Privacy Policy
Protecting your privacy is very important to us. This privacy policy (hereinafter the “Policy”) contains information about the processing of personal data collected when you visit mesimedical.com or when you contact us by telephone, email or through the contact forms on our websites.
We reserve the right to modify the information provided in this privacy policy without prior notice. The most current version is published on this website.
1. GENERAL INFORMATION
1.1. Identity and contact information of the controller
MESI, Ltd. Leskoškova cesta 11A, 1000 Ljubljana (hereinafter: MESI).
Phone number: 00386 (0)1 620 34 87
Email address: info@mesimedical.com
1.2. Contact details of the Data Protection Officer (DPO)
Email address: dpo@mesimedical.com
1.3. Notice on the protection of personal data
This notice on the Protection of Personal Data applies to the following MESI websites:
In the continuation of the policy, the term ‘website mesimedical.com’ or simply ‘website’ applies to all the listed websites above.
2. THE PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED AND THE LEGAL BASIS FOR ITS PROCESSING
Personal data is any information related to a specific or identifiable individual. Data anonymised in a way that does not enable identification of a specific individual is not considered personal data. All personal data is collected, processed, and used in accordance with the currently valid provisions of this Notice on the Protection of Personal Data specifically for the purposes of providing the requested service and for processing your requests.
All personal data is collected, processed, and used in accordance with the currently valid provisions of this Policy specifically for providing the requested services and for processing your requests on one of the legal bases stipulated below, as specified by the General Data Protection Regulation (hereinafter the “GDPR”).
For processing personal data for which we obtained the consent of the individual to which the personal data refers (hereinafter the “Individual”), Subsection (a) of Article 6(1) of the GDPR applies: when you consent to receive the e-newsletters, register a user account on the MESI mSTORE or Trade-in website, when you contact us via contact forms, or when you consent to the use of cookies and plug-ins (hereinafter “Tools”).
2.1 E-newsletter
Based on your subscription to our e-newsletter, we are happy to regularly inform you about our latest offers by email. To receive the latest offers, you can subscribe to our e-newsletter and we will provide you with the information regarding our various products, current and upcoming promotions and other offers for which you have expressed an interest. We use your email address for sending you e-newsletters, specifically intended to inform you about our offers. Registration is made via a double opt-in process. Upon registration, you will receive an email asking you to confirm your subscription.
Your consent for receiving the e-newsletter may be cancelled at any time by clicking the unsubscribe link provided at the end of every e-newsletter that we send you. Due to technical reasons, it may take a few hours for the system to process the unsubscribe request. During this time, you may in some cases still receive our e-newsletters.
2.2 User accounts on MESI mSTORE, Partner Portal
You may also open a user account on the MESI mSTORE or Trade-in website. Without providing the data marked as mandatory, a user account cannot be created and thus cannot be opened. Registration is made via a double opt-in process. Upon registration, you will receive an email asking you to confirm your subscription.
Your user account remains open until you request its deletion or until you delete it yourself. If you violate the General Conditions of the website or service, MESI reserves the right to unilaterally terminate and thus delete your user account.
We store the data until you revoke your consent or until appeal procedures are possible or have been concluded.
2.3 Contacting or interacting with us via the contact forms
For messages and questions, you may contact us via telephone, email, or the contact forms (for presentations) published on the website mesimedical.com. All personal data is collected, processed, and used for processing your requests. In telephone conversations, your personal data is processed only if this is necessary for resolving your request. Data used as part of resolving your request via telephone or email and data marked as mandatory in the contact form is required for processing your request.
We store data only until the objective has been fulfilled or until withdrawal of consent.
2.4 Cookies and plug-ins (Tools)
2.4.1 Basic information regarding the Tools that you agree to use
Tools that are not necessary for the functioning of the website are not used and are activated only after acquiring your express consent by selecting a specific type of consent and clicking “Accept all” or “Save”. In the latter case, cookies or plug-ins are installed on your browser, and their use is permitted only after you have given your express consent.
2.4.2 Cookies
Cookies are small text files, saved on your computer or mobile device by the websites that you visit. When visiting the website mesimedical.com, only the cookies necessary for the functioning of the website are installed. Cookies that are not necessary for the functioning of the website or service are not used and are activated only after acquiring your express consent by selecting a specific type of consent and clicking “Accept all” or “Save”. In the latter case, cookies are installed to your browser, and their use is permitted only after you have given your express consent.
With your consent, cookies can also be used to store settings selected on your previous visit, e.g., language, font size, and other settings for viewing the website that you have set on your computer or mobile device, so that you do not have to re-set them every time you visit. These cookies include marketing tools, which are used to collect and evaluate data for analysing user behaviour for the purposes of improving user experience. These cookies can be installed and used only after we acquire your express consent. Cookies that are used on our website are described below.
Most web browsers automatically accept cookies. If you want to revoke your consent for all websites that include mesimedical.com in their domain title, you can deactivate the Tools for which you have already given your consent by suitably adjusting your browser or mobile device settings. You can change the way your web browser operates in its settings, so that the computer or mobile device rejects cookies or that you receive a warning before a cookie is stored. You can also completely prevent the installation of cookies for all the websites you visit in your web browser. You can delete the cookies already stored on your computer or mobile device.
2.4.3 Tools for marketing and personalisation
Tools for marketing are usually used to research where the users come from and which parts of our website they access. They are used to collect and evaluate data for analysing user behaviour on the websites for the purpose of providing a better user experience. This is a type of personalised marketing strategy, as it is targeted advertising tailored to the user. By integrating analytic tools, we aim to improve and continuously optimise the website for the user. These cookies can be installed and used only after we acquire your express consent.
2.4.4 External service providers
To ensure additional functions and content, third-party content elements and plug-ins are used on our website in some cases. As with any website visit, transmitting information regarding your IP address to the provider of individual extensions is technically necessary. Such transmission is made directly from your browser, and MESI does not process your personal data in this respect. Plug-ins are enabled only with your express consent, which you give either by visiting the website mesimedical.com or by using the respective plug-in.
2.4.5 Overview of Tools on our websites
| Cookie type | Cookie name | Provider | Country | Validity | Purpose (description) |
|---|---|---|---|---|---|
| necessary | cookie_control_consent (mesimedical.com) | MESI | EU | 1 year | performance or functional |
| necessary | cookie_control_enabled_cookies (mesimedical.com) | MESI | EU | 1 year | performance or functional |
| necessary | wp-wpml_current_language(mSTORE | MESI | EU | 1 day | performance or functional |
| necessary | wordpress_test_cookie(mSTORE) | MESI | EU | session | performance or functional |
| necessary | wordpress_sec_*(mSTORE) | MESI | EU | 14 days | performance or functional |
| necessary | wordpress_logged_in_*(mSTORE) | MESI | EU | 14 days | performance or functional |
| necessary | mcloud_access_token(mSTORE) | MESI | EU | 1 year | performance or functional |
| necessary | PHPSESSID(mSTORE) | MESI | EU | session | performance or functional |
| marketing orpersonalisation | _pk_id | Matomo | EU | 13 months | statistics |
| marketing orpersonalisation | _pk_ref | Matomo | EU | 6 months | statistics |
| marketing orpersonalisation | _pk_ses, _pk_cvar, _pk_hsr | Matomo | EU | 30 minutes | statistics |
| marketing orpersonalisation | _pk_testcookie | Matomo | EU | 1s | statistics |
| marketing orpersonalisation | mtm_consent | Matomo | EU | 30 years | statistics |
| marketing orpersonalisation | mtm_cookie_consent | Matomo | EU | 30 years | statistics |
| marketing orpersonalisation | matomo_ignore | Matomo | EU | 30 years | statistics |
| marketing orpersonalisation | matomo_sessid | Matomo | EU | 14 days | statistics |
| marketing orpersonalisation | __hssc | Hubspot | EU | 30 minutes | statistics |
| marketing orpersonalisation | __hssrc | Hubspot | EU | session | statistics |
| marketing orpersonalisation | hubspotutk | Hubspot | EU | 13 months | marketing |
| marketing orpersonalisation | __hstc | Hubspot | EU | 13 months | marketing |
| marketing orpersonalisation | ph_D14-mavSM_JTzyDcB0wITfXTEReqv78Tmionmf9EvUk_posthog (mesimedical.com) | MESI | EU | session | statistics |
| marketing orpersonalisation | _fbp (mesimedical.com) | USA* | 3 months | marketing | |
| necessary | player_clearance | Vimeo | USA* | 7 days | performance or functional |
| necessary | cf_clearance | Vimeo | USA* | 1 year | performance or functional |
| necessary | _cf_bm | Vimeo | USA* | 30 minutes | performance or functional |
| necessary | _cfuvid | Vimeo | USA* | session | performance or functional |
| marketing orpersonalisation | bcookie | USA* | 1 year | marketing | |
| marketing orpersonalisation | li_gc | USA* | 6 months | marketing | |
| marketing orpersonalisation | lidc | USA* | 24 hours | marketing | |
| marketing orpersonalisation | _gcl_au | USA* | 90 days | marketing |
For processing personal data necessary for the implementation of the contract to which the Individual is a party, Subsection (b) of Article 6(1) of the GDPR applies as legal basis for: the conclusion and execution of a sales contract (when you use website services in relation to the exercise of your rights and obligations regarding the purchase of a MESI mTABLET device and related accessories), an employment contract (when you apply for an advertised job post), or a cooperation agreement (when you suggest or apply to a call for cooperation).
2.5 Sales contract
The website mesimedical.com includes forms for support, purchases, and other enquiries. All mandatory personal data stated on the above-mentioned forms are collected, processed, and used for processing the requests of such a user. This also applies to processing operations necessary for carrying out measures that are necessary prior to the conclusion of the actual contract. Without providing the mandatory data, processing your request would not be possible.
When processing of data is required for fulfilling your order, we store the data until the expiration of the warranty or the validity period. In this case, your data is stored for seven years for requests related to the warranty or a material defect.
2.6 Employment contract
The website mesimedical.com includes forms for applying to advertised job posts. This is to the extent, in the manner, and under the conditions necessary for the purpose of selecting a suitable candidate for employment in the context of the specific advertisement for the vacant position to which the candidate applies (for the implementation of measures at the request of the Individual before the conclusion of the contract).
If the candidate does not provide the necessary personal data for the selection of a suitable candidate for the vacant position or in the context of the employment procedure, MESI is not able to process the application and consequentially cannot enter an employment contract with the candidate (in case the candidate is selected).
We store the candidate data only until the purpose has been fulfilled or until appeal procedures of the unsuccessful candidates are possible or have concluded.
2.7 Cooperation agreement
We also process personal data that we acquire when you use the website to apply for cooperation in promotion of products or for wholesale. This is only to the extent of the cooperation that you propose (for the implementation of measures at the request of the Individual before the conclusion of the contract).
You are not obligated to provide the required data for this. However, if you refuse to disclose your personal data to us, cooperation might not be possible if disclosing the required data is a condition for cooperation.
This data is stored only until the purpose has been fulfilled or until appeal procedures are possible or have concluded.
In processing personal data necessary to comply with legal obligations applicable to MESI, Subsection (c) of Article 6(1) of the GDPR applies as the legal basis for: the transfer of data to legally authorised institutions or a contractual partner or an authorised agent for the sale of a MESI mTABLET medical device within the meaning of Regulation (EU) 2017/745 of the European Parliament and Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009, and repealing the EU Council Directives 90/385/EEC and 93/42/EEC (the “MDR”) for the purpose of ensuring product vigilance.
In processing personal data necessary to comply with legal interests pursued by MESI or a third party, except in cases where the fundamental rights and freedoms of the Individual override such interests, Subsection (f) of Article 6(1) of the GDPR applies as legal basis for: collecting log files (“logfile”) when visiting the mesimedical.com, website, implementing video surveillance on MESI’s proprietary premises, or in cases of communication between MESI and the costumer under the Electronic Communications Act (Zakon o elektronskih komunikacijah – ZEKom-1).
2.8 Video surveillance of access to MESI premises
To prevent damage to property and ensure people’s safety, video surveillance of the access to MESI premises is carried out.
The CCTV recordings are stored for 3 days after their recording or until legal proceedings are possible or concluded. Information regarding video surveillance can be acquired via the email address listed on the notice regarding video surveillance posted on the premises. For general information regarding video surveillance, you may contact dpo@mesimedical.com.
2.9 Customer communication under the Electronic Communications Act
If you did not object to this at the time of purchase, we will be happy to keep you informed of our current offers via email after your purchase. This is for the purpose of providing you with information regarding our various products, current and upcoming promotions and special offers. In this case, your email address is used for sending you notifications regarding our offers.
You may unsubscribe from such notifications at any time by clicking the unsubscribe link provided at the end of every such notification that we send you. Due to technical reasons, it may take a few hours for the system to process the unsubscribe request. During this time, you may in some cases still receive such notifications. The data is stored until you revoke your consent to such storage or until appeal procedures are possible or have been concluded.
3. WHETHER THE PROVISION OF PERSONAL DATA IS A STATUTORY OR CONTRACTUAL OBLIGATION
or an obligation necessary for the conclusion of a contract, and whether the Individual to whom the personal data relates is obliged to provide personal data, and the possible consequences if such data is not provided
The provision of personal data:
constitutes a contractual obligation for the implementation of the contract (Subsection (b) of Article 6(1) of the GDPR);
constitutes a statutory obligation in connection with the performance of an obligation imposed by law (Subsection (c) of Article 6(1) of the GDPR);
if you would not want to disclose your personal data, we would not be able to sign a contract with you or exercise certain rights and obligations under the contractual agreement, as we are required by law to process your personal data (e.g., legislation regarding medical devices and taxes).
Providing personal data for legitimate interests (Subsection (f) of Article 6(1) of the GDPR) is necessary to ensure MESI complies with the legislation, to ensure the functioning of the website and services on it, for system stability, for data protection and operational security, for providing support and services, for providing protection of property and people or vigilance of a medical device.
4. PERSONAL DATA USERS
4.1. MESI employees
Your data is processed by MESI employees as part of their work responsibilities and powers and in accordance with the internal organisation and systematisation of job positions for the performance of duties in accordance with the regulations.
4.2. External users
to process your requests or to provide the ordered services or products, it may be necessary for your personal data to be transferred to an authorised agent for sales of the MESI mTABLET medical device within the meaning of the MDR in the third country in which you wish for your request or order to be executed or delivered;
providers of software and other Tools (plug-ins and cookies) or hosting;
courts, state authorities and other public authority holders, if they are entitled to obtain personal data by law in the context of specific proceedings (police, inspection and supervisory authorities, the Financial Administration of the Republic of Slovenia, etc.);
auditors;
other persons, if they have a basis for the acquisition or processing of personal data based on law or on a legally binding court decision, or if you have given them your express consent.
All external users in their relationship with MESI are obliged to comply with the applicable provisions regarding the protection of personal data. More information regarding our external service providers may be obtained by email at dpo@mesimedical.com.
5. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANISATION
Personal data is not transferred to international organisations, and is transferred to third parties only where you consent to install the Tools for analytics and marketing or those of social networks, or by transferring the data in relation to your request submitted on mesimedical.com to an authorised agent for the sale of the MESI mTABLET medical device within the meaning of the MDR in the third country in which you wish for the request or order to be executed or delivered. In this case, personal data is transferred to a third country only in the manner and under the conditions stipulated in this Policy. You can obtain more information regarding the safeguards in place, including a copy of the safeguards, by sending an email to dpo@mesimedical.com.
5.1. Consent to install the Tools for analytics and marketing or those of social networks
In this case, data may be transferred to the US, where the companies offering such services are based, on the basis of and in accordance with the Commission Implementing Decision (EU) C(2023) 4745 on the adequate level of protection of personal data under the EU-US Data Privacy Framework of 10 July 2023, as in such cases adequate privacy protection related to such data processing is ensured. If you consent to this, in these cases the data is transferred on the basis of and in accordance with the adequacy decision of the European Commission (Article 45 of the GDPR).
5.2. Consent to transfer data to an authorised agent under the MDR
To process your requests in third countries in accordance with the MDR, it is necessary for your personal data to be transferred to a contractual partner, i.e. an authorised agent, for sales of the MESI mTABLET medical device in the third country in which you wish for your request or order to be executed or delivered. If you consent to this, in these cases the data is transferred on the basis of and in accordance with the adequacy decision of the European Commission (Article 45 of the GDPR) or on the basis of Standard Contractual Clauses as approved by the Commission Implementing Decision (EU) 2021/914 on 4 June 2021 (Article 46 of the GDPR).
6. THE EXISTENCE OF AUTOMATED DECISION-MAKING OR PROFILING
No automated decision-making is carried out.
In case you expressly consented to receiving e-newsletters, a personalised type of these e-newsletters for the purposes of such marketing is carried out based on your interests (e.g., type of healthcare services of the MESI product user). Your consent to personalised advertising and marketing campaigns is not a condition for using MESI products or services. At any time, you have the right to object to the processing of your personal data for the purposes of such marketing or you can unsubscribe from receiving such personalised e-newsletters, without affecting the legality of data processing that has been carried out up until its cancellation.
The data that we will process based on your consent (Subsection (a) of Article 6(1) of the GDPR) for the purposes of sending personalised e-newsletters will be stored until you withdraw your consent. In case of a dispute, the data will be stored until the final resolution of the dispute.
7. RETENTION PERIOD OF PERSONAL DATA
The retention period depends on the legal basis for which we process personal data and the purpose of the processing. Your personal data is kept only for as long as it is necessary for the purposes for which it is processed.
In cases where you have given us your personal consent to process your personal data, we store the personal data until your consent is revoked.
If data processing is required for fulfilling your order, we store the data until the expiration of the warranty or the validity period.
In exceptional cases, we process your personal data for longer periods if this is required by the applicable regulations in the Republic of Slovenia and/or the European Union (e.g., accounting and tax regulations).
Specific retention periods are stipulated in Subsection 2 of this policy for various types of processing purposes.
8. THE RIGHTS OF THE INDIVIDUAL TO WHOM THE DATA REFERS
All Individuals whose personal data is collected and processed by MESI have the following rights:
the right to access their personal data,
the right to correct inaccurate personal data and complete incomplete personal data,
the right to the deletion of their personal data,
the right to restrict the processing of their personal data,
the right to data portability,
the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia.
The Individual whose personal data is collected and processed by MESI has the right to request from MESI access to their personal data and correction or deletion of their personal data or a restriction of processing in relation to it, as well as the right to object to its processing, and the right to data portability. The Individual’s request is processed in accordance with the provisions of the GDPR.
For any questions or complaints, you may contact us directly at any time. To ensure a prompt response, you may contact us at the following email address: dpo@mesimedical.com.
8.1. Consent and the Individual’s right to withdraw consent
When the processing is based exclusively on your consent (Subsection (a) of Article 6(1) of the GDPR), the existence of the right to withdraw consent at any time does not affect the legality of the data processing carried out on the basis of consent up until its cancellation.
8.2. The right to file a complaint with a supervisory authority
In case of a violation of the legislation in the field of personal data protection, the Individual can submit a report to the supervisory authority, which in the Republic of Slovenia is the Information Commissioner.
9. WEBSITE TERMS OF USE
When using the mesimedical.com website, copyrights, name and trademark rights, and other related rights of third parties must be respected. All contents of the website are also protected, including images, videos, music, fonts and trademarks. Users of the mesimedical.com website agree to refrain from any misuse of contents, in particular not to include the contents in any private or commercial websites or use the contents for any commercial purposes. The same applies to downloading and using website contents for the aforementioned purposes. You may read more about this at the following link.
