensure MESI complies with the legislation, to ensure the functioning of the website and services on it, system stability, data protection and operational security, and providing support and services.

4. PERSONAL DATA USERS

4.1. MESI employees

Your data is processed by MESI employees as part of their work responsibilities and powers and in accordance with the internal organisation and systematisation of job positions for the performance of the duties in accordance with the regulations.

4.2. External users

  • providers of software and other Tools (plug-ins and cookies) or hosting;
  • courts, state authorities and other public authority holders, if they are entitled to obtain personal data by law in the context of specific proceedings (police, inspection and supervisory authorities, the Financial Administration of the Republic of Slovenia, etc.);
  • auditors;
  • other persons, if they have a basis for the acquisition or processing of personal data based on law or on a legally binding court decision, or if you have given them your express consent.

All external users in their relationship with MESI are obliged to comply with the applicable provisions regarding the protection of personal data. More information regarding our external service providers may be obtained by email at dpo@mesimedical.com.

5. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANISATION

Personal data is not transferred to international organisations, and is transferred to third parties only where you consent to install the Tools for analytics and marketing or those of social networks. In this case, data may be transferred to the US, where the companies offering such services are based, on the basis of and in accordance with the Commission Implementing Decision (EU) C(2023) 4745 on the adequate level of protection of personal data under the EU-US Data Privacy Framework of 10 July 2023, as in such cases adequate privacy protection related to such data processing is ensured. If you consent to this, in these cases the data is transferred on the basis of and in accordance with the adequacy decision of the European Commission (Article 45 of the GDPR). In this case, personal data is transferred to a third country only in the manner and under the conditions stipulated in this Policy. You can obtain more information regarding the safeguards in place, including a copy of the safeguards, by sending an email to dpo@mesimedical.com.

6. THE EXISTENCE OF AUTOMATED DECISION-MAKING OR PROFILING

No automated decision-making or profiling is carried out.

7. RETENTION PERIOD OF PERSONAL DATA

The retention period depends on the legal basis for which we process personal data and the purpose of the processing. Your personal data is kept only for as long as it is necessary for the purposes for which it is processed.

In cases where you have given us your personal consent to process your personal data, we store the personal data until your consent is revoked.

If processing of data is required for fulfilling your order, we store the data until the expiration of the warranty or the validity period.

In exceptional cases, we process your personal data for longer periods if this is required by the applicable regulations in the Republic of Slovenia and/or the European Union (e.g., accounting and tax regulations).

Specific retention periods are stipulated in Section 2 of this policy for various types of processing purposes.

8. THE RIGHTS OF THE INDIVIDUAL TO WHOM THE DATA REFERS

All Individuals whose personal data is collected and processed by MESI have the following rights:

  • the right to access their personal data,
  • the right to correct inaccurate personal data and complete incomplete personal data,
  • the right to the deletion of their personal data,
  • the right to restrict the processing of personal data,
  • the right to data portability,
  • the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia.

The Individual whose personal data is collected and processed by MESI has the right to request from MESI access to their personal data and correction or deletion of their personal data or a restriction of processing in relation to it, as well as the right to object to its processing, and the right to data portability. The Individual’s request is processed in accordance with the provisions of the GDPR.

For any questions or complaints, you may contact us directly at any time. To ensure a prompt response, you may contact us at the following email address: dpo@mesimedical.com.

8.1. Consent and the Individual’s right to withdraw consent

When the processing is based exclusively on your consent (Subsection (a) of Article 6(1) of the GDPR), the existence of the right to withdraw consent at any time does not affect the legality of the data processing carried out on the basis of consent up until its cancellation.

8.2. The right to file a complaint with a supervisory authority

In case of a violation of the legislation in the field of personal data protection, the Individual can submit a report to the supervisory authority, which in the Republic of Slovenia is the Information Commissioner.

9. WEBSITE TERMS OF USE

When using the mesimedical.com website, copyrights, name and trademark rights, and other related rights of third parties must be respected. All contents of the website are also protected, including images, videos, music, fonts and trademarks. Users of the mesimedical.com website agree to refrain from any misuse of contents, in particular not to include the contents in any private or commercial websites or use the contents for any commercial purposes. The same applies to downloading and using website contents for the aforementioned purposes. You may read more about this at the following link.