Privacy Policy
PRIVACY POLICY
In accordance with Regulation no. 679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation) which entered into force on 25.05.2018, we hereby inform you about the data processing carried out by the company Clinica Rotar S.R.L regarding you.
This document called the privacy policy ("Privacy Policy") is intended to help you understand the information we collect when you visit the website www.clinicarotar.ro (referred to as the "Site") and describes how we use this information.
If applicable, this privacy policy also describes how we process information that you provide to us or that we collect about you in the context of any other contacts you may have with us. This policy is in addition to any other information provided in other circumstances.
This Site is a general audience site. However, we do not request, collect, use or disclose personal data provided by anyone under the age of 16. If we learn that we have collected personal data from a person under the age of 16, we will delete that information.
If you are under 16 years of age, please do not provide personal data or request and obtain the consent and assistance of an adult (one of your parents or your legal guardian) to proceed with the procedures necessary to use the Site.
By visiting our Site, using its services or otherwise interacting with us through newsletters and/or websites, you acknowledge that you have read and understood this Privacy Policy and agree that we may collect, use, transmit and disclose the data personal information we collect through the Sites in accordance with this Privacy Policy.
If you do not agree to the terms of this Privacy Policy, please do not access this Site and do not use or submit personal data to this Site or register when this option is offered to you in accordance with applicable laws.
-
PERSONAL DATA OPERATOR
Clinica Rotar S.R.L. is the controller of the personal data you submit to us and is responsible for your personal data in accordance with applicable data protection legislation (collectively referred to as "Clinica Rotar", "we", "us" or "our" in this Privacy policy).
Our contact details are:
Clinica Rotar S.R.L.
Cluj-Napoca, Cluj ROMÂNIA
bld. December 21, no. 80
J12/5612/2021
CUI 45232396
E-mail: office@clinicarotar.ro
We have appointed a data protection officer to ensure at all times that we process personal data in an open, accurate and lawful manner. You can contact the data protection officer at office@clinicarotar.ro, mentioning the DPO in the subject of the message.
-
PERSONAL DATA COLLECTED
The personal data we collect is any information about an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to its physical, physiological, genetic, psychological, economic, cultural or social identity.
-
DATA SOURCE
We collect personal data from you only when you voluntarily provide us with such information, such as:
-
when you make an appointment through the Site;
-
when you search for information on the Site;
-
when you contact us with a comment or question;
-
when you sign up to receive newsletters;
-
when you participate in a contest, raffle or promotion;
-
when you communicate with us;
If you provide us with personal information of third parties (e.g. family members, other third parties), you must ensure that such third parties are informed and authorized by you regarding the use of their data as described in this Privacy Policy. confidentiality.
-
TYPES OF DATA
We may collect and use different types of personal data depending on the purpose we have, as described below:
-
personal data such as name, surname, gender, age / date of birth, genetic data, health data (such as: medical history, prescribed medication, diagnosis, previous treatments, future treatments, etc.), country of origin and other personal details as permitted by applicable law;
-
contact details such as address, email address, telephone number, mobile number and other contact details as required by applicable law;
-
the information related to feedback, complaints and other information related to the specific services of Clinica Rotar, according to the applicable legislation;
-
habits and profiles, such as your appointment data (appointment history, frequency, etc.), information related to patient / User relationship management activities (how you found out about us, notes on the quality of services provided, habits or needs special declared by you), other information (information related to work, education, hobbies and lifestyle activities), according to applicable laws;
4. LEGAL BASIS AND PURPOSES OF THE PROCESSING OF YOUR DATA.
According to Regulation (EU) 2016/679 and related legislation, the purposes for which we process your personal data strictly relate to the relationship between Clinica Rotar and the data subject. The information you provide us is treated with the utmost confidentiality and exclusively for the purposes for which it was collected.
Processing of personal data means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automatic means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction, etc.
The legal basis for processing your data can be:
-
Your consent;
-
Our legitimate interest, which could be:
-
Communicating with you, to confirm by phone your reservation of products or services, appointments, etc.;
-
Sending promotional offers, newsletters and other information about new offers;
-
Sending you advertisements that may interest you, personalized ads, offers relevant to you;
-
Improving our products and services to help us better understand your needs and expectations and thereby improve our services, website / apps / devices, products and treatments for the benefit of our patients and users;
-
Carrying out internal statistics;
-
Fraud prevention and detection;
-
Securing our tools: keeping the tools you use (sites/apps) secure and making sure they work correctly and keep improving, etc.
-
Legal obligation arising as a result of the specific medical legal relationship between the Clinica Rotar and you;
-
The processing is necessary for purposes related to preventive medicine, the establishment of a medical diagnosis, the provision of medical or social assistance or medical treatment or the management of health or social assistance systems and services, under Union or national law or on the basis of a contract concluded with a medical staff and subject to compliance with the following conditions and guarantees:
-
the data are processed by a professional subject to the obligation to preserve professional secrecy or under his responsibility;
-
the data are processed on the basis of Union law or internal law or on the basis of the rules established by competent national bodies or by another person also subject to a confidentiality obligation on the basis of Union law or internal law or the rules established by competent national bodies .
-
-
Legal reasons where data processing is required by law;
Datele personale pot fi utilizate în următoarele scopuri, în funcție de circumstanțele specifice în care interacționați cu noi, atunci când:
-
utilizați site-ul nostru pentru a vă programa sau pentru a obține informații;
-
trimiteți o solicitare prin intermediul site-ului nostru;
-
vă înscrieți pentru a primi newsletterele noastre/buletine informative;
-
trimiteți o recenzie despre Clinica Rotar;
-
participați la sondajele noastre de feedback;
-
efectuăm marketing direct.
-
PROFILING
The GDPR Regulation imposes on the Personal Data Operator the obligation to inform about the automatic decision-making process, including the profiling referred to in art. 22 para. 1 and 4 of the GDPR Regulation and - at least in these cases - regarding the relevant information regarding the rules for taking them, as well as the significance and expected consequences of such processing for the data subject.
The Operator may use profiling for direct marketing purposes, but the decisions taken on its basis by the Operator do not refer to offering the services / products made available by the Clinica Rotar to potential patients / users.
The effect of the use of profiling may be, for example, giving a specific person a discount, sending a discount code, sending a notification about future appointments, sending product / treatment proposals that may correspond to a named person's interests or preferences, or proposing better conditions compared to the standard offer. Despite the profiling, a given person will make a free decision if he wants to benefit from the discounts received or the better conditions made available and make a purchase or use the services of the Clinica Rotar.
Profiling consists of the automatic analysis or estimation of a person's behavior on the Clinica Rotar website, for example by navigating to a specific page within the site or by analyzing appointment history. The condition of such profiling is that the Operator has the personal data of a certain person, in order to be able to send him, for example, a discount code.
The data subject has the right not to be the subject of a decision based exclusively on automatic processing, including profiling, with legal or similar effects on that person.
-
YOUR RIGHTS AS THE DATA SUBJECT REGARDING THE PROCESSING OF PERSONAL DATA PROVIDED
According to the applicable legal provisions and subject to certain legal conditions, you have the following rights in relation to the processing of your personal data:
-
The right of access, which includes the right to know if we are processing data about you and the right to find out what data it is, to whom it is transferred, how long it will be kept, where we obtained it and if it is used for profiling/automated decision-making.
-
The right to rectification. If the data we hold is incorrect, we must correct it (unless we are processing it for someone else. In this case, we will inform you to whom you should send your request.).
-
The right to erasure ("the right to be forgotten") upon request, we will delete your personal data as soon as possible if (i) it is no longer necessary for the purpose for which it was obtained or (ii) if you withdraw your consent to the processing of such data/if you object to the processing. Also, if we discover that we have a legal obligation to delete or if the processing would be unlawful, we will delete them. If the data is also processed by third parties, we will take reasonable steps to inform them of the deletion request.
However, your data will be kept if it is necessary for the following situations:
* for complying with a legal obligation that provides for processing based on Union law or internal law that applies to the operator or for the performance of a task performed in the public interest or in the exercise of an official authority with which the operator is vested;
* for reasons of public interest in the field of public health, in accordance with Article 9 paragraph (2) letters (h) and (i) and Article 9 paragraph (3) of the GDPR Regulation;
* for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with Article 89 paragraph (1), to the extent that the right referred to in paragraph (1) is likely to make impossible or affect in seriously achieving the objectives of the respective processing; or
* for ascertaining, exercising or defending a right in court;
-
The right to restriction of processing, if they are unlawful, allegedly incorrect, contested, or no longer necessary, for example:
-
The right to information. We inform you as clearly as possible about your rights in the field of personal data, and about what data we process about you or (if applicable) share with third parties.
-
The right to data portability. If we process your personal data automatically, based on consent or contract, you can ask us to give it to you in a format and we will respond to your request within a reasonable time.
-
The right to object. You can tell us if you want us to stop processing your personal data. We will comply with your request if we cannot demonstrate sufficient legitimate interests.
-
The right not to be subject to a decision based solely on automatic processing, including profiling, unless you have given explicit consent or if they are necessary for the performance of a contract.
-
Your right to object to direct marketing. You have the right to object to direct marketing, including profile analysis for direct marketing purposes. You may unsubscribe from direct marketing by following the instructions in each marketing email or by letter sent through any of the contact methods mentioned herein.
-
The right to file a complaint with a supervisory authority, in Romania it is ANSPDCP (National Supervisory Authority for Personal Data Processing), web: www.dataprotection.ro, e-mail: anspdcp@dataprotection.ro.
If you wish to proceed with the above, please email us at (*). We may ask you to prove your identity by providing us with a copy of a valid means of identification in order to comply with our security obligations and to prevent unauthorized disclosure of data.
We will consider any requests or complaints we receive and provide you with a response in a timely manner. Also, according to the GDPR Regulation, the response deadline mentioned above can be extended by a maximum of two months in the situation where it is necessary, taking into account the complexity and number of requests, we will inform you about this aspect, if that is the case. If you are not satisfied with our answer, you can submit the complaint to the National Supervisory Authority for the Processing of Personal Data - based in Bd. Gheorghe Magheru no. 28-30, Bucharest, Romania.
-
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The Rotary Clinic may share your personal data with other entities. Recipients who process personal data within the European Union are obliged to comply with the same legal provisions, offering the same level of protection as the Operator.
In order to facilitate the carrying out of activities related to the processing purposes detailed above, we communicate this data to third parties, including Clinica Rotar's partners, such as:
-
external collaborating doctors;
-
external dental technicians;
-
collaborating medical analysis laboratories;
-
IT service providers with whom the Clinica Rotar has concluded collaboration contracts;
-
providers of opinion polling systems;
-
providers of accounting, legal and consulting services;
-
the Local Health Insurance House or the National Health Insurance House as well as any other bodies authorized by law in the same sense;
-
regulatory authorities, professional bodies and/or public authorities for compliance with applicable regulations.
We may transfer your personal data to countries located within the EU, EEA or to countries that have been recognized by the European Commission as providing an adequate level of protection of your personal data – for example (*), if proven necessary for the permitted purposes as described above. Clinica Rotar will notify you immediately if a transfer of personal data will proceed to a country in the European Union or outside the European Economic Area.
These third parties must use the personal information we share with them only to perform services on our behalf and to treat your personal information in accordance with all laws regarding privacy and data protection.
Clinica Rotar may share your personal information with third parties when we believe that disclosure is necessary: (i) to provide specialized medical services, (ii) to perform necessary interventions according to the agreed diagnosis and treatment plan, (iii) to comply with a law, regulation, court order, or other legal basis; (iv) to detect, prevent, and respond to fraud, intellectual property infringement, breach of contracts or agreements, violation of law, or other misuse of Clinica Rotar's property; (v) to protect the rights of Clinica Rotar or property or your health, safety, welfare, rights, or property of others; or (vi) in any other similar circumstances. Clinica Rotar may share your personal information with third parties in connection with the sale, purchase, merger, reorganization, liquidation, or dissolution of Clinica Rotar or under similar circumstances.
Clinica Rotar may communicate anonymous or aggregated internal information with third parties for any purpose. Such information will not individually identify you.
V. STORAGE PERIOD OF PERSONAL DATA
Your personal data will be stored for the necessary and legally permitted period to achieve the mentioned purposes. In any case, we will store your data for the duration of the storage and prescription periods established by law for different categories of processed data.
Your personal data will be deleted or removed when they are no longer reasonably necessary for the permitted purposes or when you withdraw your consent (where consent has been given and for situations where your consent is required) and there is no legal obligation to continue the operation of storing personal data.
Unless you expressly request us to store your personal data for a longer period, personal data will be deleted within a reasonable time, taking into account the following criteria: (i) the time required to implement the agreed treatment following diagnosis, (ii) any applicable legal requirements for keeping personal data for a specific period of time; (iii) any retention obligations related to current or potential litigation or regulatory requests, (iv) any retention requirements specified in the relevant agreements to which Clinica Rotar is a party, (v) the sensitivity of the information, and (vi) the purposes for which the information was collected.
VI. SECURITY
Given the current state of technology, implementation costs, the nature, scope, context, and purposes of processing Personal Data, as well as the risks with different degrees of probability and severity for the rights and freedoms of natural persons, in connection with the Personal Data processed, Clinica Rotar will implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, where appropriate, measures referred to in Article 32(1) of the GDPR Regulation.
For example, we use firewall protection, password control, and other technological and procedural safeguards for maintaining this Site. Although we have implemented the above security measures for this Site, you should know that 100% security is not possible. Therefore, the provision of your personal data is done at your own risk and, to the fullest extent permitted by applicable law, we will not be liable for any disclosure of your personal information due to errors, omissions, or unauthorized acts of third parties during or after their transmission to us.
We recommend that you periodically update software to protect data transmission over networks (e.g., antivirus software) and ensure that the electronic communications service provider has adopted adequate means for the security of data transmission over networks (e.g., firewalls and spam filters).
In assessing the appropriate level of security, Clinica Rotar will particularly take into account the risks posed by processing, especially the Security Data Breach. Clinica Rotar will ensure that Personal Data processed based on the performance of the Contract is effectively isolated from other Personal Data collected and processed by Clinica Rotar.
Clinica Rotar will promptly inform the data subject, and in no case later than 24 hours from becoming aware of any Personal Data Security Breach, and will provide them with all available information regarding that security breach, including remediation and correction measures taken or planned to be taken by them.
In the event of any investigation or seizure of Personal Data by a state authority, a personal data processing supervisory authority, or any other competent authority, Clinica Rotar will promptly inform the data subject (24 - 36 hours) regarding this request, unless such notification is prohibited by applicable law or by a decision, order, or legal instruction of the relevant authority because the notification would prejudice an ongoing investigation. In the latter case, Clinica Rotar will inform the data subject as soon as the reasons for not providing the notification cease to apply.
VIII. CONTACT DETAILS OF THE DATA CONTROLLER
If you have any questions or requests regarding the processing of your personal data, we are available to assist you in person or via email.
Email address: office@clinicarotar.ro
Phone number: 0748 2222 44
-
POLICY PRIVACY UPDATE
Revizuim regulat și, dacă este cazul, actualizăm periodic această politică de confidențialitate și când serviciile noastre și utilizarea datelor personale evoluează. Dacă vrem să folosim datele dvs. personale într-un mod pe care nu l-am identificat anterior, vă vom contacta pentru a vă oferi informații despre acest lucru și, dacă este necesar, pentru a vă solicita acordul.
Vom actualiza numărul versiunii și data acestui document de fiecare dată când acesta este modificat.