About the Privacy Policy

​

The purpose of the Privacy Policy of REFF, Rehabilitacija in fizioterapija Feindler, Christian Aldo Feindler s.p. (hereinafter: the “Privacy Policy”) is to inform users of the services of REFF, Rehabilitacija in fizioterapija Feindler, Christian Aldo Feindler s.p., as well as other persons (hereinafter also referred to as: “individuals”), about the purposes and legal bases for the processing of personal data by REFF, Rehabilitacija in fizioterapija Feindler, Christian Aldo Feindler s.p., Tomšičeva ulica 4, 6000 Koper (hereinafter: the “Company”), and about the rights of individuals in this area.

​

The Company pays special attention to the security of your personal data. All personal data provided are treated confidentially and are used solely for the purpose for which they were provided. We manage your personal data with the utmost care, in compliance with applicable legislation and the highest standards of data processing. To ensure the security of your personal data, we implement appropriate organizational measures, work procedures, advanced technological solutions, and involve external experts in order to provide the most effective protection of your personal data possible. We apply an appropriate level of protection and reasonable physical, electronic, and administrative measures to safeguard collected data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data, or unauthorized access to personal data that have been transmitted, stored, or otherwise processed.

​

At the same time, this Privacy Policy further explains the consent you have given for the processing of your personal data.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the “General Data Protection Regulation” or “GDPR”), this Privacy Policy includes the following information:

• contact details of the Company,

• purposes, legal bases, and types of processing of different categories of personal data,

• retention periods for individual categories of personal data,

• rights of individuals in relation to the processing of personal data,

• the right to lodge a complaint regarding the processing of personal data,

• validity of the Privacy Policy.

​​

Personal data collected by the Company

If you are only a visitor to the website, we collect data about you solely through the use of cookies. If you are a user of the Company’s services or a subscriber to services provided by the Company, we also collect other personal data required to perform the services you have ordered or use. These personal data include:

• first and last name,

• contact email address,

• contact telephone number,

• IP address,

• data required for issuing an offer based on your inquiry (e.g. your address),

• health documentation records (with the patient’s prior consent).

​​

Personal data controller

The controller of personal data processed in accordance with this Privacy Policy is REFF, Rehabilitacija in fizioterapija Feindler, Christian Aldo Feindler s.p., Tomšičeva ulica 4, 6000 Koper.

​

Categories of individuals whose personal data are processed

This Privacy Policy applies to all individuals who have ordered and/or use our services, who have submitted an inquiry, as well as to those who visit our website.

​

Purposes of processing and legal bases for processing data

​

Processing based on a contract

In the context of exercising contractual rights and fulfilling contractual obligations, the Company processes your personal data for the following purposes: identification of the individual, preparation of an offer, conclusion of a contract, provision of ordered services, notification of possible changes, additional details and instructions for the use of services, resolution of potential technical issues, objections or complaints, billing of services, and other purposes necessary for the performance or conclusion of a contractual relationship between the Company and the individual.

​

For billing purposes, based on tax regulations, we also collect and process your address in order to issue invoices correctly.

​

Processing based on law and legitimate interest​

On the basis of legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, to ensure stable and secure operation of our systems and services, to implement information security measures, to meet service quality requirements, and to detect technical faults in systems and services.

​

On the basis of legitimate interest, we also use your personal data for the purposes of potential enforcement, judicial and extrajudicial debt collection.

​

In accordance with the GDPR, in the event of suspected abuse, the Company may process personal data of individuals to an appropriate and proportionate extent for the purpose of identifying and preventing potential fraud or abuse, and, where appropriate, may also disclose such data to other service providers, business partners, the police, public prosecutor’s office, or other competent authorities. For the purpose of preventing future abuse or fraud, data relating to the history of identified abuses or fraud associated with an individual (including subscription data and, for example, IP addresses) may be retained for up to five years after the termination of the business relationship.

​

Processing based on consent

Data processing may also be based on your consent, which you have provided to the Company.

Such consent may, for example, relate to notifications about offers, benefits, and improvements to the services provided by the Company.

 

The purpose of such notifications is to tailor services as closely as possible to your needs and preferences and thereby increase their value to you. Notifications are sent via the channels you selected when giving your consent. You may withdraw your consent at any time in the manner defined by this Privacy Policy.

​

You may withdraw or modify your consent at any time in the same way as it was given or in another manner defined by this Privacy Policy, while the Company reserves the right to identify the client. Changes to consent may also be arranged via email at info@reff.si or by a written request sent to the Company’s registered address.

​

The withdrawal or modification of consent applies only to data processed on the basis of your consent. The most recent consent received by the Company is valid. The possibility of withdrawing consent does not constitute a right to withdraw from the contractual relationship with the Company.

​

Data for which consent has been given are processed, in the absence of withdrawal, for up to two years after the termination of the business relationship.

​

Restrictions on disclosure of personal data

Where necessary for the performance of certain tasks contributing to our services, we may authorize other companies and individuals. In such cases, the Company may disclose personal data to carefully selected external processors who will enter into a personal data processing agreement or an equivalent binding document with the Company (hereinafter: the “Processing Agreement”). External processors will be provided access to personal data only to the extent required for a specific purpose and may not use such data for any other purposes. They must comply with at least all personal data protection standards required by applicable legislation and are contractually bound to maintain the confidentiality of your personal data.

​

Based on a substantiated request, the Company may also disclose personal data to competent public authorities that have a legal basis for such requests. REFF, Rehabilitacija in fizioterapija Feindler, Christian Aldo Feindler s.p. will, for example, respond to requests from courts, law enforcement authorities, and other public authorities, including authorities of other EU Member States.

​

Retention period of personal data

Retention periods are determined according to the category of individual data. We retain data only for as long as necessary to achieve the purpose for which they were collected or further processed, or until the expiry of statutory limitation periods or legally prescribed retention periods.

​

Billing data and related contact data may be retained for the purpose of fulfilling contractual obligations until full payment of the service, or at the latest until the expiry of limitation periods related to individual claims, which may range from one to five years under the law. Invoices are retained for an additional 10 years after the end of the year to which they relate, in accordance with VAT legislation.

​

Other data obtained on the basis of your consent are retained for the duration of the business relationship and for two years thereafter, unless a longer retention period is prescribed by law. If an individual who has given consent for data processing does not enter into a business relationship with the Company, the consent is valid for two years from the date it was given or until its withdrawal.

​

After the retention period expires, data are deleted, destroyed, blocked, or anonymized, unless otherwise required by law for a specific category of data.

​

Rights of individuals regarding the processing of personal data

We ensure the exercise of your rights related to the processing of your personal data without undue delay. We will decide on your request within one month of receiving it. In cases of complexity or a high number of requests, the deadline may be extended by up to two additional months. Any such extension will be communicated to you within one month of receipt of the request, together with the reasons for the delay.

​

Requests regarding the exercise of your rights may be submitted by email to info@fiziocare.si or by post to REFF, Rehabilitacija in fizioterapija Feindler, Christian Aldo Feindler s.p., Tomšičeva ulica 4, 6000 Koper.

​

Where requests are submitted electronically, information will be provided electronically where possible, unless otherwise requested.

If there is reasonable doubt regarding the identity of the individual submitting a request, we may request additional information necessary to confirm the identity of the data subject.

​

If requests from a data subject are manifestly unfounded or excessive, in particular because they are repetitive, the Company may:

• charge a reasonable fee taking into account administrative costs, or

• refuse to act on the request.

Your rights include:

(i) the right of access
(ii) the right to rectification
(iii) the right to erasure (“right to be forgotten”)
(iv) the right to restriction of processing
(v) the right to data portability
(vi) the right to object

​

(i) Right of access

You have the right to obtain confirmation as to whether personal data concerning you are being processed and, if so, access to the personal data and information about the purposes of processing, categories of data, recipients, retention periods, rights to rectification, erasure or restriction, the right to lodge a complaint, and information on the source of the data if not collected from you.

​

(ii) Right to rectification

You have the right to have inaccurate personal data corrected without undue delay and to have incomplete personal data completed.

​

(iii) Right to erasure (“right to be forgotten”)

​

You have the right to have your personal data erased without undue delay where one of the grounds specified in the GDPR applies.

(iv) Right to restriction of processing

You have the right to obtain restriction of processing in the cases provided by the GDPR.

(v) Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller.

​

(vi) Right to object

Where your data are processed on the basis of legitimate interest for marketing purposes, you may object at any time.

​

Core health documentation records

The core health documentation database is maintained for the purpose of providing healthcare. The legal basis for processing is the Health Care Data Collections Act (ZZPPZ).

​

Personal data categories include: personal identification number (EMŠO), health insurance number, name and surname, permanent and temporary address, telephone number, email address, reason for referral, as well as medical and rehabilitation data.

Data are stored within the Republic of Slovenia and are not transferred outside the EU. The retention period is 15 years.

​

Right to lodge a complaint

You may submit a complaint regarding the processing of your personal data to info@reff.si or by post to the Company’s address. If we fail to respond within the statutory deadline or reject your request, you may lodge a complaint with the Information Commissioner.

​

Final provisions

For all matters not regulated by this Privacy Policy, applicable legislation shall apply. The Company reserves the right to amend this Privacy Policy and will notify you of changes by publishing them on its official website 30 days prior to their entry into force.

​

For questions regarding this Privacy Policy or your data, please contact us at info@reff.si.

​

Validity of the Privacy Policy

This Privacy Policy is published on the website of REFF, Rehabilitacija in fizioterapija Feindler, Christian Aldo Feindler s.p., Tomšičeva ulica 4, 6000 Koper, and enters into force on 27 Decemeber 2025.