top of page

Personal Data Protection

On this page, you can regularly follow all changes related to personal data protection.

At LAB4, Andrii Liubas s.p., and especially on our website laserdoctor.center, we have always respected your privacy and protected your data.

Your personal data, their collection, and use are an integral part of the Terms and Conditions of our business and can only be fully interpreted in connection with them, so we recommend reading them in full.

We operate in accordance with the Personal Data Protection Act (ZVOP-2) and the General Data Protection Regulation (GDPR).

Controller Information

The personal data controller (hereinafter referred to as the “controller”) is:
LAB4, Representation, Sales and Services, Andrii Liubas s.p.
Address: Hradeckega cesta 76a, 1000 Ljubljana, Slovenia
Email: laserdoctorcenter@gmail.com
Phone: +386 69 828 922

No data protection officer has been appointed.
For all questions regarding the processing of personal data, you can contact the above contact details.

Purpose and Legal Basis for Processing Personal Data

We collect and process personal data for the following purposes:

  • Processing inquiries submitted via the website,

  • Communication with users regarding offered services and appointments,

  • Maintaining records of provided services,

  • Fulfilling contractual obligations and preparing offers,

  • Compliance with legal obligations (accounting, tax, and other legislation),

  • Marketing activities based on user consent (e.g., informing about news, offers, events, etc.).

The legal basis for processing personal data depends on the purpose:

  • Article 6(1)(b) GDPR – performance of a contract or pre-contractual measures,

  • Article 6(1)(c) GDPR – compliance with legal obligations,

  • Article 6(1)(a) GDPR – consent of the individual for specific purposes,

  • Article 6(1)(f) GDPR – legitimate interest of the controller (e.g., ensuring service quality, system security, fraud prevention).

Users or Categories of Users of Personal Data

Access to personal data is limited to authorized personnel of the controller and contracted processors (e.g., hosting provider, accounting service) with whom we have data processing agreements.
Data are not shared with third parties without a legal basis and are not transferred to third countries or international organizations.

Retention Period of Personal Data

Personal data are kept only as long as necessary to fulfill the purpose for which they were collected, or in accordance with applicable law.
After the retention period, data are permanently deleted or anonymized.

Examples:

  • Inquiry data: until the conclusion of communication,

  • Contract and invoice data: 10 years after the end of the business year,

  • Data processed based on consent: until consent is withdrawn.

Rights of Individuals

Individuals have the following rights regarding their personal data:

  • Right to access personal data,

  • Right to correct inaccurate or incomplete data,

  • Right to deletion (“right to be forgotten”),

  • Right to restrict processing,

  • Right to object to processing,

  • Right to data portability, where technically feasible,

  • Right to withdraw consent when processing is based on consent.

Requests can be sent to: laserdoctorcenter@gmail.com.
The controller will respond without undue delay, no later than one month from receipt.

Forms of Interaction

Our services can be used as:

  • Anonymous user: With your consent, data may be collected via cookies to improve functionality, user experience, security, site usage counting, and smooth operation of the website.

  • Newsletter subscriber: Only your email address is collected. You can unsubscribe anytime using the link in each newsletter.

  • Registered user

  • Registered buyer

Right to Complaint

If an individual believes their data are processed in violation of GDPR, they may file a complaint with:
Information Commissioner of the Republic of Slovenia
Dunajska cesta 22, 1000 Ljubljana
Email: gp.ip@ip-rs.si
Website: www.ip-rs.si

Providing Personal Data and Consequences of Non-Disclosure

Providing personal data is voluntary. If certain data are not provided, the controller may be unable to provide the requested service (e.g., preparing an offer or booking an appointment).

Automated Decision-Making

The controller does not perform automated decision-making or profiling based on personal data.

Personal Data Protection

The controller ensures appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, or disclosure.
All data processors are bound to maintain the same level of protection and confidentiality.

Personal Data We Collect

For registered users and buyers, we collect:

  • Identity data: name, surname, email, and encrypted password (accessible only by the user). Registration via social networks may include network usernames.

  • Contact data: delivery addresses, billing address, phone number.

  • Financial data: credit card data are not stored; processed only by payment provider.

  • Purchase and payment data: orders, payments, returns, cancellations.

  • Marketing data: subscriptions, wish lists, newsletter preferences.

  • Technical data: IP address, device, browser, OS, location, etc.

How We Collect Data

Data are collected when:

  • Registering as a user,

  • Placing or canceling orders,

  • Subscribing to newsletters or participating in competitions,

  • Browsing content or posting comments, ratings, questions,

  • Sending inquiries, complaints, or requests,

  • Communicating via social media,

  • Other sources (e.g., credit checks, payment verification).

Technical data are collected automatically. Data from social media or advertising platforms are received only with user consent.

Purpose of Data Processing

Data are used for:

  • Order execution and monitoring, fulfilling contractual obligations,

  • Accounting and business record-keeping,

  • Customer support and complaints handling,

  • Business analysis and planning,

  • Marketing activities (based on consent),

  • Improving user experience and offerings.

Newsletter subscription data are used exclusively for content delivery.

Who Has Access to Your Data

Access is limited to authorized personnel and partners needing data for service delivery, e.g.:

  • Delivery services,

  • Suppliers or authorized service providers,

  • Payment service providers (PayPal, Maestro, Diners, etc.),

  • Accounting services and other contracted processors,

  • Government authorities, if required by law.

Data are not shared with unauthorized third parties.

Data Retention Periods

Personal data are retained as long as necessary to achieve processing purposes or complete contracted activities, and thereafter within statutory retention periods.
Data collected based on consent are retained until withdrawal. Statutory retention periods are observed where required.

Ensuring Security

We use multiple security systems to protect against loss, disclosure, unauthorized modification, or misuse. Only authorized personnel with usernames and passwords have access.
Users are encouraged to protect their username and password.

Your Rights

We support our users in exercising their rights:

  • Full disclosure of how we use your personal data,

  • Access to data via “My Profile” menu,

  • Right to correct data using the “My Profile” functionality,

  • Right to deletion under certain circumstances (e.g., newsletter-only subscriptions),

  • Right to temporarily or permanently block processing, fully or partially,

  • Right to receive your data in electronic format,

  • Handling objections to data processing.

Other rights can be exercised by sending a request via registered mail to:
LAB4, Andrii Liubas s.p., Hradeckega cesta 76a, 1000 Ljubljana, with the note GDPR – “TOPIC”
(TOPIC: access, correction, restriction, deletion, objection, data portability, etc.)

If you believe your data are processed contrary to applicable law, you may file a complaint with the Information Commissioner of the Republic of Slovenia.

Changes to the Notice

The controller reserves the right to amend this notice to comply with legal requirements or business changes. The updated version will always be published on this website.

This notice is prepared in accordance with Article 13 of the EU General Data Protection Regulation (2016/679) and the Personal Data Protection Act (ZVOP-2).

Last updated: Ljubljana, 11 November 2025

bottom of page