Personal Data Protection
SC Laurus Medical SRL is a DATA PROCESSOR according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The applicable data protection law shall mean the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as GDPR) and all the other standards purporting on personal data processing.
Personal data shall mean any information regarding the identified or identifiable natural person (“data subject”); an identifiable person in a person that can be directly or indirectly identified, especially by reference to an identification element, such as a name, an identification number, location data, an online ID, or one or several elements, specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity.
Personal data processing shall mean any operation or set of operations performed on the personal data or on the personal data sets, with or without the use of automated means, such as the collection, registration, organization, structuring, storage, adaptation or change, extraction, consultation, use disclosure by transmission, dissemination or provision, in any way whatsoever, harmonization or compilation, restriction, erasure or destruction.
Data operator shall mean the natural or legal person who, either individually or jointly with other parties, sets the personal data purposes or means.
SC Laurus Medical SRL is under the obligation to manage the patients’ personal data safely and only for the set ends, for purposes related to setting a medical diagnosis and for treatment purposes, in order to be able to provide medical assistance and manage the healthcare systems and services.
Your data may be sent to the other clinics within SC Laurus Medical SRL Group. We do not disclose, sell or assign your data to other parties outside SC Laurus Medical SRL Group to third parties, for marketing purposes. The data sent to third parties (medical laboratories, healthcare units) are only used in order to allow us to provide our services to you.
For each specific processing operation of the data we collect from you, we will inform you whether the provision of personal data is imposed by regulations or whether it is required in order to conclude an agreement, if it is mandatory for you to provide your personal data and what are the possible consequences should you refuse to do so.
The collection of the data is necessary according to the applicable legal provisions in force, in order to set your diagnosis and fill out your medical history, in the case of any further medical references, or for statistical purposes and in order to report to the referring doctor, to the local Health Insurance Fund or to other bodies authorized by law in this respect.
The processing is necessary for purposes related to setting a medical diagnosis, providing a medical treatment, managing the public-interest healthcare systems and services, such as the protection against severe cross-border health threats or the provision of high medical care quality and safety standards and of the medication or medical equipment.
The patient is bound to provide the requested data, which shall be required for the registration and processing of the information regarding the requested history and diagnosis. The refusal may lead to the impossibility to medically refer the investigation or consultation the patient desires to perform and, implicitly, to the cancellation or the appointment. In addition, it can trigger the refusal to perform the investigation or consultation.
According to the Regulation (EU) patients benefit from the following rights:
Article 15 – Right of access by the data subject. You are entitled to request information on the personal data that we hold about you.
Article 16 – Right to rectification. You are entitled to request the rectification of your personal data, in case it is inaccurate, including the right to add to incomplete personal data.
Article 17 – Right to erasure (‘right to be forgotten’). You shall be entitled to erase, at all times, any personal data processed by SC Laurus Medical SRL, except for the following situations:
● you have a pending request;
● you have an unpaid debt, regardless of the method of payment;
● if there is a suspicion or it is confirmed that you have abusively used our services over the past four years;
● if you have paid for the services, we shall keep your personal data regarding such payment, according to the accounting laws;
● the data is required in order to allow us to set a medical diagnosis and for treatment purposes;
● the data is required for purposes related to the provision of medical care;
● the data is required for the management of healthcare systems and services;
● the data is processed on the basis of the legitimate interest, public interest, vital interest, legal obligation or on the basis of an agreement.
Article 18 – Right to restriction of processing. You are entitled to request SC Laurus Medical SRL to restrict your personal data processing in the following situations:
● if you do not agree to the processing for legitimate purposes, SC Laurus Medical SRL will restrict any processing of such data until the legitimate interest is confirmed.
● if you state that your personal data is incorrect, SC Laurus Medical SRL is under the obligation to restrict any processing of such data until its accuracy is confirmed.
● if SC Laurus Medical SRL no longer requires your personal data, but it is, however, necessary in order to defend your rights in court.
Article 20 – Right to data portability – whenever we process your personal data by automatic means, based on your consent or of a consent, you shall be entitled to obtain the transfer of a copy of your data in a frequently used structured format, which can be processed by you or another party. This only refers to the personal data you have submitted to us.
Article 21 – Right to object. You shall be entitled to object to the processing of your personal data based on your legitimate interest. SC Laurus Medical SRL shall not continue to process personal data unless we are able to demonstrate a legitimate interest for such processing, which prevails over your interests or on the basis of legal proceedings. You shall be entitled to oppose direct marketing, including profile analysis for direct marketing purposes, by withdrawing your consent.
Article 33 – Notification of a personal data breach to the supervisory authority. Should you consider that SC Laurus Medical SRL incorrectly processes your personal data, you can contact us. Moreover, you are entitled to submit a complaint with a supervisory authority.
The content of www.laurumedical.ro website is the exclusive property of SC Laurus Medical S.R.L, headquartered at Str. Nicolae Caramfil, nr.51, sector 1, Bucharest, registered with the Trade Register Office under no.J40/12560/2006, VAT Code 18905789.
As data operator, Laurus Medical permanently monitors and makes sure that personal data is processed in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
This Confidentiality Policy shall be valid as of 25 May 2018 and it is aimed to inform you on:
● the activities related to the processing of your personal data, as visitor of the website or user of the website features;
● the processing of the personal data performed by Laurus Medical, in order to carry out its activity as described below.
Visitor – any person accessing or using the website.
Categories of Personal Data Processed
The categories of personal data processed depend upon the context of your interactions with Laurus Medical, respectively upon your interactions with the website. Thus, Laurus Medical could process the following personal data categories:
● in the case of the contact form: last name, first name, telephone number;
● assessment form: last name, first name, e-mail;
● appointment form: last name, first name, telephone number, e-mail;
● if you access JivoChat to request information/make an appointment: last name, first name, e-mail, telephone number.
The aforementioned personal data processing purposes and grounds are legitimate interest, to improve the quality of services, to manage requests/complaints and provide customized services upon request.
In the case of Family/Specialized Doctors
The following personal data of the Family/Specialized Doctor
● for detailed information regarding the applicability of Laurus Medical Clinic treatments: last name, first name, e-mail, telephone number.
The aforementioned personal data processing purposes and grounds are the legitimate and contractual interest and the provision of healthcare services.
In the case of employment candidates: last name, first name, e-mail, telephone number, position/title, city, CV (which may include, amongst other things, the following data, in addition to the above: picture, professional training, current job information).
The purposes and grounds of the aforementioned personal data processing are the legitimate and contractual interest for recruitment purposes – in the context of employment candidates’ data processing.
In the case of potential collaborating customers (corporate), such as, in the context of a request for an offer: last name, first name, e-mail, telephone number, representative and/or contact person capacity.
The aforementioned personal data processing purposes and grounds are the legitimate and contractual interest.
In the case of persons that contact Laurus Medical through the Call Centres displayed on our website or by Jivo Chat/e-mail:
● In the case of the appointments for services reimbursed by the National Health Fund or in private regime, the following personal data can be processed: last name, first name, personal ID number, capacity as insured, information regarding the medical referral, date of birth, telephone number.
● In the case of requests, complaints and telephone suggestions, as well as in the case of the ones sent by e-mail, the following personal data may be processed: last name, first name, residential address, telephone, e-mail.
The aforementioned personal data processing purposes and grounds are in our legitimate interest, are meant to improve the quality of services, manage requests/complaints and provide customized services upon request.
The legal grounds of these processing activity is SC Laurus Medical SRL’s legitimate interest to improve its services, manage the requests/complaints received and adapt the required services to each interested party, provide healthcare services, manage the healthcare systems and services, respectively to recruit personnel.
Personal Data Recipients
In order to fulfil the processing purposes, Laurus Medical may disclose certain types of personal data to the following categories of recipients: data subject and/or its legal representatives, contractual partners (such as, collaborating laboratories, healthcare units), including agents, judiciary or other public authorities.
Personal Data Processing Term
Laurus Medical shall process your Personal Data for the period required in order to complete the purposes for which it is processed and subsequently according to our internal policies, as well as in order to abide by the applicable legal obligations, including, without limitation, the provisions regarding the archiving obligation.
Personal Data Safety
Laurus Medical grants a special importance to the confidentiality and security of your personal data and understands to guarantee their safety during the processing activities performed hereunder. In this regard, SC Laurus Medical SRL implements proper technical and organizational measures, in order to ensure a security level corresponding to the related risks, to the types of data processed and to the processing operations.
Submission of Personal Data
The submission of personal data may be a contractual obligation or a mandatory obligation for the conclusion/performance of an agreement, it may be required so that you can benefit from the services provided by Laurus Medical, navigate the website and benefit from the facilities offered by this space. In some cases, the refusal to provide personal data may lead to the impossibility to benefit from the services provided to you through our website (e.g., the impossibility to register your request). For direct marketing activities, the provision of your personal data is voluntary.
Laurus Medical may subsequently update this Confidentiality Policy, in which case it shall inform the data subjects by posting on its website any such amendments before they are enforced.
We grant special importance to the protection of personal data and, by way of consequence, we have appointed a personal data protection officer, in order to make sure that we openly, accurately and legally process your personal data.
Should you have any questions or concerns regarding the enforcement of your data protection rights, please contact us by:
E-mail at firstname.lastname@example.org
or send us a letter to the address Str. Nicolae G. Caramfil, nr. 51, sector 1, Bucharest.
Attn.: Personal Data Protection Officer