PRIVACY POLICY

INTRODUCTION

Thank you for your interest in our medical clinic and the services we offer. The protection of personal data is a very important subject for us. When you enter into any kind of relationship with us, you entrust us with your information, some of which is personal data protected by European and national legislation.

This document (hereinafter referred to as "Privacy policy", "Information note" or "The Document") contains the necessary information regarding the use of personal data. Please read this document carefully. For more information about the use of cookies or other similar technologies, please see Our Cookie Policy

The purpose of this Privacy Policy is to explain to you, among other things, the categories of personal data that we process (eg collection, storage, use, transmission), the reasons for the processing, the method of processing, your rights under the General Data Protection Regulation (hereinafter "GDPR" or "GDPR") and how you can exercise these rights. In the processing of personal data, we act as a controller and have a legal obligation to provide you with this information.

BEAUTYQUE MED AEGELESS SRL is a personal data controller under the GDPR. This Privacy Policy only covers data processing for which BEAUTYQUE MED AEGELESS SRL is an operator. 

DEFINITIONS

5. "GDPR", "GDPR" or "The Regulation" means Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
6. "The Operator" or "We" means BEAUTYQUE MED AEGELESS SRL, a Romanian company with its registered office in Bucharest, str. Dionisie Lupu no. 58, Corp B, Et. P, Ap. 1, Sector 1, with tax code RO43619656, e-mail office@deliathiess.ro, data protection officer email
7. "Data subject" represents any identified or identifiable natural person whose personal data are processed by us as an operator, such as customers, potential customers, site visitors.
8. "Processing" means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
9. "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear statement, signifies agreement to the processing of personal data concerning him or her.
10. "Personal data" means any information relating to an identified or identifiable natural person (the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

The other terms used in this document have the meaning given by the GDPR and other applicable legal provisions.

OTHER SERVICES

This Privacy Policy does not cover third-party applications and websites that you may access by clicking on links on our website. This is beyond our control. We encourage you to review the Privacy Policy on any website and/or application before providing any personal data.

WHO ARE WE?

BEAUTYQUE MED AEGELESS SRL, a Romanian company with its registered office in Bucharest, str. Dionisie Lupu no. 58, Corp B, Et. P, Ap. 1, Sector 1, with tax code RO43619656, e-mail office@deliathiess.ro, data protection officer email dpo@deliathiess.ro, is responsible for the processing of your personal data that we collect directly from you or from other sources. 

WHO ARE YOU? 

According to the law, you, the natural person benefiting from our services (i.e. the patient), the visitor to the site and/or the person in any kind of relationship with us, are a "data subject", i.e. an identified or identifiable natural person. In order to be fully transparent about the processing of personal data and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of your rights. For more information on the exercise of your rights, please access the “Your Rights” Section of this document.

OUR COMMITMENT

The protection of your personal information is very important to us. That is why we are committed to complying with European and national legislation on the protection of personal data, in particular Regulation (EU) No. 679/2016, also known as GDPR, and the following principles:

✓ Legality, fairness and transparentyour

We process your data legally and fairly. We are always transparent about the information we use, and you are properly informed. 

✓ Control vI appearKEEP

Within the limits of the law, we offer you the opportunity to review, amend, delete the personal data you have shared with us and to exercise your other rights. For more information on exercising your rights, please access the “Your Rights” Section of this document.

✓ Data integrity and purpose limitation

We use data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.

✓ Security

We have implemented reasonable security measures to protect your personal information as best we can. However, please note that no website, application, or internet connection is completely secure.

change

We may change this Privacy Policy at any time. All updates and changes to this Policy are effective immediately upon notification, which we will provide by posting on the Site and/or email notification.

YOUR INFORMATION. PURPOSES. LEGAL GROUNDS

When you browse our website or when you send us an email request or contact us for other purposes, you may provide us with the following personal data. This list only explains the data processed in the online environment and does not cover the data we process about patients when providing medical services.

*While we have made every effort to identify all personal data processed and the purposes, please note that the information in the table above is not exhaustive. 

We collect most personal data directly from you (for example, by filling out a form on the site). Most personal data is as described above, but there may be situations where we collect data from third parties (eg partners, platforms).

In addition to the information indicated above, we may also collect information about how you interact with our site(s) (for example, information about how and when you access our site or what device you use to access the site). For more information in this regard, we invite you to read and Our policy regarding the use of cookies.

STORAGE PERIOD

We store your personal data only for the period necessary to fulfill the purposes or as long as we are required by law, but no longer than 5 years from the termination of the contract or the last interaction with us. After the termination of the period, the personal data will be destroyed or deleted from the IT systems or transformed into anonymous data for use for scientific, historical or statistical research purposes. Please note that in certain expressly regulated situations, we store the data for the period required by law.

PERSONAL DATA TRANSFERS

We may disclose your data, in compliance with applicable law, to business partners or other third parties. We always make reasonable efforts to ensure that these third parties have implemented appropriate measures to protect and secure personal data. We have contractual clauses with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate according to the law. For example, we may provide your data to other companies, such as IT service providers (eg cloud, hosting) or telecommunications, accounting, legal services and to other third parties with whom we have a contractual relationship.

We may also transmit the data to other recipients with your consent or according to your instructions, for example, if you exercise a portability request.

We may also provide your personal information to the prosecutor's office, police, courts and other authorized state bodies, based on and within the limits of legal provisions and as a result of expressly formulated requests.

INTERNATIONAL TRANSFERS

The transfer of personal data to a third country may only take place if the country to which the transfer is intended ensures an adequate level of protection. The transfer of data to a country whose legislation does not provide a level of protection at least equal to that offered by the GDPR is only possible if there are sufficient guarantees regarding the protection of the fundamental rights of the data subjects. These guarantees will be established by us through contracts concluded with the suppliers/service providers to whom the transfer of your personal data will be made. Whenever we transfer your personal data outside the European Economic Area (EEA), we will ensure that there is a similar level of protection through one of the following data protection mechanisms offered by the GDPR. Currently, we may transfer your personal data to countries where it has been demonstrated by the European Commission that they provide an adequate level of security for personal data. Currently, we transfer your personal data to companies in the United States of America, namely Meta Platforms Inc. and Microsoft Corporation, as a result of our company's use of the WhatsApp and Outlook services for electronic communication and messaging. These data transfers are made based on the Adequacy Decision issued by the European Commission under the EU-US Data Privacy Framework. This framework guarantees an adequate level of protection for personal data transferred to the US, similar to that provided for in the GDPR. Meta Platforms Inc. and Microsoft Corporation participate in the EU-US Data Privacy Framework and have committed to complying with the principles of this framework, thus providing adequate guarantees for the security and confidentiality of your personal data.

DIRECT MARKETING

To the extent that we have obtained your prior consent or you are already a customer of the company, we may use direct marketing technologies using the information collected about you. We currently conduct marketing through the following methods: email and SMS marketing.  

You can object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email.  ("unsubscribe") or by sending a request to this effect to dpo@deliathiess.ro.

PROFILING AND AUTOMATED DECISIONS

We do not make automated decisions with legal effect or significant impact on you.

YOUR RIGHTS

Your rights under the GDPR are as follows:

(a) The right to be informed regarding the processing of your data.

(b) Right of access to data. You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed and, if so, access to the data and information provided for in Article 15(1) of the GDPR.

(c) The right to rectify inaccurate or incomplete data. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.

(d) Right to erasure ("right to be forgotten").  In the situations provided for in Article 17 of the GDPR, you have the right to request and obtain the deletion of personal data.

e) The right to restriction of processing. In the cases provided for in Article 18 of the GDPR, you have the right to request and obtain restriction of processing.

f) The right to transmit the data we have about you to another controller ("right to portability"). The right to transmit the data we have about you to another controller (“right to portability”)

g) The right to object to data processing. In the cases provided for in Article 21 of the GDPR, you have the right to object to the processing of your data.

h) The right not to be subject to a decision based solely on automated processing, including the creation of profiles with legal effects or similar significant effects on you.

i) The right to seek justice to protect your rights and interests.

j) Right to file a complaint before a Supervisory Authority.

Please note that:

(1) You can withdraw your consent for direct marketing at any time by following the unsubscribe instructions in each email or by sending a request to the email address dpo@deliathiess.ro.

(2) If you wish to exercise your rights, you can do so by sending a written, signed and dated request to the email address: dpo@deliathiess.ro.

(3) The rights listed above are not absolute. There are exceptions, therefore each request received will be analyzed in order to decide whether it is well-founded or not. To the extent that the request is well-founded, we will facilitate the exercise of your rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of your rights to file a complaint with the Supervisory Authority and to seek legal action.

(4) We will try to respond to your request within one month. However, this period may be extended depending on various factors, such as the complexity of the request, the large number of requests received, or the impossibility of identifying you in a timely manner.

(5) If, despite our best efforts, we are unable to identify you, and you do not provide us with additional information to enable us to identify you, we are not obligated to comply with the request.

For any other information you can contact us at dpo@deliathiess.ro.

You've reached the end. Congratulations! Thank you for taking the time to learn how we protect your personal data!