Privacy Policy
1. General
Medis Intago, d.o.o. with its affiliate companies respects your right to privacy and endeavours to ensure the highest level of protection for your personal information. Therefore, when carrying out our activities, we are committed to acting in accordance with laws and regulations that govern the protection of Personal Data. In particular the Personal Data Protection Act, the Electronic Communications Act and the General Data Protection Regulation of the EU. The purpose of this Privacy Statement is to inform you of the purposes for which your personal information will be acquired and how it will be used, what your rights are in relation to the information we keep about you and how you can exercise those rights.
Medis Intago, d.o.o. with its affiliate companies undertakes that the personal information which you submit will be used in accordance with this Privacy Statement and will not be sold, lent or otherwise transferred to any third parties, except in cases provided for in this Statement. 2. Data ControllerThe controller of your Personal Data is Medis Intago, d.o.o., Brnčičeva 3, 1231 Ljubljana - Črnuče, gdpr(at)medis-health.com, (01) 589 69 00. As we value your privacy very highly, we have appointed an authorized Data Protection Officer for you to contact should you have any questions regarding the processing of your Personal Data. Our authorized Data Protection Officer is the JK Group d.o.o., Stegne 27, 1000 Ljubljana. Matija Jamnik has been designated as the person responsible. To contact the authorized Data Protection Officer, please send an e-mail to gdpr(at)medis-health.com or call us at (01) 589 69 00. All the topics and content handled by the authorized Data Protection Officer will be subject to strict confidentiality. This Privacy Statement applies to:
3. Types of Personal DataWe only process your Personal Data on the basis of clearly stated and legitimate purposes, which are defined in this Policy. Medis Intago is committed to the principle of data minimisation, which means that we collect, store and process only the data we need to fulfil the purposes for which they are collected. We collect your personal information directly from you (e.g. you provide your personal information when ordering our services, participating in our events or making inquiries). Your personal information may also be obtained from publicly available records. Personal Data that we process may include:
4. Purpose of data processing and types of Personal DataAll the personal information you provide to us will be treated confidentially and will only be used for the purposes for which they were submitted. Should a need arise for any further processing of your information for another purpose, we will contact you in advance and ask for your consent. To facilitate transparency, we have categorised the purposes for which we process your personal information into three sets:
1. Processing purposes related to Expert PublicBelow, we set forth the purposes for which the processing of Personal Data is carried out for individuals that are part of the Expert Public (please refer to the last Section of this Policy for a definition of who belongs to the category of Expert Public) and for participants in clinical trials.
Communication of professional information about Expert Public in the field of health and pharmaceutics about medicines, dietary supplements, medical devices and events Name, surname, address and contact, education and work experience, and data on the job of healthcare and pharmaceutical professionals are collected for the purpose of providing professional information on medicines, dietary supplements and medical devices marketed by the company, and events the company organizes. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information about your rights regarding the communication of professional information. The communication of professional information is carried out on the basis of basic content customization according to your field of activity (healthcare, pharmaceutics) and depending on your responses to specific content and your preferences. This customization is carried out on the basis of our legitimate interest in providing up-to-date solutions when interacting with customers regarding medicines. Processing of feedback from the Expert Public in the field of health and pharmaceutics for the purpose of personalized communication
Feedback collected by our representatives in the field and by means of a customer satisfaction survey is collected in order to customize the information to individual preferences. These include contact information preferences for contacting you, or your preferred communication channel; information about the time you spent interacting with us, the location of these interactions, and your response to the various interactions you have with our representative, and details of any previous relations you had with another health organization. This information is processed on the basis of our legitimate interests in facilitating efficient and successful administration and management of our business and providing up-to-date solutions when interacting with customers regarding medicines. Please refer to Section 6 of this Policy for more information on legitimate interest as a basis for the processing of Personal Data. Direct marketing of pharmaceutical products to employees in pharmacies and wholesale drugstores
Name, surname, address and contact, education and work experience, and data on the job of pharmaceutical professionals are collected for the purpose of direct marketing of medicines, dietary supplements and medical devices marketed by the company. This information is processed on the basis of our legitimate interest in efficient and successful administration and management of our business. Please refer to Section 6 of this Policy for more information on legitimate interest as a basis for the processing of Personal Data. Implementation of clinical trials in various fields of medicine Name, surname, gender, age, contact, and medical condition are used for the purpose of carrying out clinical trials and providing information regarding ongoing clinical trials. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information about your rights regarding the communication of professional information. Conclusion and implementation of education and copyright agreement
Name, surname, address, contact, bank account, and tax number, are used for the purpose of concluding and implementing education and copyright agreements. This information is processed on the basis of an agreement. Please refer to Section 6 of this Policy for more information about agreement as a basis for processing personal information. 2. General purposes of processingThis section sets forth processing purposes that may be relevant for both groups; the Expert Public and the End Users.
Compliance with requirements laid down by laws and regulation In certain cases, laws and regulations may require us to process or communicate your personal information. In such cases, we process your personal information on the basis of the law; such processing or communication of Personal Data is mandatory. Retention of unsuccessful recruitment information submitted by candidates. Name, surname, e-mail, address, mobile phone, and CV are used for the purpose of carrying out recruitment and providing notice about current vacancies. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information.
Implementation of prize games organized by Medis Intago d.o.o. Name, surname, gender, age, e-mail, and address are used for the purpose of carrying out prize games. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information.
Mailing free samples to subscribers Name, surname, gender, age, e-mail, and address are used for the purpose of mailing free samples. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information.
Enabling access and use of the Medisplus.si loyalty club Name, surname, gender, age, e-mail, address, history of purchases and prize items are used for the purposes of the loyalty club. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information.
Enabling access and use of the Novalac loyalty club Name, surname, gender, age, e-mail, address and child’s age are used for the purposes of the loyalty club. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information. Enabling access and use of the Defendyl/Imunoglukan loyalty club Name, surname, gender, age, e-mail and address are used for the purposes of the loyalty club. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information.
Communicating with users based on your request, regardless of the request channel (e-mail, completing the contact form on our website, phone call, etc.) Name, surname, gender, age, e-mail and address are used for the purposes of responding to your request. This information is processed on the basis of our legitimate interest in familiarizing our customers with additional information and presentations for the purpose of improving our services. Please refer to Section 6 of this Policy for more information on legitimate interest as a basis for the processing of Personal Data.
Implementation of the Medis Awards competition Name, surname, address and contact, education, work experience, and data on the job of healthcare professionals are used for the purpose of carrying out the Medis Awards competition. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information.
Distribution of newsletters to End Users Name, surname, gender, age, e-mail and address are used to distribute newsletters. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information. Distribution of newsletters is carried out on the basis of basic content customization according to the products you have expressed interest in or purchased in our on-line store. Such customization is carried out on the basis of our legitimate interest in familiarizing our customers with additional information and presentations in order to improve our portfolio of services. Distribution of newsletters to our partners and potential partners Name, surname and e-mail are used to distribute newsletters. This information is processed on the basis of our legitimate interest in facilitating efficient and successful administration and management of our business. Please refer to Section 6 of this Policy for more information on legitimate interest as a basis for the processing of Personal Data.
3. Purposes related to the provisioning of the on-line store service:This category comprises processing purposes related to the use of the on-line store.
Enabling user access and use of the Medis Intago d.o.o. internet account available within the www.medisplus.si on-line store (the use of on-line store with registration) Name, surname, gender, e-mail, and address are used to fulfil the on-line purchase. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the Section titled “Your rights” for more information.
Statistical analyses of customer data, orders and prospective buyers This information is processed on the basis of our legal interest in the optimization of advertising and operations of Medis Intago d.o.o. Should Medis Intago d.o.o. identify a need for further processing of Personal Data for purposes that are incompatible with the above stated purposes, we will provide prior notice and ask for your consent regarding such processing. Reporting adverse effects of medicines and medical devices Data about the patient (date of birth, information about health, medical history) and data about the person reporting adverse effects (name and surname, contact, profession) are used for the purposes of monitoring the safety of medicines and medical devices. As a pharmaceutical company we are legally obliged to monitor the safety of all Medis products around the world, which we develop or market in any country. The purpose of monitoring the safety of medicines and medical devices is to enable us and the competent regulatory public authorities (e.g. the European Medicines Agency and other authorities) to manage the adverse events, as well as protect the public health and ensure the high standards of quality and safety of the products. Under our obligations of monitoring the safety of medicines and medical devices also belongs the processing of certain data, from which we can directly or indirectly identify the person reporting the adverse event (“personal data”), in order to fulfil our strict obligations regarding the constant assessment of benefits and risks of products, and to report to the competent regulatory public authorities about the suspected adverse effects or events. 5. Data UsersThe Controller may transfer your personal information to third parties. The access of third parties to the information, and the processing of data by these parties are limited to the purposes for which such data were collected. All third parties to whom we may provide your Personal Data are bound to comply with applicable laws and regulations as well as the provisions of this Privacy Statement. We may provide your personal information to:
We exchange certain personal information with the third parties described above. We will ensure that access will be granted to third parties only for the purposes set out in this Statement. We will take appropriate measures to ensure that access to your Personal Data will be granted only to the employees of the above listed third parties who need access to Personal Data to carry out their work. We limit the access to Personal Data both to Medis Intago and to employees in our affiliated companies. All employees who have access to Personal Data are liable to protect the Personal Data they process. Your Personal Data may also be processed by Medis Intago and the above listed third parties outside the European Economic Area, including countries that may not provide such Personal Data protection as is in force within the European Economic Area. In accordance with applicable data protection and privacy regulations, we will take appropriate measures to ensure that your Personal Data will remain secure and safe in every transfer. We will define these measures by concluding appropriate contractual frameworks that will determine the protection of Personal Data. 6. Legal grounds for the use of Personal DataThe grounds on which we use your personal information:
Whenever we process your Personal Data on the basis of legitimate interests, we will explicitly indicate this in this Policy or inform you in advance on a special form.
You are obligated to provide personal information that we collect and process pursuant to laws and regulations. You communicate your personal information for the purpose of conclusion (and implementation) of an agreement on a voluntary basis. Nevertheless, we would like to point out that if you fail to provide us with personal information which we need in order to provide a specific service, we will not be able to provide that service (e.g. it is necessary that you provide your e-mail when making a purchase in our on-line store in order for us to fulfil your order). With regard to Personal Data processing on the basis of your consent, the provision of personal information is always voluntary and without any negative consequences for you. Nonetheless, we would like to point out that we will not be able to provide certain services without your consent, or after you withdraw your consent (e.g. using Novalac loyalty club). 7. Retention periodWe store all the Personal Data that we process in accordance with laws and regulations and only for the time required to achieve the purposes for which the data were collected. When the Personal Data retention period is prescribed by law, data are kept in accordance with the provisions of the applicable law. When the grounds for the collection and processing of Personal Data is an agreement, the retention period lasts for the entire contractual term, including warranty or any other period arising from the concluded agreement. When collecting and processing your personal information on the basis of your express consent, we keep your personal information permanently or until revocation. In the event that the purpose for which we have processed your information will be fulfilled, we will delete your information even if you do not withdraw your consent. For example, when we organize a prize game, the purpose of the collection and processing is fulfilled when the prizes are awarded, so we will delete all the participants' data (with the exception of those needed for legal reasons), even if you do not submit the revocation, because the purpose of the collection is fulfilled (i.e. prizes were awarded). 8. Data protection methodsMedis Intago, d.o.o. commits to protecting the personal information you provide to us. Medis Intago, d.o.o. will do everything to protect Personal Data from any violation and misuse. We store Personal Data in paper or digital form. All paper documents with your Personal Data are stored in protected areas, our computer systems are protected by technical and organizational measures that prevent any accidental or deliberate destruction, loss, damage, alteration and unauthorized disclosure or access to your Personal Data. Technical and organizational measures that we use to protect your Personal Data include, but are not limited to:
After expiry of the retention period or the revocation of obtained consent, the data (including any copies thereof) are immediately, irretrievably and permanently deleted. Any Personal Data carriers where such data are located are also permanently destroyed or deleted. Should a violation of Personal Data protection occur, we will immediately inform the competent supervisory authority. For Slovenia, the competent authority for Personal Data protection is the Information Commissioner. To find out more about the function of the competent authority, please refer to their website. Should a criminal offence be suspected in the event of a violation of Personal Data protection, we will immediately notify the police or the competent prosecutor's office. Should a high risk violation of Personal Data protection occur involving the rights and liberties of individuals whose Personal Data we process, we will inform you of such violation without any undue delay. 9. Your rightsMedis Intago, d.o.o. ensures that you can exercise all the rights that you have in relation to the processing of your Personal Data. Termination of subscription to product newsletters If you no longer wish to be informed about the products marketed by Medis Intago, d.o.o. and its affiliated companies, you can contact us at gdpr(at)medis-health.com or call us at (01) 589 69 00, or inform our professional associate upon their visit (if you are a healthcare or pharmaceutical professional). The Data Subject may at any time request Medis Intago, d.o.o. to:
Consent may be withdrawn by an individual in any manner specified in Section 10 of this Policy. Withdrawal of consent does not create any negative consequences for you. After you withdraw your consent, we will not offer certain services if these services are of such a nature that we cannot perform them without you providing your personal information (e.g., without the processing of your e-mail address we cannot provide you with e-mail notification services). Every individual to whom data relates has the right to file a complaint against us with the Information Commissioner. You can exercise your rights by contacting us by e-mail at: with subject of the message Personal Data protection or by calling us at:. Medis Intago, d.o.o. commits to respond to the Data Subject’s requests without undue delay, and at the latest within the statutory deadlines. 10. ContactThe person responsible or Data Protection Officer at Medis Intago, d.o.o. will answer your questions about the confidentiality of your information, the way in which data is collected and processed, or your requests to exercising the rights relating to your information. To contact the authorized Data Protection Officer, please send an e-mail to gdpr(at)medis-health.com or call us at (01) 589 69 00. 11. Definitions
This Section sets forth the definition of terms used in this Policy. Personal Data is any information that refers to a specific or identifiable individual, specifically: name, identification number, web identifiers as well as factors that are characteristic of the individual's physical, physiological, genetic, mental, economic, cultural or social identity. Processing is any act or set of actions that is carried out with Personal Data and includes, in particular, the collection, editing, storing, modifying, viewing, retrieval and deletion of such data. Controller is a natural or legal entity who, alone or jointly with others, determines the purposes and means of processing. For the purposes of this Policy, Medis Intago d.o.o. is the Controller. Processor is a natural or legal entity as well as a public authority or agency or other body that processes Personal Data on behalf of the Controller. Expert Public means natural persons working in a medical or pharmaceutical profession (such as medical institutions, pharmacies) as well as people employed in wholesale drugstores with whom we cooperate. End user is any natural person who uses our services (including on-line store users, members of loyalty clubs, etc.). 12. ChangesWe reserve the right to periodically amend this Privacy Statement to adjust it according to current conditions and Personal Data protection legislation. For this reason, we ask you to check the updated version before providing any personal information, so that you will be aware of any changes or updates. |