Nota de informare cu privire la prelucrarea datelor cu caracter personal prin aplicatia Regina Maria

Nota de informare privind politica de confidentialitate a aplicatiei mobile REGINA MARIA

Aceasta Nota de informare se adreseaza tuturor utilizatorilor Aplicatiei mobile Regina Maria (denumita in continuare Aplicatia) si explica modul in care Aplicatia prelucreaza datele cu caracter personal ale acestora. Scopul acestei Note este sa explice, de asemenea, modul in care ne asiguram ca datele voastre cu caracter personal sunt prelucrate responsabil, in conformitate cu legislatia privind protectia datelor cu caracter personal care este aplicabila si cu Politica noastra de confidentialitate („privacy policy”).

Societatile din grrup, astfel cu se regasesc aici, in calitate de operaori asociati ai datelor cu caracter personal, desemneaza Centrul Medical Unirea SRL (CMU), in calitate de operator asociat principal, sa ii reprezinte in relatia cu persoanele vizate si cu Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal, inclusiv pentru scopurile acestei Note de informare. 
Puteti gasi mai jos informatii cu privire la identitatea si datele noastre de contact. De asemenea, tot mai jos puteti gasi datele de contact ale responsabilului cu protectia datelor din cadrul Regina Maria.

La Regina Maria luam foarte in serios respectul fata de securitatea si confidentialitatea datelor tale. Conformarea cu legislatia privind protectia datelor cu caracter personal si bunele practici in domeniu, precum si asigurarea unui climat de transparenta, siguranta si incredere pentru pacientii nostri este o prioritate pentru noi, pentru care angajatii, colaboratorii, partenerii si conducerea noastra isi declara in mod ferm sustinerea. 

Aceasta Nota contine informatii importante referitoare la Politica noastra de confidentialitate. Asadar, te incurajam sa acorzi timpul necesar pentru a o citi in intregime si cu atentie si sa te asiguri ca o intelegi pe deplin. Pentru a facilita parcurgerea documentului, am inclus la sfarsitul acestei note un glosar care explica principalele notiuni folosite (e.g. “date cu caracter personal”, “prelucrare” etc.). Nu ezita sa ne comunici orice nelamuriri ai avea. Dorim sa fie clar pentru tine cum folosim datele tale si modul in care le protejam confidentialitatea. Continutul acestei note de informare este pur informativ si nu afecteaza drepturile pe care ti le ofera legislatia.

Vom face tot posibilul pentru a iti facilita exercitarea acestora.
Iti multumim pentru increderea acordata.

2.    CINE SUNTEM NOI

Reteaua de sanatate Regina Maria este unul dintre cei mai vechi si reputati operatori medicali privati din Romania, cu prezenta pe intreg teritoriul tarii prin locatii proprii si clinici partenere si peste 10.000 de angajati si colaboratori, oferind servicii medicale integrate pentru un numar de peste 6 milioane de pacienti atat in ambulator, cat si in regim de spitalizare de zi si continua.

Datele noastre de contact

Denumire completa

Centrul Medical Unirea SRL, impreuna cu toate entitatile juridice  astfel cum se regasesc aici.

Adresa sediului social
Bulevardul Ion Ionescu de la Brad nr. 5B, Sector 1, Bucuresti

Adresa sediului administrativ (adresa de corespondenta)
Cladirea Charles de Gaulle Plaza, Piata Charles De Gaulle, nr. 15, Etaj 4, Sector 1, Bucuresti

Telefon
0219268 sau *9268 sau 0219886 (disponibile intre orele 8 si 20 luni - vineri)

Online
Sectiunea Suport din Aplicatia mobila sau https://www.reginamaria.ro/suport

Email
office@reginamaria.ro

Datele de contact ale responsabilului nostru cu protectia datelor (aceasta este persoana pe care trebuie sa o contactezi in legatura cu orice aspecte referitoare la protectia datelor tale cu caracter personal)

Adresa de corespondenta
Cladirea Charles de Gaulle Plaza, Piata Charles De Gaulle, nr. 15, Etaj 4, Sector 1, Bucuresti

Email
dpo@reginamaria.ro

3.    CE DATE CU CARACTER PERSONAL PRELUCRAM

3.1. Date prelucrate prin intermediul Aplicatiei

Datele cu caracter personal pe care le vom prelucra sunt datele obtinute direct de la tine sau rezultate in urma prestarii serviciilor de catre una dintre societatile din Regina Maria si includ urmatoarele categorii de date:

Detalii personale, cum ar fi: nume; prenume; sex; data nasterii/ varsta; cetatenie; restul informatiilor din actul tau de identitate (inclusiv data emiterii, data expirarii actului, locul nasterii); membri de familie, de exemplu copii minori.

Detalii de contact, cum ar fi: numar de telefon; adresa de email; adresa de domiciliu/ resedinta;

Date medicale (date personale cu caracter special), cum ar fi: simptome; boli anterioare; analize si medicamente administrate in trecut; grupa sangvina; analize si alte servicii pe care le accesezi la Regina Maria; rezultatele analizelor pe care le efectuezi la noi; tratamentul prescris sau administrat; medicul pe care l-ai consultat; recomandari medicale; date din dosarul medical din spital, inclusiv date despre istoricul medical al familiei tale, in cazul in care este relevant ca antecedent heredo-colateral; date genetice, daca este aplicabil.

Detalii referitoare la facturi si plati, cum ar fi: adresa de facturare; numarul contului bancar sau al cardului bancar/ cod IBAN; numele si prenumele titularului contului bancar sau al cardului bancar (poate fi altul decat tine, daca altcineva a efectuat plata unei facturi in numele si pentru tine); data de la care cardul bancar este valabil; data expirarii cardului bancar.

Detalii profesionale, cum ar fi: angajator; functie; profesie; vechime la locul de munca.

Detalii referitoare la asigurari, cum ar fi: calitatea de asigurat/ neasigurat, asigurator (in cazul asigurarilor private).

Date referitoare la contracte, cum ar fi: contracte individuale incheiate pentru tine si/sau membri de familie beneficiari, contracte corporate al caror beneficiar esti in calitate de angajat sau membru de familie al companiei cliente, acte de adeziune.

Opinii si viziuni (pot include date cu caracter special), cum ar fi: orice opinii si viziuni pe care ni le transmiti pe canalele de comunicare disponibile prin Aplicatie.

Dupa cum reiese din lista de mai sus, este posibil sa ne furnizezi informatii cu privire la alte persoane – de exemplu, istoricul medical al rudelor tale care sufera de aceeasi conditie medicala ca tine. Atunci cand acestea se refera la persoane identificate sau pe care le putem identifica, vom trata aceste informatii drept date cu caracter personal ale acelor persoane si le vom acorda si lor protectia necesara. Vom respecta insa cu strictete obligatia de pastrare a secretului profesional (inclusiv a secretului medical) pe care o avem fata de tine si nu vom informa aceste persoane despre aceasta prelucrare pentru a respecta obligatia noastra de secret profesional (inclusiv medical) fata de tine.

3.2. Date colectate prin intermediul Aplicatiei

Aplicatia mobila Regina Maria este construita pentru a asigura confidentialitatea datelor utilizatorilor, („user privacy”). In functie de optinile tale si de permisiunile pe care ni le acorzi, Aplicatia poate colecta urmatoarele date:

Date de identificare si de contact
In cazul in care iti creezi Contul tau din aplicatie, iti vom solicita datele tale de identificare (nume, prenume, CNP/serie si nr pasaport, caz in care iti vom solicita si data nasterii si sexul) si de contact (numar de telefon mobil si adresa de email), pentru identificarea ta si activarea contului. Iti vom cere, de asemenea, sa iti setezi o parola, pe care doar tu o vei cunoaste.

La fiecare logare, vei furniza adresa de email si parola alese de tine, pentru protejarea datelor tale.

Informatii despre echipamentul si sistemul tau de operare
Atunci cand folosesti Aplicatia, colectam IP-ul si tipul echipamentului tau, precum si sistemul de operare folosit. Aceste informatii, desi reprezinta date cu caracter personal, nu ne permit sa te identificam fara coroborarea cu alte date cu privire la tine si fara confirmarea din partea operatorului de servicii de comunicatii electronice care a furnizat respectivul IP. Precizam ca extragerea IP-urilor implica prelucrarea de date de trafic de catre respectivii operatori, care se poate face doar in conditiile legii.

Activitatea ta in cadrul Aplicatiei
Aplicatia poate folosi trei tipuri de instrumente de tracking:

  • (i) necesare, fara de care nu poate functiona, care sunt activate automat. Aceste instrumente pot retine loguri anonime sau care te pot identifica. Tot in aceasta categorie sunt plasate si instrumentele care permit transmiterea de push notifiations (Firebase messaging) si logarea cu contul tau Facebook (facebook login), care vor fi activate doar in masura in care accepti push notification pe telefon sau te loghezi la Contul tau prin Facebook.
  • (ii) instrumente pentru statistici; din categoria instrumentelor statistice, folosim Firebase Crashlytics, care ne este necesar pentru identificarea blocajelor de functionare (“crash”). Firebase Crashlytics este setat sa colecteze exclusiv date cu privire la echipament, sistemul de operare si blocajul efectiv – data, ora si instanta din Aplicatie unde s-a produs, fara a colecta date care sa identifice sau sa poata identifica utilizatorul. Pentru buna functionare a aplicatiei, recomandarea noastra este sa pastrei acest instrument active, insa, daca nu doresti, il poti inactiva oricand,
  • (iii) instrumente de marketing, care sunt folosite in baza consimtamantului tau (Firebase Analytics, Google Analytics).

Permisiunile se solicita la instalarea Aplicatiei si ai optiunea sa le gestionezi la alegere din meniul acesteia.

Ai toate detaliile referitoare la instrumentele de tracking folosite de Aplicatie in Declaratia de instrumente disponibila atat la instalare, cat si ulterior, in meniul Aplicatiei.

Opinii exprimate si informatii cu privire la starea ta de sanatate
In cazul in care vei folosi sectiunea de Suport sau Intreaba un medic pentru a adresa intrebari sau a iti exprima o opinie, sau daca decizi sa atasezi documente la programari sau la intrebarile adresate unui medic, vom prelucra datele cu caracter personal pe care le vor contine.

Urmatoarele categorii de date vor fi prelucrate exclusiv pe baza permisiunilor acordate de tine. In conformitate cu Politica noastra de confidentialitate („Privacy Policy”), permisiunile se acorda prin actiuni afirmative pentru fiecare dintre optiunile de mai jos si pot fi refuzate fara a afecta instalarea sau utilizarea celorlalte optiuni ale aplicatiei.

Date de localizare – permisiunea se poate acorda la accesarea functionalitatii self check-in, fie atunci cand ai Aplicatia deschisa, fie la fiecare utilizare.

Acestea fac posibila accesarea uneia dintre functionalitatile de baza ale Aplicatiei – self check-in – care iti permite sa notifici medicul ca te-ai prezentat la programare si sa mergi direct la etajul si cabinetul acestuia, fara sa mai astepti la coada si sa mai interactionezi cu personalul din Receptie. Aceasta iti salveaza timp si evita erorile umane ce pot aparea din interactiunea cu personalul din Receptie. In conditiile epidemiologice actuale, iti permite, de asemenea, sa eviti zone aglomerate.

Pentru a beneficia de aceasta functionalitate, Aplicatia trebuie sa poata geolocaliza echipamentul pe care il folosesti. Geolocalizarea functioneaza in foreground si este activata doar cand Aplicatia este deschisa .

Iti confirmam faptul ca utilizam geolocalizarea cu respectarea conditiilor de confidentialitate din politica noastra de prelucrare a datelor („Privacy Policy”): (i) nu colectam date, interogam GPS-ul telefonului pentru a determina daca te afli in raza sau in afara razei clinicii unde ai programare, fara a determina coordonate precise si fara a stoca vreo informatie referitoare la localizarea ta, (i) folosim geolocalizarea exclusiv pentru scopurile declarate mai sus si (iii) nu dezvaluim aceste informatii niciunui furnizor sau client.

Exista si posibilitatea de a nu da permisiunea pentru geolocalizare („deny”, no location), daca nu doresti sa utilizezi functionalitatea de self check-in.

Calendar
Ne permite sa iti adugam programarile in calendarul telefonului tau. In acest scop, Aplicatia prelucreaza numarul de identificare a programarii in sistemele Regina Maria, numele, data, ora si locatia programarii.

Camera si microfon – permisiunea se solicita daca doresti sa parcurgi validarea finala la distanta si/sau daca accesezi Clinica virtuala.
Iti permit sa realizezi si sa transmiti catre Regina Maria imaginile necesare in vederea validarii finale a contului sau asocierii contului copilului tau minor. Imaginea ta foto tip sefie si inregistrarea video, fotografia cartii tale de identitate si a certificatului de nastere al copilului tau minor.

Aceste variante de validare sau asociere la distanta sunt strict optionale, necesita acordul tau expres si sunt o alternativa la validarea finala sau asocierea in oricare din Receptiile noastre. Ai toate detaliile referitoare la modul in care functioneaza, la datele pe care le prelucram si la modul in care le prelucram cu asigurarea confidentialitatii in

Termenii si Conditiile aplicabile acestei functionalitati, pe care iti cerem sa le parcurgi inainte de a incepe procesul de validare a contului.

Odata validarea sau asocierea incheiata, aplicatia nu va mai folosi camera si microfonul telefonului.

Fisiere si media – permisiunea se solicita la accesarea unei functionalitati care implica incarcarea de documente.

Iti permit sa atasezi fisierele dorite pentru o programare, pentru asocierea contului copilului sau pentru functionalitatea „Intreaba un medic”. Fisierele se salveaza direct in sistemele Regina Maria si sunt protejate intocmai ca toate celelelate documente medicale ale tale. Datele nu se salveaza in Aplicatie.

4.    SURSA DIN CARE PRIMIM DATELE TALE

Cele mai multe informatii le primim direct de la tine, atunci cand semnezi un contract de servicii medicale, cand te internezi intr-unul dintre spitalele noastre, cand accesezi servicii medicale intr-una dintre clinicile / laboratoarele noastre sau cand utilizezi

Aplicatia noastra mobila, de exemplu pentru a face o programare sau self check-in, pentru ca vedea ruta catre locatie sau pentru a accesa Clinica virtuala.

Prin intermediul Aplicatiei, primim date exclusiv de la tine sau cu permisiunea ta.

De la tine, colectam documentele pe care decizi sa le incarci sau detaliile pe care le selectezi pentru realizarea unei programari (cum ar fi specialitatea medicala, clinica, data si ora programarii).

De la echipamentul tau vom colecta date referitoare la tipul si modelul de echipament, sistemul de operare, IP, precum si informatii despre activitatea ta in cadrul aplicatiei, prin intermediul instrumentelor de tracking necesare pentru functionarea aplicatiei.

Daca ne dai permisiunea pentru localizare, vom interoga aceste informatii, fara sa le colectam si sa le stocam.

Urmatoarele date nu sunt colectate prin Aplicatie, dar pot fi vizibile in dosarul tau medical pe care il poti interoga prin Aplicatie.

Pentru serviciile de medicina muncii, in vederea angajarii sau oricand pe parcursul delurarii contractului de munca, angajatorul tau ne va transmite urmatoarele date care te privesc si care ne permit identificarea ta si determinarea tipurilor de controale si investigatii necesare: nume; prenume; cod numeric personal (CNP); identitate angajator; detalii profesionale; date de contact (telefon si / sau email).

Pentru beneficiarii de abonamente medicale contractate de angajator sau de angajatorul unui membru al familiei tale, putem primi din partea clientului nostru sau direct de la membrul de familie: nume; prenume; cod numeric personal (CNP); date de contact (telefon si / sau email).

5.    TEMEIURILE IN BAZA CARORA PRELUCRAM DATELE

Temeiurile pentru care prelucram datele tale cu caracter personal (altele decat datele cu caracter special)

Prelucram datele tale cu caracter personal, altele decat datele cu caracter special, cum ar fi datele medicale, pentru a putea incheia un contract cu tine, la cererea ta, sau pentru a executa un contract incheiat cu tine (prin care ne obligam sa iti prestam serviicile noastre).

In cazul in care decizi sa instalezi si sa utilizezi Aplicatia Regina Maria, prelucram datele tale pentru a-ti furniza acest serviciu. Aplicatia nu stocheaza date, ci functioneaza ca o interfata intre pacient si dosarul sau de pacient, inclusiv istoricul sau medical.

In cazul datelor de geolocalizare a echipamentului, acestea vor fi prelucrate in temeiul consimtamantului tau. In cazul in care doresti sa anulezi permisiunea acordata, o poti face fie din setarile telefonului tau, fie reinstaland aplicatia.
Intrucat aplicatia nu stocheaza date, ci este o interfata intre tine si dosarul tau de pacient la Regina Maria, in cazul unei reinstalari, nu vei pierde nimic din documentele disponibile anterior.

In ceea ce priveste comunicarile noastre de marketing, prelucram datele tale pe baza consimtamantelor la prelucrare pentru acest scop specific. Iti poti gestiona aceste consimaminte chiar din Aplicatie – sectiunea Profilul meu – consimtaminte.

Putem prelucra datele tale pentru indeplinirea obligatiilor noastre de raportare financiar-contabila, in cazul facturilor si platilor efectuate de tine, a obligatiilor de arhivare, a obligatiilor de a comunica unor autoritati publice, in psecial in domeniul sanatatii la cerere, anumite informatii sau a altor obligatii legale.

De asemenea, sunt cazuri in care prelucram datele tale in temeiul interesului nostru legitim, de exemplu pentru notificarea si recuperarea unor debite sau, avand in vedere multitudinea clinicilor, laboratoarelor si spitalelor noastre, pentru a facilita accesarea serviciilor noastre medicale.

Temeiurile pentru care prelucram datele tale personale cu caracter special

Avand in vedere specificul activitatii noastre (prestare de servicii medicale), este normal sa colectam sau sa prelucram date personale cu caracter special ale pacientilor nostri.

Vom realiza aceste prelucrari pe baza urmatoarelor temeiuri juridice:

  • Atunci cand prelucrarea este necesara in scopuri legate de evaluarea capacitatii de munca (pentru angajare sau in cadrul controalelor periodice), de stabilirea unui diagnostic medical, de furnizarea de asistenta medicala sau sociala sau a unui tratament medical sau de gestionarea sistemelor si a serviciilor de sanatate si asistenta sociala.
  • Putem prelucra datele tale medicale pentru protejarea intereselor tale vitale (sau ale unei alte persoane fizice), in situatii de urgenta medicala sau alte situatii in care te afli in incapacitate (fizica sau juridica) de a consimti la prelucrare.
  • In cazuri urgente, poate fi necear sa prelucram datele tale medicale din motive de interes public in domeniul sanatatii publice; de exemplu: protectia impotriva amenintarilor transfrontaliere grave la adresa sanatatii (in cazul unei pandemii), asigurarea de standarde ridicate de calitate si siguranta a asistentei medicale si a medicamentelor sau dispozitivelor medicale, in temeiul legislatiei Uniunii Europene sau a Romaniei.
  • In situatia in care intre tine si noi apar diferende pe care nu le putem solutiona impreuna pe cale amiabila, este posibil sa prelucram datele tale medicale (de exemplu, rezultatele analizelor medicale in baza carora s-a decis un anumit diagnostic) pentru constatarea, exercitarea sau apararea unui drept al nostru in instanta.

6.    SCOPURILE PENTRU CARE PRELUCRAM DATELE TALE CU CARACTER PERSONAL

Scopurile pentru care prelucram datele tale cu caracter personal referitoare prin intermediul Aplicatiei este furnizarea unui serviciu solicitat de tine.

Acordarea accesului la serviciile Aplicatiei Mobile Regina Maria. Acordarea accesului la dosarul tau medical si al copiilor tai minori; la serviciul de programari online si de self check-in la programari cand ajungi in clinica; la consultatii in clinica virtuala; la istoricul facturilor si platilor tale; la functionalitatea Intreaba un medic sau la Banca de kilometri; la reducerile oferite de partenerii nostri pe baza Cardului de membru.
In ceea ce priveste scopurile primare ale prelucrarii datelor disponibile si prin intermediul Aplicatiei, acestea sunt:

Prestarea de servicii medicale. Prestarea serviciilor medicale; inregistrarea serviciilor medicale prestate; comunicarea cu privire serviciile solicitate; activarea sau particularizarea abonamentelor tale; programari; identificarea ta si a serviciilor prestate; informarea ta cu privire la rezultatele serviciilor prestate sau – in cazul medicinei muncii – furnizarea documentelor legale catre angajatorul tau).

Gestionarea sistemelor noastre de comunicatii si IT (tehnologia informatiei). Gestionarea sistemelor noastre de comunicatii; gestionarea securitatii noastre IT; realizarea auditurilor de securitate asupra retelelor noastre IT; emiterea de rapoarte catre institutiile abilitate in domeniul securitatii cibernetice sau repararea unor erori de sistem.

Indeplinirea obligatiilor noastre legale. Indeplinirea obligatiilor noastre legale cu privire la inregistrarea infomartiilor medicale si tinerea evidentelor, arhivare, sanatate, securitate si a altor obligatii pe care legislatia ni le impune.

Gestiunea financiara. Eliberarea bonurilor, a facturilor si a chitantelor; primirea si inregistrarea platilor efectuate de tine sau de alta persoana in numele tau; recuperarea debitelor (inclusiv prin intermediul companiilor specializate in recuperarea de creante – detalii mai jos, la sectiunea referitoare la persoanele carora le putem dezvalui datele tale); restituirea unor sume de bani catre tine; transmiterea de notificari; elaborarea de rapoarte financiare/ operationale si emiterea situatiilor financiare/ cu privire la contracte, raportare catre autoritatile abilitate.

Comunicari de marketing. Comunicarea cu tine prin orice mijloace (de exemplu, email, telefon, mesaje telefonice (SMS-uri), posta, mesaje transmise pe platformele de socializare sau in persoana) a noutatilor privind serviciile medicale oferite de noi, abonare la newsletter sau furnizarea alte informatii care te-ar putea interesa.

Solutionarea disputelor. Formularea de cereri si de aparari inaintea autoritatilor publice si a altor entitati care solutioneaza dispute.

Sondaje. Realizarea de sondaje si adresarea de intrebari cu scopul de a obtine opinia ta cu privire la serviciile noastre.

Imbunatatirea produselor si serviciilor. Identificarea aspectelor ce pot fi imbunatatite si modalitatilor prin care putem face asta (inclusiv prin realizarea de audituri); testarea imbunatatirilor realizate asupra serviciilor noastre sau a noilor noastre servicii; solutionarea sesizarilor tale.

Tranzactii de M&A. Este posibil ca in viitor Regina Maria sa decida dezvaluirea datelor tale in contextul unor tranzactii de M&A.

7.    CUI VOM DIVULGA DATELE TALE

Ca regula, nu dezvaluim datele tale catre alte companii, organizatii sau persoane din orice tara (inclusiv Romania).

In anumite situatii, este insa posibil sa dezvaluim datele tale catre alte persoane fizice sau juridice, dupa cum urmeaza:

Alte companii din grupul Regina Maria – pentru motive legitime legate de accesarea unitara a serviciile medicale de catre toti pacientii. Lista companiilor ce fac parte din Reteaua de Sanatate Regina Maria este indicata in Sectiunea 17.

Medicii colaboratori– medicii care ofera consultatii in cadrul Regina Maria pot fi angajati ai retelei noastre de sanatate sau pot fi medici colaboratori in baza unui contract de servicii. Fiecare dintre acestia sunt obligati prin lege si prin contractul incheiat cu noi sa pastreze confidentialitatea datelor tale.

Autoritati publice din orice domeniu, din Romania sau din strainatate (in special autoritati publice in domeniul sanatatii din Romania: Casa Nationala de Asigurari de Sanatate, Ministerul Sanatatii, Institutul National de Sanatate Publica si altele) – la cererea acestora sau din initiativa noastra, exclusiv in contiile legislatiei aplicabile in Roamania si in Uniuna Europeana.

Asiguratori din Romania sau din alte state – in legatura cu serviciile de care ai beneficiat in clinicile noastre, la solicitarea ta.

Angajatorul tau – in legatura cu evaluarea capacitatii tale de munca pentru scopuri legate de medicina muncii, dar numai in limita informatiilor stabilite prin dispozitiilor legale, fiind excluse informatiile cu privire rezultatul investigatiilor medicale realizate.

Contabili, auditori, avocati si alti consultanti profesionali externi ai nostri sau ai unei alte companii din grupul Regina Maria, din Romania sau din strainatate – acestia vor fi obligati printr-o lege sau prin contractul incheiat cu noi sau cu alta companie din grupul nostru sa pastreze confidentialitatea datelor tale.

Persoane fizice sau juridice care actioneaza ca persoane imputernicite pentru Regina Maria, in diverse domenii (de exemplu, servicii din domeniul IT, servicii de plata, servicii de recuperare de creante, marketing si comunicare etc.), pe care ii vom obliga sa respecte cerintele legislatiei care iti protejeaza drepturile – acestia presteaza anumite servicii pentru noi.

Orice persoana, agentie sau instanta relevanta din Romania sau din alt stat – in masura necesara pentru constatarea, exercitarea sau apararea unui drept al nostru sau al altei companii din grupul REGINA MARIA in instanta.

Orice achizitori sau posibili achizitori relevanti din sectorul medical sau din alte sectoare, din Romania sau din alt stat – in situatia in care vindem sau transferam toate sau o parte dintre partile noastre sociale, activele noastre sau afacerea noastra (inclusiv in cazul reorganizarii, al dizolvarii sau al lichidarii noastre) – acestia vor fi tinuti de o obligatie de confidentialitate.

Partenerii nostri, cu care ne aflam in relatii contractuale, care actioneaza ca Operatori ai datelor prelucrate – furnizori de servicii in domeniul IT marketing si comunicare sau partenerilor care ofera reduceri pacientilor Regina Maria prin intermediul Cardului de membru – care vor primi exclusiv confirmarea calitatii de pacient Regina Maria, pe care le-o faceti cunsocita direct, in mod voluntar, cand solicitati acordarea reducerii disponibile.

Atunci cand folosim o persoana fizica sau juridica drept persoana imputernicita pentru prelucrarea datelor tale cu caracter personal, ne vom asigura ca aceasta a incheiat un act scris cu noi prin care isi asuma, printre alte obligatii pe care legislatia protectiei datelor cu caracter personal le prevede, obligatiile de a (i) prelucra datele cu caracter personal numai potrivit instructiunilor noastre scrise pe care i le-am furnizat in prealabil si de a (ii) implementa efectiv masuri pentru protejarea confidentialitatii si asigurarea securitatii datelor cu caracter personal. Ne vom asigura, de asemenea, ca actul scris dintre noi si persoana imputernicita prevede pentru aceasta cel putin toate celelalte obligatii pe care le prevede legislatia aplicabila cu privire la protectia datelor cu caracter personal.

8.    CUI SI IN CE CONDITII VOM TRANSFERA DATELE TALE CATRE O TARA TERTA SAU ORGANIZATIE INTERNATIONALA

De principiu, urmarim sa limitam pe cat posibil transferul de date cu caracter personal catre alte companii, organizatii sau persoane din state terte, iar atunci cand analizam realizarea unui astfel de transfer, incercam sa selectam destinatari din tari pentru care Comisia Europeana a emis decizii de adecvare cu privire la nivelul de protectie a datelor in respectivele tari – adica un nivel de protectie similar celui din Uniunea Europeana. Pentru aceste transferuri, nu sunt necesare autorizari speciale sau masuri suplimentare fata de cele implementate pentru orice destinatar al datelor din Uniunea Europeana si Spatiul Economic European. Chiar si in aceste situatii, realizam astfel de transferuri pentru categorii limitate de date

In anumite situatii limitate, transferurile catre tari terte fara decizii de adecvare se pot face doar pe baza unor garantii adecvate – cum ar fi clauzele contractuale standard suplimentate de masuri tehnice si contractuale, sau, in unele cazuri exceptionale, in baza consimtamantului, pentru implementarea unui contract la solicitarea persoanei vizate (de exemplu, in vederea efectuarii unor analize specializate, la solicitarea expresa a pacientilor nostri, transmitem date cu caracter personal catre centre medicale din afara Romaniei, inclusiv catre state terte).

Daca va fi necesar sa transferam datele tale catre vreuna dintre destinatiile fara decizii de adecvare, te vom informa in prealabil atat cu privire la destinatia transferului, cat si cu privire la temeiurile acestuia si, dupa caz, vom obtine consimtamantul tau in acest sens.

9.    CAT TIMP VOM PRELUCRA DATELE TALE

Prelucram datele tale cu caracter personal pentru perioade diferite, in functie de categoria de date si de scopul prelucrarii, dupa cum urmeaza:

Informatii cu privire la starea de sanatate – Cea mai importanta categorie de date cu caracter personal pe care o prelucram sunt informatiile cu privire la starea ta de sanatate, inregistrate cu ocazia accesarii serviciilor medicale. Aceste date au si durata de prelucrare cea mai mare de stocare – intre 30 de ani in cazul documentelor scrise fara valoare tehnica, pana la 100 de ani in cazul documentelor medicale, in temeiul Legii nr. 95/2006 privind reforma in domeniul sanatatii, coroborat cu Legea Arhivelor nationale nr. 16/1996.

Datele de identificare – nume, prenume, CNP, sunt accesorii datelor cu privire la starea de sanatate a pacientului, si prin urmare se pastreaza pe toata perioada de stocare a datelor medicale. Documentele medicale sunt incadrabile in categoria documentelor cu valoare practica, in baza carora se elibereaza copii, certificate si extrase, si in consecinta, pentru a putea elibera astfel de documente, la cerere, este necesar sa putem identifica cert pacientul caruia ii apartin.

Date de contact – adrese de email, numere de telefon, adrese de corespondenta – este important sa avem date de contact pentru pacientii care au fise medicale in cadrul retelei noastre. De asemenea, datele de contact sunt utilizate pentru crearea si accesarea Contului meu Regina Maria. De aceea, incercam sa actualizam si sa confirmam corectitudinea datelor de contact. Acestea se prelucreaza pe durata de valabilitate, astfel cum este transmisa de catre pacienti, care au posibilitatea de a-si modifica sau sterge astfel de date dupa propria alegere.

Date financiare – in cazul pacientilor care efectueaza plati pentru contracte individuale sau pentru servicii, prelucram detalii legate de facturi si plati, pe care le prelucram, conform reglementarilor financiar-contabile, pe o perioada de 5 pana la 10 ani.

Fotografia tip selfie, fotografia cartii de identitate sau a certificatului de nastere al copilului tau minor si scurta inregistrare video prelucrate in scopul validarii la distanta a Contului meu sau asocierii contului copilului tau minor, in cazul in care optezi pentru acest tip de validare sau asociere, se stocheaza pe o perioada de pana la 12 luni.

Instrumente de tracking se stocheaza exclusiv pe echipamentul utilizatorului Aplicatiei, fie pe perioada de functionare a acesteia pana la prima reinstalare, fie pana la modificarea de catre tine a permisiunilor, in meniul Aplicatiei.

Geolocatia se prelucreaza exclusiv pe perioada de activitate a aplicatiei in foreground, iar intregul proces se realizeaza local, pe telefon, fara a colecta datele in afara echipamentului. Regina Maria nu colecteaza si nu stocheaza datele de geolocalizare a echipamentului tau.

10.    SECURITATEA DATELOR TALE

Lucram din greu pentru a proteja clientii nostri, alte persoane ale caror date le prelucram si pe noi insine de accesul neautorizat si de modificarea, divulgarea sau distrugerea neautorizata ale datelor pe care le prelucram. In special, am implementat urmatoarele masuri tehnice si organizatorice de asigurare a securitatii si confidentialitatii („privacy”) datelor cu caracter personal:

Politici dedicate. Adoptam si ne revizuim practicile si politicile de prelucrare a datelor clientilor nostri si ale altor persoane, inclusiv masurile fizice si electronice de securitate, pentru a ne proteja sistemele de acces neautorizat si alte posibile amenintari la securitatea acestora. Verificam constant modul in care aplicam propriile politici de protectie a datelor cu caracter personal si in care respectam legislatia protectiei datelor.

Minimizarea datelor. Ne-am asigurat ca datele tale cu caracter personal pe care le prelucram sunt limitate la cele care sunt necesare, adecvate si relevante pentru scopurile declarate in aceasta nota.

Restrangerea accesului la date. Restrangem cu strictete accesul la datele cu caracter personal pe care le prelucram la angajatii, colaboratorii si alte persoane care au nevoie sa le acceseze pentru buna desfasurare a activitatii lor. Toate aceste companii si persoane fizice sunt supuse unor obligatii stricte de confidentialitate si nu vom ezita sa ii tragem la raspundere si sa incetam colaborarea in cazul in care nu trateaza protectia datelor cu maxima seriozitate.

Masuri tehnice specifice. Am achizitionat si utilizam tehnologii care sa asigure clientii nostri si alte persoane ca securitatea datelor lor este protejata, atat pe perioada stocarii, cat si in tranzit, folosind metode moderne de criptarePentru a iti proteja securitatea datelor, iti recomandam sa nu folosesti echipamente cu acces multiplu si sa nu divulgi altor persoane datele tale de logare in Aplicatie.

Back-up-uri si audituri de securitate. Lucram din greu pentru a proteja sistemele noastre de acces sau modificarea neautorizata sau accidentala ale datelor tale si de alte posibile amenintari la adresa securitatii acestora. Din acest motiv, dupa ce stergi informatii din contul tau, este posibil sa nu stergem imediat copiile sau back-up-urile pe care le-am creat. Realizam arhive (back-up-uri) zilnice, pe care le pastram securizat pentru minimum sase (6) luni. Toate echipamentele tehnice pe care le folosim pentru prelucrarea datelor tale sunt securizate si actualizate pentru a proteja datele. De asemenea, desfasuram, la intervale de timp regulate, audituri de securitate cu auditori independenti din Big Four asupra sistemelor informatice pe care le folosim pentru prelucrarea datelor cu caracter personal ale clientilor nostri si ale altor persoane.

Asigurarea exactitatii datelor tale. Este posibil ca din cand in cand sa te rugam sa confirmi exactitatea si/sau actualitatea datelor tale cu caracter personal pe care le prelucram.

Instruirea personalului. Ne instruim constant angajatii si colaboratorii cu privire la legislatia si cele mai bune practici in domeniul prelucrarii datelor cu caracter personal.
Anonimizarea datelor. Acolo unde este posibil si adecvat activitatii noastre, anonimizam / pseudonimizam datele cu caracter personal pe care le prelucram, ca masura de protectie suplimentara.

Controlul furnizorilor nostri de servicii. Introducem in contractele cu cei care prelucreaza pentru noi (persoane imputernicite) sau impreuna cu noi (alti operatori – operatori asociati) clauze sau anexe pentru asigurarea protectiei datelor pe care le prelucram; aceasta protectie merge cel putin pana la minimul impus de legislatie.

Desi luam toate masurile rezonabile pentru a asigura securitatea datelor tale, nu putem garanta lipsa oricarei incalcari de securitate sau imposibilitatea de penetrare a sistemelor de securitate. In cazul nefericit si putin probabil in care o astfel de incalcare va surveni, vom urma procedurile legale pentru limitarea efectelor si informarea cu transparenta a persoanelor vizate afectate.

11.    CARE SUNT DREPTURILE TALE SI CUM LE POTI EXERCITA

Drepturile tale

Pe scurt, drepturile tale sunt urmatoarele:

Dreptul de acces la date. Ai dreptul de a obtine accesul la datele tale pe care le prelucram sau la copii ale acestora; ai, de asemenea, dreptul de a obtine de la noi informatii cu privire la modalitatea in care prelucram aceste date, incluzand scopurile si durata prelucrarii, destinatarii sau categoriile destinatarilor carora le divulgam datele tale, sursa datelor tale pe care nu le-am colectat direct de la tine.

Dreptul la rectificarea datelor. Ai dreptul de a obtine rectificarea inexactitatilor datelor tale pe care le prelucram.

Dreptul la stergerea datelor. Ai dreptul de a obtine de la noi stergerea datelor tale, daca nu (mai) avem un temei pentru prelucrarea acestora, de exemplu daca nu avem o obligatie legala sau un interes legitim de a le pastra. Raspunsurile noastre la solicitari de stergere sunt intotdeauna insotite de explicatii cu privire la limitele posibilitatii de exercitare a acestui drept, in functie de categoriile de date prelucrate in legatura cu tine.

Dreptul la restrictionarea prelucrarii datelor. Ai dreptul de a restrictiona prelucrarea datelor tale, pe perioada indicata de tine.

Dreptul la portabilitatea datelor. Ai dreptul de a primi direct sau de a obtine transferul catre un alt operator pentru datele tale pe care ni le-ai furnizat direct si care sunt prelucrate rin mijloace automate.

Dreptul opozitie. Ai dreptul de a te opune la prelucrarea datelor pe care le prelucram in legatura cu tine in temeiul interesului nostru legitim.

Dreptul de a nu face obiectul unui proces individual automatizat, inclusiv crearea de profiluri, fara consimtamantul tau.

Retragerea consimtamantului. In situatiile in care prelucram datele tale in temeiul consimtamantului tau, poti sa iti retragi consimtamantul in orice moment, cel putin la fel de usor cum ni l-ai acordat initial; retragerea consimtamantului nu va afecta legalitatea prelucrarii datelor tale pe care am realizat-o inainte de retragere.

Dreptul de a depune o plangere la autoritatea de supraveghere. Ai dreptul de a depune o plangere la autoritatea de supraveghere.

Cum iti poti exercita drepturile

Pentru a exercita sau a afla mai multe detalii despre oricare dintre aceste drepturi, poti transmite o solicitare prin formularul de contact disponibil la https://www.reginamaria.ro/suport sau in sectiunea Suport din aplicatia mobila Regina Maria. De asemenea, ne poti scrie pe adresa dpo@reginamaria.ro.

Iti poti gestiona consimtamintele pentru comunicari comerciale in sectiunea  onsimtaminte din Contul meu, printr-o solicitare prin intermediul formularului de contact disponibil la https://www.reginamaria.ro/suport sau apeland in Contact Center, iar pe cele pentru folosirea cookieurilor in sectiunea Consimtaminte cookies/Consimtaminte tracking de pe website, respectiv aplicatia mobila.

Vom incerca sa raspundem cat mai rapid si complet tuturor intrebarilor si preocuparilor tale si sa iti facilitam exercitarea drepturilor.

12.    CE SE POATE INTAMPLA DACA NU NE FURNIZEZI DATELE

Nu ai o obligatie de a ne furniza datele tale cu caracter personal pe care le-am mentionat in acest document.

Cu toate acestea, daca nu ne oferi aceste date, nu va fi posibil pentru noi sa iti prestam serviciile pe care ni le soliciti.

De exemplu, in ceea ce priveste accesarea Aplicatiei, fara sa furnizezi date de identificare si de contact la instalare, nu iti vei putea crea cont si nu vei avea acces la functionalitati precum programari online sau istoric plati. In cazul in care nu doresti sa parcurgi validarea finala a Contului in orice varianta, nu vei avea acces la dosarul tau medical. In cazul in care nu doresti sa activezi geolocalizarea, nu vei putea face self check-in.

La modul general, in cazul in care nu doresti sa ne furnizezi date care te privesc, este posibil sa nu poti accesa serviciile noastre medicale.

13.   PROCESE DECIZIONALE AUTOMATIZATE

Ca regula, in calitate de utilizator al serviciilor noastre, nu vei face obiectul unei decizii bazate exclusiv pe prelucrarea automata a datelor tale (inclusiv crearea de profiluri) care sa produca efecte juridice cu privire la tine sau care sa te afecteze intr-un mod similar intr-o masura semnificativa.

In functie de consimtamintele acordate pentru comunicari comerciale si pentru utilizarea cookieurilor, este posibil sa iti transmitem mesaje privind serviciile noastre personalizate in functie de interesele tale.

14.    CAND SE APLICA ACEASTA NOTA DE INFORMARE

Aceasta nota de informare se aplica in legatura cu prelucrarea datelor tale cu caracter personal in cadrul Aplicatiei mobile Regina Maria.

Nota generala privind prelucrarea datelor cu caracter personal de catre Regina Maria poate fi consultata online la adresa https://www.reginamaria.ro/gdpr. 

15.    MODIFICARILE ACESTEI NOTE DE INFORMARE

Este posibil sa modificam aceasta nota din cand in cand, caz in care iti vom aduce la cunostinta modificarile
Vom posta aceasta nota de informare, precum si orice noua versiunea a acesteia si pe website-ul nostru, in cadrul sectiunii dedicate politicii de confidentialitate/GDPR.

16.    CE SEMNIFICA TERMENII PE CARE I-AM FOLOSIT IN ACEASTA NOTA

Autoritatea de supraveghere a prelucrarii datelor cu caracter personal: o autoritate publica independenta care, potrivit legii, are atributii referitoare la supravegherea respectarii legislatiei protectiei datelor cu caracter personal. In Romania, aceasta autoritatea de supraveghere a prelucrarii datelor cu caracter personal este Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP).

Date cu caracter personal: orice informatii privind o persoana fizica identificata sau identificabila (denumita „persoana vizata”). O persoana fizica este identificabila daca poate fi identificata, direct sau indirect, in special prin referire la un element de identificare, de exemplu: nume, numar de identificare, date de localizare, identificator online, unul/mai multe elemente specifice, proprii identitatii fizice, fiziologice, genetice, psihice, economice, culturale sau sociale a respectivei persoane. Astfel, de exemplu, in notiunea de date cu caracter personal sunt incluse urmatoarele: numele si prenumele; adresa de domiciliu sau de resedinta; adresa de email; numarul de telefon; codul numeric personal (CNP); date de geolocatie. Categoriile de date cu caracter personal pe care le prelucram sunt enumerate mai sus.

Categorii speciale de date cu caracter personal: datele cu caracter personal care: dezvaluie originea rasiala sau etnica, opiniile politice, confesiunea religioasa sau convingerile filozofice sau apartenenta la sindicate; datele genetice; datele biometrice pentru identificarea unica a unei persoane fizice; datele privind sanatatea, viata sexuala sau orientarea sexuala a unei persoane fizice.

Operator: persoana fizica sau juridica care decide de ce (in ce scop) si cum (prin ce mijloace) sunt prelucrate datele cu caracter personal. Potrivit legii, raspunderea pentru respectarea legislatiei referitoare la datele cu caracter personal revine in primul rand operatorului. In relatia cu tine, noi suntem operatorul, iar tu esti persoana vizata.

Persoana imputernicita: orice persoana fizica sau juridica care prelucreaza date cu caracter personal in numele operatorului, alta decat angajatii operatorului.

Persoana vizata: persoana fizica la care se refera (careia ii „apartin”) anumite date cu caracter personal. In relatia cu noi (operatorul), tu esti persoana vizata.

Prelucrare a datelor cu caracter personal: orice operatiune / set de operatiuni efectuata/efectuate asupra datelor cu caracter personal sau asupra seturilor de date cu caracter personal, cu sau fara utilizarea mijloacelor automatizate; de exemplu: colectarea, inregistrarea, organizarea, structurarea, stocarea, adaptarea sau modificarea, extragerea, consultarea, utilizarea, divulgarea prin transmitere, diseminarea sau punerea la dispozitie in orice alt mod, alinierea sau combinarea, restrictionarea, stergerea sau distrugerea respectivelor date cu caracter personal/seturi de date cu caracter personal. Acestea sunt doar exemple. Practic, prelucrarea inseamna orice operatiune asupra datelor cu caracter personal, indiferent daca prin mijloace automate sau manuale.

Stat tert: un stat din afara Uniunii Europene si a Spatiului Economic European.

Privacy policy information note for the REGINA MARIA mobile app

To make it easier for you to navigate through this Privacy Policy Information Note, please see below the sections you may consult:

  1. About this Privacy Policy Information Note
  2. Who we are
  3. What personal data we process
  4. Sources from which we collect your personal data
  5. The bases on which we process your personal data
  6. Purposes for which we process your personal data
  7. To whom will we disclose your data
  8. International data transfers
  9. How long will we process your data
  10. Security of your data
  11. Which are your rights and how can you exercise them
  12. What can happen if you do not provide us your data
  13. No automated decision-making
  14. Applicability of this Privacy Policy Information Note
  15. Changes to this Privacy Policy Information Note
  16. What do the terms we have used in this note mean

1.    ABOUT THIS PRIVACY POLICY INFORMATION NOTE

This Information Notice is addressed to all users of the Regina Maria Mobile Application (hereinafter referred to as the Application) and explains how the Application processes their personal data. The purpose of this Notice is also to explain how we ensure that your personal data is processed responsibly, in accordance with applicable data protection legislation and our Privacy Policy.

The group companies, as listed here, as joint data controllers, appoint Centrul Medical Unirea SRL (CMU) as the principal joint controller to represent them in relation to the data subjects and the National Supervisory Authority for Personal Data Processing, including for the purposes of this Information Notice.

You can find information regarding our identity and contact details below. Additionally, you can also find the contact details of the Data Protection Officer within Regina Maria below.

At Regina Maria, we take the respect for the security and confidentiality of your data very seriously. Compliance with data protection legislation and best practices in the field, as well as ensuring an environment of transparency, safety, and trust for our patients, is a priority for us, which our employees, collaborators, partners, and management firmly support.

This Notice contains important information regarding our Privacy Policy. Therefore, we encourage you to take the necessary time to read it thoroughly and carefully and to ensure that you fully understand it. To facilitate the reading of the document, we have included a glossary at the end of this note that explains the main terms used (e.g., “personal data,” “processing,” etc.). Do not hesitate to communicate any uncertainties you may have. We want it to be clear to you how we use your data and how we protect its confidentiality. The content of this Information Notice is purely informative and does not affect the rights provided to you by the legislation. We will do our best to facilitate the exercise of these rights.

Thank you for your trust.

2.    WHO WE ARE

The Regina Maria Healthcare Network is the private medical service operator in Romania that brings together more than 5,000 personnel and collaborators in locations in Bucharest and throughout the country.

In numbers, Regina Maria means: 46 clinics, 8 hospitals, 4 daytime hospitalization centers, 4 maternity wards, 10 medical campuses, 26 imaging centers, 28 analyses laboratories, own bank of stem cells and more than 300 partner polyclinics in the country.

Our contact data

Full name

  • Centrul Medical Unirea SRL together with all the legal entities mentioned in item 17 in this Information note

Headquarters address

  • 5B Ion Ionescu de la Brad Boulevard, District 1, Bucharest

Administrative headquarters address (mailing address)

  • Charles de Gaulle Plaza Building, 15 Charles De Gaulle Square, 4th floor, District 1, Bucharest

Telephone number

  • 0219268 or *9268 or 0219886 (available between hours 8 and 20 Monday – Friday)

Online

  • The “Support” section in the Mobile App or https://www.reginamaria.ro/suport

Email

    
Contact data of our data protection officer (this is the person you need to contact for any issues related to the protection of your personal data)

Mailing address

  • Charles de Gaulle Plaza Building, 15 Charles De Gaulle Square, 4th floor, District 1, Bucharest

E-mail address

3.    WHAT PERSONAL DATA WE PROCESS

3.1. Personal data processed through the App

The personal data that we process is collected directly from you or resulting from the provision of services by one of the companies within Regina Maria, and include the following categories of data:

Personal details, such as: last name; first name; gender; date of birth/age; citizenship; remaining information in your identity card (including issuance date, expiry date, place of birth); family members, for example minor children.

Contact details, such as: telephone number; e-mail address; home/residence address;

Medical data (special category of personal data), such as: symptoms; previous diseases; analyses and medicines administered in the past; blood group; analyses and other services that you access within Regina Maria; results of your analyses performed by us; treatment we prescribe or administer; doctors that you have consulted; medical recommendations; data from your hospital medical file, including data about your family's medical history, if it is relevant as a heredo-collateral history; genetic data, if applicable.

Details about invoices and payments, such as: invoicing address; bank account number or bank card number IBAN code; last name and first name of the holder of the bank account or bank card (may be other than you, if someone else has paid an invoice in your name and for you); date since which the bank card is valid; expiry date of the bank card.

Professional details, such as: employer; position; profession; seniority at work.

Details about insurances, such as: quality of insurant/non-insurant, insurer (in case of private insurances).

Data about contracts, such as: individual contracts concluded for you and/or beneficiary family members, corporate contracts of which beneficiary you are as an employee or family member of the client company, adhesion documents.

Opinions and views (may include sensitive data), such as: any opinions or views that you submit to us on the communication channels available through the App.

As shown in the list above, it is possible to provide us with information about other people - for example, the medical history of your relatives who are suffering from the same medical condition as yours. When these refer to identified or identifiable persons, we will treat this information as personal data of those persons and we will also provide them with the necessary protection. However, we will strictly comply with the obligation of professional secrecy (including medical secrecy) that we have with you and we will not inform those persons about such processing in order to comply with our obligation of professional (including medical) secrecy towards you.

3.2. Data collected through the App

The following data are processed exclusively through the App, depending on the permissions you grant to us
    
The Regina Maria Mobile App is designed to ensure the user privacy. Depending on the options you wish to access and on the permissions you choose to grant us, the App may collect the following categories of data:

Identification and contact data

If you choose to create your Account through the App, we will ask you to disclose us your identification data (name, given names, National Identification Number) and contact details (mobile phone number and email address), in order for us to identify you and to activate your account. You will also be required to set a password, which will only be known to you.
Each time you login, you will have to provide your email address and password, for the protection of your personal data.  

Information on your device and operating system

When you use the App, we collect information on the type of your device and the operating system thereof. As well as your IP. This information, although they qualify as personal data, does not allow us to identifyyou without corroboration with other data referring to you, and without the confirmation of the electronic communications operator that generated the respective IP. Please note that the identification of an IP implies the processing of traffic data, which can only be made by the electronic communications operators, under the law.

Your activity within the App

We use only necessary tracking tools, without which certain functionalities of the App could not work. These tools may retain anonymous logs, but also logs that may identify you, and will only be activated if you grant us permission, while you navigate the App, for accessing your Calendar, Location (for self check-in), and if you have the Push notification option activated on your mobile phone.

We also use one statistics tools, Firebase Crashlytics, which enables us to identify app crashes. Firebase Crashlytics is set to collect exclusively data relating to the equipment, the Operating System, and the crash itself – its date, time, and the App instance where it occurred, without collecting any data which may identify or make identifiable the App user.


Opinions you might express and information related to your health
If you choose to use the Support or Ask a Doctor section in the App in order to ask a question or to attach a supporting document to your appointments or your questions, we will process the personal data contained therein.

The following categories of personal data will be processed exclusively based on the permissions you grant us.

In accordance with our Privacy Policy, permissions are granted through affirmative actions for each of the options below and can be denied without affecting the installation or use of the other options of the App.

Location data – permission may be granted when accessing the self check-in functionality, either while using the App, or for each specific use.

Location data makes it possible to access one of the basic functionalities of the App - self check-in - which allows you to notify the physician that you arrived for the appointment and go directly to the cabinet’s floor and room, without waiting in line and interacting with the Reception personnel. This saves your time and avoids human errors that may arise from interacting with the Reception personnel. Under the current epidemiological conditions, it also allows you to avoid crowded areas.  

In order to benefit from this functionality, the App must be able to locate the equipment that you use. Location works in foreground, and is activated only when the App is open. 

We confirm that we use location in accordance with the privacy conditions in our Privacy Policy: (i) we do not collect data, we interrogate the GPS of the telephone in order to determine whether you are inside or outside the set distance from the clinic where you have the appointment, without determining your precise coordinates, and without storing any information regarding your location, (ii) we use location exclusively for the purposes stated above and (iii) we do not disclose this information to any provider or client. 

There is also the possibility to deny the permission for location ("deny") if you do not wish to use the self check-in function.

Calendar – permission is requested if you want to add your appointment to the Calendar you use on your equipment
It allows us to add your appointments to your telephone's calendar. For this purpose, the App processes your appointment’s identification number in the Regina Maria systems, the name, date, time and location of the appointment.

Camera and microphone – permission is requested if you want to go through the final remote validation.

They allow you to make and send to Regina Maria the images necessary for the final validation of your account or in order to associate your child’s account to your own. These include your selfie photo and short video recording, the photo of your ID card and of the child’s birth certificate

This remote account validation or association are strictly optional, they require your express consent and are an alternative to the final validation or association in any of our Receptions. You have all the details regarding the way it works, the data we process and the way we process it with the assurance of privacy in the Terms and Conditions applicable to this functionality, which we ask you to go through before starting the account validation process.

Once the requested validation or association is completed, the App will no longer use the telephone's camera and microphone.

Files and media – permission is requested when accessing a functionality that involves uploading documents.

They allow you to attach the desired files for an appointment, for associating your child's account or for the functionality "Ask a doctor". The files are saved directly in the Regina Maria systems and are protected like all your other medical documents. The data are not saved in the App.

Physical activity – permission is granted when accessing the Bank of Kilometers

It helps you quantify the distance traveled when using the Bank of Kilometers option in the Regina Maria App. It works in foreground, only when this functionality is activated in the open App.

4.    SOURCES FROM WHICH WE COLLECT YOUR DATA

We receive the most information directly from you when signing a medical services contract, when you are admitted to one of our hospitals, when you access medical services in one of our clinics/laboratories or when you use our mobile App, for example to make an appointment, or make a self-check-in.
Through the App, we collect data exclusively from you or with your permission

From you, we receive the documents you choose to upload or the details you select in order to make a doctor’s appointment (such as medical specialty, clinic, date, time, cost of the appointment).

From your equipment, we collect data referring to its type and model, its operating system and IP, as well as information related to your activity within the App, through the tracking tools necessary for the functioning of the App. If you give us permission for location, we will interrogate your location, without collecting and storing such data.

If you choose to import into the Bank of Kilometers the distances accumulated in other apps that accumulate kilometers, we will receive from these apps the number of kilometers you walked while using such apps. The way you choose to log into such apps in order to transfer kilometers to the Bank of Kilometers depends only on you and the login options you choose in the third party app.

We are constantly trying to keep your data as accurate and up-to-date as possible. For this purpose we continuously make efforts to update and confirm your identification and contact data. We also make every effort to ensure their privacy and security in accordance with our Privacy Policy.

The following data are not collected through the App, but they may be visible in your medical records that you might interrogate through the App.

For the occupational health services, for the purpose of hiring or at any time during the course of the employment, your employer will send us the following data about you, that will allow us to identify you and determine the types of required checkups and investigations: last name; first name; personal identification number (CNP); employer’s identity; professional details; contact details (telephone number and/or e-mail).

For the beneficiaries of medical subscriptions contracted by your employer or by the employer of a member of your family, we can receive from our client or directly from the family member: last name; first name; personal identification number (CNP); contact details (telephone number and/or e-mail).

last name; first name; personal identification number (CNP); contact details (telephone number and/or e-mail).

5.    THE BASES ON WHICH WE PROCESS YOUR DATA

The bases on which we process your personal data (other than special categories of data)

We process your personal data, other than special categories of data, such as medical data, in order to be able to conclude a contract with you, at your request, or for the performance of a contract concluded with you (through which we undertake to perform our services in your benefit).

If you decide to install and use the Regina Maria App, we process your data in order to provide you this service. The App does not store data; it functions as an interface between the patient and their patient file, including their medical records with Regina Maria.

In the case of location data of your equipment, these will be processed based on your specific consent. If you want to cancel the granted permission, you can do so either from your telephone settings, or by reinstalling the App. As the App does not store data, and is an interface between you and your patient file at Regina Maria, in case of reinstallation, you will not lose any of the previously available documents.

For any commercial communication we might send you, we will process your data on the basis of your consent for this specific purpose. You can manage these consents right from the App - My Profile section -> Consents.

We may process your data for the fulfillment of legal obligations, such as our financial reporting obligations, in case of invoices and payments made by you; archiving obligations; obligations to disclose to certain public authorities, especially health and sanitary authorities, upon request, certain information.
There are also cases in which we process your data based on our legitimate interest, for example for the notification and recovery of outstanding debts or, given the multitude of our clinics, laboratories and hospitals, to facilitate the access to our medical services.

The bases on which we process your special category data

Considering the specific nature of our activity (provision of medical services), it is in our normal course of business collect and process special category personal data of our patients.

We will perform this processing based on the following legal grounds:

When the processing is necessary for purposes of assessing your employment capacity (for hiring or during periodical checkups), of establishing a medical diagnosis, of providing medical or social care or a medical treatment, or of managing the healthcare and social care systems and services.
We may process your medical data in order to protect your vital interests (or of another natural person), in emergencies or other situations in which you are incapable (physically or legally) to consent to processing.

In urgent cases, we may need to process your medical data for reasons of public interest in the field of public health; for example: protection against serious cross-border threats to health (in case of a pandemic), ensuring high standards of quality and safety of medical care and medicines or medical devices, under the European Union or Romanian legislation.

In the event that between you and us arise disputes that we cannot solve together amicably, it is possible that we process your medical data (for example, results of medical analyses based on which a particular diagnosis has been decided) in order to establish, exercise or defend our rights in front of a court.

6.    PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

The purposes for which we process your personal data through the App is the provision of a service requested by you, namely

Granting access to the services provided by the Regina Maria Mobile App – granting access to your medical records and the medical records of your child; to the online appointment making system; to the self check-in service when you reach the clinic; to appointments in the virtual clinic (which is not hosted in the App); to your invoices and payments history; to the Ask a doctor and Bank of kilometers functionalities; to the discounts offered by our partners through the Membership card.

Regarding the primary purposes of processing the data available through the App, they are:

Provision of medical services. Provision of medical services; registration of provided medical services; communicating with you about the requested services; activation or customization of your subscriptions; appointments; identifying you and the provided services; your information concerning the results of the provided services or - in case of occupational health - the provision of legal documents to your employer.

Managing our communication and IT (information technology) systems. Managing our communication systems; managing our IT security; performing security audits on our IT networks, genrating reports to authorized institutions in the field of cyber security, or solving system failures.

Fulfilling our legal obligations. Fulfilling our legal obligations with regard to the registration of medical information and keeping records, archiving, healthcare, security, and other obligations that the law imposes on us.

Financial management. Issuing invoices and receipts; receiving and recording payments performed by you or by another person on your behalf; recovering debts (including through debt recovery companies - details below in the section concerning the persons to whom we may disclose your data); refunding some amounts of money to you; transmission of notifications; preparation of financial/operational reports and issuing statutory financial statements/statements concerning contracts, reporting to competent authorities.

Marketing communications. Communicating with you by any means (for example, e-mail, telephone, text messages (SMS), mail, messages sent on social networks or in person) news about medical services provided by us, subscription to newsletter or providing other information that might interest you.
Settlement of disputes. Preparing requests and defenses before public authorities and other entities that settle disputes.

Surveys. Making surveys and asking questions to you in order to obtain your opinion concerning our services.

Improving products and services. Identifying issues which can be improved and the modalities in which we can do this (including by conducting audits); testing the improvements made to our services or our new services; solving your complaints.

M&A transactions. It is possible in the future for Regina Maria to decide to disclose your data in the context of M&A transactions.

7.    TO WHOM WILL WE DISCLOSE YOUR DATA

As a rule, we do not disclose your data to other companies, organizations or persons in any country (including Romania).

In certain circumstances, however, it is possible to disclose your data to other natural or legal persons, as  follows:

Other companies within the Regina Maria group – for legitimate reasons related to the unitary access to medical services by all patients. The list of companies that are part of the Regina Maria Healthcare Network is provided in section 17.

Contractual physicians – physicians who provide consultations within Regina Maria may be employed by our healthcare network or may be contractual physicians. Each of them is kept both by law and by the contract concluded with us to preserve the confidentiality of your data.

Public authorities in any field, in Romania or abroad (in particular public health authorities in Romania: National Health Insurance House, Ministry of Health, National Institute of Public Health and others) - at their request or at our initiative, exclusively in accordance with the applicable legislation in Romania and the European Union.

Insurers in Romania or other states – in connection with the services you received in our clinics, at your request.

Your employer – in connection with the assessment of your work capacity for purposes related to occupational health, but only to the extent of the information established by the legal provisions, excluding information concerning the result of the performed medical investigations.

Accountants, auditors, lawyers and other external professional consultants of ours or of another company within Regina Maria group, in Romania or abroad – they will be bound by law or by the contract concluded with us or another company within our group to ensure the confidentiality of your data.

Natural or legal persons acting as processors for Regina Maria, in various fields (for example, IT services, payment services, debt collection services, marketing and communication, etc.), that we will require by contract to comply with the requirements of the legislation that protects your rights - they provide certain services to us.

Any relevant person, agency or court in Romania or other state – to the extent necessary to establish, exercise or defend a right of ours or of other company within  the Regina Maria group in front of a court.

Any purchasers or possible relevant purchasers in the medical sector or other sectors, in Romania or another state – if we sell or transfer all or part of our shares, our assets or our business (including in case of our reorganization, dissolution or liquidation) - they will be subject to a privacy obligation.

Our partners, with whom we are in contractual relations and which act as Controllers of the data - providers of IT, marketing and communication services or partners which grant discounts to Regina Maria patients through the Membership Card – which will receive exclusively the confirmation of your quality as Regina Maria patient – that you would have disclosed directly to them, voluntarily, when you request the applicable discount.

When we use a natural or legal person as our processor to process your personal data, we will ensure that it has entered into a written agreement with us through which it undertakes, among other obligations that the personal data protection legislation provides, the obligations to (i) process personal data only in accordance with our written instructions provided in advance and to (ii) effectively implement measures to protect privacy and ensure the security of personal data. We will also ensure that the written document between us and the processor provides for it at least all the other obligations imposed by the applicable legislation concerning the protection of personal data.

8.    TO WHOM AND IN WHAT CONDITIONS WILL WE TRANSFER YOUR DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION (INTERNATIONAL DATA TRANSFERS)

Currently, we do not transfer nor intend to transfer your personal data to third countries or to international organizations. If we have to transfer your data to any of the above destinations, we will inform you in advance and we will ensure that such transfers are performed in compliance with applicable legal requirements, including, if necessary, based on your explicit consent.

9.    HOW LONG WILL WE PROCESS YOUR DATA

We process your personal data for different periods of time, depending on the category of data and the purpose of their processing, as follows:

Informatiom concerning your health status – The most important category of personal data that we process is the information about your health status, recorded when accessing medical services. These data also have the longest processing time of storage - between 30 years in case of written documents without technical value, and up to 100 years in case of medical documents, under Law no. 95/2006 concerning the healthcare reform, corroborated with the National Archives Law no. 16/1996. 

Identification data – last name, first name, National Identification Number, are accessories of the data concerning the patient’s health status, and therefore are kept throughout the storage of medical data. Medical documents are included in the category of documents with practical value, based on which duplicates, certificates and extracts are issued, and consequently, in order to be able to issue such documents, upon request, it is necessary for us to be able to clearly identify the patient to whom they refer.

Contact data – email addresses, telephone numbers, mailing addresses - it is important for us to have contact details for patients whose medical records we must process. Contact details are also used to create and access the Regina Maria Account and the mobile App. Therefore, we try to update and confirm the contact data are accurate and up to date. They are processed during their validity period, as indicated by patients, who have the possibility to modify or delete such data at their own choice.

Financial data – in case of patients who make payments for individual contracts or services, we process details related to invoices and payments, which we store, according to our financial legal obligations, for a period of 5 to 10 years.

Your selfie photo, photos of your ID card and of your child’s birth certificate, and short video recording of you processed for the purpose of remote validation of your Account or the association of your child’s account to your own, if you choose this type of validation/association, are stored for a period of up to 12 months.

Tracking tools are stored exclusively on the equipment of the App user, either during its operation period until the first reinstallation or until the modification of the permissions by you, in the App menu.

Location is processed exclusively during the activity of the App in the foreground,  and the whole process is performed locally, on the telephone, without collecting data outside the equipment. Regina Maria does not collect or store location data of your equipment.

10.    SECURITY OF YOUR DATA

We work hard to protect our clients, other persons whose data we process and ourselves against unauthorized access, and unauthorized modification, disclosure, or destruction of the data we process. In particular, we have implemented the following technical and organizational measures to ensure the security and privacy of personal data:

Dedicated policies. We adopt and review our data processing practices and policies for our clients and other persons, including physical and electronic security measures, to protect our systems against unauthorized access and other possible security threats. We constantly check how we apply our own data protection policies and how we comply with data protection legislation.

Data minimization. We have ensured that your personal data that we process are limited to those that are necessary, adequate and relevant to the purposes stated in this note.

Limited access to data. We strictly limit the access to the personal data that we process to the personnel, collaborators, and other persons who need to access them to carry out their activity. All these companies and natural persons are subject to strict privacy obligations and we will not hesitate to hold them accountable and stop working with them if they do not treat the protection of data with the utmost seriousness.

Specific technical measures. We have purchased and use technologies to ensure our clients and other persons that their data security is protected, both during storage and in transit, using modern encryption methods. In order to protect your data security, we recommend that you do not use multiple access equipments, and you do not disclose to other persons your login data to the App.

Back-ups and security audits. We work hard to protect our systems from accidental or unauthorized access or alteration and from other possible threats to their security. For this reason, once you delete information from your account, we may not immediately delete the copies or backups that we have created.

We make daily archives (back-ups), which we keep secure for at least six (6) months. All the technical equipment that we use to process your data is secured and updated to protect the data. We also perform, on a regular basis, security audits with independent auditors from the Big Four on the computer systems that we use to process the personal data of our clients and of other persons.

Ensuring the accuracy of your data. It is possible that from time to time we ask you to confirm the accuracy and/or actuality of your personal data that we are processing.

Training of the personnel. We constantly train our personnel and contractual staff on the legislation and best practices in the field of personal data processing.

Anonymisation of data. Where possible and appropriate to our work, we anonymize/pseudonymize the personal data that we process, as an additional protective measure.

Control of our service providers. We insert into the contracts concluded with those who process for us (processors) or with us (other controllers – joint controllers) clauses or annexes to ensure the protection of the data we process; this protection goes at least to the minimum required by the legislation.
Although we take all the reasonable measures to ensure the security of your data, we cannot guarantee the absence of any security breach or failure to penetrate the security systems. In the unfortunate and unlikely event that such a breach occurs, we will follow the legal procedures to limit the effects and to transparently inform the data subjects.

11.    WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM

We treat your rights in relation to the processing that we make on your data with utmost seriousness. We will continue to take all reasonable measures to ensure that they are respected.

Your rights

In short, your rights are the following:

Right of access to data. You have the right to obtain the access to your data that we process or control, or to the copies thereof; you also have the right to obtain from us information about the nature, processing and disclosure of such data.

Right to data rectification. You have the right to obtain the rectification of inaccuracies of your data that we process or control.

Right to data erasure. You have the right to obtain from us the erasure of your data that we process or control, within the limits allowed by the applicable legislation, especially regarding medical services providers.

Right to restriction of processing. You have the right to restrict the processing of your data that we process or control.

Right to object. You have the right to object to the processing of your data by us or on our behalf.

Right to data portability. You have the right to obtain the transfer to another controller of the data that you have provided to us.

Right to withdraw the consent. In situations where we process your data based your consent, you have the right to withdraw your consent; you can do it at any time, at least as easy as giving us your initial consent; withdrawing the consent will not affect the lawfulness of processing of your data before withdrawing.

Right to submit a complaint to the supervisory authority. You have the right to submit a complaint to the personal data processing supervisory authority about the processing of your data by us or on our behalf.

How can you exercise your rights

In order to exercise one or more of these rights (including the right to withdraw your consent, when we process your data based on it) or to ask any question about any of these rights or about any provision in this information note or about any other aspects of processing your data by us, please use whenever you want the contact details in section 2 above (our Contact data).

We will try to answer as quickly and completely as possible to all your questions and concerns and to facilitate the exercise of your rights.

12.    WHAT CAN HAPPEN IF YOU DO NOT PROVIDE US YOUR DATA

You do not have to provide us with your personal data mentioned in this document.
However, if you do not wish to provide us with these data, it will not be possible for us to provide you with the services you request.

For example, in terms of accessing the App, without providing identification and contact data during installation, you will not be able to create an account and you will not have access to functionalities such as online appointments or payment history. If you do not want to go through the final validation of the Account in any version, you will not have access to your medical records. If you do not want to activate location, you will not be able to self check-in when you reach the clinic for your appointment.

In general, if you do not want to provide us with data about you, you may not be able to access our medical services. 

13.    NO AUTOMATED DECISION-MAKING

Our respect for your data includes the fact that we give them the necessary human attention, through our personnel. Under the current circumstances, as a user of our services, you will not be subject to a decision based solely on the automatic processing of your data (including the creation of profiles) to produce legal effects with respect to you or affect you similarly.

14.    APPLICABILITY OF THIS PRIVACY POLICY INFORMATION NOTE

This information note applies in connection with the processing of your personal data through the Regina Maria Mobile App.
The general note regarding the processing of personal data by Regina Maria can be consulted online at the address https://www.reginamaria.ro/gdpr

15.    CHANGES TO THIS PRIVACY POLICY INFORMATION NOTE

We may modify this note from time to time, in which case we will bring the changes to your attention.
We will also post this information note and any new version of it on our website, within the section dedicated to the privacy policy/GDPR.

16.    WHAT DO THE TERMS WE HAVE USED IN THIS NOTE MEAN

Supervisory authority for the processing of personal data: an independent public authority which, according to the law, has duties related to the supervision of the compliance with the legislation concerning personal data protection. In Romania, this supervisory authority for the processing of personal data is the National Authority for Personal Data Processing Supervision (ANSPDCP).

Personal data: any information relating to an identified or identifiable natural person (the "data subject"). A natural person is identifiable if it can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that person. So, for example, the notion of personal data includes the following: first name and last name; home or residence address; e-mail address; telephone number; personal identification number (CNP); geolocation data. The categories of personal data about you that we process are listed above.

Special categories of personal data: personal data that: reveal the racial or ethnic origin, political opinions, religious confession or philosophical beliefs, or membership of trade unions; genetic data; biometric data to uniquely identify a natural person; data concerning the health status, sexual life or sexual orientation of a natural person.

Controller: natural or legal person who decides why (for what purpose) and how (by what means) personal data are processed. According to the law, the responsibility for complying with the legislation concerning personal data rests primarily with the Controller. In the relationship with you, we are the Controller and you are the data subject.

Processor: any natural or legal person who processes personal data on behalf of the Controller, other than the Controller’s employees.

Data subject: natural person to whom certain personal data refer (to whom they belong). In the relationship with us (the Controller), you are the data subject.

Processing of personal data: any operation/set of operations performed on personal data or on sets of personal data, with or without the use of automated means; for example: collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmitting, disseminating or making available in any other way, aligning or combining, restricting, deleting or destructing such personal data/sets of personal data.

These are just examples. Practically, processing means any operation on personal data, whether by automatic or manual means.

Third state: a state outside the European Union and the European Economic Area.