This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service, the SideMED website.
ASOCIAȚIA SOCIETATEA PENTRU INOVAȚIE, DEZVOLTARE ȘI EDUCAȚIE MEDICALĂ, shortened SideMED as per the statute of the Association respects the privacy of every individual who visits our website. This policy outlines the use of personal data under the General Data Protection Regulations (“GDPR”), EU General Data Protection Regulation (the “GDPR”) and Law no. 190/2018.
For the purpose of Law no. 190/2018 and GDPR, we are the data controller and any inquiry regarding the collection or processing of your data should be emailed to email@example.com.
Protecting your personal data is very important to us. This Privacy Notice describes our practices regarding the collecting and use of your personal data – for example, what data we collect, why, and for what purpose, and explains your rights in relation to your personal data.
The controller of your personal information is ASOCIAȚIA SOCIETATEA PENTRU INOVAȚIE, DEZVOLTARE ȘI EDUCAȚIE MEDICALĂ (“SideMED”, “we”, “us”, “our”). If you have any query in respect of your personal information, you can contact us at:
- Data controller:ASOCIAȚIA SOCIETATEA PENTRU INOVAȚIE, DEZVOLTARE ȘI EDUCAȚIE MEDICALĂ
- Website: https://sidemed.ro
- Address: str. Cutezanței nr. 25, ap. 1, Târgu Mureș, Mureș
- E-mail: firstname.lastname@example.org
Your data may be referred to as “personal data” or “personal information”. Personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, email address, phone number, identification number etc.
Handling, collecting, protecting and storing your personal data or any such action may be collectively referred to as “processing” of personal data.
This document will help you understand the following:
- What personal data we collect and process about you as a customer and as a user of our website, mobile applications and online services;
- Why we collect and process your data;
- How SideMED collects and processes your personal data;
- Where we obtain the data from;
- Your rights under the EU General Data Protection Regulation (‘GDPR’);
- How and when we share your personal data with other third parties (for example, our service providers).
This document is directed to natural persons who are either current or potential participants in our events or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential participants at our events.
Types of personal data we process
Personal data is all information which allows the data subject to be identified. Such data include, for example, your name, email address, phone number, identification number, monetary contribution payment etc. Specifically, we may collect the following types of personal data:
- The data you give us for the registration to our events. Generally, these include your name, e-mail address, telephone number, speciality, year of study, University etc.
- The data you make monetary contributions to SideMED.Generally, these include your credit/debit card details or other payment details (IBAN, SWIFT codes etc), which are handled by a secure third party.
We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, weblogs and other communication data (although this data will not identify you personally). An example of such data would include the type of internet browser or the type of computer you are using or the domain name of the website from which you linked to our site. We use ‘cookie’ technology and IP addresses only to obtain non-personal information from online visitors to provide them with the best possible personalized online experience.
SideMED does not collect personal data from minors.
How do we collect your personal information?
We collect your personal information through different methods, including:
- Information you give us. You may give us your identity, contact and financial data when you fill in our contact or registration forms, make a monetary contribution through our website or create an account with us. We may store some or all information in encrypted format in a cookie on your computer.
- Information we automatically collect about you. We may automatically collect technical data about your equipment, browsing actions and patterns as you interact with our websites. We collect this personal data by using cookies and other similar technologies.
- Information we receive from other sources. We may receive personal data about you from various third parties and public sources. For example, we may receive:
- technical data from analytics providers;
- cookies that allow third party review or interaction with our website that have been saved on your computer from other websites you have visited; and
- identity and contact data from selected business partners, data brokers or aggregators.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose if you cannot be identified by it in any way. Aggregated data may be derived from your personal data but is not considered personal data under the guides of the law, as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Generally, we do not rely on consent as a legal basis for processing your personal. You have the right to withdraw consent to marketing at any time by contacting us and can unsubscribe from any Newsletter we may send to our past participants.
Please be aware that our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
What if you do not want to provide your personal information?
You can visit our website without completing any personal data that could identify you. When we ask you to complete your personal information to give you access to certain features or services of the site, we will mark some fields as mandatory, as these are the information we need to provide you with service or to give you access to that functionality.
Please note that if you decide not to provide this information, you may not be able to complete your registration as a user, register for our events or benefit from any feature we may offer.
We collect your personal information automatically using technical means such as when you use our website. It is important to understand the difference in the cookies that we use. Our websites use both 1st party cookies (which are set by the Site being visited) and 3rd party cookies (which are set by a server located outside of the site that you have visited).
You can choose whether to accept cookies by changing the settings on your browser. Information about the procedure to enable or disable cookies can be found on your Internet browser provider’s website via its help menu or further information can be found at http://www.allaboutcookies.org/manage-cookies/index.html. However, if you disable this function, your experience on our websites may be reduced and some features may not work as intended.
How we process your data?
We collect your personal data when the law allows us to do it. Most frequently, we will use your personal information in the following circumstances:
- when it is necessary for our legitimate interests (or those of third parties) and your interests and fundamental rights do not go beyond these interests;
- when we have to comply with legal or statutory obligations.
Generally, we do not rely on consent as a legal basis for processing your personal data unless we have marketing communications via email, phone or text messages. You have the option to withdraw your marketing consent at any time by contacting us at the email address above mentioned.
The legal basis of our data processing
We process your personal data in strict accordance with the provisions allowing data processing under GDPR and the local data protection law. We will only process your personal data where we have a legal basis to do so. This legal basis may vary according to the reasons for which we need to use your personal data. We may process your personal data if the processing is founded on one or more of the following legal bases:
- The processing is necessary for compliance with a legal obligation to which we are subject. The legal framework governing our operations imposes on us obligations which involve the process of personal data for the performance of identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
- You have specifically consented to your personal data being used by us for a specific purpose. Such consent shall usually be relied upon for sending you marketing communications, newsletter emails, announcements that may interest you etc. You may revoke your consent to this processing anytime.
- The processing is necessary for the purposes of our legitimate interests (e.g. signing-up/register as a user; responding to requests made through Support Service; improving our website services, etc).
The retention period for your data is primarily dependent on the retention rules imposed upon us by the applicable legislation.
We will keep your data only as long as necessary to achieve the purpose for which we have collected the data or to fulfil our obligations under the law.
To know how long your data can be stored, we use the following criteria:
- If you contact us for a question, we keep your personal data for as long as your questions are processed, but no more than 3 years after the last mail you sent;
- If you create an account, we retain your personal data until you ask us to delete it or after a period of inactivity. In this regard, please note that data processed for this purpose will be deleted 3 years after the last user account interaction (for example, login to your account);
- If you have given your consent to direct marketing, we retain your personal data until you unsubscribe or ask us to delete it;
- If cookies are stored on your computer, we keep them for as long as they are needed to reach their goals.
Transmission of data to third parties
In order to facilitate the performance of the activities with respect to the purposes detailed above, we can communicate this data to third parties, including partners, such as:
- Supervisory, regulatory and public authorities, including courts of justice, law enforcement authorities and other governmental bodies
- Financial institutions, payment service providers, card payment processors, correspondent banks
- Auditors and accounting consultants
- Marketing and customer support service providers
- Data storage and archiving providers
We require third parties to respect the security of your personal data and to treat them in accordance with the law. We do not allow third-party vendors to use your personal data for their own purposes and allow them to process your personal data for the purposes specified and in accordance with our instructions.
Transfer of data outside the EU
While our operations are targeting the EU and EEA areas exclusively, we may transfer your data to a third party in a non-EU country if such a transfer is necessary and has a legal basis as described in this document. The third-party processors, in this case, shall either be approved by the European Commission as providing an adequate level of data protection or they shall be contractually bound to data protection standards equivalent to those of EU legislation and shall act in accordance with Article 46 of Regulation (EU) 2016/679.
Automated decision-making and profiling
In general, your data is not processed automatically and no decision is taken based on automated processes. The only automatic “profiling” we may do based on your data is a risk assessment for Anti-Money-Laundering and Counter-Terrorism Financing purposes and for establishing your eligibility when registering to our events. This process is however not entirely automatic and ultimately depends on manual overview and decision-taking.
Your data protection rights
If you are a physical person who is the data subject of what is legally considered “personal data” which we hold as a “controller” and/or “processor” you are entitled to certain rights. Without prejudice to the above, your rights are not absolute and may be limited due to the legal basis relied upon by the Company to process your data.
- Right to information. You may request to know whether we hold any of your personal data, and, if so, information on SideMED, what type of data we process and why/how we are processing it.
- Data subject access request. You may request to receive a copy of your personal data and check that the processing is lawful.
- Right to rectification. You may request that we rectify any incorrect data we hold and you may complete any incomplete data we may hold.
- Right to erasure (‘right to be forgotten’). You may request that your personal data is deleted, provided that you meet the legal criteria for this request. Generally, you may request to be forgotten if the processing is unnecessary, unlawful, illegitimate, or you have objected to it.
- Object to processing of your personal information. If we are processing your data based on our (or a third party’s) legitimate interest and you are in a particular situation which gives you a reason to object to the processing you may submit this request. You may also object if we are processing your data for direct marketing purposes. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- Right to restriction. You may request the restriction of the processing of your data under some circumstances, for example, so as to determine if the data is accurate or to establish the reason for processing it.
- Right to data portability. You may request a copy of your personal information in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller. This right may not be fully applicable in cases where the processing is done due to a legal obligation of SideMED.
- Right to withdraw consent. Where you have consented to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once your consent is withdrawn, the processing of your data will be halted, unless said processing is found on another legitimate basis, for example, due to a legal obligation to keep your data.
- Right to file a complaint with a supervisory authority.
If you want to do any of the above, please send us an e-mail to email@example.com. We may ask you to prove your identity by communicating a copy of a valid ID to comply with our security obligations and to prevent unauthorized disclosure of the data.
We value your trust in providing us with your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Personal data you provide for other individuals
If you have any questions or concerns about how we treat and use your personal data or wish to exercise any of your above rights, please contact us to firstname.lastname@example.org.
Changes to this policy