POLICY REGARDING THE PROTECTION OF PERSONAL DATA
The terms mentioned in this policy will have the meanings specified below:
a) “Personal data of the Beneficiary / legal representative / conventional representative” - all personal data, regardless of their form or environment, which are: i) provided either by the Beneficiary or by the legal or conventional representative of the Beneficiary ii) provided, originated, notified in writing or orally by the insurer of the vehicle under repair or another insurer directly involved or by public institutions / authorities / entities (police stations, prosecutor's offices attached to courts, courts, etc.);
b) “Services” - the services provided by the Provider in accordance with the object of the Contract;
c) "Supervisory Authority" means an independent public authority established by a Member State with competence to supervise the protection of personal data in the EU in whose jurisdiction it is based and processes the personal data Provider, as controller , or the person authorized by the Provider. In this case, the supervisory authority is ANSPDCP (dataprotection.ro);
d) “Processing” - means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as: collection, registration, organization, structuring, storage, adaptation or modifying, extracting, consulting, using, disclosing by transmitting, disseminating or otherwise placing, aligning or combining, restricting, deleting or destroying;
e) “Operator” - the legal person, as in the present situation, the Provider or natural person who, alone or together with others, establishes the purposes and means of processing personal data;
f) "Person empowered by the controller" - means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
g) "Consent" of the data subject - means any manifestation of free, specific, informed and unambiguous will of the data subject by which he accepts, by an unequivocal statement or action, as personal data which look to be processed;
h) "Violation of the security of personal data" - means a breach of security which leads, accidentally or illegally, to the destruction, loss, alteration, or unauthorized disclosure of personal data transmitted, stored or otherwise processed , or unauthorized access to them;
2. GENERAL PROVISIONS
The customer undertakes to comply with the provisions of this policy, as well as the provisions set out in the Regulation and the rules of national law regarding the processing of personal data, their security and confidentiality.
3. OBJECT, DURATION, NATURE, PURPOSE, TYPE OF PERSONAL DATA
Object of processing
The sale of the specific products sold by the Operator, respectively the processing of the personal data necessary for the signing and execution of the contracts to which the Operator is a party.
The processing of personal data will be carried out during the contractual period, respectively until the fulfillment of the main obligations of the Contract, and will be processed after the termination of legal relations between the Parties, but not more than 5 years from the date of termination of legal relations. , respectively for a period of 10 years - the data contained in the fiscal invoices and the afferent attachments, according to the accounting legislation.
Nature of processing
The processing of personal data of the data subjects has the nature of a process of establishing the contractual relations and achieving its purpose.
In order to provide you with the services, the data may be transmitted to third parties (eg authorities, IT providers, couriers, partner insurance brokers), who have a legal or contractual obligation to protect your data. We do not transfer or intend to transfer data outside the EU / EEA.
Purpose of processing
Establishing contractual relationship and fulfilling legal obligations.
Legal basis for processing
- Execution of the contract;
- Legal obligation;
- Legitimate interest.
Type of personal data
- identity data (C.I. data - series and number, its validity period);
- contact details (address, telephone number, e-mail address);
- (possible) financial data which may include bank account and payment card details (issuing bank, card validity, cardholder, etc.);
B. The legal and / or conventional representative (s) of the Buyer legal person
- Identification data (name, surname, position);
- Identity data (name, surname)
- Contact details (address, telephone number, e-mail address)
- Categories of persons concerned
- Clients or legal representatives of clients legal entities
4. OPERATOR IDENTIFICATION DATA
This policy regulates the rules governing the processing of personal data of customers of Alpha Medical SRL, a legal entity of Romanian nationality, based in Bucharest, Str. Sandu Aldea no. 22, Sector 1, tel. 021 323 14 23, fax 021 323 14 18, registered in the Trade Register under number J40 / 4727/2001, unique registration code RO13878004 (“Company” or “ALPHA”), developed in application of Regulation (EU) 2016/679 on the protection natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC, hereinafter referred to generically as “EU Regulation 2016/679” or “GDPR”.
The GDPR defines personal data as any information concerning an identified or identifiable natural person ("data subject"), which can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, identification number, location data, an online identifier, or one or more specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
The policy establishes the conditions for the collection, processing, transfer, storage and deletion of personal data of customers. The procedures and principles set out in this policy are binding on both the Company, its employees, and any person acting on behalf of the Company.
The purpose of this procedure lies in the Company's intention to guarantee that the processing of personal data is carried out in compliance with legal provisions.
5. SPECIAL CATEGORIES OF PERSONAL DATA
As a rule, the Company does not process special categories of personal data. This data category refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, union membership, information about your health, and genetic and biometric data.
In accordance with the fiscal and accounting legislation, we are obliged to collect data that can be considered sensitive such as C.N.P. (legal obligation).
6. THE RIGHT BASIS OF THE USE OF CHARACTER DATA
The provider will process the personal data in order to fulfill the obligations deriving from the Contract - contractual obligation, in accordance with the provisions of art. 6 para. (1) lit. b) of the Regulation, when there is a legal or statutory obligation, in accordance with the provisions of art. 6 para. (1) lit. c) of the Regulation, or when there is a legitimate interest of the Provider, in accordance with the provisions of art. 6 para. (1) lit. f).
Your personal data will be kept by the Company for the entire period in which we deliver services / products, plus an additional period, after the termination of the contractual relationship, provided by the specific legislation on tax obligations or anti-fraud legislation. In detail, the Company may keep the Documents, in excess of the period necessary for fulfilling the purpose of their processing, if they are part of files for which the law provides a certain retention period (ie accounting records and supporting documents keep in the archives of the entities for 10 years, starting from the end of the financial year in which they were prepared, and for 5 years after the end of the financial year the following documents are kept: note of acceptance and finding of differences, delivery note, transfer, refund, consumption voucher, consumption voucher (collective), daily food list, delivery order, warehouse sheet, inventory list, inventory list (for global value management), receipt, receipt for foreign exchange operations , payment / collection order to the cashier, purchase slip, purchase slip (from pro individual accounts), statement for joint operations, travel order (delegation), travel order (delegation) abroad (international transport), statement of expenses (for external travel), statement of foreign exchange expenses (international transport), note of debit / credit, account statement for various operations, account statement for various operations (in foreign currency and lei), imputation decision, payment commitment).
The processing of these data, in terms of frequency, are:
- At the time of signing the Contract, its annexes and other documents related to it.
- If necessary in our legitimate interests (or those of a third party) and your interests and fundamental rights do not exceed those interests.
- If we have to comply with a legal or statutory obligation.
As we do not generally process special categories of personal data other than your CNP, your consent to the processing is not required.
8. CHANGE OF PURPOSE
The Provider will only use personal data for the purpose for which they were obtained, unless it is reasonably necessary to use them for another purpose and the reason is compatible with the original purpose. If you want to know more about how the processing for the new purpose is compatible with the original purpose, please send us an e-mail to office [at] alphamedical [dot] en
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and explain the legal reasons for the processing.
We may process your personal data without the consent or information of the Beneficiary, legal or conventional representative, if required or permitted by law.
9. DISCLOSURE OF YOUR DATA PERSONAL CHARACTER
We may distribute or disclose your personal data to third parties listed below for the purpose set out in Art. 3 or art. 8:
- Insurance companies.
- Service providers providing IT and system administration services.
- Professional consultants including lawyers, bankers, auditors and insurers providing consulting, banking, legal, insurance and accounting services.
- The tax administration regulators and other authorities based in Romania that require the reporting of processing activities in certain circumstances (for example police stations, prosecutor's offices attached to courts, courts, etc.).
- We ask all third parties to whom we transfer data to respect the security of your personal data and to process it in accordance with the law. We will allow these third parties to process your personal data for the purposes specified and in accordance with legal provisions.
10. INTERNATIONAL TRANSFERS
We do not transfer your personal data outside the European Economic Area (EEA).
11. DATA SECURITY
The provider has implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed, altered or disclosed in an unauthorized manner. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a commercial need to know that data. They will process your personal data at our instruction and are subject to the obligation of confidentiality.
We have implemented procedures to deal with any suspicious breach of personal data and we will notify you and any competent regulatory authority of the breach, when we are legally obliged to do so.
We may store your data in physical or electronic format. In some circumstances, we may anonymize your personal data (so that it is no longer associated with you) for research or statistical purposes, in which case we may use this information indefinitely without informing you.
12. LEGAL RIGHTS
In addition to those mentioned in art. 4 of this policy, in certain circumstances, the Beneficiary - an individual or other data subject (legal or conventional representative) has certain rights in accordance with data protection laws regarding your personal data. These include the right to:
- Request access to personal data.
- Request the correction of your personal data.
- Request the deletion of your personal data.
- Challenge the processing of your personal data.
- Request the restriction of the processing of your personal data.
- Request the transfer of your personal data.
- The right to withdraw consent, if applicable.
Beneficiary - an individual or other data subject (legal or conventional representative) will not pay a commission or any other fee to access your personal data (or to exercise any of the other rights). However, the Provider, as operator, may charge a reasonable fee if the request made is manifestly unfounded, repetitive or excessive. Alternatively, the Provider may refuse to comply with the request received in these circumstances.
The provider has the right to request certain information (including the CNP if you have given your consent) in order to be able to confirm the identity of the data subject who made the request and to securely secure personal data (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to persons who are not entitled to receive it. We may contact you to request additional information regarding your request to expedite our response.
The provider will take the necessary steps to respond to all legitimate requests within one month. Occasionally, it may take more than a month if the provider's application is very complex or the data subject has made several requests. In this case, the Provider will notify you and keep you informed.
With regard to personal data processed and provided by you, you have the right to file a complaint with the A.N.S.P.D.C.P., the Romanian supervisory authority for data protection issues (www.dataprotection.ro). We will be grateful if you contact us first if you have a complaint to try to resolve for you.
It is very important that the information we hold about you is accurate and up to date. Please notify us at any time of changes to your personal data by e-mail to medineurope [at] gmail [dot] ro.