Glycemic Flex + DietFit

Privacy Policy

Privacy Policy

Preamble:

This resolution adopted by CardioNet DBB aims to clarify and regulate internal procedures and relationships with third parties regarding the handling and retention of personal data of customers and patients under the EU Regulation 679/2016 on the protection of personal data, also known as GDPR (General Data Protection Regulation).

Applicability:

This agreement applies to any data subject:

Data subjects are individuals whose personal data we hold/process.

Privacy Policy:

The privacy policy concerning personal data applies to clients, individual patients of any age, gender, occupation, religion, nationality, political orientation (data subjects), and governs the use of personal data collected in the company’s activities.

Types of collected personal data:

We collect two types of personal data:

  1. Personal data of potential clients, website visitors, final customers, those interested in our marketing offers and services, buyers of services.
  2. Personal data of patients and recipients of medical services.

Each category of the two mentioned above has its own specific approach.

What data do we collect and process, excluding patients:

Identity data such as name, address, contact details, identity document data, relatives, avatar photos, automated telephone recordings.

All of this information is necessary for our commercial activity (billing, sales of services/goods), accounting, and promotional services to those who have previously opted for it. The data is only transmitted to entities involved in the described chain, partners with whom the company has outsourcing contracts for services that cannot be developed internally (service developers, online servers, data centers, required software), and this implies informing customers about all aspects followed by their consent.

What data do we collect from patients:

From patients, we collect the above-described personal data following the procedures, and additionally, we collect medical data necessary for medical activities such as consultation, diagnosis, and prescription.

All medical data and health-related information are kept internally and not shared with any economic or service agent except medical clinics or laboratories directly involved in the patient’s health examination.

All data can be shared with competent authorities if required by law or legal norms.

Any potential changes to this agreement will only be made with the information and consent of the data subjects whose data we hold/process.

Rights of data subjects under the GDPR Agreement (Regulation 679/2016):

Data subjects have the following rights under the Regulation:

  1. Unrestricted access to their personal data
  2. Right to rectification or erasure (“right to be forgotten”)
  3. Right to object to processing
  4. Right to request and receive data from the data controller – data portability

The data subject has the right to inquire the data controller about their personal data, processing methods, data sets, and should receive a response within the legal 30-day period.

Internal contact person (DPO) receives your inquiries at dpo@cardionet.ro / 0314 383 124

If the data subject believes that their rights regarding the use of their personal data, in accordance with Regulation 679/2016, are violated, they can address the National Supervisory Authority for Personal Data Processing – www.dataprotection.ro.

Upon request, any client will receive information about their processed personal data, the purpose of processing, and can exercise their rights according to the Regulation.

CardioNet DBB, CUI 46060728, J53/437/2022, Str. Republicii 56, Bolintin Vale, Giurgiu