Identification and contact data:
The secom-healthcare.com website, hereinafter referred to as “secom-healthcare” or the “website”, is managed and exclusively owned by SECOM HEALTHCARE GROUP S.R.L., hereinafter referred to as “Secom Group”, with the following identification data: Sole registration code 44153405, number of registration with the Trade Register J40/7290/2021, registered office in Bucharest, sector 2, Strada Gara Herăstrău nr. 2, Cladirea Equlibrium 1, Etaj 8, Romania Tel./Fax: 021/316.4393; E-mail: firstname.lastname@example.org.
The content of this Policy is only for information and does not affect your rights according to the legislation. We shall do whatever necessary to facilitate the exercise of such rights.
In case of questions about the content of the policies on processing or on the personal data collected through the website, the data subjects (website visitors) are asked to send a written request:
- to the e-mail address: email@example.com;
- in writing, by mail, to the following address: Bucureşti Sectorul 2, Strada Gara Herăstrău nr. 2, Cladirea Equlibrium 1, Etaj 8, Romania
Persons sending such requests to Secom Group are asked to include information such as “data protection” in the e-mail subject line/on the envelope, thus ensuring that requests are handled with priority.
The data subject shall receive a reply within 30 days from the reception of the request by Secom Group, and such deadline may be extended only in exceptional circumstances. In such cases, the data subject shall be informed about such deadline extension accordingly.
This policy is intended to inform you, mainly with respect to: (1) the categories of personal data we collect; (2) the purposes for the processing of such data and the corresponding processing basis; (3) the data storage period; (4) the recipients of personal data; (5) your rights.
1. Categories of personal data we process
We collect from you and process the following categories of personal data, to the extent you provide such types of personal data:
Identification data – surname, first name, home address, date of birth, gender
Contact data – mailing address, e-mail address, telephone number
Technical data – IP address, operating system, browser, geolocation, website pages you visit, time spent on these pages and other statistics
User data – user name, password, date and time of log-in, online activity
Opinions and views (may include sensitive data) – any opinions and views that you send to us or any opinions and views that you post publicly about us on social media or other public channels.
2. Purposes for processing and corresponding processing basis:
- for the legitimate interest of Secom Group, to contact an account holder, to provide information about accessing/using the user account, based on the relation established between Secom Group and the data subject;
- based on the express consent of the data subject, for marketing purposes;
- to provide the requested information, in case of submission of contact forms;
- for a legitimate interest, in case of personal data collected involuntarily, in order to understand the clients’ needs and expectations and improve the service offering.
Moreover, you should know that you have no obligation to provide your personal data to us. However, if you do not provide the necessary data, we may not be able to provide the requested services.
3. Data storage period
The personal data shall be processed during the period that is necessary to fulfill the processing purposes, as well as to comply with the applicable legal obligations, including, without limitation, the provisions on the record-keeping obligation.
Usual data processing for which the law does not require a retention period shall be subject to the general statute of limitation as maximum duration for data storage in the databases of Secom Group. The data shall be processed on the territory of the European Union.
As for consent-based processing, the data shall be kept until the withdrawal of the consent.
4. Recipients of personal data
Although we are currently unable to provide precise information about the exact identity of all the potential recipients of your data, as we have not previously determined them for each data subject, we are trying to indicate below the categories of third parties to which we transmit your personal data:
- Collaborators offering services and products that are related or additional to our products and services;
- Consultants under a contract with us (e.g. lawyers, accountants who are bound by the law or by the contract with us to keep your data confidential);
- Individual or legal entities acting as processors, in various areas (e.g. payment services, record-keeping or document destruction services, etc.), in relation to which we shall include clauses that they have an obligation to comply with the legislation protecting your rights;
- Other group companies;
- Web hosting service providers hosting our website;
- IT service providers ensuring maintenance and development of our website;
- Analytics service providers (e.g. Google Analytics);
- Marketing service providers on our account.
In all cases, we ask the recipients of your data to process them in compliance with the law and for purposes compatible to those for which we collect your personal data in the first place.
5. Your rights
You shall have the following rights in relation to your personal data, which are guaranteed by law:
- The right to access the data, i.e. the right to obtain a confirmation from the data controller whether your personal data are processed or not, and if yes, access to such data.
- The right to rectify the data, i.e. the right to obtain from the data controller, without undue delay, the rectification of inaccurate personal data. Considering the purposes for which the data were processed, the data subject shall be entitled to seek completion of incomplete data, including by submitting additional statements.
- The right to delete the data (the right to be forgotten),e. the right to obtain from the data controller the deletion of your personal data, without undue delay, and the obligation for the data controller to delete the personal data without undue delay, in certain cases (such as: the personal data are no longer necessary for the purposes for which they are collected or processed; the data subjects have withdrawn their consent for the processing and there is no other legal basis for the processing, the data subjects object to the processing of their personal data and there are no prevailing legitimate interests, or the data subject objects to the processing for direct marketing purposes, the data processing is illegal).
- The right to restrict the processing, i.e. the right to instruct the data controller to restrict the processing in certain cases (such as: the data subject challenges the accuracy of the data; the processing is illegal, and the data subject objects to the deletion of the personal data, requesting that their use is restricted instead, etc.).
- The right to data portability, i.e. the right to receive your personal data which you have provided to the data controller, in a structured, currently used and machine-readable format, as well as the right to transmit such data to another data controller, both in certain cases.
- The right to object, i.e. the right to object, for reasons related to your particular situation, to the processing on the basis of: (a) the exercise of a duty serving a public interest; (b) the performance of a duty resulting from the exercise of public authority or (c) for the purpose of the legitimate interests pursued by the data controller.
- The right not to be subject to an automated individual decision, i.e. the right not to be subject to a decision based exclusively on automatic processing, including the creation of profiles, which results in legal effects concerning the data subject or otherwise affecting it significantly, subject to certain conditions.
- The right to be informed about security breaches. If a breach in personal data security is likely to generate a high risk for the rights and liberties of individuals, the data controller shall notify the data subject without undue delay about such breach, in certain conditions.
- The right to withdraw your consent to the processing if the basis for the processing is your previously given consent.
Furthermore, any person who considers that their rights under GDPR were violated as a result of the processing of their personal data in breach of GDPR shall be entitled: (i) either to file complaint with the National Supervisory Authority for Personal Data Protection (A.N.S.P.D.C.P.), (ii) or to file legal action.
We will try to answer all your questions and concerns as quickly and completely as possible, as well as to facilitate the exercise of your rights, in compliance with the law.