Nota de informare cu privire la prelucrarea datelor cu caracter personal prin aplicatia Regina Maria

Nota de informare privind politica de confidentialitate a aplicatiei mobile REGINA MARIA

Pentru a-ti fi mai usor sa parcurgi aceasta Nota de informare, iata mai jos sectiunile pe care le poti consulta:

Despre aceasta Nota de informare
Cine suntem noi
Ce date cu caracter personal prelucram
Sursa din care colectam datele tale cu caracter personal
Temeiurile in baza carora prelucram datele tale
Scopurile pentru care prelucram datele tale
Cui vom dezvalui datele tale
Transferuri internationale de date
Cat timp vom prelucra datele tale
Securitatea datelor tale
Care sunt drepturile tale si cum le poti exercita
Ce se poate intampla daca nu ne furnizezi datele
Inexistenta unui proces decizional automatizat
Cand se aplica aceasta Nota de informare
Modificarile acestei Note de informare
Ce semnifica termenii pe care i-am folosit in aceasta nota
Societatile care fac parte din grupul Regina Maria

1. DESPRE ACEASTA NOTA DE INFORMARE

Aceasta Nota de informare se adreseaza tuturor utilizatorilor Aplicatiei mobile Regina Maria (denumita in continuare Aplicatia) si explica modul in care Aplicatia prelucreaza datele cu caracter personal ale acestora. Scopul acestei Note este sa explice, de asemenea, modul in care ne asiguram ca datele voastre cu caracter personal sunt prelucrate responsabil, in conformitate cu legislatia privind protectia datelor cu caracter personal care este aplicabila si cu Politica noastra de confidentialitate („privacy policy”).

Pentru scopurile acestei note de informare, Regina Maria, prin entitatea juridica principala Centrul Medical Unirea SRL (CMU), este operator de date cu caracter personal. Vei gasi mai jos informatii cu privire la identitatea si datele noastre de contact, precum si pe ale responsabilului cu protectia datelor.
La Regina Maria luam foarte in serios respectul fata de securitatea si confidentialitatea datelor tale. Conformarea cu legislatia privind protectia datelor cu caracter personal si bunele practici in domeniu, precum si asigurarea unui climat de transparenta, siguranta si incredere pentru pacientii nostri este o prioritate pentru noi, pentru care angajatii, colaboratorii, partenerii si conducerea noastra isi declara in mod ferm sustinerea.

Aceasta Nota contine informatii importante referitoare la Politica noastra de confidentialitate. Asadar, te incurajam sa acorzi timpul necesar pentru a o citi in intregime si cu atentie si sa te asiguri ca o intelegi pe deplin. Pentru a facilita parcurgerea documentului, am inclus la sfarsitul acestei note un glosar care explica principalele notiuni folosite (e.g. “date cu caracter personal”, “prelucrare” etc.). Nu ezita sa ne comunici orice nelamuriri ai avea. Dorim sa fie clar pentru tine cum folosim datele tale si modul in care le protejam confidentialitatea. Continutul acestei note de informare este pur informativ si nu afecteaza drepturile pe care ti le ofera legislatia. Vom face tot posibilul pentru a iti facilita exercitarea acestora.

Iti multumim pentru increderea acordata.

2. CINE SUNTEM NOI

Reteaua de sanatate Regina Maria este operatorul de servicii medicale private din Romania ce reuneste peste 5.000 de angajati si colaboratori in locatii din Bucuresti si din tara.
In cifre, Regina Maria inseamna: 46 de clinici, 8 spitale, 4 centre cu spitalizare de zi, 4 maternitati, 10 campusuri medicale, 26 de centre de imagistica, 28 de laboratoare de analize, banca proprie de celule stem si peste 300 de policlinici partenere in tara.

Datele noastre de contact

Denumire completa

Centrul Medical Unirea SRL, impreuna cu toate entitatile juridice mentionate la punctul 17 din prezenta Nota de informare

Adresa sediului social

Bulevardul Ion Ionescu de la Brad nr. 5B, Sector 1, Bucuresti

Adresa sediului administrativ (adresa de corespondenta)

Cladirea Charles de Gaulle Plaza, Piata Charles De Gaulle, nr. 15, Etaj 4, Sector 1, Bucuresti

Telefon

0219268 sau *9268 sau 0219886 (disponibile intre orele 8 si 20 luni - vineri)

Online

Sectiunea Suport din Aplicatia mobila sau https://www.reginamaria.ro/suport

Email

office@reginamaria.ro

Datele de contact ale responsabilului nostru cu protectia datelor (aceasta este persoana pe care trebuie sa o contactezi in legatura cu orice aspecte referitoare la protectia datelor tale cu caracter personal)

Adresa de corespondenta

Cladirea Charles de Gaulle Plaza, Piata Charles De Gaulle, nr. 15, Etaj 4, Sector 1, Bucuresti

Email

dpo@reginamaria.ro

3. CE DATE CU CARACTER PERSONAL PRELUCRAM

3.1. Date prelucrate prin intermediul Aplicatiei

Datele cu caracter personal pe care le vom prelucra sunt datele obtinute direct de la tine sau rezultate in urma prestarii serviciilor de catre una dintre societatile din Regina Maria si includ urmatoarele categorii de date:

Detalii personale, cum ar fi: nume; prenume; sex; data nasterii/ varsta; cetatenie; restul informatiilor din actul tau de identitate (inclusiv data emiterii, data expirarii actului, locul nasterii); membri de familie, de exemplu copii minori.

Detalii de contact, cum ar fi: numar de telefon; adresa de email; adresa de domiciliu/ resedinta;

Date medicale (date personale cu caracter special), cum ar fi: simptome; boli anterioare; analize si medicamente administrate in trecut; grupa sangvina; analize si alte servicii pe care le accesezi la Regina Maria; rezultatele analizelor pe care le efectuezi la noi; tratamentul prescris sau administrat; medicul pe care l-ai consultat; recomandari medicale; date din dosarul medical din spital, inclusiv date despre istoricul medical al familiei tale, in cazul in care este relevant ca antecedent heredo-colateral; date genetice, daca este aplicabil.

Detalii referitoare la facturi si plati, cum ar fi: adresa de facturare; numarul contului bancar sau al cardului bancar/ cod IBAN; numele si prenumele titularului contului bancar sau al cardului bancar (poate fi altul decat tine, daca altcineva a efectuat plata unei facturi in numele si pentru tine); data de la care cardul bancar este valabil; data expirarii cardului bancar.

Detalii profesionale, cum ar fi: angajator; functie; profesie; vechime la locul de munca.

Detalii referitoare la asigurari, cum ar fi: calitatea de asigurat/ neasigurat, asigurator (in cazul asigurarilor private).

Date referitoare la contracte, cum ar fi: contracte individuale incheiate pentru tine si/sau membri de familie beneficiari, contracte corporate alecaror beneficiar esti in calitate de angajat sau membru de familie al companiei cliente, acte de adeziune.

Opinii si viziuni (pot include date cu caracter special), cum ar fi: orice opinii si viziuni pe care ni le transmiti pe canalele de comunicare disponibile prin Aplicatie.

Dupa cum reiese din lista de mai sus, este posibil sa ne furnizezi informatii cu privire la alte persoane – de exemplu, istoricul medical al rudelor tale care sufera de aceeasi conditie medicala ca tine. Atunci cand acestea se refera la persoane identificate sau pe care le putem identifica, vom trata aceste informatii drept date cu caracter personal ale acelor persoane si le vom acorda si lor protectia necesara. Vom respecta insa cu strictete obligatia de pastrare a secretului profesional (inclusiv a secretului medical) pe care o avem fata de tine si nu vom informa aceste persoane despre aceasta prelucrare pentru a respecta obligatia noastra de secret profesional (inclusiv medical) fata de tine.

3.2. Date colectate prin intermediul Aplicatiei

Aplicatia mobila Regina Maria este construita pentru a asigura confidentialitatea datelor utilizatorilor, („user privacy”). In functie de optinile tale si de permisiunile pe care ni le acorzi, Aplicatia poate colecta urmatoarele date:

Date de identificare si de contact

In cazul in care iti creezi Contul tau din aplicatie, iti vom solicita datele tale de identificare (nume, prenume, CNP) si de contact (numar de telefon mobil si adresa de email), pentru identificarea ta si activarea contului. Iti vom cere, de asemenea, sa iti setezi o parola, pe care doar tu o vei cunoaste.
La fiecare logare, vei furniza adresa de email si parola alese de tine, pentru protejarea datelor tale.

Informatii despre echipamentul si sistemul tau de operare

Atunci cand folosesti Aplicatia, colectam IP-ul si tipul echipamentului tau, precum si sistemul de operare folosit. Aceste informatii, desi reprezinta date cu caracter personal, nu ne permit sa te identificam fara coroborarea cu alte date cu privire la tine si fara confirmarea din partea operatorului de servicii de comunicatii electronice care a furnizat respectivul IP. Precizam ca extragerea IP-urilor implica prelucrarea de date de trafic de catre respectivii operatori, care se poate face doar in conditiile legii.

Activitatea ta in cadrul Aplicatiei

Folosim instrumente de tracking necesare, fara de care anumite optiuni ale Aplicatiei nu pot functiona. Aceste instrumente pot retine loguri anonime sau care te pot identifica si vor fi activate doar daca ne dai permsiunea, pe parcursul navigarii in aplicatie, la: Calendar, Locatie (pentru check-in) si daca ai activate optiunea Push notification pe telefon.

De asemenea, din categoria instrumentelor statistice, folosim doar Firebase Crashlytics, care ne este necesar pentru identificarea blocajelor de functionare (“crash”). Firebase Crashlytics este setat sa colecteze exclusiv date cu privire la echipament, sistemul de operaresi blocajul efectiv – data, ora si instanta din Aplicatie unde s-a produs, fara a colecta date care sa identifice sau sa poata identifica utilizatorul.
In momentul de fata, Aplicatia nu foloseste instrumente de tracking pentru marketing. In cazul in care le vom folosi pe viitor, te vom informa cu transparenta si iti vom cere consimtamantul expres pentru fiecare dintre aceste categorii.

Opinii exprimate si informatii cu privire la starea ta de sanatate

In cazul in care vei folosi sectiunea de Suport sau Intreaba un medic pentru a adresa intrebari sau a iti exprima o opinie, sau daca decizi sa atasezi documente la programari sau la intrebarile adresate unui medic, vom prelucra datele cu caracter personal pe care le vor contine.

Urmatoarele categorii de date vor fi prelucrate exclusiv pe baza permisiunilor acordate de tine.
In conformitate cu Politica noastra de confidentialitate („Privacy Policy”), permisiunile se acorda prin actiuni afirmative pentru fiecare dintre optiunile de mai jos si pot fi refuzate fara a afecta instalarea sau utilizarea celorlalte optiuni ale aplicatiei.

Date de localizare – permisiunea se poate acorda la accesarea functionalitatii self check-in, fie atunci cand ai Aplicatia deschisa, fie la fiecare utilizare.

Acestea fac posibila accesarea uneia dintre functionalitatile de baza ale Aplicatiei – self check-in – care iti permite sa notifici medicul ca te-ai prezentat la programare si sa mergi direct la etajul si cabinetul acestuia, fara sa mai astepti la coada si sa mai interactionezi cu personalul din Receptie. Aceasta iti salveaza timp si evita erorile umane ce pot aparea din interactiunea cu personalul din Receptie. In conditiile epidemiologice actuale, iti permite, de asemenea, sa eviti zone aglomerate.

Pentru a beneficia de aceasta functionalitate, Aplicatia trebuie sa poata geolocaliza echipamentul pe care il folosesti. Geolocalizarea functioneaza in foreground si este activata doar cand Aplicatia este deschisa.

Iti confirmam faptul ca utilizam geolocalizarea cu respectarea conditiilor de confidentialitate din politica noastra de prelucrare a datelor („Privacy Policy”): (i) nu colectam date, interogam GPS-ul telefonului pentru a determina daca te afli in raza sau in afara razei clinicii unde ai programare, fara a determina coordonate precise si fara a stoca vreo informatie referitoare la localizarea ta, (ii) folosim geolocalizarea exclusiv pentru scopurile declarate mai sus si (iii) nu dezvaluim aceste informatii niciunui furnizor sau client.

Exista si posibilitatea de a nu da permisiunea pentru geolocalizare („deny”, no location), daca nu doresti sa utilizezi functionalitatea de self check-in .

Calendar

Ne permite sa iti adugam programarile in calendarul telefonului tau. In acest scop, Aplicatia prelucreaza numarul de identificare a programarii in sistemele Regina Maria, numele, data, ora si locatia programarii.

Camera si microfon – permisiunea se solicita daca doresti sa parcurgi validarea finala la distanta. Iti permit sa realizezi si sa transmiti catre Regina Maria imaginile necesare in vederea validarii finale a contului sau asocierii contului copilului tau minor. Imaginea ta foto tip sefie si inregistrarea video, fotografia cartii tale de identitate si a certificatului de nastere al copilului tau minor.
Aceste variante de validare sau asociere la distanta sunt strict optionale, necesita acordul tau expres si sunt o alternativa la validarea finala sau asocierea in oricare din Receptiile noastre. Ai toate detaliile referitoare la modul in care functioneaza, la datele pe care le prelucram si la modul in care le prelucram cu asigurarea confidentialitatii in Termenii si Conditiile aplicabile acestei functionalitati, pe care iti cerem sa le parcurgi inainte de a incepe procesul de validare a contului.
Odata validarea sau asocierea incheiata, aplicatia nu va mai folosi camera si microfonul telefonului.

Fisiere si media – permisiunea se solicita la accesarea unei functionalitati care implica incarcarea de documente.
Iti permit sa atasezi fisierele dorite pentru o programare, pentru asocierea contului copilului sau pentru functionalitatea „Intreaba un medic”. Fisierele se salveaza direct in sistemele Regina Maria si sunt protejate intocmai ca toate celelelate documente medicale ale tale. Datele nu se salveaza in Aplicatie.

Activitate fizica – permisiunea se acorda la accesarea Bancii de kilometri
Te ajuta sa cuantifici distanta parcursa atunci cand utilizezi optiunea Banca de kilometri din Aplicatia Regina Maria. Functioneaza in foreground, doar cand aceasta functionalitate este activata in Aplicatia deschisa.

4. SURSA DIN CARE PRIMIM DATELE TALE

Cele mai multe informatii le primim direct de la tine, atunci cand semnezi un contract de servicii medicale, cand te internezi intr-unul dintre spitalele noastre, cand accesezi servicii medicale intr-una dintre clinicile / laboratoarele noastre sau cand utilizezi Aplicatia noastra mobila, de exemplu pentru a face o programare sau a face self check-in.

Prin intermediul Aplicatiei, primim date exclusiv de la tine sau cu permisiunea ta.

De la tine, colectam documentele pe care decizi sa le incarci sau detaliile pe care le selectezi pentru realizarea unei programari (cum ar fi specialitatea medicala, clinica, data si ora programarii, costul serviciului).

De la echipamentul tau vom colecta date referitoare la tipul si modelul de echipament, sistemul de operare, IP., precum si informatii despre activitatea ta in cadrul aplicatiei, prin intermediul instrumentelor de tracking necesare pentru functionarea aplicatiei. Daca ne dai permisiunea pentru localizare, vom interoga aceste informatii, fara sa le colectam si sa le stocam.

In cazul in care decizi sa importi in Banca de kilometri distantele acumulate in alte aplicatii de cuantificare a kilometrilor, vom primi de la acestea numarul kilometrilor parcursi de tine in perioada de timp in care ai folosit respectiva aplicatie. Modul in care te loghezi pentru a autoriza o aplicatie sa trasnfere catre Banca de kiometri tine doar de tine si de modalitatea de autentificare pe care il alegi in aplicatia terta.Incercam in mod constant sa pastram datele tale cat mai corecte si actuale. Pentru aceasta, facem eforturi constante de actualizare si confirmare a datelor de identificare si contact. De asemenea, depunem toate eforturile pentru a le asigura confidentialitatea si securitatea, in conformitate cu Politica noastra de prelucrare a datelor („Privacy Policy”).

Urmatoarele date nu sunt colectate prin Aplicatie, dar pot fi vizibile in dosarul tau medical pe care il poti interoga prin Aplicatie.

Pentru serviciile de medicina muncii, in vederea angajarii sau oricand pe parcursul delurarii contractului de munca, angajatorul tau ne va transmite urmatoarele date care te privesc si care ne permit identificarea ta si determinarea tipurilor de controale si investigatii necesare: nume; prenume; cod numeric personal (CNP); identitate angajator; detalii profesionale; date de contact (telefon si / sau email).

Pentru beneficiarii de abonamente medicale contractate de angajator sau de angajatorul unui membru al familiei tale, putem primi din partea clientului nostru sau direct de la membrul de familie: nume; prenume; cod numeric personal (CNP); date de contact (telefon si / sau email).

Pentru beneficiarii de asigurari medicale, in functie de contractul dintre noi si asigurator, primim din partea acestuia: nume; prenume; cod numeric personal (CNP); date de contact (telefon si / sau email).

5. TEMEIURILE IN BAZA CARORA PRELUCRAM DATELE

Temeiurile pentru care prelucram datele tale cu caracter personal (altele decat datele cu caracter special)

Prelucram datele tale cu caracter personal, altele decat datele cu caracter special, cum ar fi datele medicale, pentru a putea incheia un contract cu tine, la cererea ta, sau pentru a executa un contract incheiat cu tine (prin care ne obligam sa iti prestam serviicile noastre).

In cazul in care decizi sa instalezi si sa utilizezi Aplicatia Regina Maria, prelucram datele tale pentru a-ti furniza acest serviciu. Aplicatia nu stocheaza date, ci functioneaza ca o interfata intre pacient si dosarul sau de pacient, inclusiv istoricul sau medical.

In cazul datelor de geolocalizare a echipamentului, acestea vor fi prelucrate in temeiul consimtamantului tau. In cazul in care doresti sa anulezi permisiunea acordata, o poti face fie din setarile telefonului tau, fie reinstaland aplicatia. Intrucat aplicatia nu stocheaza date, ci este o interfata intre tine si dosarul tau de pacient la Regina Maria, in cazul unei reinstalari, nu vei pierde nimic din documentele disponibile anterior.

In ceea ce priveste comunicarile noastre de marketing, prelucram datele tale pe baza consimtamantelor la prelucrare pentru acest scop specific. Iti poti gestiona aceste consimaminte chiar din Aplicatie – sectiunea Profilul meu – consimtaminte.

Putem prelucra datele tale pentru indeplinirea obligatiilor noastre de raportare financiar-contabila, in cazul facturilor si platilor efectuate de tine, a obligatiilor de arhivare, a obligatiilor de a comunica unor autoritati publice, in psecial in domeniul sanatatii la cerere, anumite informatii sau a altor obligatii legale.
De asemenea, sunt cazuri in care prelucram datele tale in temeiul interesului nostru legitim, de exemplu pentru notificarea si recuperarea unor debite sau, avand in vedere multitudinea clinicilor, laboratoarelor si spitalelor noastre, pentru a facilita accesarea serviciilor noastre medicale.

Temeiurile pentru care prelucram datele tale personale cu caracter special

Avand in vedere specificul activitatii noastre (prestare de servicii medicale), este normal sa colectam sau sa prelucram date personale cu caracter special ale pacientilor nostri.

Vom realiza aceste prelucrari pe baza urmatoarelor temeiuri juridice:

Atunci cand prelucrarea este necesara in scopuri legate de evaluarea capacitatii de munca (pentru angajare sau in cadrul controalelor periodice), de stabilirea unui diagnostic medical, de furnizarea de asistenta medicala sau sociala sau a unui tratament medical sau de gestionarea sistemelor si a serviciilor de sanatate si asistenta sociala.

Putem prelucra datele tale medicale pentru protejarea intereselor tale vitale (sau ale unei alte persoane fizice), in situatii de urgenta medicala sau alte situatii in care te afli in incapacitate (fizica sau juridica) de a consimti la prelucrare.

In cazuri urgente, poate fi necear sa prelucram datele tale medicale din motive de interes public in domeniul sanatatii publice; de exemplu: protectia impotriva amenintarilor transfrontaliere grave la adresa sanatatii (in cazul unei pandemii), asigurarea de standarde ridicate de calitate si siguranta a asistentei medicale si a medicamentelor sau dispozitivelor medicale, in temeiul legislatiei Uniunii Europene sau a Romaniei.

In situatia in care intre tine si noi apar diferende pe care nu le putem solutiona impreuna pe cale amiabila, este posibil sa prelucram datele tale medicale (de exemplu, rezultatele analizelor medicale in baza carora s-a decis un anumit diagnostic) pentru constatarea, exercitarea sau apararea unui drept al nostru in instanta.

6. SCOPURILE PENTRU CARE PRELUCRAM DATELE TALE CU CARACTER PERSONAL

Scopurile pentru care prelucram datele tale cu caracter personal referitoare prin intermediul Aplicatiei este furnizarea unui serviciu solicitat de tine.

Acordarea accesului la serviciile Aplicatiei Mobile Regina Maria. Acordarea accesului la dosarul tau medical si al copiilor tai minori; la serviciul de programari online si de self check-in la programari cand ajungi in clinica; la consultatii in clinica virtuala; la istoricul facturilor si platilor tale; la functionalitatea Intreaba un medic sau la Banca de kilometri; la reduecerile oferite de partenerii nostri pe baza Cardului de membru.

In ceea ce priveste scopurile primare ale prelucrarii datelor disponibile si prin intermediul Aplicatiei, acestea sunt:

Prestarea de servicii medicale. Prestarea serviciilor medicale; inregistrarea serviciilor medicale prestate; comunicarea cu privire serviciile solicitate; activarea sau particularizarea abonamentelor tale; programari; identificarea ta si a serviciilor prestate; informarea ta cu privire la rezultatele serviciilor prestate sau – in cazul medicinei muncii – furnizarea documentelor legale catre angajatorul tau).

Gestionarea sistemelor noastre de comunicatii si IT (tehnologia informatiei). Gestionarea sistemelor noastre de comunicatii; gestionarea securitatii noastre IT; realizarea auditurilor de securitate asupra retelelor noastre IT; emiterea de rapoarte catre institutiile abilitate in domeniul securitatii cibernetice sau repararea unor erori de sistem.

Indeplinirea obligatiilor noastre legale. Indeplinirea obligatiilor noastre legale cu privire la inregistrarea infomartiilor medicale si tinerea evidentelor, arhivare, sanatate, securitate si a altor obligatii pe care legislatia ni le impune.

Gestiunea financiara. Eliberarea bonurilor, a facturilor si a chitantelor; primirea si inregistrarea platilor efectuate de tine sau de alta persoana in numele tau; recuperarea debitelor (inclusiv prin intermediul companiilor specializate in recuperarea de creante – detalii mai jos, la sectiunea referitoare la persoanele carora le putem dezvalui datele tale); restituirea unor sume de bani catre tine; transmiterea de notificari; elaborarea de rapoarte financiare/ operationale si emiterea situatiilor financiare/ cu privire la contracte, raportare catre autoritatile abilitate.

Comunicari de marketing. Comunicarea cu tine prin orice mijloace (de exemplu, email, telefon, mesaje telefonice (SMS-uri), posta, mesaje transmise pe platformele de socializare sau in persoana) a noutatilor privind serviciile medicale oferite de noi, abonare la newsletter sau furnizarea alte informatii care te-ar putea interesa.

Solutionarea disputelor. Formularea de cereri si de aparari inaintea autoritatilor publice si a altor entitati care solutioneaza dispute.

Sondaje. Realizarea de sondaje si adresarea de intrebari cu scopul de a obtine opinia ta cu privire la serviciile noastre.

Imbunatatirea produselor si serviciilor. Identificarea aspectelor ce pot fi imbunatatite si modalitatilor prin care putem face asta (inclusiv prin realizarea de audituri); testarea imbunatatirilor realizate asupra serviciilor noastre sau a noilor noastre servicii; solutionarea sesizarilor tale.

Tranzactii de M&A. Este posibil ca in viitor Regina Maria sa decida dezvaluirea datelor tale in contextul unor tranzactii de M&A.

7. CUI VOM DIVULGA DATELE TALE

Ca regula, nu dezvaluim datele tale catre alte companii, organizatii sau persoane din orice tara (inclusiv Romania).

In anumite situatii, este insa posibil sa dezvaluim datele tale catre alte persoane fizice sau juridice, dupa cum urmeaza:

Alte companii din grupul Regina Maria – pentru motive legitime legate de accesarea unitara a serviciile medicale de catre toti pacientii. Lista companiilor ce fac parte din Reteaua de Sanatate Regina Maria este indicata in Sectiunea 17.

Medicii colaboratori– medicii care ofera consultatii in cadrul Regina Maria pot fi angajati ai retelei noastre de sanatate sau pot fi medici colaboratori in baza unui contract de servicii. Fiecare dintre acestia sunt obligati prin lege si prin contractul incheiat cu noi sa pastreze confidentialitatea datelor tale.

Autoritati publice din orice domeniu, din Romania sau din strainatate (in special autoritati publice in domeniul sanatatii din Romania: Casa Nationala de Asigurari de Sanatate, Ministerul Sanatatii, Institutul National de Sanatate Publica si altele) – la cererea acestora sau din initiativa noastra, exclusiv in contiile legislatiei aplicabile in Roamania si in Uniuna Europeana.

Asiguratori din Romania sau din alte state – in legatura cu serviciile de care ai beneficiat in clinicile noastre, la solicitarea ta.

Angajatorul tau – in legatura cu evaluarea capacitatii tale de munca pentru scopuri legate de medicina muncii, dar numai in limita informatiilor stabilite prin dispozitiilor legale, fiind excluse informatiile cu privire rezultatul investigatiilor medicale realizate.

Contabili, auditori, avocati si alti consultanti profesionali externi ai nostri sau ai unei alte companii din grupul Regina Maria, din Romania sau din strainatate – acestia vor fi obligati printr-o lege sau prin contractul incheiat cu noi sau cu alta companie din grupul nostru sa pastreze confidentialitatea datelor tale.

Persoane fizice sau juridice care actioneaza ca persoane imputernicite pentru Regina Maria, in diverse domenii (de exemplu, servicii din domeniul IT, servicii de plata, servicii de recuperare de creante, marketing si comunicare etc.), pe care ii vom obliga sa respecte cerintele legislatiei care iti protejeaza drepturile – acestia presteaza anumite servicii pentru noi.

Orice persoana, agentie sau instanta relevanta din Romania sau din alt stat – in masura necesara pentru constatarea, exercitarea sau apararea unui drept al nostru sau al altei companii din grupul REGINA MARIA in instanta.

Orice achizitori sau posibili achizitori relevanti din sectorul medical sau din alte sectoare, din Romania sau din alt stat – in situatia in care vindem sau transferam toate sau o parte dintre partile noastre sociale, activele noastre sau afacerea noastra (inclusiv in cazul reorganizarii, al dizolvarii sau al lichidarii noastre) – acestia vor fi tinuti de o obligatie de confidentialitate.

Partenerii nostri, cu care ne aflam in relatii contractuale, care actioneaza ca Operatori ai datelor prelucrate – furnizori de servicii in domeniul ITmarketing si comunicare sau partenerilor care ofera reduceri pacientilor Regina Maria prin intermediul Cardului de membru – care vor primi exclusiv confirmarea calitatii de pacient Regina Maria, pe care le-o faceti cunsocita direct, in mod voluntar, cand solicitati acordarea reducerii disponibile.

Atunci cand folosim o persoana fizica sau juridica drept persoana imputernicita pentru prelucrarea datelor tale cu caracter personal, ne vom asigura ca aceasta a incheiat un act scris cu noi prin care isi asuma, printre alte obligatii pe care legislatia protectiei datelor cu caracter personal le prevede, obligatiile de a (i) prelucra datele cu caracter personal numai potrivit instructiunilor noastre scrise pe care i le-am furnizat in prealabil si de a (ii) implementa efectiv masuri pentru protejarea confidentialitatii si asigurarea securitatii datelor cu caracter personal. Ne vom asigura, de asemenea, ca actul scris dintre noi si persoana imputernicita prevede pentru aceasta cel putin toate celelalte obligatii pe care le prevede legislatia aplicabila cu privire la protectia datelor cu caracter personal.

8. CUI SI IN CE CONDITII VOM TRANSFERA DATELE TALE CATRE O TARA TERTA SAU ORGANIZATIE INTERNATIONALA

In acest moment, nu transferam si nu intentionam sa transferam datele tale cu caracter personal catre state terte sau catre organizatii internationale. Daca va fi necesar sa transferam datele tale catre vreuna dintre destinatiile de mai sus, te vom informa in prealabil si ne vom asigura ca astfel de transferuri se vor realiza cu respectarea cerintelor legale aplicabile, inclusiv, daca va fi necesar, pe baza consimtamantului tau explicit.

9. CAT TIMP VOM PRELUCRA DATELE TALE

Prelucram datele tale cu caracter personal pentru perioade diferite, in functie de categoria de date si de scopul prelucrarii, dupa cum urmeaza:

Informatii cu privire la starea de sanatate – Cea mai importanta categorie de date cu caracter personal pe care o prelucram sunt informatiile cu privire la starea ta de sanatate, inregistrate cu ocazia accesarii serviciilor medicale. Aceste date au si durata de prelucrare cea mai mare de stocare – intre 30 de ani in cazul documentelor scrise fara valoare tehnica, pana la 100 de ani in cazul documentelor medicale, in temeiul Legii nr. 95/2006 privind reforma in domeniul sanatatii, coroborat cu Legea Arhivelor nationale nr. 16/1996.

Datele de identificare – nume, prenume, CNP, sunt accesorii datelor cu privire la starea de sanatate a pacientului, si prin urmare se pastreaza pe toata perioada de stocare a datelor medicale. Documentele medicale sunt incadrabile in categoria documentelor cu valoare practica, in baza carora se elibereaza copii, certificate si extrase, si in consecinta, pentru a putea elibera astfel de documente, la cerere, este necesar sa putem identifica cert pacientul caruia ii apartin.

Date de contact – adrese de email, numere de telefon, adrese de corespondenta – este important sa avem date de contact pentru pacientii care au fise medicale in cadrul retelei noastre. De asemenea, datele de contact sunt utilizate pentru crearea si accesarea Contului meu Regina Maria. De aceea, incercam sa actualizam si sa confirmam corectitudinea datelor de contact. Acestea se prelucreaza pe durata de valabilitate, astfel cum este transmisa de catre pacienti, care au posibilitatea de a-si modifica sau sterge astfel de date dupa propria alegere.

Date financiare – in cazul pacientilor care efectueaza plati pentru contracte individuale sau pentru servicii, prelucram detalii legate de facturi si plati, pe care le prelucram, conform reglementarilor financiar-contabile, pe o perioada de 5 pana la 10 ani.

Fotografia tip selfie, fotografia cartii de identitate sau a certificatului de nastere al copilului tau minor si scurta inregistrare video prelucrate in scopul validarii la distanta a Contului meu sau asocierii contului copilului tau minor, in cazul in care optezi pentru acest tip de validare sau asociere, se stocheaza pe o perioada de pana la 12 luni.

Instrumente de tracking se stocheaza exclusiv pe echipamentul utilizatorului Aplicatiei, fie pe perioada de functionare a acesteia pana la prima reinstalare, fie pana la modificarea de catre tine a permisiunilor, in meniul Aplicatiei.

Geolocatia se prelucreaza exclusiv pe perioada de activitate a aplicatiei in foreground, iar intregul proces se realizeaza local, pe telefon, fara a colecta datele in afara echipamentului. Regina Maria nu colecteaza si nu stocheaza datele de geolocalizare a echipamentului tau.

10. SECURITATEA DATELOR TALE

Lucram din greu pentru a proteja clientii nostri, alte persoane ale caror date le prelucram si pe noi insine de accesul neautorizat si de modificarea, divulgarea sau distrugerea neautorizata ale datelor pe care le prelucram. In special, am implementat urmatoarele masuri tehnice si organizatorice de asigurare a securitatii si confidentialitatii („privacy”) datelor cu caracter personal:

Politici dedicate. Adoptam si ne revizuim practicile si politicile de prelucrare a datelor clientilor nostri si ale altor persoane, inclusiv masurile fizice si electronice de securitate, pentru a ne proteja sistemele de acces neautorizat si alte posibile amenintari la securitatea acestora. Verificam constant modul in care aplicam propriile politici de protectie a datelor cu caracter personal si in care respectam legislatia protectiei datelor.

Minimizarea datelor. Ne-am asigurat ca datele tale cu caracter personal pe care le prelucram sunt limitate la cele care sunt necesare, adecvate si relevante pentru scopurile declarate in aceasta nota.

Restrangerea accesului la date. Restrangem cu strictete accesul la datele cu caracter personal pe care le prelucram la angajatii, colaboratorii si alte persoane care au nevoie sa le acceseze pentru buna desfasurare a activitatii lor. Toate aceste companii si persoane fizice sunt supuse unor obligatii stricte de confidentialitate si nu vom ezita sa ii tragem la raspundere si sa incetam colaborarea in cazul in care nu trateaza protectia datelor cu maxima seriozitate.
Masuri tehnice specifice. Am achizitionat si utilizam tehnologii care sa asigure clientii nostri si alte persoane ca securitatea datelor lor este protejata, atat pe perioada stocarii, cat si in tranzit, folosind metode moderne de criptarePentru a iti proteja securitatea datelor, iti recomandam sa nu folosesti echipamente cu acces multiplu si sa nu divulgi altor persoane datele tale de logare in Aplicatie.

Back-up-uri si audituri de securitate. Lucram din greu pentru a proteja sistemele noastre de acces sau modificarea neautorizata sau accidentala ale datelor tale si de alte posibile amenintari la adresa securitatii acestora. Din acest motiv, dupa ce stergi informatii din contul tau, este posibil sa nu stergem imediat copiile sau back-up-urile pe care le-am creat. Realizam arhive (back-up-uri) zilnice, pe care le pastram securizat pentru minimum sase (6) luni. Toate echipamentele tehnice pe care le folosim pentru prelucrarea datelor tale sunt securizate si actualizate pentru a proteja datele. De asemenea, desfasuram, la intervale de timp regulate, audituri de securitate cu auditori independenti din Big Four asupra sistemelor informatice pe care le folosim pentru prelucrarea datelor cu caracter personal ale clientilor nostri si ale altor persoane.

Asigurarea exactitatii datelor tale. Este posibil ca din cand in cand sa te rugam sa confirmi exactitatea si/sau actualitatea datelor tale cu caracter personal pe care le prelucram.

Instruirea personalului. Ne instruim constant angajatii si colaboratorii cu privire la legislatia si cele mai bune practici in domeniul prelucrarii datelor cu caracter personal.

Anonimizarea datelor. Acolo unde este posibil si adecvat activitatii noastre, anonimizam / pseudonimizam datele cu caracter personal pe care le prelucram, ca masura de protectie suplimentara.

Controlul furnizorilor nostri de servicii. Introducem in contractele cu cei care prelucreaza pentru noi (persoane imputernicite) sau impreuna cu noi (alti operatori – operatori asociati) clauze sau anexe pentru asigurarea protectiei datelor pe care le prelucram; aceasta protectie merge cel putin pana la minimul impus de legislatie.

Desi luam toate masurile rezonabile pentru a asigura securitatea datelor tale, nu putem garanta lipsa oricarei incalcari de securitate sau imposibilitatea de penetrare a sistemelor de securitate. In cazul nefericit si putin probabil in care o astfel de incalcare va surveni, vom urma procedurile legale pentru limitarea efectelor si informarea cu transparenta a persoanelor vizate afectate.

11. CARE SUNT DREPTURILE TALE SI CUM LE POTI EXERCITA

Tratam drepturile de care te bucuri in legatura cu prelucrarea pe care o realizam asupra datelor tale cu maxima seriozitate. Vom continua sa luam toate masurile rezonabile pentru a ne asigura ca acestea sunt respectate.

Drepturile tale

Pe scurt, drepturile tale sunt urmatoarele:

Dreptul de acces la date. Ai dreptul de a obtine accesul la datele tale pe care le prelucram sau le controlam sau la copii ale acestora; ai, de asemenea, dreptul de a obtine de la noi informatii cu privire la natura, prelucrarea si divulgarea acestor date.

Dreptul la rectificarea datelor. Ai dreptul de a obtine rectificarea inexactitatilor datelor tale pe care le prelucram sau le controlam.

Dreptul la stergerea datelor. Ai dreptul de a obtine de la noi stergerea datelor tale pe care le prelucram sau le controlam, in limitele permise de legislatia aplicabila, in special in privinta furnizorilor de servicii medicale.

Dreptul la restrictionarea prelucrarii datelor. Ai dreptul de a restrictiona prelucrarea datelor tale pe care le prelucram sau le controlam.

Dreptul de a obiecta. Ai dreptul de a obiecta la prelucrarea datelor tale de catre noi sau in numele nostru.

Dreptul la portabilitatea datelor. Ai dreptul de a obtine transferul catre un alt operator al datelor tale pe care ni le-ai furnizatDreptul la retragerea consimtamantului. In situatiile in care prelucram datele tale in temeiul consimtamantului tau, ai dreptul de a iti retrage consimtamantul; poti face aceasta in orice moment, cel putin la fel de usor cum ne-ai acordat initial consimtamantul; retragerea consimtamantului nu va afecta legalitatea prelucrarii datelor tale pe care am realizat-o inainte de retragere.

Dreptul de a depune o plangere la autoritatea de supraveghere. Ai dreptul de a depune o plangere la autoritatea de supraveghere a prelucrarii datelor cu caracter personal cu privire la prelucrarea datelor tale de catre noi sau in numele nostru.

Cum iti poti exercita drepturile

Pentru a exercita unul sau mai multe dintre aceste drepturi (inclusiv dreptul de a iti retrage consimtamantul, atunci cand prelucram datele pe baza acestuia) sau pentru a adresa orice intrebare despre oricare dintre aceste drepturi sau orice prevedere din aceasta nota de informare sau despre oricare alte aspecte ale prelucrarii datelor tale de catre noi, poti folosi oricand detaliile de contact din sectiunea 2 de mai sus (Datele noastre de contact).

Vom incerca sa raspundem cat mai rapid si complet tuturor intrebarilor si preocuparilor tale si sa facilitam exercitarea drepturilor tale.

12. CE SE POATE INTAMPLA DACA NU NE FURNIZEZI DATELE

Nu ai o obligatie de a ne furniza datele tale cu caracter personal pe care le-am mentionat in acest document.

Cu toate acestea, daca nu ne oferi aceste date, nu va fi posibil pentru noi sa iti prestam serviciile pe care ni le soliciti.

De exemplu, in ceea ce priveste accesarea Aplicatiei, fara sa furnizezi date de identificare si de contact la instalare, nu iti vei putea crea cont si nu vei avea acces la functionalitati precum programari online sau istoric plati. In cazul in care nu doresti sa parcurgi validarea finala a Contului in orice varianta, nu vei avea acces la dosarul tau medical. In cazul in care nu doresti sa activezi geolocalizarea, nu vei putea face self check-in.

La modul general, in cazul in care nu doresti sa ne furnizezi date care te privesc, este posibil sa nu poti accesa serviciile noastre medicale.

13. INEXISTENTA UNUI PROCES DECIZIONAL AUTOMATIZAT

Respectul nostru pentru datele tale include faptul ca le acordam atentia umana necesara, prin intermediul personalului nostru. In conditiile actuale, in calitate de utilizator al serviiilor noastre, nu vei face obiectul unei decizii bazate exclusiv pe prelucrarea automata a datelor tale (inclusiv crearea de profiluri) care sa produca efecte juridice cu privire la tine sau care sa te afecteze intr-un mod similar intr-o masura semnificativa.

14. CAND SE APLICA ACEASTA NOTA DE INFORMARE

Aceasta nota de informare se aplica in legatura cu prelucrarea datelor tale cu caracter personal in cadrul Aplicatiei mobile Regina Maria.
Nota generala privind prelucrarea datelor cu caracter personal de catre Regina Maria poate fi consultata online la adresa https://www.reginamaria.ro/gdpr.

15. MODIFICARILE ACESTEI NOTE DE INFORMARE

Este posibil sa modificam aceasta nota din cand in cand, caz in care iti vom aduce la cunostinta modificarile
Vom posta aceasta nota de informare, precum si orice noua versiunea a acesteia si pe website-ul nostru, in cadrul sectiunii dedicate politicii de confidentialitate/GDPR.

16. CE SEMNIFICA TERMENII PE CARE I-AM FOLOSIT IN ACEASTA NOTA

Autoritatea de supraveghere a prelucrarii datelor cu caracter personal: o autoritate publica independenta care, potrivit legii, are atributii referitoare la supravegherea respectarii legislatiei protectiei datelor cu caracter personal. In Romania, aceasta autoritatea de supraveghere a prelucrarii datelor cu caracter personal este Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP).

Date cu caracter personal: orice informatii privind o persoana fizica identificata sau identificabila (denumita „persoana vizata”). O persoana fizica este identificabila daca poate fi identificata, direct sau indirect, in special prin referire la un element de identificare, de exemplu: nume, numar de identificare, date de localizare, identificator online, unul/mai multe elemente specifice, proprii identitatii fizice, fiziologice, genetice, psihice, economice, culturale sau sociale a respectivei persoane. Astfel, de exemplu, in notiunea de date cu caracter personal sunt incluse urmatoarele: numele si prenumele; adresa de domiciliu sau de resedinta; adresa de email; numarul de telefon; codul numeric personal (CNP); date de geolocatie. Categoriile de date cu caracter personal pe care le prelucram sunt enumerate mai sus.

Categorii speciale de date cu caracter personal: datele cu caracter personal care: dezvaluie originea rasiala sau etnica, opiniile politice, confesiunea religioasa sau convingerile filozofice sau apartenenta la sindicate; datele genetice; datele biometrice pentru identificarea unica a unei persoane fizice; datele privind sanatatea, viata sexuala sau orientarea sexuala a unei persoane fizice.

Operator: persoana fizica sau juridica care decide de ce (in ce scop) si cum (prin ce mijloace) sunt prelucrate datele cu caracter personal. Potrivit legii, raspunderea pentru respectarea legislatiei referitoare la datele cu caracter personal revine in primul rand operatorului. In relatia cu tine, noi suntem operatorul, iar tu esti persoana vizata.

Persoana imputernicita: orice persoana fizica sau juridica care prelucreaza date cu caracter personal in numele operatorului, alta decat angajatii operatorului.
Persoana vizata: persoana fizica la care se refera (careia ii „apartin”) anumite date cu caracter personal. In relatia cu noi (operatorul), tu esti persoana vizata.
Prelucrare a datelor cu caracter personal: orice operatiune / set de operatiuni efectuata/efectuate asupra datelor cu caracter personal sau asupra seturilor de date cu caracter personal, cu sau fara utilizarea mijloacelor automatizate; de exemplu: colectarea, inregistrarea, organizarea, structurarea, stocarea, adaptarea sau modificarea, extragerea, consultarea, utilizarea, divulgarea prin transmitere, diseminarea sau punerea la dispozitie in orice alt mod, alinierea sau combinarea, restrictionarea, stergerea sau distrugerea respectivelor date cu caracter personal/seturi de date cu caracter personal. Acestea sunt doar exemple. Practic, prelucrarea inseamna orice operatiune asupra datelor cu caracter personal, indiferent daca prin mijloace automate sau manuale.

Stat tert: un stat din afara Uniunii Europene si a Spatiului Economic European.

17. GRUPUL REGINA MARIA ESTE FORMAT DIN TOATE SOCIETĂȚILE COMERCIALE CONTROLATE ÎN MOD DIRECT DE CĂTRE CENTRUL MEDICAL UNIREA SRL PRIN CARE SUNT FURNIZATE SERVICII MEDICALE:

CENTRUL MEDICAL UNIREA S.R.L., o societate comerciala romana, având sediul social în Bucuresti, Bdul Ion Ionescu de la Brad nr. 5B, sector 1, inregistrata la Registrul Comertului sub numarul J40/15930/1991, cod unic de inregistrare 5919324, capital social 68.097.580 lei, reprezentanti legali, Fady Chreih, in calitate de Director General, Olimpia Enache, in calitate de Director Operational.
DELTA HEALTH CARE S.R.L., persoana juridica romana, cu sediul in Bucureşti Sectorul 1, Str. Nicolae Caramfil, nr. 85A, parter: 1620,08 mp, etaj 1: 514,5 mp, etaj 2: 1857,70 mp, etaj 3: 1950,70 mp, etaj 4: 76,70 mp, etaj 5: 719,90 mp, reprezentand o suprafata totala de 6732,58 mp, avand numar de inregistrare in Registrul Comertului J40/2516/2010 si cod unic de inregistrare 26630352, capital social 616.180 lei, reprezentanti legali: Fady Chreih, in calitate de Presedinte al Consiliului de Administratie, Olimpia Enache in calitate de administrator.
DELTA HEALTH TRADE S.R.L., persoana juridica romana, cu sediul in Bucureşti Sectorul 1, Strada Nicolae Caramfil, nr. 85A, (parter:490 mp, etaj 1: 720 mp, etaj 5: 290mp, reprezentand o suprafata totala de 1.500 mp), inregistrata la Registrul Comertului sub numarul J40/2513/2010 si cod unic de inregistrare 26630360, capital social 2.020 lei, reprezentant legal Fady Chreih, in calitat de de administrator.
ELITE MEDICAL S.R.L. o societate cu raspundere limitata organizata si functionand in mod legal conform legilor din Romania, avand sediul social in Municipiul Craiova, Str. Mitropolit Nifon Criveanu nr. 13, Judet Dolj, inregistrata în Registrul Comertului sub nr. J16/2351/2005, avand codul unic de inregistrare (CUI) 18164472 ("Elite Medical") pentru activitatile de laborator efectuate in locatia din Slatina, B-dul Al. I. Cuza nr. 22, parter, Bl. FA21, Judet Olt
IDS HISTRIA S.R.L., o societate comerciala romana, având sediul social în Orasul Voluntari, Str. Erou Nicolae Iancu 93/3 mansarda camera 26, jud Ilfov, inregistrata la Registrul Comertului sub numarul J23/2456/2015, cod unic de inregistrare 33370956, capital social 1.929.300 lei, reprezentanti legali: Olimpia Enache, in calitate de administrator, Dragos Comanescu, in calitate de administrator;
PHOENIX IMAGISTIC CENTER S.R.L., o societate comerciala romana, având sediul social în Bucuresti, sector 1, Str. Washington nr 46, parter, Ap.1, camera 1, inregistrata la Registrul Comertului sub numarul J40/11177/2011, cod unic de inregistrare 29114763, capital social 243.000 lei, reprezentant legal Dragos Comanescu, in calitate de administrator.
CENTRUL DE RADIOIMAGISTICA TELESCAN S.R.L., o societate comerciala romana, având sediul social în Timisoara, Jud Timis, Calea Buziasului Nr. 30, Et. P, inregistrata la Registrul Comertului sub numarul J35/473/2009, cod unic de inregistrare 25221937, capital social 754.000 lei, reprezentant legal Dragos Comanescu, in calitate de adimintrator
CENTRUL DE RADIOIMAGISTICA DR. BIRSASTEANU S.R.L., o societate comerciala romana, având sediul social in Timisoara, jud. Timis, Calea Stan Vidrighin, Nr. 30. Et. P, inregistrata la Registrul Comertului sub numarul J35/3673/2006, cod unic de inregistrare 19216537, capital social 1.217.570 lei, reprezentant legal Comanescu Dragos, in calitate de administrator.
POZITRON MEDICAL INVESTIGATION S.R.L., o societate comerciala romana, având sediul social in Constanta, jud. Constanta, Str. Mircea Cel Batran, Nr. 102. Corp C2 Demisol si Parter, inregistrata la Registrul Comertului sub numarul J13/2556/2007, cod unic de inregistrare 22183847, capital social 12.445.550 lei, reprezentant legal Comanescu Dragos, in calitate de administrator.
MATERNA CARE SRL, o societate comerciala romana, având sediul social în Timisoara, Str. Valeriu Braniste, Nr 5, Ap2, inregistrata la Registrul Comertului sub numarul J35/2386/2011, cod unic de inregistrare 29290603, capital social 3.915.540 lei, reprezentanti legali: Ovidiu Patrut, in calitate de administrator, Luiza Stroe, in calitate de administrator, Cosmin Panaete, in calitate de administrator, Alina Ambrozie, in calitate de administrator.
CLINICA SOMESAN SRL, o societate comerciala romana, având sediul social în Baia Mare, Aleea Marasti, Nr 1, Judet Maramures, inregistrata la Registrul Comertului sub numarul J24/380/05.05.2012, cod unic de inregistrare 30157091, capital social 450.200 lei, reprezentant legal Dragos Comanescu, in calitate de administrator.
BIOSTANDARD S.R.L., cu sediul social în Municipiul Oradea, Str. MIMOZEI, Nr. 17, Judet Bihor, România, înregistrată în Oficiul Registrului Comerţului de pe lângă Tribunalul Bihor sub nr. J5/2241/2004, având codul unic de înregistrare (CUI) 17002740, capital social 200 lei, reprezentanti legali: Olareanu Corina, in calitate de administrator, Cirprian Iovan, in calitate de administrator.
BIOSTANDARD 2007 S.R.L., cu sediul social in Municipiul Oradea, Str. Sfântul Apostol Andrei, nr. 46, bloc P 17, etaj 7, ap. 24, Judet Bihor, România, înregistrată în Oficiul Registrului Comerţului de pe lângă Tribunalul Bihor sub nr. J5/2220/2007, (CUI) 22355713, capital social 210 lei, reprezentata de catre Corina Olareanu, in calitate de administrator, Ciprian Iovan, in calitate de administrator.
COSAMEXT S.R.L., cu sediul social în municipiul Târgu Mureş, str. prof. Dr. Gheorghe Marinescu or. 4, Centrul Medical Puls 2009, judeţ Mureş, înregistrată în registrul comerţului Mureş sub nr. J26/3151/1992, având cod unic de înregistrare (CUI) 2610501, capital social 1.000 lei, reprezentanti legali: Olimpia Enache, in calitate de administrator.
EUROCLINIC HOSPITAL S.A., o societate pe acţiuni cu sediul social în România, Bucureşti, Calea Floreasca, nr. 14 A, sectorul 1, înregistrată în Registrul Comerţului de pe lângă Tribunalul Bucureşti sub nr. J40/6269/2001, cod unic de înregistrare (CUI) 14009050, având un capital social de 7.324.272,93 lei, , reprezentanti legali: Fady Chreih, in calitate de director executiv, Olimpia Enache, in calitate de director operational.
GASTROMOND S.R.L., cu sediul social in Municipiul Constanţa, Bulevardul TOMIS Nr. 143A, CAMERELE C1-P04, C3-P02, C4-P01, Etaj P, Judet Constanţa Capital social 200 lei, reprezentanti legali: Olimpia Enache, in calitate de administrator, Nirvana Georgescu, in calitate de administrator.
GENETIC CENTER S.R.L., cu sediul social in Sat Floresti, Str. Crisan, nr. 9, Jud. Cluj, înregistrată în Registrul Comerţului Cluj sub nr. J12/306/2009, având codul unic de înregistrare (CUI) 25109543, capital social 400 RON, reprezentanti Raluca Prodan, in calitate de administrator.
GENOME&GENETICS S.R.L., Bucuresti, Str. Vasile Gherghel nr. 51, ap. 2, Sector 1, inregistrata in Registrul Comertului Bucuresti sub nr. J40/1857/2016, avand codul unic de inregistrare (CUI) 35621094, capital social 200 RON, Raluca Prodan, in calitate de administrator.
PROMPT URG S.R.L., cu sediul social in Municipiul Cluj-Napoca, str. Caisului nr. 38, Judetul Cluj, inregistrata la Registrul Comertului Cluj sub nr. J12/2149/2004, avand cod unic de inregistrare 16491486, capital social 200.200 lei, reprezentant legal Nicoleta Thomas, in calitate de administrator.
REGINA MARIA BANCA CENTRALA DE CELULE STEM S.A., cu sediul social in Bucuresti, Bdul Ion Ionescu de la Brad nr. 5B, subsol 2, sector 1, înregistrată în Registrul Comerţului sub numărul J40/15742/2008, cod unic de înregistrare 24469080, capital social 3.022.025 lei, reprezentanti legali Fady Chreih, in calitate de presedinte al consiliului de administratie.
SANTOMAR ONCODIAGNOSTIC S.R.L., cu sediul social in Cluj-Napoca, Str. CÂMPULUI, Nr. 42, Ap. 32, Judet Cluj, J12/3748/2008, Cod unic de înregistrare: 24454900 reprezentanti legal Corina Olareanu, in calitate de administrator.

Privacy policy information note for the REGINA MARIA mobile app

To make it easier for you to navigate through this Privacy Policy Information Note, please see below the sections you may consult:

About this Privacy Policy Information Note
Who we are
What personal data we process
Sources from which we collect your personal data
The bases on which we process your personal data
Purposes for which we process your personal data
To whom will we disclose your data
International data transfers
How long will we process your data
Security of your data
Which are your rights and how can you exercise them
What can happen if you do not provide us your data
No automated decision-making
Applicability of this Privacy Policy Information Note
Changes to this Privacy Policy Information Note
What do the terms we have used in this note mean
Companies part of the Regina Maria group

1. ABOUT THIS PRIVACY POLICY INFORMATION NOTE

This Privacy Policy Information Note addresses all users of the Regina Maria Mobile App (hereinafter referred to as the App) and explains how the App processes their personal data. The purpose of this Note is also to explain how we ensure that your personal data is processed responsibly, in accordance with the applicable legislation concerning personal data protection and with our Privacy policy.

For the purposes of this Information note, Regina Maria, through the main legal entity, Centrul Medical Unirea SRL (CMU), is the controller of your personal data You can find below information about our identity and contact data, and also the contact data of our data protection officer.

At Regina Maria, we take very seriously the respect for the security and privacy of your data. The compliance with the data protection legislation and best practices in the field, as well as ensuring a climate of transparency, security and trust for our patients is a priority for us, for which our personnel, collaborators, partners, and management firmly state their support.

This Note contains important information referring to our Privacy Policy. Therefore, we encourage you to take the time to read it thoroughly and carefully and make sure you fully understand it. In order to facilitate the reading of the document, we included a glossary explaining the main used terms (e.g., "personal data", "processing", etc.) at the end of this note. Do not hesitate to address us any questions you might have. We want to make it clear to you how we use your data and how we protect their privacy. The content of this information note is purely informative and does not affect the rights granted to you by the legislation. We will do our best to facilitate for you their exercise.

Thank you for your trust.

2. WHO WE ARE

The Regina Maria Healthcare Network is the private medical service operator in Romania that brings together more than 5,000 personnel and collaborators in locations in Bucharest and throughout the country.

In numbers, Regina Maria means: 46 clinics, 8 hospitals, 4 daytime hospitalization centers, 4 maternity wards, 10 medical campuses, 26 imaging centers, 28 analyses laboratories, own bank of stem cells and more than 300 partner polyclinics in the country.

Our contact data

Full name

Centrul Medical Unirea SRL together with all the legal entities mentioned in item 17 in this Information note

Headquarters address

5B Ion Ionescu de la Brad Boulevard, District 1, Bucharest

Administrative headquarters address (mailing address)

Charles de Gaulle Plaza Building, 15 Charles De Gaulle Square, 4th floor, District 1, Bucharest

Telephone number

0219268 or *9268 or 0219886 (available between hours 8 and 20 Monday – Friday)

Online

The “Support” section in the Mobile App or https://www.reginamaria.ro/suport

Email

office@reginamaria.ro

Contact data of our data protection officer (this is the person you need to contact for any issues related to the protection of your personal data)

Mailing address

Charles de Gaulle Plaza Building, 15 Charles De Gaulle Square, 4th floor, District 1, Bucharest

E-mail address

dpo@reginamaria.ro

3. WHAT PERSONAL DATA WE PROCESS

3.1. Personal data processed through the App

The personal data that we process is collected directly from you or resulting from the provision of services by one of the companies within Regina Maria, and include the following categories of data:

Personal details, such as: last name; first name; gender; date of birth/age; citizenship; remaining information in your identity card (including issuance date, expiry date, place of birth); family members, for example minor children.

Contact details, such as: telephone number; e-mail address; home/residence address;

Medical data (special category of personal data), such as: symptoms; previous diseases; analyses and medicines administered in the past; blood group; analyses and other services that you access within Regina Maria; results of your analyses performed by us; treatment we prescribe or administer; doctors that you have consulted; medical recommendations; data from your hospital medical file, including data about your family's medical history, if it is relevant as a heredo-collateral history; genetic data, if applicable.

Details about invoices and payments, such as: invoicing address; bank account number or bank card number IBAN code; last name and first name of the holder of the bank account or bank card (may be other than you, if someone else has paid an invoice in your name and for you); date since which the bank card is valid; expiry date of the bank card.

Professional details, such as: employer; position; profession; seniority at work.

Details about insurances, such as: quality of insurant/non-insurant, insurer (in case of private insurances).

Data about contracts, such as: individual contracts concluded for you and/or beneficiary family members, corporate contracts of which beneficiary you are as an employee or family member of the client company, adhesion documents.

Opinions and views (may include sensitive data), such as: any opinions or views that you submit to us on the communication channels available through the App.

As shown in the list above, it is possible to provide us with information about other people - for example, the medical history of your relatives who are suffering from the same medical condition as yours. When these refer to identified or identifiable persons, we will treat this information as personal data of those persons and we will also provide them with the necessary protection. However, we will strictly comply with the obligation of professional secrecy (including medical secrecy) that we have with you and we will not inform those persons about such processing in order to comply with our obligation of professional (including medical) secrecy towards you.

3.2. Data collected through the App

The following data are processed exclusively through the App, depending on the permissions you grant to us

The Regina Maria Mobile App is designed to ensure the user privacy. Depending on the options you wish to access and on the permissions you choose to grant us, the App may collect the following categories of data:

Identification and contact data

If you choose to create your Account through the App, we will ask you to disclose us your identification data (name, given names, National Identification Number) and contact details (mobile phone number and email address), in order for us to identify you and to activate your account. You will also be required to set a password, which will only be known to you.
Each time you login, you will have to provide your email address and password, for the protection of your personal data.

Information on your device and operating system

When you use the App, we collect information on the type of your device and the operating system thereof. As well as your IP. This information, although they qualify as personal data, does not allow us to identifyyou without corroboration with other data referring to you, and without the confirmation of the electronic communications operator that generated the respective IP. Please note that the identification of an IP implies the processing of traffic data, which can only be made by the electronic communications operators, under the law.

Your activity within the App

We use only necessary tracking tools, without which certain functionalities of the App could not work. These tools may retain anonymous logs, but also logs that may identify you, and will only be activated if you grant us permission, while you navigate the App, for accessing your Calendar, Location (for self check-in), and if you have the Push notification option activated on your mobile phone.

We also use one statistics tools, Firebase Crashlytics, which enables us to identify app crashes. Firebase Crashlytics is set to collect exclusively data relating to the equipment, the Operating System, and the crash itself – its date, time, and the App instance where it occurred, without collecting any data which may identify or make identifiable the App user.

Opinions you might express and information related to your health
If you choose to use the Support or Ask a Doctor section in the App in order to ask a question or to attach a supporting document to your appointments or your questions, we will process the personal data contained therein.

The following categories of personal data will be processed exclusively based on the permissions you grant us.

In accordance with our Privacy Policy, permissions are granted through affirmative actions for each of the options below and can be denied without affecting the installation or use of the other options of the App.

Location data – permission may be granted when accessing the self check-in functionality, either while using the App, or for each specific use.

Location data makes it possible to access one of the basic functionalities of the App - self check-in - which allows you to notify the physician that you arrived for the appointment and go directly to the cabinet’s floor and room, without waiting in line and interacting with the Reception personnel. This saves your time and avoids human errors that may arise from interacting with the Reception personnel. Under the current epidemiological conditions, it also allows you to avoid crowded areas.

In order to benefit from this functionality, the App must be able to locate the equipment that you use. Location works in foreground, and is activated only when the App is open.

We confirm that we use location in accordance with the privacy conditions in our Privacy Policy: (i) we do not collect data, we interrogate the GPS of the telephone in order to determine whether you are inside or outside the set distance from the clinic where you have the appointment, without determining your precise coordinates, and without storing any information regarding your location, (ii) we use location exclusively for the purposes stated above and (iii) we do not disclose this information to any provider or client.

There is also the possibility to deny the permission for location ("deny") if you do not wish to use the self check-in function.

Calendar – permission is requested if you want to add your appointment to the Calendar you use on your equipment
It allows us to add your appointments to your telephone's calendar. For this purpose, the App processes your appointment’s identification number in the Regina Maria systems, the name, date, time and location of the appointment.

Camera and microphone – permission is requested if you want to go through the final remote validation.

They allow you to make and send to Regina Maria the images necessary for the final validation of your account or in order to associate your child’s account to your own. These include your selfie photo and short video recording, the photo of your ID card and of the child’s birth certificate

This remote account validation or association are strictly optional, they require your express consent and are an alternative to the final validation or association in any of our Receptions. You have all the details regarding the way it works, the data we process and the way we process it with the assurance of privacy in the Terms and Conditions applicable to this functionality, which we ask you to go through before starting the account validation process.

Once the requested validation or association is completed, the App will no longer use the telephone's camera and microphone.

Files and media – permission is requested when accessing a functionality that involves uploading documents.

They allow you to attach the desired files for an appointment, for associating your child's account or for the functionality "Ask a doctor". The files are saved directly in the Regina Maria systems and are protected like all your other medical documents. The data are not saved in the App.

Physical activity – permission is granted when accessing the Bank of Kilometers

It helps you quantify the distance traveled when using the Bank of Kilometers option in the Regina Maria App. It works in foreground, only when this functionality is activated in the open App.

4. SOURCES FROM WHICH WE COLLECT YOUR DATA

We receive the most information directly from you when signing a medical services contract, when you are admitted to one of our hospitals, when you access medical services in one of our clinics/laboratories or when you use our mobile App, for example to make an appointment, or make a self-check-in.
Through the App, we collect data exclusively from you or with your permission

From you, we receive the documents you choose to upload or the details you select in order to make a doctor’s appointment (such as medical specialty, clinic, date, time, cost of the appointment).

From your equipment, we collect data referring to its type and model, its operating system and IP, as well as information related to your activity within the App, through the tracking tools necessary for the functioning of the App. If you give us permission for location, we will interrogate your location, without collecting and storing such data.

If you choose to import into the Bank of Kilometers the distances accumulated in other apps that accumulate kilometers, we will receive from these apps the number of kilometers you walked while using such apps. The way you choose to log into such apps in order to transfer kilometers to the Bank of Kilometers depends only on you and the login options you choose in the third party app.

We are constantly trying to keep your data as accurate and up-to-date as possible. For this purpose we continuously make efforts to update and confirm your identification and contact data. We also make every effort to ensure their privacy and security in accordance with our Privacy Policy.

The following data are not collected through the App, but they may be visible in your medical records that you might interrogate through the App.

For the occupational health services, for the purpose of hiring or at any time during the course of the employment, your employer will send us the following data about you, that will allow us to identify you and determine the types of required checkups and investigations: last name; first name; personal identification number (CNP); employer’s identity; professional details; contact details (telephone number and/or e-mail).

For the beneficiaries of medical subscriptions contracted by your employer or by the employer of a member of your family, we can receive from our client or directly from the family member: last name; first name; personal identification number (CNP); contact details (telephone number and/or e-mail).

last name; first name; personal identification number (CNP); contact details (telephone number and/or e-mail).

5. THE BASES ON WHICH WE PROCESS YOUR DATA

The bases on which we process your personal data (other than special categories of data)

We process your personal data, other than special categories of data, such as medical data, in order to be able to conclude a contract with you, at your request, or for the performance of a contract concluded with you (through which we undertake to perform our services in your benefit).

If you decide to install and use the Regina Maria App, we process your data in order to provide you this service. The App does not store data; it functions as an interface between the patient and their patient file, including their medical records with Regina Maria.

In the case of location data of your equipment, these will be processed based on your specific consent. If you want to cancel the granted permission, you can do so either from your telephone settings, or by reinstalling the App. As the App does not store data, and is an interface between you and your patient file at Regina Maria, in case of reinstallation, you will not lose any of the previously available documents.

For any commercial communication we might send you, we will process your data on the basis of your consent for this specific purpose. You can manage these consents right from the App - My Profile section -> Consents.

We may process your data for the fulfillment of legal obligations, such as our financial reporting obligations, in case of invoices and payments made by you; archiving obligations; obligations to disclose to certain public authorities, especially health and sanitary authorities, upon request, certain information.
There are also cases in which we process your data based on our legitimate interest, for example for the notification and recovery of outstanding debts or, given the multitude of our clinics, laboratories and hospitals, to facilitate the access to our medical services.

The bases on which we process your special category data

Considering the specific nature of our activity (provision of medical services), it is in our normal course of business collect and process special category personal data of our patients.

We will perform this processing based on the following legal grounds:

When the processing is necessary for purposes of assessing your employment capacity (for hiring or during periodical checkups), of establishing a medical diagnosis, of providing medical or social care or a medical treatment, or of managing the healthcare and social care systems and services.
We may process your medical data in order to protect your vital interests (or of another natural person), in emergencies or other situations in which you are incapable (physically or legally) to consent to processing.

In urgent cases, we may need to process your medical data for reasons of public interest in the field of public health; for example: protection against serious cross-border threats to health (in case of a pandemic), ensuring high standards of quality and safety of medical care and medicines or medical devices, under the European Union or Romanian legislation.

In the event that between you and us arise disputes that we cannot solve together amicably, it is possible that we process your medical data (for example, results of medical analyses based on which a particular diagnosis has been decided) in order to establish, exercise or defend our rights in front of a court.

6. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

The purposes for which we process your personal data through the App is the provision of a service requested by you, namely

Granting access to the services provided by the Regina Maria Mobile App – granting access to your medical records and the medical records of your child; to the online appointment making system; to the self check-in service when you reach the clinic; to appointments in the virtual clinic (which is not hosted in the App); to your invoices and payments history; to the Ask a doctor and Bank of kilometers functionalities; to the discounts offered by our partners through the Membership card.

Regarding the primary purposes of processing the data available through the App, they are:

Provision of medical services. Provision of medical services; registration of provided medical services; communicating with you about the requested services; activation or customization of your subscriptions; appointments; identifying you and the provided services; your information concerning the results of the provided services or - in case of occupational health - the provision of legal documents to your employer.

Managing our communication and IT (information technology) systems. Managing our communication systems; managing our IT security; performing security audits on our IT networks, genrating reports to authorized institutions in the field of cyber security, or solving system failures.

Fulfilling our legal obligations. Fulfilling our legal obligations with regard to the registration of medical information and keeping records, archiving, healthcare, security, and other obligations that the law imposes on us.

Financial management. Issuing invoices and receipts; receiving and recording payments performed by you or by another person on your behalf; recovering debts (including through debt recovery companies - details below in the section concerning the persons to whom we may disclose your data); refunding some amounts of money to you; transmission of notifications; preparation of financial/operational reports and issuing statutory financial statements/statements concerning contracts, reporting to competent authorities.

Marketing communications. Communicating with you by any means (for example, e-mail, telephone, text messages (SMS), mail, messages sent on social networks or in person) news about medical services provided by us, subscription to newsletter or providing other information that might interest you.
Settlement of disputes. Preparing requests and defenses before public authorities and other entities that settle disputes.

Surveys. Making surveys and asking questions to you in order to obtain your opinion concerning our services.

Improving products and services. Identifying issues which can be improved and the modalities in which we can do this (including by conducting audits); testing the improvements made to our services or our new services; solving your complaints.

M&A transactions. It is possible in the future for Regina Maria to decide to disclose your data in the context of M&A transactions.

7. TO WHOM WILL WE DISCLOSE YOUR DATA

As a rule, we do not disclose your data to other companies, organizations or persons in any country (including Romania).

In certain circumstances, however, it is possible to disclose your data to other natural or legal persons, as follows:

Other companies within the Regina Maria group – for legitimate reasons related to the unitary access to medical services by all patients. The list of companies that are part of the Regina Maria Healthcare Network is provided in section 17.

Contractual physicians – physicians who provide consultations within Regina Maria may be employed by our healthcare network or may be contractual physicians. Each of them is kept both by law and by the contract concluded with us to preserve the confidentiality of your data.

Public authorities in any field, in Romania or abroad (in particular public health authorities in Romania: National Health Insurance House, Ministry of Health, National Institute of Public Health and others) - at their request or at our initiative, exclusively in accordance with the applicable legislation in Romania and the European Union.

Insurers in Romania or other states – in connection with the services you received in our clinics, at your request.

Your employer – in connection with the assessment of your work capacity for purposes related to occupational health, but only to the extent of the information established by the legal provisions, excluding information concerning the result of the performed medical investigations.

Accountants, auditors, lawyers and other external professional consultants of ours or of another company within Regina Maria group, in Romania or abroad – they will be bound by law or by the contract concluded with us or another company within our group to ensure the confidentiality of your data.

Natural or legal persons acting as processors for Regina Maria, in various fields (for example, IT services, payment services, debt collection services, marketing and communication, etc.), that we will require by contract to comply with the requirements of the legislation that protects your rights - they provide certain services to us.

Any relevant person, agency or court in Romania or other state – to the extent necessary to establish, exercise or defend a right of ours or of other company within the Regina Maria group in front of a court.

Any purchasers or possible relevant purchasers in the medical sector or other sectors, in Romania or another state – if we sell or transfer all or part of our shares, our assets or our business (including in case of our reorganization, dissolution or liquidation) - they will be subject to a privacy obligation.

Our partners, with whom we are in contractual relations and which act as Controllers of the data - providers of IT, marketing and communication services or partners which grant discounts to Regina Maria patients through the Membership Card – which will receive exclusively the confirmation of your quality as Regina Maria patient – that you would have disclosed directly to them, voluntarily, when you request the applicable discount.

When we use a natural or legal person as our processor to process your personal data, we will ensure that it has entered into a written agreement with us through which it undertakes, among other obligations that the personal data protection legislation provides, the obligations to (i) process personal data only in accordance with our written instructions provided in advance and to (ii) effectively implement measures to protect privacy and ensure the security of personal data. We will also ensure that the written document between us and the processor provides for it at least all the other obligations imposed by the applicable legislation concerning the protection of personal data.

8. TO WHOM AND IN WHAT CONDITIONS WILL WE TRANSFER YOUR DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION (INTERNATIONAL DATA TRANSFERS)

Currently, we do not transfer nor intend to transfer your personal data to third countries or to international organizations. If we have to transfer your data to any of the above destinations, we will inform you in advance and we will ensure that such transfers are performed in compliance with applicable legal requirements, including, if necessary, based on your explicit consent.

9. HOW LONG WILL WE PROCESS YOUR DATA

We process your personal data for different periods of time, depending on the category of data and the purpose of their processing, as follows:

Informatiom concerning your health status – The most important category of personal data that we process is the information about your health status, recorded when accessing medical services. These data also have the longest processing time of storage - between 30 years in case of written documents without technical value, and up to 100 years in case of medical documents, under Law no. 95/2006 concerning the healthcare reform, corroborated with the National Archives Law no. 16/1996.

Identification data – last name, first name, National Identification Number, are accessories of the data concerning the patient’s health status, and therefore are kept throughout the storage of medical data. Medical documents are included in the category of documents with practical value, based on which duplicates, certificates and extracts are issued, and consequently, in order to be able to issue such documents, upon request, it is necessary for us to be able to clearly identify the patient to whom they refer.

Contact data – email addresses, telephone numbers, mailing addresses - it is important for us to have contact details for patients whose medical records we must process. Contact details are also used to create and access the Regina Maria Account and the mobile App. Therefore, we try to update and confirm the contact data are accurate and up to date. They are processed during their validity period, as indicated by patients, who have the possibility to modify or delete such data at their own choice.

Financial data – in case of patients who make payments for individual contracts or services, we process details related to invoices and payments, which we store, according to our financial legal obligations, for a period of 5 to 10 years.

Your selfie photo, photos of your ID card and of your child’s birth certificate, and short video recording of you processed for the purpose of remote validation of your Account or the association of your child’s account to your own, if you choose this type of validation/association, are stored for a period of up to 12 months.

Tracking tools are stored exclusively on the equipment of the App user, either during its operation period until the first reinstallation or until the modification of the permissions by you, in the App menu.

Location is processed exclusively during the activity of the App in the foreground, and the whole process is performed locally, on the telephone, without collecting data outside the equipment. Regina Maria does not collect or store location data of your equipment.

10. SECURITY OF YOUR DATA

We work hard to protect our clients, other persons whose data we process and ourselves against unauthorized access, and unauthorized modification, disclosure, or destruction of the data we process. In particular, we have implemented the following technical and organizational measures to ensure the security and privacy of personal data:

Dedicated policies. We adopt and review our data processing practices and policies for our clients and other persons, including physical and electronic security measures, to protect our systems against unauthorized access and other possible security threats. We constantly check how we apply our own data protection policies and how we comply with data protection legislation.

Data minimization. We have ensured that your personal data that we process are limited to those that are necessary, adequate and relevant to the purposes stated in this note.

Limited access to data. We strictly limit the access to the personal data that we process to the personnel, collaborators, and other persons who need to access them to carry out their activity. All these companies and natural persons are subject to strict privacy obligations and we will not hesitate to hold them accountable and stop working with them if they do not treat the protection of data with the utmost seriousness.

Specific technical measures. We have purchased and use technologies to ensure our clients and other persons that their data security is protected, both during storage and in transit, using modern encryption methods. In order to protect your data security, we recommend that you do not use multiple access equipments, and you do not disclose to other persons your login data to the App.

Back-ups and security audits. We work hard to protect our systems from accidental or unauthorized access or alteration and from other possible threats to their security. For this reason, once you delete information from your account, we may not immediately delete the copies or backups that we have created.

We make daily archives (back-ups), which we keep secure for at least six (6) months. All the technical equipment that we use to process your data is secured and updated to protect the data. We also perform, on a regular basis, security audits with independent auditors from the Big Four on the computer systems that we use to process the personal data of our clients and of other persons.

Ensuring the accuracy of your data. It is possible that from time to time we ask you to confirm the accuracy and/or actuality of your personal data that we are processing.

Training of the personnel. We constantly train our personnel and contractual staff on the legislation and best practices in the field of personal data processing.

Anonymisation of data. Where possible and appropriate to our work, we anonymize/pseudonymize the personal data that we process, as an additional protective measure.

Control of our service providers. We insert into the contracts concluded with those who process for us (processors) or with us (other controllers – joint controllers) clauses or annexes to ensure the protection of the data we process; this protection goes at least to the minimum required by the legislation.
Although we take all the reasonable measures to ensure the security of your data, we cannot guarantee the absence of any security breach or failure to penetrate the security systems. In the unfortunate and unlikely event that such a breach occurs, we will follow the legal procedures to limit the effects and to transparently inform the data subjects.

11. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM

We treat your rights in relation to the processing that we make on your data with utmost seriousness. We will continue to take all reasonable measures to ensure that they are respected.

Your rights

In short, your rights are the following:

Right of access to data. You have the right to obtain the access to your data that we process or control, or to the copies thereof; you also have the right to obtain from us information about the nature, processing and disclosure of such data.

Right to data rectification. You have the right to obtain the rectification of inaccuracies of your data that we process or control.

Right to data erasure. You have the right to obtain from us the erasure of your data that we process or control, within the limits allowed by the applicable legislation, especially regarding medical services providers.

Right to restriction of processing. You have the right to restrict the processing of your data that we process or control.

Right to object. You have the right to object to the processing of your data by us or on our behalf.

Right to data portability. You have the right to obtain the transfer to another controller of the data that you have provided to us.

Right to withdraw the consent. In situations where we process your data based your consent, you have the right to withdraw your consent; you can do it at any time, at least as easy as giving us your initial consent; withdrawing the consent will not affect the lawfulness of processing of your data before withdrawing.

Right to submit a complaint to the supervisory authority. You have the right to submit a complaint to the personal data processing supervisory authority about the processing of your data by us or on our behalf.

How can you exercise your rights

In order to exercise one or more of these rights (including the right to withdraw your consent, when we process your data based on it) or to ask any question about any of these rights or about any provision in this information note or about any other aspects of processing your data by us, please use whenever you want the contact details in section 2 above (our Contact data).

We will try to answer as quickly and completely as possible to all your questions and concerns and to facilitate the exercise of your rights.

12. WHAT CAN HAPPEN IF YOU DO NOT PROVIDE US YOUR DATA

You do not have to provide us with your personal data mentioned in this document.
However, if you do not wish to provide us with these data, it will not be possible for us to provide you with the services you request.

For example, in terms of accessing the App, without providing identification and contact data during installation, you will not be able to create an account and you will not have access to functionalities such as online appointments or payment history. If you do not want to go through the final validation of the Account in any version, you will not have access to your medical records. If you do not want to activate location, you will not be able to self check-in when you reach the clinic for your appointment.

In general, if you do not want to provide us with data about you, you may not be able to access our medical services.

13. NO AUTOMATED DECISION-MAKING

Our respect for your data includes the fact that we give them the necessary human attention, through our personnel. Under the current circumstances, as a user of our services, you will not be subject to a decision based solely on the automatic processing of your data (including the creation of profiles) to produce legal effects with respect to you or affect you similarly.

14. APPLICABILITY OF THIS PRIVACY POLICY INFORMATION NOTE

This information note applies in connection with the processing of your personal data through the Regina Maria Mobile App.
The general note regarding the processing of personal data by Regina Maria can be consulted online at the address https://www.reginamaria.ro/gdpr.

15. CHANGES TO THIS PRIVACY POLICY INFORMATION NOTE

We may modify this note from time to time, in which case we will bring the changes to your attention.
We will also post this information note and any new version of it on our website, within the section dedicated to the privacy policy/GDPR.

16. WHAT DO THE TERMS WE HAVE USED IN THIS NOTE MEAN

Supervisory authority for the processing of personal data: an independent public authority which, according to the law, has duties related to the supervision of the compliance with the legislation concerning personal data protection. In Romania, this supervisory authority for the processing of personal data is the National Authority for Personal Data Processing Supervision (ANSPDCP).

Personal data: any information relating to an identified or identifiable natural person (the "data subject"). A natural person is identifiable if it can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that person. So, for example, the notion of personal data includes the following: first name and last name; home or residence address; e-mail address; telephone number; personal identification number (CNP); geolocation data. The categories of personal data about you that we process are listed above.

Special categories of personal data: personal data that: reveal the racial or ethnic origin, political opinions, religious confession or philosophical beliefs, or membership of trade unions; genetic data; biometric data to uniquely identify a natural person; data concerning the health status, sexual life or sexual orientation of a natural person.

Controller: natural or legal person who decides why (for what purpose) and how (by what means) personal data are processed. According to the law, the responsibility for complying with the legislation concerning personal data rests primarily with the Controller. In the relationship with you, we are the Controller and you are the data subject.

Processor: any natural or legal person who processes personal data on behalf of the Controller, other than the Controller’s employees.

Data subject: natural person to whom certain personal data refer (to whom they belong). In the relationship with us (the Controller), you are the data subject.

Processing of personal data: any operation/set of operations performed on personal data or on sets of personal data, with or without the use of automated means; for example: collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmitting, disseminating or making available in any other way, aligning or combining, restricting, deleting or destructing such personal data/sets of personal data.

These are just examples. Practically, processing means any operation on personal data, whether by automatic or manual means.

Third state: a state outside the European Union and the European Economic Area.

17. COMPANIES PART OF THE REGINA MARIA GROUP

REGINA MARIA GROUP CONSISTS OF ALL THE COMPANIES DIRECTLY CONTROLLED BY CENTRUL MEDICAL UNIREA SRL THROUGH WHICH MEDICAL SERVICES ARE PROVIDED:

CENTRUL MEDICAL UNIREA S.R.L., Romanian company, with headquarters in Bucharest, 5B Ion Ionescu de la Brad Blvd., district 1, registered with the Trade Register under number J40/15930/1991, sole registration code 5919324, share capital 68,097,580 lei, legal representatives, Fady Chreih, as Chief Executive Officer, Olimpia Enache, as Chief Executive Officer,
DELTA HEALTH CARE S.R.L., Romanian legal person, with headquarters in Bucharest District 1, 85A Nicolae Caramfil str., ground floor: 1620.08 sqm, 1st floor: 514.5 sqm, 2nd floor: 1857.70 sqm, 3rd floor: 1950.70 sqm, 4th floor: 76.70 sqm, 5th floor 5: 719.90 sqm, representing a total area of 6732.58 sqm, having registration number in the Trade Register J40/2516/2010 and sole registration code 26630352, share capital 616,180 lei, legal representatives: Fady Chreih, as Chairman of the Board of Directors, Olimpia Enache as administrator,
DELTA HEALTH TRADE S.R.L., Romanian legal person, with headquarters in Bucharest District 1, 85A Nicolae Caramfil str., (ground floor: 490 sqm, 1st floor: 720 sqm, 5th floor: 290 sqm, representing a total area of 1,500 sqm), registered with the Trade Register under number J40/2513/2010 and sole registration code 26630360, share capital 2,020 lei, legal representative Fady Chreih, as administrator,
ELITE MEDICAL S.R.L. limited liability company, organized and functioning legally in accordance with the laws of Romania, with headquarters in Craiova, 13 Mitropolit Nifon Criveanu str., Dolj county, registered with the Trade Register under no. J16/2351/2005, having sole registration code (CUI) 18164472, duly represented by Corina Olareanu as administrator, for laboratory activities performed within the location in Slatina, 22 Al. I. Cuza Blvd., Bl. FA21, Olt county.
IDS HISTRIA S.R.L., Romanian company, with headquarters in Voluntari, 93/3 Erou Nicolae Iancu str., attic, room 26, Ilfov county, registered with the Trade Register under number J23/2456/2015, sole registration code 33370956, share capital 1,929,300 lei, legal representatives: Olimpia Enache, as administrator, Dragos Comanescu, as administrator;
PHOENIX IMAGISTIC CENTER S.R.L., Romanian company, with headquarters in Bucharest District 1, 46 Washington str. ground floor, Apt.1, room 1, registered with the Trade Register under no. J40/11177/2011, sole registration code 29114763, share capital 243,000 lei, legal representative Dragos Comanescu, as administrator.
CENTRUL DE RADIOIMAGISTICA TELESCAN S.R.L Romanian company, with headquarters in Timisoara, Timis county, 30 Calea Buziasului, groundfloor, registered with the Trade Register under no. J35/473/2009, sole registration code 25221937, share capital 754,000 lei, legal representative Dragos Comanescu, as administrator
CENTRUL DE RADIOIMAGISTICA DR. BIRSASTEANU S.R.L., Romanian company, with headquarters in Timisoara, Timis county, 30 Calea Stan Vidrighin, groundfloor, registered with the Trade Register under no. J35/3673/2006, sole registration code 19216537, share capital 1,217,570 lei, legal representative Comanescu Dragos, as administrator.
POZITRON MEDICAL INVESTIGATION S.R.L., Romanian company, with headquarters in Constanta, Constanta county, 102 Mircea Cel Batran str., Building C2, semi-basement and ground floor, registered with the Trade Register under no. J13/2556/2007, sole registration code 22183847, share capital 12,445,550 lei, legal representative Comanescu Dragos, as administrator.
10. MATERNA CARE SRL, Romanian company, with headquarters in Timisoara, 5 Valeriu Braniste str., Apt. 2, registered with the Trade Register under no. J35/2386/2011, sole registration code 29290603, share capital 3,915,540 lei, legal representatives: Ovidiu Patrut, as administrator, Luiza Stroe, as administrator, Cosmin Panaete, as administrator, Alina Ambrozie, as administrator.
CLINICA SOMESAN SRL, Romanian company, with headquarters in Baia Mare, 1 Aleea Marasti str., Maramures county, registered with the Trade Register under no. J24/380/05.05.2012, sole registration code 30157091, share capital 450,200 lei, legal representative Dragos Comanescu, as administrator.
BIOSTANDARD S.R.L., with headquarters in Oradea, 17 MIMOZEI str., Bihor county, Romania, registered with the Trade Register Office attached to Bihor Court under no. J5/2241/2004, having sole registration code (CUI) 17002740, share capital 200 lei, legal representatives: Olareanu Corina, as administrator, Ciprian Iovan, as administrator.
BIOSTANDARD 2007 S.R.L., with headquarters in Oradea, 46 Sfantul Apostol Andrei str., building P 17, 7th floor, apt. 24, Bihor county, Romania, registered with the Trade Register Office attached to Bihor Court under no. J5/2220/2007, (CUI) 22355713, share capital 210 lei, represented by Corina Olareanu, as administrator, Ciprian Iovan, as administrator.
COSAMEXT S.R.L., with headquarters in Targu Mures, 4 Prof. Dr. Gheorghe Marinescu str., Centrul Medical Puls 2009, Mures county, registered with Mures Trade Register under no. J26/3151/1992, having sole registration code (CUI) 2610501, share capital 1,000 lei, legal representatives: Olimpia Enache, as administrator.
EUROCLINIC HOSPITAL S.A., joint stock company with headquarters in Romania, Bucharest, 14 A Calea Floreasca, district 1, registered with the Trade Register attached to Bucharest Court under no. J40/6269/2001, sole registration code (CUI) 14009050, having share capital 7,324,272.93 lei, legal representatives: Fady Chreih, as Chairman of the Board of Directors, Olimpia Enache, as Chief Operation Officer.
GASTROMOND S.R.L., with headquarters in Constanta, 143A TOMIS Blvd., ROOMS C1-P04, C3-P02, C4-P01, floor P, Constanta county, share capital 200 lei, legal representatives: Olimpia Enache, as administrator, Nirvana Georgescu, as administrator.
GENETIC CENTER S.R.L., with headquarters in Floresti village, 9 Crisan str., Cluj county, registered with Cluj Trade Register under no. J12/306/2009, having sole registration code (CUI) 25109543, share capital 400 RON, representatives Raluca Prodan, as administrator.
GENOME&GENETICS S.R.L., Bucharest, 51 Vasile Gherghel str., apt. 2, district 1, registered with Bucharest Trade Register under no. J40/1857/2016, having sole registration code (CUI) 35621094, share capital 200 RON, Raluca Prodan, as administrator.
PROMPT URG S.R.L., with headquarters in Cluj-Napoca, 38 Caisului str., Cluj county, registered with Cluj Trade Register under no. J12/2149/2004, having sole registration code 16491486, share capital 200,200 lei, legal representative Nicoleta Thomas, as administrator.
REGINA MARIA BANCA CENTRALA DE CELULE STEM S.A., with headquarters in Bucharest, 5B Ion Ionescu de la Brad Blvd., basement 2, district 1, registered with the Trade Register under no. J40/15742/2008, sole registration code 24469080, share capital 3,022,025 lei, legal representatives Fady Chreih, as Chairman of the Board of Directors.
SANTOMAR ONCODIAGNOSTIC S.R.L., with headquarters in Cluj-Napoca, 42 CAMPULUI str., apt. 32, Cluj county, J12/3748/2008, sole registration code: 24454900, legal representative Corina Olareanu, as administrator.

Nota de informare cu privire la prelucrarea datelor cu caracter personal prin aplicatia Regina Maria

Nota de informare privind politica de confidentialitate a aplicatiei mobile REGINA MARIA

Privacy policy information note for the REGINA MARIA mobile app

Fii la curent cu toate produsele noastre!