iMEDICAL CARE understands the importance of your personal data and takes the protection and security of the data collected seriously and respects the legal provisions in force (EU Law 2016/679). The administrators of iMEDICAL CARE shall take all technical and organizational measures to protect and secure all data used by the operations of iMEDICAL CARE and will update these measures in the event of legislative or technological changes. We provide more details about how we collect and use the personal data of our visitors and customers and how we intervene in these operations.
In accordance with the provisions of (EU) Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC, known as the “General Data Protection Regulation” or, in short, “GDPR”, we inform you of the following aspects related to the processing of your personal data:
- Who is the operator of personal data?
CARE MANAGEMENT SRL., Romanian legal entity, headquartered in Bucharest, Șos. Mihai Bravu 123-135, Sector 2, registered at the Trade Register Office under no. J40 / 15993/2021, CUI 44912378, Tel: 0733065940.
- What personal data do we process?
If you are an IMEDICAL CARE patient:
– General information (identification data): name, surname, date of birth, sex, nationality, age, ID number, address of residence, e-mail, telephone, place of work (if applicable), copy of birth certificate, copy of ID, signature, and in case you will be hospitalized, the identification data of the owner (name, surname, degree of kinship, telephone);
– General data: weight, height, quality of smoker or non-smoker, blood type, RH, medical history, medical letters, allergies, symptoms, diagnosis, history (heredocolateral, physiological and pathological), type of intervention, documents related to medical activity, such as would be: family doctor or specialist recommendation, medical report, diagnostic code, type of program through which the patient comes (chronic / acute illness management), patient’s signature, the quality of CNAS insured or insured in the private system (in the case of insurance companies private health), no. health card, identification card provided by the insurance company (if applicable), statement of expenses and medical documents during hospitalization (if applicable), investigations performed, day and time of hospitalization, reservation and patient bed (if you will be hospitalized) , discharge ticket, time and day of discharge, day / time / location of sampling, presumptive diagnosis, information on the evolution of health, allergies, medication prescribed for various pathologies, medical information after the consultation, pension slip (if applicable);
– Data on the provision of pediatric medical services: name and surname of minor, sex, age, date of birth, copy of minor birth certificate, pediatric medical file, vaccination certificate;
– Data on analyzes: date and time of scheduling, data on consultations and analyzes, date, time and location of collection, test code, imaging radiology, analysis results, etc.;
- If you visit the iMEDICAL CARE website:
Data regarding the profiling of users of the iMEDICAL CARE website according to the Cookies Policy which you can access here: IP, traffic data, geolocation data, device used, operating system, keywords searched by users interested in them.
- Where do we get personal data from?
In general, the personal data we process is obtained directly from you when you request medical services.
- What are the purposes of processing personal data?
Your personal data is processed by iMEDICAL CARE for legitimate purposes related to the provision of medical services, according to the legal regulations in force, as follows:
– Concluding and executing contracts for the provision of medical services for the adult patient and pediatric medical services.
– Carrying out appointments in the iMEDICAL CARE unit through the telephone service, in order to perform the medical act according to the patients’ needs, of the medical analyzes, in order to establish the diagnosis, in order to hospitalize the patients for interventions / investigations and discharge; for pediatric medical services, and other medical services according to the specific situation of each patient, as well as for drawing up and keeping records of appointments and the database of patients in IT systems (information technology);
– Managing communications and IT systems, conducting audit reports, managing the security of databases and all IT systems;
– Carrying out the settlement of services to the Health Insurance Houses or by the external insurer (as the case may be);
– Preparation of tax documents and collection of payment amounts from individual patients, including recovery of debts and invoices issued by providers and their payment;
– Keeping records of medical services, keeping records of appointments in IT applications, resolving complaints and requests received from patients or other data subjects, managing regular correspondence, concluding and executing contracts with external centers that perform patient examination, archiving medical documents for imaging radiology (MRI, CT , radiographs, etc.), preparation of consumption sheets, control of visitors’ access to the iMEDICAL CARE salon.
– Representing the company before the courts and public authorities, performing the procedures for recovering claims, as appropriate;
– Aims related to scientific research and the promotion of innovative medical solutions by taking photographs and / or filming in various surgical or non-invasive medical interventions;
– Carrying out the promotion activity to clients or potential clients through electronic newsletter or message, for direct marketing purposes;
– Promoting services by using images (photos and / or videos) of patients and doctors (on the website, Facebook, Instagram or other online media);
– Purposes related to the marketing, promotion and sale of the services offered by iMEDICAL CARE, within the events organized by iMEDICAL CARE, or in which iMEDICAL CARE is a participant;
ATENTION! If iMEDICAL CARE wishes to process your personal data for purposes other than those originally stated, you will be sent a separate information note detailing the subsequent purpose of the processing, the legal basis of the processing, as well as and the period of storage of your personal data, together with any other useful information in connection with further processing to enable you to express your consent freely, knowingly and expressly for each individual processing operation ( if such processing is conditional on obtaining your express consent).
- What are the legal bases for the processing of personal data?
– Carrying out procedures at your request before concluding a contract (art. 6 paragraph (1) letter b) thesis II of the GDPR);
– Execution of contracts for the provision of medical services, to which patients are a party (art. 6 paragraph (1) letter b) thesis I of the GDPR);
– Fulfillment of legal obligations by iMEDICAL CARE (art. 6 paragraph (1) letter c) of the GDPR);
– The legitimate interest of iMEDICAL CARE (art. 6 paragraph (1) letter f) of the GDPR), such as: the organization of the entire activity of iMEDICAL CARE for the fulfillment of the object of activity; identification of patients at the time of their presentation for medical appointment or emergency; medical records; record keeping in IT applications; resolving complaints and requests received from patients or other data subjects; controlling the access of visitors to the salon; initiating and conducting litigation before the courts and (possibly) other public authorities; debt recovery procedures;
– Your consent to the processing, when given expressly, freely and unconditionally, in specific situations such as, for example, processing for marketing purposes (art. 6 para. (1) letter a) of the GDPR).
- Data retention
We retain the personal information we collect from you in the event that we have a legitimate professional reason to do so (for example, to provide you with a service that you have requested or to comply with our legal and tax requirements. or applicable accountants).
When we have no legitimate professional reason to process your personal information, we will delete, anonymize or, if that is not possible (for example, because your personal information has been stored in the backup archives), then we will keep your personal information safe and isolate it from any further processing until it is possible to delete it.
- To which entities will we disclose your personal data?
Under certain expressly regulated conditions, your personal data may be processed by iMEDICAL CARE, through authorized persons or jointly with other companies, in this case, being a relationship of the type of associated operators, who will establish jointly the purposes and means of processing, according to the provisions of art. 26 of the GDPR.
In some cases, service providers such as, but not limited to, service providers and IT systems, and various contractual partners, may have access to your personal data. It will also be possible to pass on your data to lawyers, accountants, auditors or other professionals who are required to maintain professional secrecy.
In order to ensure complete medical services, your data will be provided to the collaborating doctors or to the partner clinics and laboratories, with which there are confidentiality agreements.
For reporting to the state authorities, according to the legal obligations in force, it will be necessary to transmit your data to various public institutions, such as, for example: the National Health Insurance House.
If you are insured with a private health insurance company in Romania or in another European country, your personal data will be transmitted to the insurer, in order to settle the medical services you have benefited from.
- How and when is your personal data transferred to third countries?
If your data is transferred to other companies in other countries, in order to initiate, conclude and develop contracts and / or projects with such an entity, such as: medical travel management, you will be informed and will apply accordingly, the guarantees provided by art. 44-49 of the GDPR.
- Personal data protection rights
Your data processing rights:
The right to be informed about the processing of your data
– Right of access to data: You have the right to obtain from us a confirmation that personal data concerning you are being processed or not and, if so, access to the respective data and to the information provided by art. 15 para. (1) of the GDPR.
– Right of erasure (“right to be forgotten”): In the situations provided in art. 17 of the GDPR, you have the right to request and obtain the deletion of personal data.
– The right to restrict the processing: In the cases provided in art. 18 of the GDPR, you have the right to request and obtain the restriction of processing.
– The right to oppose the processing of data: In the cases provided in art. 21 of the GDPR, you have the right to object to the processing of data.
– The right to go to court
Last but not least, we would like to inform you that you have the right to contact the National Authority for the Supervision of Personal Data Processing or any court competent in the field of personal data protection.
To exercise these rights, you can contact us by sending a written request, dated and signed to the Person in charge of personal data protection of iMEDICAL CARE at the postal address mentioned in point 1 or by email at email@example.com.
In accordance with the GDPR, we will analyze your request with the utmost care and send you a response within 30 calendar days of receipt of the request. If your request involves a thorough search due to the complexity of the request, the one-month deadline may be extended by another month, but you will receive arguments that require an extension of the settlement deadline.