(C) CM SFINTII ARHANGHELI MIHAIL SI GAVRIIL, ALL RIGHTS RESERVED.

Privacy Policy

This Privacy Policy applies to all users of the website www.sfintiiarhangheli.clinic

This website is operated by Centrul Medical Sfinții Arhangheli Mihail și Gavriil SRL (hereinafter referred to as the “Operator”).

This Privacy Policy concerns the personal data of data subjects and other users of this website.

1. General Information

In accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR), regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as applicable national legislation, the Operator is obliged to process personal data securely and only for the purposes specified below.

Personal data means any information relating to an identified or identifiable natural person, collected through this website.

This Privacy Policy describes our general principles regarding the processing of personal data belonging to website visitors. We aim to ensure that you understand how we use (or do not use) the information you entrust to us. To understand your rights, we recommend that you carefully read this Privacy Policy.

2. Categories of Personal Data Processed

If you are a visitor of the website, the Operator will process your personal data that you provide directly in the context of using the website, such as the data you provide within the appointment section or when contacting us through the website.

Children's data protection

This website does not knowingly collect personally identifiable information from individuals under the age of 16.

If a parent or legal guardian becomes aware that a minor under their care has provided personal data to this website, they must immediately notify us at help@sfintiiarhangheli.clinic.

If we discover that a person under the age of 16 has provided personal data through the website, we will promptly delete such information from our servers, unless the parent or legal guardian provides explicit consent for the processing of the child's personal data for the specified purposes.

3. Purposes and Legal Basis of Processing

If you are a visitor of the website, we will process your personal data as follows:

  1. For compliance with legal obligations including obligations arising in connection with services provided through the website, such as fiscal and archiving obligations.

    Legal basis: Processing is necessary to comply with legal obligations. Providing your data for this purpose is mandatory. Refusal to provide such data may result in the Operator being unable to comply with legal obligations and, therefore, unable to provide services through the website.

  2. For analysis and reporting purposes regarding how the website functions, including profiling user preferences, primarily to improve the experience offered on the website.

    Legal basis: Processing is based on the Operator's legitimate interest in continuously improving the experience of website visitors. Providing data for this purpose is voluntary. Refusal will not have negative consequences.

  3. For handling complaints and monitoring website performance including improving user experience and resolving inquiries, complaints, or feedback.

    Legal basis: Processing is based on the Operator's legitimate interest in ensuring the proper functioning of the website and improving the user experience. Providing data for this purpose is voluntary and will not result in negative consequences if refused.

4. Data Retention Period

Personal data is stored for as long as necessary to fulfill the purposes mentioned above and subsequently in accordance with internal policies and legal requirements.

If you are a patient, your data will be processed for the duration of the contractual relationship and thereafter in accordance with legal obligations (for example, financial and accounting documents are retained for 10 years as required by law).

If you wish to stop the processing of your personal data or request deletion, you may exercise your rights detailed in Section 7 below.

5. Disclosure of Personal Data

To fulfill the processing purposes, the Operator may disclose your data to partners, third parties, or entities that support the Operator in operating the website (e.g., IT service providers), as well as to public authorities, in the following situations:

  • for website administration;
  • where necessary for offering benefits or facilities obtained through participation in promotional campaigns;
  • for maintaining, personalizing, and improving the website and services;
  • for data analysis, testing, research, and monitoring usage trends;
  • where disclosure is required by law.

6. Transfer of Personal Data

Your personal data may be transferred within Romania to affiliated entities of the Operator or to processors that ensure appropriate security guarantees.

Your rights under this Privacy Policy will not be adversely affected.

7. Your Rights

In relation to personal data processing, you have the following rights:

  • the right of access;
  • the right to rectification;
  • the right to erasure (“right to be forgotten”);
  • the right to restriction of processing;
  • the right to object;
  • the right to data portability;
  • the right to withdraw consent at any time.

You also have the right to lodge a complaint with the relevant supervisory authority or to seek judicial remedies.

Detailed rights:

  1. Right to information: You have the right to receive details regarding processing activities carried out by the Operator.
  2. Right of access: You have the right to obtain confirmation as to whether your data is processed and details about how it is processed.
  3. Right to rectification: You have the right to obtain correction of inaccurate data and completion of incomplete data.
  4. Right to erasure – applicable where:
    • data is no longer necessary;
    • consent is withdrawn;
    • processing is unlawful;
    • legal obligations require deletion;
    • the data subject objects and no overriding legitimate grounds exist.

    The Operator may anonymize data instead of deleting it where appropriate.

  5. Right to restriction, applicable where:
    • data accuracy is contested;
    • processing is unlawful but deletion is opposed;
    • data is required for legal claims;
    • objection to processing is pending verification.
  6. Right to data portability: You have the right to receive your data in a structured, commonly used format and to have it transmitted to another controller.
  7. Right to object – you may object:
    • to processing based on legitimate interest;
    • at any time, free of charge, to direct marketing processing.
  8. Right not to be subject to automated decisions: You have the right not to be subject to decisions based solely on automated processing.
  9. Right to lodge a complaint: you may contact the national data protection authority or competent courts.

8. Definitions

  1. Personal data – any information relating to an identified or identifiable person;
  2. Processing – any operation performed on personal data;
  3. Storage – retention of data on any medium;
  4. Data filing system – structured set of personal data;
  5. Controller (Operator) – entity determining purposes and means of processing;
  6. Third party – any entity other than the data subject or controller;
  7. Recipient – entity to whom data is disclosed;
  8. Anonymous data – data that cannot identify a person;
  9. Statistical data – anonymized data used for analysis.

9. Contact and Support

For any questions regarding personal data processing or to exercise your rights, you may contact the Operator:

This website uses cookies. For more information, please refer to the Cookie Policy.