GDPR policy


CONSENT TO PROCESS AND USE OF PERSONAL DATA

I give this consent as a visitor, customer, or user of myInfo Band goods and services, a concept of S.C. GuardianAngel.NET S.R.L., under the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

In order to enter in any of the capacities described above I provide in accordance with the GDPR Policy of S.C. GuardianAngel.NET S.R.L., of my own free will, all absolutely necessary personal data and I express my express and unequivocal consent, on:

1.     The collection, processing and use of all my personal data and documents provided by: S.C. GuardianAngel.NET S.R.L., for the purpose of access to the goods and services provided, as well as for statistical purposes.

2.     I am informed by the Information Note / GDPR Policy sent / given by S.C. GuardianAngel.NET S.R.L. about the categories of recipients of my personal data, as well as the fact that my personal data will be treated confidentially and are collected as a beneficiary of the goods and services provided by S.C. GuardianAngel.NET S.R.L. being used in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

3.     I have been informed and agree that on the basis of a prior request made to me, I can obtain a response regarding the data stored and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the period for which the personal data will be stored, the right to request rectification or erasure of personal data or restriction of the processing of personal data or the right to object to the processing, the right to lodge a complaint with a supervisory authority.

4.     I consent to the personal data to be stored for the period of existence of the goods and/or services used by the undersigned from S.C. GuardianAngel.NET S.R.L. and transferred, communicated only to the contractual partners of the aforementioned supplier and/or public institutions / public authorities competent in the verification, monitoring and management of projects financed by European Structural and Investment Funds.

5.     I have been informed that I have the right, on prior request, to obtain, without undue delay, the rectification of incorrect or inaccurate personal data relating to me and to obtain the completion of personal data which are incomplete, including by providing a supplementary statement.

6.     I have been informed and agree that upon prior request, in certain circumstances, i.e. if the personal data are no longer necessary for the purposes for which they were collected or processed, there is no other purpose or legal basis, or legal obligation for the processing of personal data, I have the right to obtain the erasure of personal data without undue delay.

7.     I have been informed of the right to object to the processing of personal data in certain circumstances, i.e. if the personal data are no longer necessary for the purposes for which they were collected or processed, there is no other purpose or legal basis, or a legal obligation to process them.

8.     I have been informed of the right to restrict the processing of personal data as well as the right to lodge a complaint with the NSAPDP (National Supervisory Authority for Personal Data Processing), if I consider that the processing of personal data violates Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

INFORMATION NOTE / GDPR POLICY ON THE PROCESSING OF PERSONAL DATA

S.C. GuardianAngel.NET S.R.L. with a registered office in Sibiu, Dorului str., no. 20C, ap. 17, jud. Sibiu, registered with the Trade Register of Sibiu under no. J32/1798/2020, with CUI 43504311 as personal data controller, hereinafter referred to as GuardianAngel, hereby informs you about the processing of your personal data and your rights under Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, also known by its abbreviation GDPR, hereinafter referred to as "Regulation" and national legislation on the protection and security of personal data. S.C. GuardianAngel.NET S.R.L. acts as a data controller with regard to the processing of personal data of natural persons concerned, as it determines the purposes and means of processing such data. For the purpose and on the occasion of such processing, S.C. GuardianAngel.NET S.R.L. shall make every effort to protect your personal data through measures in accordance with the applicable law.

1.   Processed personal data

As personal data controller, S.C. GuardianAngel.NET S.R.L. processes the following personal data of its customers for the provision of services: name and surname, personal numerical code, series and number of identity card, home and/or residence address, bank and IBAN, age/date of birth and gender, signature, contact data (telephone number, e-mail address), city, country, data relating to the status of insured person under the national health insurance system, genetic data, health status data, including medical history, essential medical information (blood group, medical conditions, permanent medical devices, major operations or interventions, organ donors, height, weight, type of vaccines, Vaccination certificates (Green Passport), biometric data (in case of registration of such data in the forms concerning the creation of QR Codes, scanned for information in case of emergency or for accessing user accounts in the mobile application, if the phone from which it is accessed uses such biometric data for authentication). In these circumstances, S.C. GuardianAngel.NET S.R.L. does not process any special personal data other than those that the client deems necessary to disclose: racial or ethnic origin, political opinions or philosophical beliefs, sexual orientation or membership of trade unions or political parties of the data subjects are not relevant data for the services developed by S.C. GuardianAngel.NET S.R.L.

2.  The purposes for which your personal data are processed

S.C. GuardianAngel.NET S.R.L. processes personal data of data subjects for the following purposes:

⮚     Conclusion and execution of the service contract

In order to provide services, S.C. GuardianAngel.NET S.R.L. will request the personal data listed above in point 1.

⮚     Fulfilment of the legal obligations incumbent on GuardianAngel.NET S.R.L. as a service provider

S.C. GuardianAngel.NET S.R.L. processes your personal data in order to fulfill its legal obligations as a service provider, according to both medical and tax legislation.

⮚     Exercise of a legitimate interest of the controller of personal data

In addition to the purposes mentioned above, S.C. GuardianAngel.NET S.R.L. processes the personal data of data subjects in the context of or in order to exercise a legitimate interest, namely for the initiation and performance of contracts with its customers, as well as for the defense of its financial and/or non-financial rights.

3.  Legal basis for processing your personal data

The processing of your personal data is mainly based on the following legal provisions:

⮚    Article 6(1)(b) of the Regulation, in the case of processing of personal data for the purpose of entering into and performing the contact to which the data subject is party;

⮚    Article 6(1)(b) of Regulation (EC) No 45/2001 c) of the Regulation, in the case of processing of personal data necessary for compliance with a legal obligation incumbent on S.C. GuardianAngel.NET S.R.L., mainly in its capacity as a service provider, in view of the provisions included in the legislation in force (e.g. for the provision of services or for the preparation of tax invoices requested by data subjects), respectively Article 6, paragraph 1, lit. e) of the Regulation in the case of processing of data in the public interest (e.g. for public health reasons);

⮚    Article 6(1)(f) of the Regulation in the case of processing of personal data for the purposes of the legitimate interests pursued by S.C. GuardianAngel.NET S.R.L..

 

In specific cases, where a particular processing operation cannot be covered by the provisions of Article 6(6). (1) (b), (c) and (f) of the Regulation, if necessary and proportionate, the processing will be carried out on the basis of your prior, specific, freely given and informed consent.

4.   Categories of recipients of your personal data:

S.C. GuardianAngel.NET S.R.L. processes the personal data of data subjects in full compliance with the legal provisions, and these data are transmitted to third parties only for the purposes mentioned in section 2. In this context, they are or could be communicated to the following recipients:

⮚        Central/local public authorities and institutions (e.g. National Health Insurance House, police, prosecutors' offices, courts, etc.);

⮚        Medical laboratory analysis laboratories and medical imaging service providers;

⮚        The employer of the data subject in the case of occupational health services.

⮚        Family doctors, polyclinic doctors, hospital doctors, emergency services, etc. if they are enrolled in the application and register, facilitate the registration of new users or access user data (only for service users registered by them);

⮚        Emergency services staff: IGSU, ISU, Fire Brigade, Ambulance, SMURD, Mountain Rescue, etc., in medical emergencies;

⮚        UPU staff, Polyclinics, Hospitals, ATI, etc. in situations requiring correct and complete information, only with the express consent of the service users;

⮚        Sales partners - natural and legal persons (re-sellers, sales agents) - only the data necessary for creating the profile and activating the service (name, surname, telephone number, e-mail, bracelet ID);

⮚        Staff of S.C. GuardianAngel.NET S.R.L. for the administration of the mobile application, web, reporting, user support, etc.;

⮚        Public or private medical networks enrolled in the system, if they are providers of data, own or user information;

⮚        Local public authorities, Social Welfare Directorates if they purchase the services of S.C. GuardianAngel.NET S.R.L. for the persons served - only the data necessary for creating the profile and activating the service (name, surname, phone number, e-mail, bracelet ID);

⮚        Institutional and organizational partners (Red Cross, NGOs, etc.) - only the data necessary for creating the profile and activating the service (name, surname, phone number, e-mail, bracelet ID), for people who join the ecosystem on their behalf;

⮚        Software developer(s) (subcontractors) for development, testing, piloting, maintenance, etc. purposes (only by sampling).

⮚        Anonymous individuals who can scan the QR on the objects supporting it (wristband, stickers, cards etc.) and have access/view the personal and medical data uploaded by the customer in the "public information" area; the customer has the flexibility to decide what personal data is uploaded in this area, also whether or not to display a QR scan by any anonymous person. In case the data is "hidden" from the public area, it is only accessible to people and organizations with assigned roles and accounts in the ecosystem (carers/guardians of people, people with connected profiles/accounts, doctors/emergency staff, hospital doctors, family doctors etc).

⮚        Other profiles in the application to which personal profile sharing is performed via the unique sharing code for each account.

5.   Processing period of your personal data

As a personal data controller, S.C. GuardianAngel.NET S.R.L. will process your personal data for the duration of the service contract, as well as for 5 years after its termination (in the event of requests or other actions after the termination of the contractual relationship). Some of your personal data may also be further processed for up to 30 years for the fulfilment of legal obligations of retention and/or archiving in accordance with the regulations in force.

6.   Your rights in relation to the processing of your personal data

You may, under certain conditions laid down by the Regulation, exercise the following rights:

⮚     The right of access to data

You have the possibility to obtain free of charge from GuardianAngel.NET S.R.L. a confirmation on the processing of your personal data, as well as access to those data and to the information referred to in Article 15 of the GDPR. Please contact us if you want confirmation that your data is processed and if you want to know how they are managed. A response will be provided within one month from the date of the request (unless the request is unfounded or excessive).

⮚     The right of rectification

You have the possibility to request S.C. GuardianAngel.NET S.R.L. to correct and/or complete personal data concerning you insofar as they are inaccurate and/or incomplete. Please inform us of any date you would like us to rectify and we will respond within one month of the date of the request at the latest. We will forward the changes to any third parties who need to rectify them and will inform you of such rectification.

⮚     Right of removal

You can exercise your right to delete your personal data in a number of situations (for example, if the data is no longer needed for the purpose for which it was created or you withdraw your consent). Given the purposes and grounds for the processing of your personal data by S.C. GuardianAngel.NET S.R.L., detailed above, you may exercise your right to erasure of such data under the conditions set out in Article 17 of the Regulation after the expiry of the period referred to in Section 5.

Deletion/removal of your data/documents can be done by voluntary basis, manually deletion of the user account, from mobile or web-based application myInfoBand, by accessing menu:

My AccountàSettingsà Accountà Delete your account.

Also, in case of a new profile or user registered by a customer, if there won’t be purchased any order in up to 30days, GuardianAngelNET will automatically delete the profile or user account.

⮚     Right to restrict processing

This right may be exercised under the circumstances and conditions laid down in Article 18 of the Regulation.

⮚     The right to data portability

Your data is stored in physical and/or electronic format in manually processed databases.

If S.C. GuardianAngel.NET S.R.L. processes your personal data by automated means, you will have the possibility to request us to provide you with such data in a structured, commonly used and machine-readable format and to transfer it to another personal data controller.

⮚     The right to object

You have the possibility to object, on grounds relating to your particular situation, to the processing under Article 6(6). (1) lit. (f) under the conditions laid down in Article 21 of the Regulation.

⮚     The right not to be subject to a decision based solely on automated processing, including profiling

S.C. GuardianAngel.NET S.R.L. does not take decisions based on the automatic processing of your personal data without informing you and asking for your prior consent.

For further information or to exercise your rights you may contact the Data Protection Officer (DPO) appointed by S.C. GuardianAngel.NET S.R.L. using the following contact details:

⮚  Correspondence address: Sibiu, str. Dorului, no. 20C, ap. 17, jud. Sibiu

⮚  E-mail address:     [email protected]