Privacy Policy

The Privacy Policy of Kirurgije Lah d.o.o. (hereinafter referred to as the “Privacy Policy”) includes:

Introductory provision
Administrator
Purposes of processing and categories of personal data processed
Grounds for processing personal data
Forwarding of personal data
Transfer of personal data to third countries
Retention period of personal data
Rights of individuals with regard to the processing of personal data
Data protection
Validity of the policy

1. Introductory provision

At Kirurgija Lah, plastic, aesthetic surgery and traumatology d.o.o., we value your privacy and therefore take care to protect your personal data at all times and follow the principles of secure processing of personal data. In this Privacy Policy, we tell you what personal data we process about you, what the purpose of the processing is, and what your rights are in relation to the processing of your data. When processing your personal data, we comply with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality.

2. Administrator

The controller of the personal data processed in accordance with this Privacy Policy is Kirurgija Lah, plastic, aesthetic surgery and traumatology, d.o.o., Vojkovo nabrežje 6, 4000 Koper – Capodistria (hereinafter: Kirurgija Lah).

3. Purposes of processing and categories of personal data processed

We collect and process your personal data for the following purposes:

to provide you with the information you have requested from us or to provide the services you have requested. This information may include your name, address, e-mail address, telephone number and other relevant data for the purpose of providing information and services;
to stay in touch with you as our business partners and keep you informed about our business activities and events. This information may include your name, address, e-mail address, telephone number, address, company and other relevant information;
to fulfil our contractual obligations to you. This information may include your name, address, email address, telephone number, address, workplace, company, the type of relationship you have with us and your medical information that we need to perform the services you have requested;
to help improve our website. This information may include your IP address, geographic location, device information, browser type, referral source, length of visit, operating system, number of page views, pages previously viewed and similar information;
comply with or observe legal obligations or requirements;
to send you promotional messages about our activities, including invitations to other events. This information may include your name, address, e-mail address, telephone number, address, company and other relevant information;
for recruiting new staff. This information may include your name, address, email address, telephone number, date of birth, details of your education and experience, CV, photograph and other relevant information;
for the successful and efficient organisation of our events, including promotional activities and the publication of audio, video and photographic documentation of events. This information may include your name, address, company, email address, phone number; a short biography with a picture (of speakers and performers), audio, video and photographic documentation of the events.

4. Grounds for processing personal data

We process your personal data on the following legal bases:

processing on the basis of a contract – according to Article 6(1)(b) of the GDPR, processing may be necessary for the performance of a contract to which the data subject is a party or for the performance of measures at the request of such data subject prior to the conclusion of the contract;
processing on the basis of legitimate interest – in accordance with Article 6(1)(f) of the GDPR, the processing of data may be based on our legitimate interest;
processing is necessary for the protection of the vital interests of the data subject or of another natural person – in accordance with Article 6(1)(d) of the GDPR;
processing based on consent – in accordance with Article 6(1)(a) GDPR. If consent is the basis of our processing, you can withdraw it at any time;
processing for the fulfilment of a legal obligation to which the controller is subject – in accordance with Article 6(1)(c) and (e) of the GDPR.

5. Forwarding of personal data

In order to fulfil the purposes for which your personal data is processed, we may disclose your personal data to the following entities:

to the contractual processors of personal data who process personal data on behalf of Kirurgija Lah d.o.o. as the controller, in accordance with the instructions and on behalf of the controller and for the purposes as set out above;
to other entities to the extent that it is obliged to do so pursuant to an order of a competent court or other public authority or in accordance with the law in force from time to time.

6. Transfer of personal data to third countries

We also transfer personal data to countries outside the EU/EEA (“third countries”), to persons affiliated with us and to contractual processors of personal data. In the event of such a transfer, we also comply with the safeguards for the protection of personal data as set out in the GDPR, insofar as and to the extent possible.

7. Social media platforms

Social media platforms include TikTok, Facebook, Youtube, Instagram and others. Meta, TikTok and Youtube act as independent data controllers who will process your personal data in accordance with their privacy policies.

Meta: https://privacycenter.instagram.com/

TikTok: https://www.tiktok.com/legal/privacy-policy/

Third party services (Google)

Google is an independent data controller and service provider (e.g. Google Maps, Google Analytics) that processes your personal data in accordance with its privacy policy: https://policies.google.com/privacy

Links to other websites

This website may contain links to websites operated by third parties. As we have no control over them, we do not accept any responsibility for the protection of personal data when you visit these websites. We recommend that you read the terms of use and privacy policies of these websites before using them.

7. Period of retention of personal data

We will only process your personal data until the purpose for which it is processed has been fulfilled, in accordance with the legislation in force at each time. Where the legal basis for processing is your consent, we will only process your data until the consent expires or is withdrawn.

8. Rights of individuals with regard to the processing of personal data

Individuals have a number of rights in relation to personal data, which they can exercise free of charge. Before exercising a right, Lah Surgery verifies the identity of the person exercising the right. The individual submits his/her request by form in writing to Vojkovo nabrežje 6, 6000 Koper- Capodistria or electronically via info@estetical.com.

A legitimate request is fulfilled by Lah Surgery within 1 month, in case of a complex request or a large number of requests, the deadline can be extended by another 2 months. Lah Surgery informs the individual of such an extension and the reasons for it.

Right of access to data: upon request, we will inform the data subject whether personal data concerning him or her are being processed and, where this is the case, provide the following information:

the purposes for which personal data are processed;
the types of data processed;
the users or categories of users to whom personal data have been or will be disclosed;
storage periods;
the existence of a right to obtain from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning the data subject, or the existence of a right to object to such processing;
the right to lodge a complaint with the Information Commissioner;
where the personal data are not collected from the individual, any available information concerning their source;
the existence of automated decision-making, including profiling, and meaningful information about the reasons for it, as well as the significance and foreseeable consequences of such processing for the data subject.

Upon request, Lah Surgery will make a copy of the personal data being processed and provide it to the individual.

Right to rectification: the Data Subject may at any time request the Lah Surgery to correct inaccurate or incomplete data concerning him or her.

Right to erasure (the so-called “right to be forgotten”): an individual may request that his or her personal data be erased in the following cases:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the individual withdraws the consent on the basis of which the processing is carried out and where there is no other legal basis for the processing;
the data subject objects to the processing of personal data and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21(2) of the GDPR;
the personal data have been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation under EU or Slovenian law.

Right to restriction of processing: the data subject may request that processing of data concerning him or her be restricted where:

the data is not accurate,
the processing is unlawful, the data subject objects to the erasure of the personal data and requests instead that the use of the personal data be restricted,
Lah Surgery no longer needs the data for processing purposes, but the data is needed for the individual to assert, exercise or contest legal claims,
the data subject has lodged an objection to the processing, pending verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability: the individual may, under the conditions set out in Article 20. Article 5 of the GDPR, the data subject shall have the right to request a printout of the data he or she has provided to Lah Surgery in a structured, commonly used and machine-readable format, and shall have the right to communicate such data to another controller without being hindered in doing so by Lah Surgery.

Right to object: an individual may, under the conditions set out in Article 21. Article 5 of the GDPR, objects to the processing of personal data.

Withdrawal of consent: the data subject shall have the right to withdraw the consent (assent) to the processing of his or her personal data where the processing is based on the consent, without prejudice to the lawfulness of the processing based on the consent prior to its withdrawal.

The data subject may send any complaint or request concerning the processing of personal data to the following e-mail address: info@estetical.com or by post to Kirurgija Lah d.o.o., Vojkovo nabrežje 6, 6000 Koper.

Any data subject shall also have the right to lodge a complaint directly with the Information Commissioner if he or she considers that processing of personal data concerning him or her infringes applicable law. Contact: the Information Commissioner, Dunajska cesta 22, 1000 Ljubljana. Telephone: 01 230 97 30, E-mail: gp.ip@ip-rs.si, DPO for the IP Office: dpo@ip-rs.si.

9. Data protection

All data will be strictly protected in accordance with the regulations on the protection of personal data and the internal regulations of Lah Surgery and will not be used for any other purposes. The Company implements appropriate technical and organisational measures to ensure a high level of security of personal data in its information systems and to safeguard the rights of data subjects.

10. Validity of the Policy

The Privacy Policy is available at https://estetical.com/. Any amendments shall enter into force on the date of their publication on the website. By using the website after a change or update, you confirm that you agree to such change or update. Privacy Policy last updated 6.6.2022

Cookie	Duration	Description
_icl_visitor_lang_js	3 months 8 days	This cookie is stored by WPML WordPress plugin. The purpose of the cookie is to store the redirected language.
wpml_browser_redirect_test	session	This cookie is set by WPML WordPress plugin and is used to test if cookies are enabled on the browser.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_PW72SE8CDN	2 years	This cookie is installed by Google Analytics.
_ga_WR12H0V89C	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_187302088_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Privacy Policy

Hitre povezave

Ceniki

Ostalo