GDPR Privacy Notice - May 2018

Agreement for processing personal data by SKINMED^® CLINIC and SKINMED^® CENTER

Date of entry into force: 25 May 2018

This note contains important information. We therefore encourage you to take the time to read it fully and carefully and to ensure that you fully understand it. Please do not hesitate to let us know if you have any questions.

What is the scope of this privacy notice?

The privacy notice in the EU General Data Protection Regulation (GDPR) explains how to SKINMED^® CLINIC and SKINMED^® CENTER (based in Bucharest, sector 3, Calea Dudești nr. 188 and working point in Bucharest, sector 3, Alba Iulia Square No. 2, Section I, Bl. I1) - "Clinic" - uses your personal data and may include the personal data of third parties when you provide us with their personal data. It provides details of how we collect your personal data, why we collect it and to whom we may pass it on. This privacy notice also discloses your rights in relation to your personal data. It applies to all your data, including personal data stored electronically or in hard copy.

What personal data can we collect?

The Clinic collects and processes your personal data which may come directly from you or from persons authorised by you to provide us with such data. Personal data includes all information that identifies you or can be used to identify you.

In addition, we may obtain personal data about you from publicly available sources and third parties, which may include the following categories of personal information:

• Personal details - name, surname, sex, age, video recordings (CCTV video surveillance cameras are installed in the common areas - these are indicated by visible signs); indicative home/residence address, mobile/fix telephone number, e-mail address, signature, personal number code (only for special tests - biopsy, medical tests);
• Payment details (bank account or bank card number/IBAN code, first and last name of the holder of the bank account or bank card (can be someone other than you if someone else has made a payment for a service on your behalf and for you);
• Health data (symptoms, past illnesses, medications taken in the past, blood type, services you access at the Clinic; results of tests we perform on you; treatment we prescribe, recommend or administer; doctor you have accessed, medical recommendations, data on your family's medical history, biometric data, other information you give us about your family members);
• Opinions about us or our products and services (any opinions and views you share with us or any opinions and views you publicly post about us on social media or make known through other public channels;
• Communication and other personal preferences (data relating to the services provided by the Clinic and your interaction with us, such as: records of your interactions with us; details of the history of services provided by us to you).

How will we use your personal data?

The processing of your personal data includes the ways in which we may record, organize, structure, store, adapt or modify, retrieve, consult, use, disclose by transmission or even make available, restrict, delete or destroy your personal data.

We may process your personal data for the following purposes:

• Providing healthcare services to you (provision and registration of medical services rendered, communication of the results of investigations carried out within the Clinic or through third parties with whom the Clinic has a service contract, communication of information on the safety of the product used in the procedure applied, receipt and reporting of adverse events);
• Marketing communications (to conduct promotional programs (e.g. - discount programs, to determine your eligibility for certain products, services or programs, product communications);
• Monitoring interactions your (online and offline) with us;
• Financial management (issuing receipts, invoices and receipts to you, receiving payments from you including recording payments made by another person on your behalf; recovering debts from you (including via debt recovery companies - details below in the section on submitting your data), sending notices and summonses in the case of debts not recovered amicably, drawing up financial reports, issuing financial statements);
• Fulfilling our legal obligations on archiving, record-keeping and other obligations imposed on us by law);
• Legal proceedings and government investigations (e.g. the basis of warrants, subpoenas and court orders);
• Website administration;

For any other purposes where we are required to notify you and seek your consent, including those purposes required by local law, we will seek your consent before processing your personal data for those purposes.

What is our legal basis for processing your personal data?

The applicable legal basis under which we process your personal data for the specific purposes listed above includes the following:

• Compliance with applicable laws or execution of the healthcare contract: In certain circumstances, it may be necessary for us to process your personal data in order to comply with a relevant law/regulation or to fulfil our obligations under your contract. If we process your personal data to fulfil our legal obligations, it is likely that you will not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would prevent us from fulfilling our legal obligations. If we use processing to perform contractual obligations under a contract to which you are a party, you may not be able to challenge this processing, or if you choose to opt out or object to our processing, it may affect our ability to perform a contractual obligation we owe to you.
• Our legitimate interest: We may process your personal data based on our legitimate interests to communicate and manage interactions with you in relation to products and services. In addition to the other rights described below, you have the right to object to the processing of your personal data. You may object by contacting us using the information in the "How to contact us" section below.
• Based on your consent: In some cases, we may ask for your consent to collect and process your personal data. If you choose to give us your consent, you may later withdraw it (or opt-out) by contacting us using the information in the "How to contact us" section below. Please note that withdrawing your consent will not affect any processing of personal data that has already taken place. Where we process your personal data on the basis of consent, we will provide you with more detailed information at the time we obtain your consent.

To whom and when will we disclose or transmit your personal data?

We will transmit or disclose your personal data to the following entities:

• Third parties that we contract to perform services on our behalf to perform activities or functions related to the purposes of processing your personal data described above. We will require these third parties - acting on our behalf - to protect the confidentiality and security of your personal data that we transmit to them. These third parties have contractually agreed that they will not use or disclose your personal data for purposes other than those necessary to provide services to us, perform services on our behalf, or comply with applicable laws or regulations.
• Potential third-party buyers. If we decide to reorganise or dispose of a business by sale, merger or acquisition, we may pass on personal data to current or potential buyers. We will require those purchasers to use your personal data in accordance with this privacy notice.
• Legal proceedings. In the event that disagreements arise between you and us that we cannot resolve amicably, we may process your sensitive data (e.g. diagnosis and procedure) for the purpose of establishing, exercising or defending a legal claim against us.
• Collaborating doctors/nurses and other health care providers - they have an obligation to keep your data confidential under both the Patient Act and the GDPR.

To whom and under what conditions will we transfer your data to a third country?

At this time we do not transfer and do not intend to transfer your personal data or any part of it to other companies, organisations or individuals in third countries or to international organisations.

If we need to transfer your data to any of the above destinations, we will send you a prior notice of this.

For specifically defined cases, for the interpretation of specialized analyses, at the express request of our patients, we make these analyses available to a specialized physician who is located in the USA. The analyses do not bear any personal data of the patient so it is impossible that the interpretation of the analyses can lead to the identification of the person to whom they belong. The analyses are made available to the doctor for interpretation through a highly secure system so that no unauthorised person can learn about them or gain possession of them. The physician located in the USA does not store, process or operate in any way our patients' analyses and any personal data of our patients.

How do we protect your personal data?

We use industry-standard administrative, technical and physical safeguards to protect your personal data against loss, theft, misuse, unauthorised access, alteration, disclosure and destruction. We allow access to your personal data only to those employees and third parties acting on our behalf who justify a legitimate interest in such access. We will transfer your personal data to third parties acting on our behalf if we have received written assurances that your personal data will be protected in accordance with this privacy notice and our privacy policies and procedures.

How long do we keep your personal data?

Personal data will be kept for the duration of your collaboration with us. We will store and retain the personal data we collect in accordance with our corporate records retention policy, after which it will be archived or deleted. A detailed schedule of our data retention practices is available at www.skinmed.ro. Please note that certain information may be retained for longer periods of time if we have ongoing obligations to you or if local law requires it.

What are your rights?

You have the right to consult and obtaini a copy of your personal data, including an electronic copy that we have, and ask us to make changes in case of inaccurate or incomplete personal data we hold about you. You may also request that we delete your data when they are no longer needed for the purposes for which you provided them to us, to restrict how we process your personal data for certain limited purposes where it is not possible to delete the data, or oppose the processing personal data. In certain situations, you may request the transfer of your data to a third party of your choice.

Also, where we process your data based on your consent, you have the right to withdraw your consent; you can do this at any time, at least as easily as you originally gave us your consent; withdrawing consent will not affect the lawfulness of the processing of your data that we carried out prior to withdrawal.

The right to lodge a complaint with the supervisory authority. You have the right to lodge a complaint with the supervisory authority for the processing of personal data about the processing of your data by us or on our behalf.

To exercise any of these rights, please contact us as indicated in the "How to contact us" section below.

What happens if we revise this privacy notice?

From time to time, we may amend this privacy notice to reflect changes to our legal obligations or the ways in which we process your data. We will notify you of any material changes to this privacy notice and they will be effective when notified.

Lack of automated decision-making process

Our respect for your data also means that, as a user of our services, you will not be subject to a decision by us based solely on the automatic processing of your data (including profiling) that produces legal effects concerning you or similarly affects you to a significant extent. If we decide to create such a profile, we will ask you to give your explicit consent.

How can you contact us if you have questions or concerns?

If you have any comments, suggestions, questions or concerns about any of the information in this notice or any other issues relating to the processing of your data that we carry out, please do not hesitate to contact our Data Protection Officer at any time. Depending on your preferences, you may contact us through any of the communication channels below.

Our entire team will make every reasonable effort to ensure that we respond to you as quickly and completely as possible.

Our contact details:

Head office address: Bucharest, sector 3, Calea Dudești nr. 188, cam. 2, block B, floor 15, ap. 119;

Work point address: Alba Iulia Square No. 2, Section I, Bl. I1, Sector 3, Bucharest

Phone number: 0786.356.361 (available between 09.00-17.00, Monday - Friday);

E-mail address: office@skin-med.ro;

Contact details of our Data Protection Officer (this is the person to contact about any issues relating to the protection of your personal data);

First name/last name: Corina Popa;

Correspondence address: Alba Iulia Square No. 2, Section I, Bl. I1, Sector 3, Bucharest

E-mail address: dpo@skinmed.ro;

What solutions are available to you?

For more information about your privacy and data protection rights, or if you are unable to resolve an issue directly with us and wish to make a complaint, please contact the country-specific data protection authority (Autoritatea Națională de Supraveghere a Prelucçªo de Dados cu Caracterlor Personal, Bucharest, Bd. General Gheorghe Magheru nr. 28-30, postal code 010336, Romania, telephone: +40 31 805 9211)

This website uses its own and third-party cookies to provide visitors with a much better browsing experience and services tailored to their needs and interests. In what we call "web 2.0", "cookies" play an important role in facilitating access to and delivery of the many services users enjoy on the Internet, such as:

Customise certain settings such as: the language in which a site is viewed, the currency in which certain prices or tariffs are expressed, keeping options for various products (measurements, other details, etc.) in the shopping cart (and saving these options) - thus creating "shopping cart flexibility" (accessing old preferences by clicking the "forward" and "back" buttons). Cookies provide site owners with valuable feedback on how their sites are used by users, so they can make them even more effective and accessible to users. They allow multimedia or other applications from other sites to be embedded on a particular site to create a more valuable, useful and enjoyable browsing experience;
Improve the efficiency of online advertising.

WHAT IS A COOKIE?

An "Internet Cookie" (also known as a "browser cookie" or "HTTP cookie" or simply "cookie") is a small file of letters and numbers that will be stored on a user's computer, mobile device or other equipment from which the Internet is accessed. Cookies are installed by a request issued by a web-server to a browser (e.g. Internet Explorer, Chrome) and are completely "passive" (they do not contain software, viruses or spyware and cannot access information on the user's hard drive).
A cookie consists of 2 parts: the name and the content or value of the cookie. Furthermore, the lifetime of a cookie is determined; technically, only the web-server that sent the cookie can access it again when a user returns to the website associated with that web-server.
Cookies themselves do not require personal information to be used and, in most cases, do not personally identify Internet users.

THERE ARE 2 BROAD CATEGORIES OF COOKIES:

Session cookies - these are stored temporarily in the web browser's cookie folder for the browser to remember until the user exits the website or closes the browser window (e.g. when logging in/out of a webmail or social media account).
Persistent Cookies - These are stored on a computer's or device's hard drive (and generally depend on the default lifetime of the cookie). Persistent cookies also include those placed by a website other than the one the user is currently visiting - known as "third party cookies" - which can be used anonymously to remember a user's interests so that the most relevant advertising can be delivered to users.

WHAT ARE THE ADVANTAGES OF COOKIES?

A cookie contains information that links a web-browser (the user) to a specific web-server (the website). If a browser accesses that web-server again, it can read the information already stored and react accordingly. Cookies ensure a pleasant browsing experience for users and support the efforts of many websites to provide convenient services to users: for example - online privacy preferences, site language choices, shopping carts or relevant advertising.

WHAT IS THE LIFETIME OF A COOKIE?

Cookies are managed by web servers. The lifetime of a cookie can vary significantly, depending on the purpose for which it is placed. Some cookies are used exclusively for a single session (session cookies) and are no longer retained once the user has left the website and some cookies are retained and reused each time the user returns to that website ("permanent cookies"). However, cookies can be deleted by a user at any time via browser settings.

WHAT ARE THIRD PARTY COOKIES?

Certain sections of content on some sites may be provided through third party/providers (e.g. a news box, a video or an advertisement). These third parties may also place cookies through the site and they are called "third party cookies" because they are not placed by the owner of that website. Third party providers must also comply with applicable law and the site owner's privacy policies.

HOW COOKIES ARE USED BY THIS SITE

A visit to this site may place cookies for the purposes of:

• site performance cookies;
• visitor analytics cookies;
• cookies for geotargeting.
  These cookies may come from the following third parties: (Google, Facebook).

PERFORMANCE COOKIES

This type of cookie retains the user's preferences on this site, so there is no need to set them each time you visit the site.

COOKIES FOR VISITOR ANALYTICS

Each time a user visits this site the analytics software provided by a third party generates a user analytics cookie. This cookie tells us whether you have visited this site before. Your browser will tell us if you have this cookie, and if not, we will generate one. It allows us to track unique users who visit us and how often they do so. As long as you are not registered on this site, this cookie cannot be used to identify individuals, they are only used for statistical purposes. If you are registered, we may also know the details you have provided to us, such as your email address and username - these are subject to privacy and the provisions of our Terms and Conditions, Privacy Policy and the provisions of current legislation on the protection of personal data.

COOKIES FOR GEOTARGETING

These cookies are used by software that determines which country you are from. It is completely anonymous and is only used to target content - even when you are on our English page or in another language you receive the same ad.
Cookies for registration. When you register on this site, we generate a cookie that tells us whether you are registered or not. Our servers use these cookies to show us which account you are registered with and whether you have permission for a particular service. It also allows us to associate any comments you post on our site with your username. If you have not selected "keep me logged in", this cookie will be automatically deleted when you close your browser or computer.

OTHER THIRD PARTY COOKIES

On some pages, third parties may set their own anonymous cookies in order to track the success of an application, or to customize an application. Due to the way we use it, this site cannot access these cookies, just as third parties cannot access cookies held by this site. For example, when you share an article using the social media button found on this site, that social network will record your activity.

WHAT TYPE OF INFORMATION IS STORED AND ACCESSED THROUGH COOKIES?

Cookies store information in a small text file that allows a website to recognise a browser. The web-server will recognise the browser until the cookie expires or is deleted.
Cookies store important information that enhances the web browsing experience (e.g. language settings for a site; keeping a user logged into a web-mail account; online banking security; keeping products in the shopping cart).

WHY ARE COOKIES IMPORTANT FOR THE INTERNET?

Cookies are at the heart of the efficient functioning of the Internet, helping to generate a user-friendly browsing experience tailored to each user's preferences and interests. Refusing or disabling cookies may make some sites unusable.
Refusing or disabling cookies does not mean that you will no longer receive online advertising - it just means that it will no longer be able to take into account your preferences and interests as evidenced by your browsing behaviour.

EXAMPLES OF IMPORTANT USES OF COOKIES (WHICH DO NOT REQUIRE A USER TO LOG IN VIA AN ACCOUNT):

Content and services tailored to user preferences - news categories, weather, sports, maps, public and government services, entertainment sites and travel services.
Offers tailored to users' interests - password retention, language preferences (e.g. displaying search results in Romanian).
Retain child protection filters on Internet content (family mode options, safe search functions).
Limiting ad frequency - limiting the number of times an ad is shown to a particular user on a site.
Provide more relevant advertising to the user.
Measurement, optimization and analytics features - such as confirming a certain level of traffic to a website, what type of content is being viewed and how a user gets to a website (e.g. via search engines, directly, from other websites, etc.) Websites run these usage analytics to improve their sites for the benefit of users.

SECURITY AND PRIVACY ISSUES

Cookies are NOT viruses! They use plain text formats. They are not made up of pieces of code so they cannot be executed or run themselves. Consequently, they cannot be duplicated or replicated on other networks to run or replicate themselves again. Since they cannot perform these functions, they cannot be considered viruses.

Cookies can, however, be used for negative purposes. Because they store information about users' preferences and browsing history, both on a particular site and on several other sites, cookies can be used as a form of Spyware. Many anti-spyware products are aware of this fact and consistently flag cookies for deletion as part of anti-virus/anti-spyware deletion/scanning procedures. Browsers generally have built-in privacy settings that provide different levels of cookie acceptance, validity period and automatic deletion after the user has visited a particular site.

Other security issues related to cookies

Since identity protection is very valuable and is the right of every internet user, it is good to know what possible problems cookies can create. Because cookies constantly transmit information back and forth between the browser and the website, if an attacker or unauthorised person intervenes in the data transmission path, the information contained in the cookie can be intercepted. Although very rare, this can happen if the browser connects to the server using an unencrypted network (e.g. an unsecured WiFi network).
Other cookie-based attacks involve wrong cookie settings on servers. If a website does not require the browser to use only encrypted channels, attackers can use this vulnerability to trick browsers into sending information through unsecured channels. Attackers then use the information to gain unauthorised access to certain websites. It is very important to be careful in choosing the most appropriate method of protecting personal information.

TIPS FOR SAFE AND RESPONSIBLE BROWSING BASED ON COOKIES.

Due to their flexibility and the fact that most of the most visited and largest sites use cookies, they are almost unavoidable. Disabling cookies will not allow the user access to the most popular and used sites including Youtube, G-mail, Yahoo and others.

Here are a few tips that can ensure you browse worry-free, but with cookies:
Customise your browser settings for cookies to reflect a level of cookie security that is comfortable for you.
If you don't mind cookies and you are the only person using your computer, you can set long expiry times for storing your browsing history and personal access data.
If you share access to your computer, you may consider setting your browser to delete individual browsing data each time you close the browser. This is a variant of accessing sites that place cookies and deleting any visit data when you close your browsing session.

Install and constantly update your anti-spyware applications.
Many spyware detection and prevention applications include detection of attacks on websites. This prevents the browser from accessing websites that could exploit browser vulnerabilities or download dangerous software. Make sure your browser is always up to date. Many cookie-based attacks are carried out by exploiting weaknesses in older versions of browsers.
Cookies are everywhere and cannot be avoided if you want to enjoy access to the best and biggest sites on the Internet - local or international. With a clear understanding of how they work and the benefits they bring, you can take the necessary security measures so you can surf the internet with confidence.

HOW CAN I STOP COOKIES?

Disabling and refusing to receive cookies may make certain sites impractical or difficult to visit and use. Also, refusing to accept cookies does not mean that you will no longer receive/see online advertising. It is possible to set your browser not to accept cookies or you can set your browser to accept cookies from a specific site. But, for example, if you are not registered using cookies, you will not be able to leave comments.
All modern browsers offer the possibility to change cookie settings. These settings are usually found in the "options" or "preferences" menu of your browser.
To understand these settings, the following links may be useful, otherwise you can use the browser's "help" option for more details.
Cookie settings in Internet Explorer
http://support.microsoft.com/kb/196955
Cookie settings in Firefox
http://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
Cookie settings in Chrome
http://support.google.com/chrome/bin/answer.py?hl=ro&answer=95647
Cookie settings in Safari
http://support.apple.com/kb/PH5042
For third-party cookie settings, you can also consult the website:
http://www.youronlinechoices.com/ro/

USEFUL LINKS

If you want to find out more about cookies and what they are used for, we recommend the following links:
Microsoft Cookies guide
http://www.microsoft.com/info/cookies.mspx
All About Cookies
http://www.allaboutcookies.org/

The following website is available to provide more information on privacy related to online advertising:
http://www.youronlinechoices.com/ro/

For more details on privacy issues, you can also access the following links:
www.youronlinechoices.eu/ro
http://www.iabeurope.eu/cookies-faq/internet-cookies-increasing-and-enhancing-yourinternet-surfing-experience/what-are-cookies-how-do-they-work-cookies-faq.aspx

Google Analytics cookie:

Google Analytics is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides site owners with JavaScript tags (libraries) to record information about the page a user has viewed, for example, the URL of the page. Google Analytics JavaScript libraries use HTTP cookies (this is a small piece of data sent from a website and stored on the user's computer by the user's browser as the user browses). Cookies were designed to be a secure mechanism for websites to remember state information or record user browsing activity) to "remember" what a user has done on previous pages/interactions with the website.

The information generated by the cookie about your use of this website (including your IP address) is transmitted to and stored on a Google server

Google Analytics supports two JavaScript libraries (tags) for website measurement:

use of analytics.js cookies

The analytics.js JavaScript library is part of Universal Analytics and uses primary cookies to:

- distinguishes unique users;

- accelerates the application rate.

When using the recommended JavaScript snippet, analytics.js sets cookies on the highest domain level. For example, if your website address is blog.example.co.uk, analytics.js will set the cookie domain to .example.co.uk. Setting cookies on the highest domain level allows users to be tracked between subdomains without any further configuration.

use of ga.js cookies

The ga.js JavaScript database uses primary cookies to:

- Determine which area to measure;

- distinguishes unique users;

- accelerate the application rate;

- remember the number and time of previous visits;

- remember the traffic source information;

- determine the beginning and end of a session;

- remember the value of custom variables at visitor level.

By default, this library sets cookies on the domain specified in the document.host browser property and sets the cookie path at the root level.

Error: The domain WWW.SKIN-MED.RO is not authorized to show the cookie declaration for domain group ID 699fc043-bf9a-43dc-a064-134fd4c69ad8. Please add it to the domain group in the Cookiebot Manager to authorize the domain.