Skip to main content
search

GDPR Information Notice - 2019

Agreement for processing personal data by SKINMED® CLINIC and SKINMED® CENTER

Date of entry into force: 25 November 2019

See also GDPR version May 2018

INFORMATION NOTE ON THE PROCESSING OF PERSONAL DATA AND POLICY ON THE PROCESSING OF PATIENTS' PERSONAL DATA

DERMATO-AESTHETIC CENTRE - SKINMED

This note contains important information. We therefore encourage you to take the time to read it fully and carefully and to ensure that you fully understand it. Please do not hesitate to let us know if you have any questions.

What is the scope of this information note

The EU General Data Protection Regulation (GDPR) information notice explains how to CENTRUL DERMATOESTETIC- SKINMED (located in Bucharest, Calea Dudești nr. 188, ap. 119, sector 3 and working point in Bucharest, Piața Alba Iulia nr. 2, bl. I1, Tronson 1, sector 3) - "Clinic", uses your personal data and may include personal data of third parties when you provide us with their personal data. This provides details of how we process your personal data, why we process it and to whom we may pass it on. This notice also discloses your rights in relation to your personal data. It applies to all your data, including personal data stored electronically or in hard copy.

What personal data can we collect?

The Clinic collects and processes your personal data which may come directly from you or from persons authorised by you to provide us with such data. Personal data includes all information that identifies you or can be used to identify you.

In addition, we may obtain personal data about you from publicly available sources and third parties, which may include the following categories of personal information:

For patients of the Clinic:

  • Personal details - surname; first name; sex; age; approximate home/residence address; mobile/fixed telephone number; email address, signature;
  • Image data - video recordings by CCTV video surveillance cameras installed in common areas - these are indicated by visible signs;
  • Payment details - bank account or bank card number/IBAN code; first and last name of the bank account or bank card holder (can be someone other than you if someone else has paid for a service on your behalf and for you; financial history with the Clinic; outstanding payment status;
  • Health data - symptoms; previous illnesses; past medication; blood type; allergies; diagnosis; services you access at the Clinic; results of tests we perform; treatment we prescribe or administer; doctor you have accessed; medical recommendations; private insurance status, data on your family's medical history; other information you provide us with about your family members;
  • Biometric date - consultation and analysis data, sample code, analysis results;
  • Voice data: your voice and the information provided during the entire telephone call to the Call Center, should you call our Call Center service;
  • Opinions about us or our products and services - any opinions and views you share with us or any opinions and views you publicly post about us on social media or share with other public channels;
  • Communication and other personal preferences - data relating to the services provided by the Clinic and your interaction with us, such as: records of your interactions with us; details of the history of services provided by us to you.

For employees and collaborators (medical and non-medical staff) of the Clinic:

  • surname, first name, age, sex, CNP, home address, bank details, CV details, professional insurance, specialist opinions and certifications, documents relating to PSI/SSM and occupational medicine, leave requests.

How will we use your personal data?

The processing of your personal data includes the lawful ways in which we may record, organize, structure, store, adapt or modify, retrieve, consult, use, disclose by transmission or even make available, restrict, delete or destroy your personal data.

We may process your personal data for the following purposes:

  • Making appointments at the Clinic's office or via the Call Centre service;
  • Providing healthcare services to you - provision and registration of medical services rendered, communication of the results of investigations carried out within the Clinic or through third parties with whom the Clinic has a service contract; communication of information on the safety of the product used in the procedure applied, receipt and reporting of adverse reactions;
  • Providing body beauty services to you;
  • Marketing communications - carrying out promotional activity to customers/potential customers via email or sms;
  • Promotion of the Clinic's services on social media channels using photos and/or videos of patients and doctors;
  • Monitoring interactions your feedback (online and offline) with us - the preparation and archiving of the feedback form;
  • Financial management - issuing vouchers, invoices and receipts to you; receiving payments from you including recording payments made by another person on your behalf; recovering debts from you; sending notices and taking legal action in the event of debts not recovered amicably; drawing up financial reports, issuing financial statements;
  • Administration of communications and IT systems, audit reporting, database security management and all IT systems;
  • Keeping track of medical services, keeping track of appointments in IT applications, handling complaints received from patients or other data subjects, archiving all medical documentation;
  • Insurance of property and persons inside the clinic using video surveillance;
  • Fulfilling our legal obligations on archiving, record-keeping and other obligations imposed on us by law;
  • Legal proceedings and government investigations - representation before the public courts;
  • Website administration www.skin-med.ro;

Where we process your data for purposes other than those stated, we will send you an information notice before processing your personal data for those purposes so that, where such processing is subject to your consent, you can freely and expressly express your consent for each processing operation.

What is our legal basis for processing your personal data?

The applicable legal basis under which we process your personal data for the specific purposes listed above includes the following:

  • Making representations at your request before a contract is concluded (Article 6 (1) (b) sentence II of the GDPR);
  • Execution of the contract for the provision of medical and body beauty services (art. 6 para. 1 lit. b sentence I of the GDPR) - if we use processing for the performance of contractual obligations under a contract to which you are a party, you may not be able to contest this processing or if you choose to opt out or object to our processing, it may affect our ability to perform a contractual obligation owed to you.
  • Compliance with applicable laws (Article 6(1)(c) GDPR) - in certain circumstances, we may need to process your personal data to comply with a relevant law/regulation. If we process your personal data to fulfil our legal obligations, you are unlikely to be allowed to object to this processing activity, but you will usually have the right to access or review this information unless it would prevent us from fulfilling our legal obligations
  • Our legitimate interest (Article 6(1)(f) GDPR) - We may process your personal data based on our legitimate interests to communicate and manage interactions with you in relation to products and services. In addition to the other rights described below, you have the right to object to the processing of your personal data. You may object by contacting us using the information in the "How to contact us" section below.
  • Based on your consent (Article 6(1)(a) GDPR) - îIn some cases, we may require your consent to collect and process your personal data. If you choose to give us your consent, you may later withdraw it (or opt-out) by contacting us using the information in the "How to contact us" section below. Please note that withdrawing your consent will not affect any processing of personal data that has already taken place. Where we process your personal data on the basis of consent, we will provide you with more detailed information at the time we obtain your consent.

To whom and when will we disclose or transmit your personal data?

We will transmit or disclose your personal data to the following entities:

  • Third parties that we contract to perform services on our behalf to perform activities or functions related to the purposes of processing your personal data described above. We will require these third parties acting on our behalf to protect the confidentiality and security of your personal data that we transmit to them. These third parties have contractually agreed that they will not use or disclose your personal data for purposes other than those necessary to provide services to us, perform services on our behalf, or comply with applicable laws or regulations;
  • Potential third-party buyers. If we decide to reorganise or dispose of a business by sale, merger or acquisition, we may pass on personal data to current or potential buyers. We will require those purchasers to use your personal data in accordance with this notice;
  • Legal proceedings. In the event that disagreements arise between you and us that we cannot resolve amicably, we may process your sensitive data (e.g. diagnosis and procedure) for the purpose of establishing, exercising or defending a legal claim against us;
  • Collaborating doctors and other health care providers - they have an obligation to keep your data confidential under both the Patient Act and the GDPR.

To whom and under what conditions will we transfer your data to a third country?

At this time we do not transfer and do not intend to transfer your personal data or any part of it to other companies, organisations or individuals in third countries or to international organisations.

If we need to transfer your data to any of the above destinations, we will send you a prior notice of this.

For specifically defined cases, for the interpretation of specialized analyses, at the express request of our patients, we make these analyses available to a specialized physician located in the USA. The analyses do not bear any personal data of the patient so it is impossible that the interpretation of the analyses can lead to the identification of the person to whom they belong. The analyses are made available to the doctor for interpretation through a highly secure system so that no unauthorised person can learn about them or gain possession of them. The physician located in the USA does not store, process or operate in any way our patients' analyses and any personal data about them.

How do we protect your personal data?

We use industry-standard administrative, technical and physical safeguards to protect your personal data against loss, theft, misuse, unauthorised access, alteration, disclosure and destruction. We allow access to your personal data only to those employees and third parties acting on our behalf who justify a legitimate interest in such access. We will transfer your personal data to third parties acting on our behalf if we have received written assurances that your personal data will be protected in accordance with this notice and our privacy policies and procedures.

How long do we keep your personal data?

Your personal data will be stored for a limited period of time in accordance with the provisions and conditions imposed by the framework legislation. Thus:

  • personal data necessary for the provision of medical and body beauty services will be stored for a reasonable period after the termination of these contracts, subject to applicable law, consisting of a general period of 50 years;
  • personal data necessary for the provision of body beauty services will be stored for a period of 10 years;
  • data processed for accounting purposes (those relating to invoicing and payments) will be stored, in accordance with accounting legislation, for a period of 10 years;
  • video surveillance and phone call recording data will be stored for 30 days;
  • data processed for marketing purposes will be processed for a period of 3 years.

What are your rights?

You have the right to consult and obtaini a copy of your personal data, including an electronic copy that we have, and ask us to make changes in case of inaccurate or incomplete personal data we hold about you. You may also request that we delete your data when they are no longer needed for the purposes for which you provided them to us, to restrict how we process your personal data for certain limited purposes where it is not possible to delete the data, or oppose the processing personal data. In certain situations, you may request the transfer of your data to a third party of your choice.

Also, where we process your data based on your consent, you have the right to withdraw your consent; you can do this at any time, at least as easily as you originally gave us your consent; withdrawing consent will not affect the lawfulness of the processing of your data that we carried out prior to withdrawal.

The right to lodge a complaint with the supervisory authority. You have the right to lodge a complaint with the supervisory authority for the processing of personal data about the processing of your data by us or on our behalf.

To exercise any of these rights, please contact us as indicated in the "How to contact us" section below.

Your request will be examined with the utmost seriousness and a response will be sent to you within the legal deadline of 30 calendar days from receipt of the request, as provided for in the GDPR. This deadline may be extended by another month only if the research is complex.

What happens if we revise this information note?

There is a possibility that "CENTRUL DERMATOESTETIC- SKINMED" may amend this policy on the processing of personal data to reflect changes in legislation, internal practices and procedures for processing personal data, website features or technological developments in recent times. These changes can be seen in the updated policy both on the SKINMED DERMATOESTETIC CENTRE's website and at the clinic reception desk.

Absence of an automated decision-making process

Our respect for your data also means that, as a user of our services, you will not be subject to a decision by us based solely on the automatic processing of your data (including profiling) that produces legal effects concerning you or similarly affects you to a significant extent. If we decide to create such a profile, we will ask you to give your explicit consent.

How can you contact us if you have questions or concerns?

If you have any comments, suggestions, questions or concerns about any of the information in this notice or any other issues relating to the processing of your data that we carry out, please do not hesitate to contact our Data Protection Officer at any time. Depending on your preferences, you may contact us through any of the communication channels below.

Our entire team will make every reasonable effort to ensure that we respond to you as quickly and completely as possible.

Our contact details:

Head office address: Bucharest, sector 3, Calea DUDEȘTI nr. 188, cam.2, Bloc B, Floor 15, Apt. 119

Work point address: Bucharest Piața Alba Iulia nr. 2, bl. I1, Tronson 1, sector 3

Phone number: (available between 09.00-17.00, Monday - Friday)

Email address: office@skin-med.ro

Contact details of our Data Protection Officer (this is the person to contact about any issues relating to the protection of your personal data)

Name/name: Corina Popa

Correspondence address: Bucharest, Alba Iulia Square no. 2, bl. I1, Section 1, sector 3

Email address: dpo@skinmed.ro

What solutions are available to you?

For more information about your privacy and data protection rights, or if you are unable to resolve an issue directly with us and would like to make a complaint, please contact the country-specific data protection authority (National Supervisory Authority for Personal Data Processing, Bucharest, Bdul General Gheorghe Magheru 28-30, postal code 010336, Romania, Phone: +40 31 805 9211).

What do the terms used in this information note mean?

  • Personal data -any information relating to an identified or identifiable natural person. A natural person shall be regarded as identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as, for example, an online identifier; A natural person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, an online identifier, one or more specific elements specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity. Thus, for example, the following are included in the notion of personal data: name and surname; home or residence address; email address; telephone number, personal identification number (CNP); diagnosis established (these are sensitive data); biometric data (these are sensitive data). The categories of personal data about you that we process are listed above.
  • Special categories of personal data - personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical convictions or trade union membership, sex life or sexual orientation, data concerning criminal convictions, genetic data, biometric data, health data;
  • Health data - personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about that person's state of health;
  • Consent - any freely given, specific, informed and unambiguous indication of the data subject's wishes, by which the data subject signifies his or her agreement, by means of a statement or unequivocal action, to the processing of personal data relating to him or her;
  • Processing of personal data - any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Personal data controller - natural or legal person, and any public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data;
  • Authorised person - the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
  • The person concerned - the natural person whose personal data are processed by the controller or by the processor;
  • Third country - country outside the European Union or the European Economic Area.
  • Supervisory authority for the processing of personal data: an independent public authority which, according to the law, has powers relating to the supervision of compliance with personal data protection legislation. In Romania, this supervisory authority for personal data processing is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

DERMATO-AESTHETIC CENTRE - SKINMED consists of the following companies:

  • SKINMED CLINIC - medical services provider, with registered office in Bucharest, Calea Dudești nr. 188, ap. 119, cam. 2, sector 3, with a place of business in Bucharest, Piața Alba Iulia nr. 2, bl. I1, Tronson 1, sector 3; J40/7447/2014, CUI 33307037
  • SKINMED CENTER - a body beauty service provider, based in Bucharest, Calea Dudești 188, ap. 119, cam. 1, sector 3 and working point in Bucharest, Piața Alba Iulia nr. 2, bl. I1, Tronson 1, sector 3, J40/7446/2014, CUI 33306791

Address

Alba Iulia Square no. 2, Section I, Bl. I1, Sector 3, Bucharest

Contact

021 9030
(+40) 786-356-361
office@skinmed.ro

Programme

Monday - Friday | 09:00 - 20:00
Saturday | 09:00 - 15:00

Useful links

GDPR

Social media

© 2023 SKINMED® CLINIC - DERMATO-AESTHETIC CENTRE