The confidentiality of your data is a priority for us. This Policy explains how SAN MEDICA collects,uses and protects personal data, in accordance with Regulation (EU) 2016/679 (GDPR) andapplicable national legislation.
1. Data controllerSC SAN MEDICA SRL (hereinafter the “Controller” or “we”)CUI: 18834050 • Trade Register No.: J28/100/2016Registered office: Str. Vasile Alecsandri no. 1, Caracal, Olt CountyE-mail: contact@sanmedica.ro • Phone: 0249 517 557
2. What data we collect
We collect the data you provide directly through the contact/appointment form on the Website:
- Identification and contact data: first name, last name, e-mail address, phone number;
- Message content: any information you choose to include in your request.
Important — health data. As we are a provider of medical services, your messages may contain healthdata, which constitutes a special category of data (Art. 9 GDPR). We recommend that you do not includein the contact form more medical data than is strictly necessary for us to respond to you. Such data isprocessed with enhanced security and confidentiality safeguards.
3. Purposes and legal basis of processingPurpose of processing | Legal basis (GDPR) |
Responding to requests and questions submittedvia the contact form | Art. 6 (1) (a) – consent / Art. 6 (1) (b) – pre-contractualsteps |
Managing and confirming appointment requests | Art. 6 (1) (b) – performance of a contract / steps at thedata subject’s request |
Processing any health data contained in themessage | Art. 9 (2) (a) – explicit consent / Art. 9 (2) (h) – provision ofhealthcare |
4. Retention period
We retain data only for as long as necessary to fulfil the purposes for which it was collected:
- contact form data, where it does not result in a contractual relationship: 30 days or until consentis withdrawn, if earlier;
- data relating to medical services actually provided: for the period required by specific healthcarelegislation;
- data with fiscal/accounting relevance: in accordance with statutory archiving periods.
5. Recipients of the data
Your data may be accessed, strictly on a need-to-know basis, by:
- authorized SAN MEDICA personnel;
- service providers acting as processors (website hosting, IT maintenance, e-mail services), undercontracts ensuring confidentiality;
- public authorities, where there is a legal obligation.
We do not sell or transfer your data for commercial purposes to third parties. We do not transferdata outside the European Economic Area except with the safeguards provided by the GDPR.
6. Your rights
As a data subject, you have the following rights:
- right of access to the data processed;
- right to rectification of inaccurate data;
- right to erasure (“right to be forgotten”);
- right to restriction of processing;
- right to data portability;
- right to object to processing;
- right to withdraw consent at any time, without affecting the lawfulness of prior processing;
- right not to be subject to automated decision-making, including profiling.
To exercise these rights, you may contact us at contact@sanmedica.ro. We will respond to yourrequest within no more than one month.
7. Right to lodge a complaint
You have the right to lodge a complaint with the National Supervisory Authority for Personal DataProcessing (ANSPDCP):B-dul G-ral Gheorghe Magheru no. 28-30, Sector 1, Bucharest, RomaniaE-mail: anspdcp@dataprotection.ro • Web: www.dataprotection.ro
8. Data security
We apply appropriate technical and organizational measures to protect data against unauthorizedaccess, loss, destruction or disclosure: secure connection (HTTPS/SSL), restricted access, internalconfidentiality policies and stafftraining.
9. Cookies
The Website uses cookies. Details are provided in the Cookie Policy, available on the Website.
10. Changes to this Policy
We may update this Privacy Policy from time to time. The version in force, with the date of the lastupdate, is permanently published on the Website.