General Data Protection Regulation
Art. 1. General Information
In the course of its business, S.C. DENTSON CLINIC S.R.L. (“Company”) processes your personal data when you access the dentson.ro website (“Website”).
The Company shall at all times ensure compliance with all the principles and legislation on the protection of personal data, with regard to the processing, collection, processing, storage and transfer of personal data, as governed by applicable law and by the provisions of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”).
This policy sets out the key principles regarding data protection and how the Company manages the personal data you transmit to us by accessing the Website. The company will update this policy and publish its latest version on the website.
DEFINITIONS
The following definitions of terms used in this document are taken from Article 4 of the GDPR:
Personal data: means any information relating to an identified or identifiable natural person (“data subject”), which can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
Processing: means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting , use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction of data.
DPO: means the person responsible for data protection, more precisely the person responsible for data protection.
Art. 2. Categories of personal data
We know the importance of your personal data and are committed to protecting your privacy and security. Therefore, it is important for us to inform you about the processing of your personal data as a user of our website, through this policy.
The categories of personal data processed by the Company vary depending on the interaction and reports that you record on the Website. Thus, personal data may be provided by you in the various sections of the Website, in particular in the following situations: when you subscribe to the Company’s newsletter, when you fill in the Dentson Website offer request form.
Article 2.1. Categories of data that can be processed:
- When filling in the contact form available on the Website: name, surname, telephone number, e-mail address, documents attached to the contact message that may contain personal data;
The data provided by you must be real, accurate and up to date, and you must have the right to provide it. The data mentioned above are provided by you voluntarily when interacting with the Company according to the purpose transmitted by you. You are thus responsible for the data you provide on the website, both to us and to any third party who may be harmed by the provision of the data.
The website may also collect certain information about your browsing and your interactions with various sections of it. We will store or access information and cookies on your terminal equipment (computer, phone, tablet, etc.) only under the conditions described in the appropriate Cookies section. The categories of personal data that are processed include: the time and date of accessing the site, as well as the IP address of the terminal from which the website was accessed.
Article 2.2. The company may process the data mentioned in art. 2.1, above, for the following purposes:
- Marketing: sending newsletters to subscribers through means of communication such as e-mail, telephone; the processing of this personal data is carried out on the basis of your consent;
- For recruitment purposes: data processing for the recruitment and employment process; the processing of this personal data is carried out on the basis of your consent; also, the legal basis is the conclusion and execution of the contract, in the case of candidates proposed for employment;
- In order to manage requests, complaints, suggestions: data processing to complete the contact form; the processing of such personal data is carried out on the basis of your consent, as well as in the legitimate interest of the Company in order to resolve complaints, improve services, manage suggestions and requests sent to the Company;
- In the context of processing the data of the visitors of the Website, in order to ensure the proper functioning of the Company’s website; the legal basis for the processing is the legitimate interest of the Company in order to improve the services provided.
Art. 3. Basic principles regarding the processing of personal data
The processing and management of your personal data is carried out in compliance with the following principles:
- It is open and transparent about what it does with the data and why it uses it;
- Keep your data safe;
- It ensures that it always has a legal basis for managing the data;
- Collects and uses the minimum necessary data, thus respecting the principle of minimization;
- Keep data up to date, accurate and complete;
- It does not store the data longer than necessary, ensuring the implementation of data retention periods, where there is no mandatory period provided by law;
- Respects the legal rights of data subjects with regard to their personal data;
- Do not transfer data abroad without taking the necessary steps to transfer the data and not before informing the data subjects accordingly.
Article 3.1. Fairness and transparency
Personal data is processed lawfully, fairly and transparently in relation to the data subject. This is the basic principle and means that we use personal data only to the extent that the persons entrusting it to the Company have been informed in advance about the use. You may request information from the Company at any time on the following principal matters:
- What kind of data will be collected;
- For what purpose will they be used;
- With whom they will be shared (if applicable);
- If they will be transferred to other countries;
- How long they will be kept;
- What rights do individuals have regarding their personal data;
- Indication of the channels of contact through which data subjects may exercise these rights.
Personal data will be processed only for the purpose communicated to the data subject. Subsequent changes to the purpose of the processing will be communicated to the data subject, prior to the use of his / her personal data.
Article 3.2. Legality
The Company understands to carry out all the processing activities both for a well-defined purpose and related to its activity, but also limited to an appropriate legal justification, as well as to fulfill the legitimate interests of the Company in the context of its object or activity, as follows:
- subscribing to the Company’s newsletter through which we will send launches of new products or services, commercial communications regarding the promotions and campaigns carried out by the Company;
- independently or in collaboration with one or more partners, useful information about the services offered, etc .;
- providing answers in case of filling in the contact form;
- participation in competitions and campaigns organized online by the Company;
- managing the applications received through the form in the “Careers” section;
Article 3.3. The consent of the data subject
Obtaining the consent of the person whose data we are going to collect and process is another legal basis provided by GDPR, and the Company will process personal data only based on your express and unequivocal consent, in all situations where it is necessary.
Article 3.4. Data minimization
Personal data will only be used when absolutely necessary and relevant to a particular process or project task. If the use of personal data cannot be avoided, the Company will use only the minimum data necessary to fulfill that purpose.
Article 3.5. Data accuracy
Data protection law requires that personal data be kept accurate, complete and up to date. The company will ensure the correction, supplementation, updating or deletion, as the case may be, of inaccurate or incomplete data.
Article 3.6. Data retention period and storage
We will keep your personal data for a period not exceeding the period necessary to fulfill the purposes for which the data are processed, unless the legal provisions provide or oblige us otherwise. So:
- regarding the Company newsletter, we will keep your e-mail address in the newsletter database as long as your subscription is active; from the moment we receive your unsubscribe request,
- we will disable the sending of newsletters to your e-mail address; at which point the email address will be deleted from the newsletter subscriber database;
- regarding the contact form, we will keep your personal data for the period necessary to provide answers to your messages and requests and proof of correspondence with you, but not more than 1 year after receiving them;
- regarding the booking form, we will keep your data in our database for a period of 3 months from the last booking.
- In order to participate in the contests and campaigns organized online by the Company, we will keep your personal data for the period necessary to carry out these programs and to prove your participation in these programs, according to the Regulations communicated for each event;
- with regard to the applications received through the form in the “Careers” section, your data will remain in the database for as long as necessary to complete the position for which you applied within the Company, but not more than 2 years from the date of their collection;
- regarding the analysis of website browsing and user interactions with the website, we will keep the data on your interactions for a period of up to 3 years.
The company may delete your personal data when it considers that it is no longer necessary for the purposes for which it was collected.
We do not store information or access information stored on your terminal equipment (computer, phone, tablet, etc.) except with your prior consent or when these operations are performed solely for the purpose of transmitting a communication over an electronic communications network, or are strictly necessary in order to provide an information society service expressly requested by you (for example, to store information about your activities on the website or in the mobile or tablet application, so that you can easily use the website or mobile or tablet application for later access).
In order to use the cookies for which your prior consent is required, the website will ask for your consent through a banner displayed on the website at the time of accessing them. This banner contains a link to this Personal Data Protection Policy and gives you the option to accept cookies as well as the option to refuse them. If you have given your consent, but you change your mind later, you can use the settings of your web browser (application) to delete the stored information or to refuse cookies.
Article 3.7. Data security
The company ensures and implements the technical and organizational security measures imposed by law and industry standards, to protect your personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access, and against any other form of illegal processing. We also take steps to ensure that we use your personal data exactly as described in this Policy and to respect your choices regarding the processing of your personal data.
Article 3.8. Disclosure to third parties
Except as provided below, we will not disclose any information about your data without authorization. Based on your express and unequivocal consent, given in this way and only within the limits of the legislation in force or for the purpose of fulfilling a legal obligation and / or protecting a legitimate interest, we may transmit your personal data to:
Service providers in the following fields: marketing, administrative and transaction processing services;
State and government agencies, if required by law;
Other authorities and bodies, in order to fulfill our legislative obligations and / or to protect our legitimate interests;
The transmission of your personal data to the above-mentioned recipients will only be done on the basis of a commitment of confidentiality and ensuring an adequate level of security on their part, which guarantees that personal data is kept secure.
Art. 4. The rights of natural persons
According to the legal provisions in force, the persons concerned enjoy the following rights:
- The right to be informed about the manner and reason for the use of personal data;
- The right to request copies of personal data held by an entity (including information contained in e-mails, instant messages, notes, etc.);
- The right to request the correction of any inaccuracies in their personal data;
- The right to order the deletion of personal data (including the permanent deletion of the Company’s systems and any systems of an outsourcing provider to which the Company has granted access); The right to request the Company to cease the processing of personal data;
- The right to request the Company to cease the processing of personal data;
- The right to object to the use of their personal data for the purposes of direct marketing;
- The right to have any personal data provided to the Company transferred to another party (for example, another banking service provider) “in a structured, frequently used and automatically readable format”;
- The right not to be subject to a fully automated decision-making process (ie a decision generated by the system without a human contribution), if the result has a significant legal or similar effect on the person concerned;
- The right to withdraw consent when it has been given for processing;
- The right to address the National Authority for the Supervision of Personal Data Processing, if deemed necessary.
If the Company receives a request from you in the exercise of any of the above rights, we will respond to the request within 30 days, with the possibility of extending this period, only after informing the data subject and provided there is a good reason to justify the impossibility of formulating an answer within 30 days.
Art. 5. Data security breach
If personal data is lost, damaged, stolen, compromised or as a result of a complaint about the way the Company has managed personal data, the Company will report the breach to the National Supervisory Authority for the Processing of Personal Data within 72 hours from the finding of the violation and to notify without delay the relevant persons in case they are likely to be affected by the incident. In addition, the Company will make reasonable efforts to limit the damage caused by data security breaches.
Art. 6. Organization and responsibilities
The responsibility for ensuring the proper processing of personal data lies with any person who works for or finds himself in a form of collaboration with the Company and who has access to the personal data processed.
Article 6.1. DPO contact information
If you have any questions regarding the exercise of any of your rights mentioned above or any requests to address, you should contact your local DPO at the following email address: admin @ dentson.ro.