his

Innovation Norway black

Project funded by the EEA and Norway Grants in Romania

Login

Help

Menu

Privacy Policy

INFORMATION NOTE ON

PERSONAL DATA PROTECTION

I. INTRODUCTION

This information note on the protection of personal data is intended to state the role and purpose of the processing of personal data within the DEA MEDICINE platform and what we intend to do with your personal information when you contact us or use our services, in accordance with EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as GDPR), Law No. 190/2018 on implementing measures for Regulation (EU) 2016/679 and Law No. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector.

We will inform you of:

-What type of personal data we process;
-For what purpose do we process this information;
-Whether there is a need to provide personal data to third parties;
-For how long do we store personal data;
-Whether there are other recipients of your personal information;
-If we intend to transfer the information to another country; and
-If we make automated decisions or perform profiling.

 

II. DATA ABOUT THE OPERATOR

SILOSI MEDICAL TECH S.R.L, a Romanian legal entity, with unique identification code 42495142, registered in the Trade Register under no. J16/663/2020, with headquarters in Craiova, str. Eroilor, no. 95, Dolj county.

 

III. WHERE WE PROCESS PERSONAL DATA FROM

A. Data processed automatically when visiting the DEA MEDICINE platform

Your browser automatically transmits, each time you access the site https://deamedicine.ro, data that is stored in the server’s log files. This includes the following data (hereinafter referred to as “Log File Data”):


-Information about the browser type and version;
-The user’s operating system;
-Internet service provider and IP address of the user; and
-Date and time of access.

The data collected in the log files are evaluated anonymously for the purpose of continuously improving the website https://deamedicine.ro, adapting it and promptly correcting errors, if they occur during the use of the website. For these purposes, we collect this data according to our legitimate interest in data processing, in accordance with Art. 6 para. 1 lit. f) of the GDPR.

In an anonymized format, the data in the log files are used exclusively for the detection of operating errors and ensuring system security, including the detection and tracking of improper access and fraud attempts and abuse attempts. The data is stored for a period of 30 days and is then deleted. Data in the log files whose further storage is necessary for evidentiary purposes are not deleted before the final resolution of the respective incident and may, in individual cases, be transmitted to the investigative authorities.

B. Data processed while using the DEA MEDICINE platform

a. By registering an account, we will process the following information completed and submitted by you:

-Username;
-Password;
-Order history.
-Email address;
-Age.

b. By placing an order, we will also process the following information:

-Name, surname;
-services ordered;
-Invoice and payment data;
-IBAN account;
-Card data (holder name, card number, CVV code, expiration date), but are processed and stored on our behalf by the platform https://romania.payu.com.

c. During the provision of purchased medical services:

-Identification data
-Physiological data
-Sensitive medical data
-Workplace data

Categories of medical activities for which the data is processed:

-Preventive medicine
-Curative medicine
-Medical advice

Personal data is used exclusively to identify the patient and perform the purchased medical services. Medical service providers will have access to personal data only during the period of deciding to take over the service and during the provision of the service.

d. By posting a question or a review on the services sold on the DEA MEDICINE platform:

-Name, surname;
-Email address;
-Opinion or review submitted;

e. Contact for requests, complaints

You can contact us both in the contact form or by email at support@deamedicine.com. We will process the data you have provided to respond to your request.

We have a legitimate interest in responding to your requests. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. If the purpose of your request is to conclude a contract or place an order, the legal basis is Art. 6 para. 1 lit. b) GDPR.

When you contact us, the data transmitted to us will be deleted after your request has been resolved, to the extent and if we are not obliged to store it for reasons provided by applicable law.

f. Commercial communication

If and to the extent that you have consented to receive information for advertising purposes, for example you have signed up to receive a newsletter by e-mail, the data processing necessary in the context of establishing contact is carried out on the legal basis represented by art. 6 para. 1 lit. a) of the GDPR. You can revoke your consent you have given us at any time, which will take effect for the future (for example, by using the unsubscribe link included in the e-mail message).

Activities carried out within the framework of the processing of personal data:

-Collection
-Registration
-Disclosure
-Deletion
-Modification
-Use

 

IV. WHY WE COLLECT THIS INFORMATION AND WHAT IS THE LEGAL BASIS

When you interact with us in any way, you may provide us with data for the purpose of:

-Creating an account on the DEA MEDICINE platform, in accordance with art. 6 para. 1 lit. a) of EU Regulation 2016/679;
-Managing your account on the DEA MEDICINE platform, in accordance with art. 6 para. 1 lit. a), b) or f) of EU Regulation 2016/679;
-In order to conclude or execute a contract between you and us, in accordance with art. 6 para. 1 lit. b) of EU Regulation 2016/679;
-For placing orders, in accordance with art. 6 para. 1 lit. b) of EU Regulation 2016/679;
-For making an online payment, in accordance with art. 6 para. 1 lit. b) of EU Regulation 2016/679;
-For the provision of services ordered in accordance with art. 6 para. 1 lit. b) of EU Regulation 2016/679;
-For sending newsletters, if you have consented, in accordance with art. 6 para. 1 lit. a) of EU Regulation 2016/679.
-For providing transparency and information and supporting the exercise of the right to freedom of expression in accordance with art. 6 para. 1 lit. a), c) of EU Regulation 2016/679;
-For account maintenance, in accordance with art. 6 para. 1 lit. f) of EU Regulation 2016/679;
-To contact you, in accordance with art. 6 para. 1 lit. f) or b) of EU Regulation 2016/679;
-To respond to questions and requests, in accordance with art. 6 para. 1 letter f) or b) of EU Regulation 2016/679;
-To provide and improve the services we offer, in accordance with art. 6 paragraph 1 letter f) of EU Regulation 2016/679;
-To diagnose or remedy technical problems, in accordance with art. 6 paragraph 1 letter f) of EU Regulation 2016/679;
-To comply with the law, in accordance with art. 6 paragraph 1 letter c) of EU Regulation 2016/679;
-To establish or assert a right in court, in accordance with art. 6 paragraph 1 letter c) of EU Regulation 2016/679.

 

V. WHAT ARE YOUR RIGHTS

Under data protection legislation, you have rights that we must inform you about. The rights available to you depend on our reason for processing your information.

a. Your right to access

You have the right to ask whether we are processing your personal information. You can also request copies of your personal information in writing. This right always applies to you.

You can make an access request to find out:

-what personal information we hold about you;
-how we use the data;
-to whom we disclose the personal information; and
-where we received the data.

b. Your right to rectification

You have the right to request rectification of information that you believe is inaccurate. You also have the right to request that we complete information that you believe is incomplete. This right always applies to you.

You can contest the accuracy of the personal information we hold about you and request that it be corrected or deleted. If your data is incomplete, you can ask us to complete it by adding more details.

To exercise your right, you must inform us that you contest the accuracy of your data. and you want it corrected. You should:

-clearly state what you believe is inaccurate or incomplete;
-explain how it should be corrected; and
-where available, provide evidence of the inaccuracies.

A request can be verbal or in writing. We recommend that you follow up any verbal request in writing as this will allow you to explain your concern, provide evidence and set out your desired resolution. It will also provide clear evidence of your actions if you decide to dispute our response.

c. Right to erasure of personal data

You may request that your data be erased in certain circumstances. The right only applies in the following circumstances:

-the company no longer needs your data for the original purpose for which it was collected or used;
-you initially consented to the company using your data but have withdrawn your consent and there is no other legal basis;
-the company collected or used your data unlawfully;
-the company is legally obliged to erase your data.

The company may refuse to erase your data in the following circumstances:

-when the company is legally obliged to store your data in order to comply with legal provisions, according to Law no. 16/1996 and not only;
-when the retention of your data is necessary for the establishment, exercise or defence of legal claims;
-when the erasure of your data would prejudice scientific, historical research or archiving which is in the public interest.

If an exception to the right to erasure applies, the company may refuse to comply with your request in whole or in part. The company may also refuse your request if it is, as the law states, “manifestly unfounded or excessive”.

d. Your right to restriction of processing

You may limit the way in which the company uses your data. personal data if you are concerned about the accuracy of the data or how it is being used. This right is closely linked to your rights to contest the accuracy of your data and to object to its use. You have the right to ask us to restrict the processing of your information in certain circumstances.

You can ask the company to temporarily restrict the use of your data when they are considering:

-a request you have made regarding the accuracy of your data or
-you have raised an objection to the use of your data.

You can also ask us to restrict the use of your data instead of deleting it if:

-the company has processed the data unlawfully but you do not want it to be deleted or
-the company no longer needs your data but you want it to be kept for the establishment, exercise or defence of legal claims.

e. Your right to object to processing

You have the right to object at any time to the processing (using) of your data. personal data if the basis for the processing is legitimate interest. This means that you can stop or prevent the company from using your data. However, it only applies in certain circumstances and there may be no need to stop processing if the company can provide compelling and legitimate reasons for continuing to use your data.

You can only object to processing where the company is using your data:

-for its legitimate interests;
-for scientific or historical research or statistical purposes; or
-for direct marketing purposes.

f. Your right to data portability

This only applies to information that you have provided to us. You have the right to request that we transfer the information you have provided to us from one company to another or to provide it to you. The right only applies if we process information based on your consent or information about entering into a contract and the processing is automated.

g. Right to lodge a complaint

To make a request, please use the form provided by us on the website. You are not required to pay any fee for exercising your rights as long as your request is not excessive or unfounded. We have one month to respond to you, with the possibility of extending this period. Please contact us at the e-mail address support@deamedicine.com if you wish to make a request.

You have the right to contact the National Supervisory Authority for Personal Data Processing or the competent courts, to the extent you consider necessary.

 

VII. HOW LONG WILL WE STORE YOUR DATA?

We will store your data for a period ranging from one day to 5 years from the date of placing your order. If you have not placed any order, you can request, in writing, the deletion of your account at any time. If you have placed at least one order, we will retain your data for 5 years from the last order in our records, but you can request the deletion of your account.

If you have purchased a service offered by the DEA MEDICINE platform, we have issued a tax invoice, and your data will be stored for 10 years, according to tax legislation.

Information is stored on servers in Romania.

When a user of the DEA MEDICINE platform loses this quality, the platform provider will archive the user’s data and make it unavailable in its work environment. The archived data will not be used by SILOSI MEDICAL TECH S.R.L staff or by medical service providers and will not be accessible to them, except in situations imposed by law for the purpose of proving previous contractual relationships. The archived data will be kept for 10 years from the last service purchased. The medical data provided to medical service providers will be stored by them.

At the request of users of the DEA MEDICINE platform, SILOSI MEDICAL TECH S.R.L will delete (or archive, regarding medical data) or will return all personal data to users at the time of the request to delete accounts and will delete existing copies, in accordance with the procedures regulated in Art. 32 of the GDPR, except in the case where the applicable legal provisions regarding the protection of personal data require the storage of such data.

 

VIII. TO WHOM WE TRANSMIT PERSONAL DATA

a. SILOSI MEDICAL TECH S.R.L staff

SILOSI MEDICAL TECH S.R.L will ensure that its staff who process personal data is informed of the confidential nature of such data, that they have received appropriate training on their responsibilities and that they are contractually obliged to maintain the confidentiality of the data, and that this obligation survives the termination of the contract.

SILOSI MEDICAL TECH S.R.L will take reasonable steps to ensure that the staff who process personal data provide sufficient guarantees for the implementation of technical and organizational measures appropriate to this task.

SILOSI MEDICAL TECH S.R.L will ensure that personnel access to personal data is limited to those personnel who require such access for the purpose of performing the services.

b. Associated operators

Medical service providers are considered associated operators with SILOSI MEDICAL TECH S.R.L, and they will have the right to obtain personal data from the platform provider only to provide the services they have undertaken to provide and, at the same time, they will be prohibited from using such data for any other purposes.

c. Authorized persons

Data regarding your payments will be transmitted to the payment service provider for payment processing. If you make the payment through the PAY U platform, you will be redirected to its website via a link. Regarding payment processing, the processed data concerns your name, email address, or information about your accounts or credit cards. Please consult the PayU Privacy Statement and the PayU Privacy Principles on the website https://romania.payu.com. We note that this data is not transferred or stored, at any time, on the servers of SILOSI MEDICAL TECH SRL, but only by the transaction authorization institution or another entity authorized to provide card identification data storage services, about which entity the User will be informed, prior to entering the data.

In the case of the 3D Secure system for payment with Visa or MasterCard cards, the data related to the User’s card are entered directly into the Visa or MasterCard systems. This security measure involves redirecting the User at the time of payment to a secure page where the registration of each cardholder is done by assigning an authorization code for each online transaction. The cards accepted for payment are those issued under the VISA (Classic and Electron) and MASTERCARD (including Maestro, if they have a CVV/CV2 code).

User and order data are stored on the server provided by ROWEB SRL. Please consult the Terms and Conditions of the Privacy Policy used on their website.

Technical and maintenance issues of the DEA MEDICINE platform are managed by ROWEB SRL.

SILOSI MEDICAL TECH S.R.L is responsible for the actions or omissions of its own Authorized Persons to the same extent as it would be responsible if it itself provided the services to each Authorized Person directly under the data protection legislation, unless otherwise provided in the Contract.

SILOSI MEDICAL TECH S.R.L is in contractual relations with each Authorized Person, relations that include obligations regarding the protection of personal data, and these obligations are no less protective than the provisions of this Information Note and meet the requirements of article 28 paragraph. (3) of the GDPR or any other equivalent legal provisions, with the limitations imposed by the nature of the Services provided by such processors.

In some circumstances we are legally obliged to share information. In any scenario, we will ensure that we have a legal basis on which to share the information and to document our decision-making.

If we provide links to websites of other companies/authorities, this personal data processing notice does not cover how they process personal information. We recommend that you read the notices on the other websites you visit.

 

IX. SECURITY OF YOUR DATA

We want to protect your personal data against unauthorized processing, against unlawful processing, against accidental or unlawful loss, against accidental or unlawful destruction or against unauthorized or unlawful access to the computer system, against alteration of the integrity of computer data, unauthorized transfer of computer data or other acts incriminated by the Criminal Code.

In particular, we have implemented the following technical and organizational measures to ensure the security of personal data:

-Policies and procedures implemented to discover and document security breaches together with the measures taken and the personal data affected, to limit the consequences of a security incident, if it occurs, and to recover the data and return to the initial situation in the shortest possible time.
-Data minimization. We have ensured that your personal data that we process are strictly limited to those that are necessary, adequate and relevant for the purposes stated in this document.
-Restriction of access to data. We strictly restrict access to the personal data that we process.
-Back-ups and security audits to be in constant vigilance over the IT system.
-Ensuring the accuracy of your data through regular, planned checks.
-Encryption of data, both at rest and in transit.
-Control of employees, collaborators, medical service providers.

SILOSI MEDICAL TECH S.R.L will notify the individuals whose data it collects in the event of any destruction, loss, alteration or unauthorized disclosure caused by negligence or intent or of any illegal access to personal data that are transmitted, stored or processed in any way by SILOSI MEDICAL TECH S.R.L or its agents (“Data Breach”), if the security incident is likely to generate a high risk to the rights and freedoms of the data subjects. The risk is assessed according to:

-type of incident;
-nature, context, volume of data affected;
-possibility of identifying the data subjects;
-the consequences of the incident on the data subjects;
-the circumstances of the data subjects;
-the circumstances of the operator concerned;
-the number of people affected.

SILOSI MEDICAL TECH S.R.L will take into account the severity of the risk, but at the same time will take into account the probability of its occurrence.

If there is a degree of certainty that a data processing security breach has occurred, we will designate a responsible person to analyze the effects it has on you and our company and, if necessary, we will notify the National Supervisory Authority for Personal Data Protection and we will proceed to inform you, if it is likely to result in a high risk to your rights and freedoms, as soon as possible. The choice of the platform provider to notify or respond to a Data Security Breach cannot be interpreted and is not interpreted as an admission of fault on its part with regard to a possible Data Security Breach.

 

X. REFUSAL TO PROVIDE PERSONAL DATA

You are not obliged to provide us with your personal data that we have mentioned in this document. However, if you do not provide us with the data mentioned in this information note, it will not be possible for us to provide you with the services you request.

 

XI. NON-EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS

Our respect for your data includes the fact that we give it the necessary human attention, through our staff. Under the current conditions, as a user of our services, you will not be subject to a decision by us based solely on the automated processing of your data (including the creation of profiles) that produces legal effects concerning you or that similarly affects you to a significant extent.

 

XII. EXCEPTIONS AND LIMITATIONS

In the event that it is required, for the limited purposes of fulfilling the cooperation and in accordance with applicable laws, SILOSI MEDICAL TECH S.R.L may disclose information that may lead to the identification of individuals. We note that we will fully cooperate with public authorities in any investigation related to any illegal content or activity of any user of the services, taking reasonable measures to protect property rights. We will cooperate with public authorities as long as disclosures are necessary to comply with national and European legislation, but also if such disclosure would be necessary or appropriate for SILOSI MEDICAL TECH S.R.L.