We consider ensuring the right to the protection of personal data as a fundamental commitment, therefore we will devote all the necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR “), as well as with any other legislation applicable on the territory of Romania. As one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services including through our website.
We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements. In case of any such change, we will display on our website the modified version of the Privacy Policy, which is why we ask you to periodically check the content of this Privacy Policy.
Who we are?
We are S.C. DENTALHEALTHLINE S.R.L. and we have the quality of personal data operator.
Our contact details are:
Str. Dondonesti, no. 52, Valea Mare, Valcea county, Romania
C.U.I. 44054797
No. reg. com J38/444/2021
Website: drmunteanu.ro
For problems related to the processing of personal data, you can write to us at the email address protectiadatelor@drmunteanu.ro
What is personal data?
“Personal data” means any information regarding an identified or identifiable natural person (“data subject”) in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier , or to one or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
What does processing of personal data mean?
“Processing” means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
What categories of personal data we process
We process the data of our employees (current, former and potential), partners and clients. In general, we collect your personal data directly from you (both in the online platforms and in the medical clinic), so you have control over the type of information you give us.
By way of example, we receive information from you as follows:
– when you call our medical services and fill in the medical record, you send us: your e-mail address, name and surname, personal code, telephone number, etc.;
– through the online platforms or reception, to schedule a medical consultation, send us: your name, email address and phone number;
– through online platforms, you send us website browsing data (IP address, type of browser used, pages visited);
– through the accounts created in the online discussion forum section, you send us your name, email address and comments;
– within the medical services offered, you send us sensitive medical data.
What are the consequences of refusing to communicate personal data?
Processing of personal data requested by S.C. DENTAL DESIGN DR. FONDREA S.R.L. through forms/other communication channels is mandatory, unless the processing is based only on the Client’s consent. In this case, the Client will be informed that providing the data, respectively the agreement, is optional. In the other cases, the refusal will determine the impossibility of providing services or products by S.C. DENTALHEALTHLINE S.R.L.
What are the purposes and grounds of the processing
We will use your personal data for the following purposes:
To provide medical services for your benefit.
This general purpose may include, as appropriate, the following:
a) patient contact data;
b) medical data (dental radiographs, measurements, biological samples, etc.);
c) certificates and other medical documents;
The processing of your data for these purposes is in most cases necessary for the provision of medical services and/or the conclusion and execution of a contract (including factory) for the provision of medical services between the S.C. medical clinic. DENTALHEALTHLINE S.R.L.
For services offered by our websites
a) account creation and administration within the online discussion forum;
b) comments and questions on the articles presented on the websites;
c) appointment for medical consultations;
The processing of your data for these purposes is in most cases based on your consent, which can be withdrawn at any time. However, when a consent is withdrawn, you will no longer be able to use those services.
To improve our services
We always want to give you the best online experience. To do this, we may collect and use certain information about your Visitor behavior. We base these activities on our legitimate interest in carrying out commercial activities, always taking care that your fundamental rights and freedoms are not affected.
You can change your mind and withdraw your consent at any time by:
– contacting the medical clinic using the contact details described above.
To defend our legitimate interests
There may be situations where we will use or share information to protect our rights and business. These may include:
– website protection measures against cyber attacks:
– measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
– video surveillance measures of the S.C. location. DENTALHEALTHLINE S.R.L. in order to maintain a high level of both personal security (for employees and visitors of the clinic), but also for the protection of assets located in the company’s perimeter;
– measures to manage various other risks.
Within the websites, we use cookies to ensure the proper functioning of the online platform, as well as to monitor interactions with the user (analysis using Google and Facebook tools). More details about cookies can be found in the Cookie Policy document. Optional cookies are used based on the user’s consent.
The general basis for these types of processing is our legitimate interest in defending our commercial activity, it being understood that we ensure that all measures we take ensure a balance between our interests and your fundamental rights and freedoms.
Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the protection of goods and valuables provided by the applicable legislation in this matter.
How long we keep your personal data
The information collected by cookies is stored for a maximum duration of 24 months in order to carry out analyzes and reports related to the performance of the websites. They will be deleted after this period.
Medical data or those related to the provision of contracted services are kept according to the legally imposed retention period.
To whom we transmit your personal data
As appropriate, we may transmit or provide access to certain of your personal data to the following categories of recipients:
– companies within the same group of companies;
– payment/banking service providers;
– insurance companies;
– IT service providers;
– providers of accounting services and legal assistance;
– management consultancy providers;
– providers of medical services;
– authorized persons or other operators under service contracts with us;
If we are under a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that access to your data by third parties under private law is carried out in accordance with the legal provisions on data protection and information confidentiality, based on contracts concluded with them and based on a thorough analysis of the purposes and legal grounds of the processing data.
To which countries we transfer your personal data
Currently, we store and process your personal data on the territory of Romania.
However, we may transfer certain of your personal data to entities located in the European Union or outside the Union, including countries that have not been recognized by the European Commission as having an adequate level of personal data protection.
We will always take steps to ensure that any international transfer of personal data is handled carefully to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments
You can contact us at any time using the contact details set out above to find out more information about the countries to which we transfer your data and the safeguards we have put in place in relation to these transfers.
How we protect the security of your personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards.
The transmission of your personal data is done using state-of-the-art encryption algorithms and we store them on secure servers, ensuring data redundancy at the same time.
In particular, we have implemented the following technical and organizational measures to ensure the security of personal data:
Dedicated policies.
We adopt and review our practices and policies for processing the data of our customers and others, including physical and electronic security measures, to protect our systems from unauthorized access and other potential threats to their security. We constantly check how we apply our own personal data protection policies and how we comply with data protection legislation.
Data minimization.
We have ensured that your personal data that we process is limited to that which is necessary, appropriate and relevant for the purposes stated in this notice.
Restricting access to data.
We strictly restrict access to the personal data we process to employees, collaborators and other people who need to access it in order to process it for us. All of these companies and individuals are subject to strict confidentiality obligations, and we will not hesitate to hold them accountable and stop working with them if they do not treat the protection of your data and that of others with the utmost seriousness.
Specific technical measures.
Within S.C. DENTALHEALTHLINE S.R.L.. we use technologies to ensure our customers and others that the security of their data is protected.
Control of our service providers. We introduce in the contracts with those who process for us (authorized persons) or together with us (other operators – associated operators) clauses to ensure the protection of the data we process; this protection goes at least to the minimum required by the legislation.
Despite the measures taken to protect your personal data, we draw your attention to the fact that the transmission of information over the Internet in general or through other public networks is not completely secure, there is a risk that the data will be seen and used by third parties unauthorized parties. We cannot be responsible for such vulnerabilities of systems that are not under our control.
What are the rights of data subjects and how can they be exercised?
The data subject has the following rights:
– The right to information – the right to receive detailed information on the processing activities carried out by S.C. DENTALHEALTHLINE S.R.L. according to the provisions of this document;
– The right of access – can request and obtain confirmation of the fact that his personal data is processed or not by S.C. DENTALHEALTHLINE S.R.L., and if so can request access to them, as well as certain information. Upon request, S.C. DENTALHEALTHLINE S.R.L. will also release a copy of the processed personal data, additional copies may be charged according to the actual costs of S.C. DENTALHEALTHLINE S.R.L..;
– The right to rectification – the right to obtain the rectification of inaccurate personal data and the completion of incomplete ones;
– The right to delete data (“the right to be forgotten”) – in situations expressly regulated by law (especially in the case of withdrawal of consent or in the event that it is established that the processing of personal data was not legal), the data subject may get that data deleted. Following such a request, S.C. DENTALHEALTHLINE S.R.L. can anonymize the data, depriving them of their personal character and thus continue processing for statistical purposes;
– The right to restrict processing – in the situations expressly regulated by law (especially if the accuracy of the respective data is contested for the period necessary to determine this inaccuracy or if the processing is illegal, and the deletion of the data is not desired, but only the restriction );
– The right to object – you can object at any time, for reasons related to your particular situation, to processing based on your legitimate interest
of S.C. DENTALHEALTHLINE S.R.L.. (including the creation of profiles) or carried out in the exercise of a public interest or an authorization with which S.C. is invested. DENTALHEALTHLINE S.R.L..;
– The right to data portability – can receive personal data in a structured, machine-readable format, or can request that said data be transmitted to another operator. This right is applicable only: (i) for the personal data provided by the Client S.C DENTALHEALTHLINE S.R.L.., (ii) if the processing of personal data is carried out by automatic means and (iii) if the processing has a legal basis or the execution of a contract, or the consent of the person concerned;
– The right to file a complaint – can file a complaint against the way personal data is processed by S.C. DENTALHEALTHLINE S.R.L. to the National Supervisory Authority for the Processing of Personal Data;
– The right to withdraw consent – in cases where the processing is based on consent, it can be withdrawn at any time. The withdrawal of consent will have effects only for the future, the processing carried out prior to the withdrawal still remaining valid;
– Additional rights related to automatic decisions used in the process of providing S.C. services and products. DENTALHEALTHLINE S.R.L – if S.C. DENTALHEALTHLINE S.R.L. makes automatic decisions in relation to personal data, the data subject may (i) request and obtain human intervention regarding said processing, (ii) may express his point of view regarding said processing and (c) contest the decision.
The customer can exercise these rights either individually or cumulatively, by sending a written, dated and signed request to S S.C. headquarters. DENTALHEALTHLINE S.R.L. Str. Dondonesti, no. 52, Valcea, Valcea county, Romania or by E-mail: protectiadatelor@drmunteanu.ro.
The absence of an automatic decision process
Our respect for your data includes giving it the necessary human attention through our staff. Under current conditions, as a user of our services, you will not be the subject of a decision by us based solely on the automatic processing of your data (including profiling) that produces legal effects on you or that affects you in a similar way to a significant extent.
The meaning of the terms used in this document
The supervisory authority for the processing of personal data: an independent public authority which, according to the law, has powers related to the supervision of compliance with the legislation on the protection of personal data. In Romania, this supervisory authority for the processing of personal data is the National Authority for the Supervision of Personal Data Processing (ANSPDCP).
Special categories of personal data (sensitive personal data/sensitive data): personal data that: reveals racial or ethnic origin, political opinions, religious confession or philosophical beliefs or trade union membership; genetic data; biometric data for the unique identification of a natural person; data regarding the health, sex life or sexual orientation of a natural person.
Collaborators: natural or legal persons who have concluded a collaboration contract with us and who provide services to our customers.
Personal data: any information relating to an identified or identifiable natural person (referred to as a “data subject”). A natural person is identifiable if he can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one/more specific elements, specific to the physical identity , physiological, genetic, psychological, economic, cultural or social of that person. Thus, for example, the notion of personal data includes the following: name and surname; domicile or residence address; email address; phone number; personal number code (CNP); the established diagnosis (these are sensitive data); genetic data (they are sensitive data); bimotric data (they are sensitive data); geolocation data. The categories of personal data about you that we process are listed above.
Operator: natural or legal person who decides why (for what purpose) and how (by what means) personal data are processed. According to the law, the responsibility for compliance with the legislation regarding personal data rests primarily with the operator. In relation to you, we are the operator and you are the data subject.
Authorized person: any natural or legal person who processes data it is personal in the name of the operator, other than the operator’s employees.
Data subject: the natural person to whom certain personal data refers (to whom it “belongs”). In the relationship with us (the operator), you are the data subject.
Processing of personal data: any operation/set of operations performed/performed on personal data or sets of personal data, with or without the use of automated means; for example: collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying said personal data personal/personal data sets. These are just examples. Basically, processing means any operation on personal data, whether by automatic or manual means.
Third country: a country outside the European Union and the European Economic Area.
Changes to the Privacy Policy
We may change this document from time to time. In such cases, we will inform you in advance and will not reduce the rights you have regarding your data by the changes we may make to this notice.
Declaration of conformity
SC DENTALHEALTHLINE S.R.L declares on its own responsibility that it has taken all the measures it considered necessary in order to comply with the instructions of the EU Regulation 2016/679 (GDPR) regarding the collection, use and storage of personal data in the member countries of the European Union.
SC DENTALHEALTHLINE S.R.L. certifies that it adheres to the notification, choice, transfer, security and data integrity, access and enforcement requirements of EU Regulation 2016/679 (GDPR) regarding the collection, use and storage of personal data in the member countries of the European Union.
Date,
12.09.2022
