Privacy policy

At MDT&T d.o.o., a company for medical diagnostics, therapy and technology, we recognise the importance of properly protecting personal data and processing it lawfully. We guarantee the individuals to whom personal data relate (hereinafter also referred to as users of healthcare services) the fundamental right to privacy and to the confidentiality of their health data.

1. This page contains information about how MDT&T d.o.o. processes the personal data of users of healthcare services in the course of providing medical diagnostic services.

2. MDT&T d.o.o. does not transfer, and does not intend to transfer, the personal data of users of healthcare services to a third country or international organisation. With regard to the personal data of users of healthcare services that it manages, MDT&T d.o.o. does not use automated decision-making or profiling.

3. MDT&T d.o.o. processes the personal data of users of healthcare services, obtaining the personal data directly from the individual to whom they relate (for example, personal data that the individual provides to MDT&T d.o.o. by completing a questionnaire whose purpose is the safe performance of a diagnostic examination). Certain personal data are obtained by MDT&T d.o.o. on a statutory basis from the Central Population Register, from the national integrated health information system eZdravje (eHealth) and from the Central Register of Patient Data, as well as from other databases established and maintained for the provision of individual eHealth services.

Data controller

4. The data controller is MDT&T, a company for medical diagnostics, therapy and technology, d.o.o., Lavričeva ulica 1, 2000 Maribor, registration number: 5617758000, tax number: 56709200, which provides medical diagnostic services through two organisational units:

Radiology Clinic:
02 23 53 552
02 23 53 553
mr@mdt.si

Thyroid Clinic:
02 23 53 555
scitnica@mdt.si

Data protection officer

5. MDT&T d.o.o. has appointed the law firm Odvetniška družba Potočar, o.p., d.o.o., Dalmatinova ulica 2, 1000 Ljubljana, as its data protection officer. The data protection officer can be contacted by email: katja@potocar-op.si

Processing of personal data

6. In its medical diagnostics activities, MDT&T d.o.o. processes personal data of users of healthcare services that relate to their health. These personal data fall under special categories of personal data, which MDT&T d.o.o. processes solely for the purpose of providing diagnostic healthcare services. MDT&T d.o.o. processes the personal data needed to carry out its medical diagnostics and treatment activities (healthcare services) on the following legal bases:

on the basis of the law governing healthcare databases
for the performance of a contract, in the broader sense, to which the individual to whom the personal data relate is a party

7. MDT&T d.o.o. does not use the personal data of a user of healthcare services for purposes other than those set out in the previous point without the user's consent, except in the following cases:

where, for the purposes of epidemiological and other research, education, medical publications or other purposes, the patient's identity cannot be established
where, for the purposes of monitoring the quality and safety of healthcare, the identity of the user of healthcare services cannot be established
where notification of a health condition is required by law
where, for the purposes of the healthcare of the user of healthcare services, the data are passed on to another healthcare provider
where this is required by the legislation of the Republic of Slovenia

In addition to the exceptions listed in the previous paragraph of this point, MDT&T d.o.o. may, without the consent of the user of healthcare services, also disclose the user's personal data in accordance with the regulations governing health insurance and the insurance industry (for example, providing data for the purposes of billing healthcare services to the health insurance institute and to the insurance company with which the individual holds supplementary voluntary health insurance).

8. The recipients of personal data are:

employees of MDT&T d.o.o.
contracted data processors

The recipients of personal data are professionals bound by the obligation of professional secrecy and other persons bound by an obligation of secrecy under the law of the Republic of Slovenia. MDT&T d.o.o. ensures that appropriate procedures are in place to maintain the security of the personal data of the individuals to whom the personal data relate (users of the services of MDT&T d.o.o.).

9. MDT&T d.o.o. retains personal data until the purpose for which they were collected has been fulfilled, or for as long as required by applicable legislation.

10. To enable a specific medical (diagnostic) examination to be carried out, the user of healthcare services is required to provide certain personal data by completing the relevant questionnaire. If the user of healthcare services does not provide these data, or provides incorrect or incomplete data, the medical (diagnostic) examination cannot be performed.

Your rights

11. Every individual whose personal data are managed by MDT&T d.o.o. has the right to request access to their personal data (access to their medical records), rectification of their personal data, erasure of their personal data, restriction of the processing of their personal data, the right to object to processing and the right to data portability, all in accordance with the provisions of applicable legislation.

12. Where MDT&T d.o.o. processes an individual's personal data on the basis of their consent, that individual has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

13. The individual to whom the personal data relate may exercise their rights by sending a written request to the email addresses of MDT&T d.o.o. or to the email address of the data protection officer.

14. Every individual to whom personal data relate has the right to lodge a complaint with the supervisory authority.

Video surveillance

15. Video surveillance is carried out at MDT&T d.o.o. The video surveillance cameras are installed around the entrances to the organisation, at the following locations:

in front of the main entrance to the organisation's building (one camera),
in front of the entrance at the rear of the organisation's building (three cameras).

We monitor entries to and exits from the premises (on the basis of Article 77 of the ZVOP-2, the Slovenian Personal Data Protection Act). We also carry out video surveillance for the purpose of protecting individuals (patients, employees and visitors) and the organisation's property (on the basis of legitimate interest, as defined in point (f) of Article 6(1) of the General Data Protection Regulation, in conjunction with Article 76 et seq. of the ZVOP-2). Video surveillance assists us in detecting, handling and resolving incidents and extraordinary events, criminal offences, and damage or other claims. Recordings are kept for 30 days. We do not carry out video surveillance in a way that would have a special impact of processing. Nor does the video surveillance allow unusual further processing, such as transfers to entities in third countries, live monitoring, or the possibility of audio intervention during live monitoring. The video surveillance system allows live monitoring by an authorised person, but this will not be carried out. You can obtain all information about the video surveillance by calling the organisation's telephone number or writing to its email address. Your rights as an individual are described in this Privacy Policy. You may also direct any further questions to the data protection officer.

Privacy Policy (PDF)

Cookie	Type	Duration	Description
cookielawinfo-checkbox-non-necessary	persistent	1 year	This cookie is essential and is used to store the user's cookie preferences.
cookielawinfo-checkbox-necessary	persistent	1 year	This cookie is essential and is used to store the user's cookie preferences.
viewed_cookie_policy	persistent	1 hour	Stores the user's cookie preferences.
_icl_current_language	persistent	1 day	Language selection

Cookie	Type	Duration	Description
_gid	third party	1 day	Registers a unique ID used to generate statistical data on how the visitor uses the website.
_gat_gtag_UA_XXXXXXX_X	third party	1 minute	Used for web analytics.
_ga	third party	2 years	Generates a unique ID used to record statistical data about who visits this website.