PERSONAL DATA PROCESSING POLICY 

 

CARDIOSCIENCE SRL, headquartered in Bucharest, Str. Hatmanul Arbore, Nr. 15-19, Office No. 4, Et. 2, Ap. 209, Sector 1, Unique Registration Code: 38882485, Nr. Trade Register: J40 / 2293/2018, represented by Daniela Nicoleta Tatu - Chitoiu, phone: 0723189104, e-mail:  office@cardioscience.ro , CARDIOSCIENCE SRL, will be hereinafter referred to as “CARDIOSCIENCE” developed this data processing policy personal data (hereinafter referred to as "Policy") to inform you of the conditions under which your personal data is collected, processed, used and protected ("Personal Data"). 

The confidentiality of your data is one of our fundamental commitments and, therefore, we ensure that the processing of your data takes place in full compliance with the principles set out in the applicable legislation, including but not limited to the General Data Protection Regulation. 679/2016 (“GDPR”). 

This Policy aims to inform you, as a data subject, about the way in which CARDIOSCIENCE acts in its relationship with you in accessing and using our web platform, www.cardioscience.ro, and the Dahna application ( "Application"), as well as regarding the communication channels through which you can contact our representatives for reporting any deviation from the Policy or for any other questions regarding this aspect.

Please read this Policy carefully because, by accepting it, you agree to all the clauses indicated below. 

You have no obligation to provide us with your personal data mentioned in this document. However, if you do not provide us with the data mentioned in this information note, it will not be possible for us to provide you with the services you request from us. If you do not agree with these terms of use, please delete the Application and do not continue to use the CARDIOSCIENCE services. 

In order to have access to the available CARDIOSCIENCE services, the user must be a User of the services. User of the services is that user who has access to the Application and the services offered by the CARDIOSCIENCE Partners ("Partners"). You may have access to CARDIOSCIENCE services through a third party organization such as your employer or one of the CARDIOSCIENCE partner companies.

We emphasize that the provisions of this Policy have a purely informative role and do not affect the rights offered by the legislation. 

  1. WHAT PERSONAL DATA DOES CARDIOSCIENCE PROCESS?

The personal data regarding your person and that the Application will process are the data obtained directly from you (at the time of registration in the Application) or results from the provision of services by CARDIOSCIENCE Partners.

These Personal Data currently include the following categories of data: 

personal details, such as: name; first name; sex; age; phone number, email address

personal data such as height, body weight desired weight, body mass index or any other information you choose to provide in the CARDIOSCIENCE Partner Application

geo location data

  1. HOW DO WE OBTAIN YOUR DATA? The source of personal data may differ depending on the purpose of processing. So: 

For the present Users we receive the following personal data about you: name; first name; contact details (phone number and e-mail address). We obtain most of the information directly from you, during accessing the services, for example ordering the list of ingredients from the application or menus or from our Partners, on the occasion of providing the requested services (even by you or by the Partners).

  1. FOR WHAT PURPOSE DO WE COLLECT YOUR DATA?

We use your data collected in point 2 to: 

Developing the contractual relationship between you and the CARDIOSCIENCE Application 

Purpose: issuing personalized menus, creating customized ingredient lists exactly in the quantities needed by your personalized profile created based on the data communicated by you, for processing the transactions performed by you within the orders addressed to CARDIOSCIENCE Partners; solving technical connection problems, solving your complaints. 

Duration of processing: the data will be stored for a period of 5 years, calculated from the date of termination of User status. 

Analyzes and statistics regarding the use of our Application / Products 

Purpose: optimization of CARDIOSCIENCE products in order to improve the satisfaction of CARDIOSCIENCE customers and Partners, improvement of services, identification of potential problems regarding the existing functionalities in order to improve them. 

Processing time: your data will be stored for a period of up to 5 years calculated from the date of termination of user status. 

Direct marketing and other commercial communications 

Purpose: offering discounts, promotions, launches of new functionalities, products or services, the appearance of new Partners, both from CARDIOSCIENCE and from the Partners (third legal entities), which have a contractual relationship with CARDIOSCIENCE.

Duration of processing: the data will be stored for a period of up to 5 years from the date of termination of user status or immediately, in case of request for exclusion from commercial and marketing communications. 

CARDIOSCIENCE may delete your personal data when it deems it no longer necessary for the purposes for which it was collected. 

In any case, you have the right to withdraw your consent for processing or to object to the processing and, if there are no legitimate and compelling reasons for processing to prevail, we will stop processing the data. 

  1. WHAT IS THE BASIS ON WHICH WE PROCESS YOUR DATA?

CARDIOSCIENCE processes your personal data pursuant to Article 6 (1) (b) of the GDR - processing for pre-contractual and contractual purposes, respectively art. 6 para. (1) letter c) of the GDPR - the processing for fulfilling some legal obligations incumbent on the operator (CARDIOSCIENCE). 

As most of the information is obtained directly from you, it is processed under Article 6 (1) (a) of the GDR - processing with the consent of the data subject. 

Also, within the processing of special categories of personal data, CARDIOSCIENCE will request your consent in accordance with the provisions of art. 9 para. (2) lit. (a) of the GDPR. Carrying out statistical studies on these categories of data, insofar as they will be made, will be made based on art. 9 para. (2) lit. (j) of the GDPR. 

Mainly CARDIOSCIENCE processes:

your personal data in order to be able to conclude a contract with you, at your request, or to execute a contract concluded with an organization (eg your employer) of which you are part (by which we undertake to provide you with our services) . We also process your data in order to fulfill our archiving obligations, the obligations to communicate to some public authorities. At the same time, there are cases in which we process your data on the basis of our legitimate interest, for example in order to inform you of the expansion of our network of Partners and to facilitate your access to our services.

This data is collected taking into account the specifics of our activity and the functionalities of the Application, based on your consent, when processing is necessary for purposes related to assessing the impact of functionalities in the Application or if processing is necessary for archiving purposes in the public interest. 

  1. WHAT ARE YOUR RIGHTS? REGARDING PERSONAL DATA?

You have the following rights in connection with the processing of your personal data: 

Right of access -  You have the right to obtain from us confirmation that your personal data are processed by us, as well as information about specific processing, such as: purposes of processing, categories of personal data processed, recipients of personal data , the period for which the personal data are stored, if we transfer the personal data abroad and how we protect them;

Right to rectification -  You can request the rectification of your personal data if you identify that they are erroneous or incomplete;

Right to object  - in certain situations, you have the right to object to the processing of your personal data by us.

Right of deletion   - In certain situations, you may request the deletion of personal data, ie when it is no longer necessary in relation to the purposes for which it was collected, if you withdraw your consent to the processing (and there is no other legal reason for processing) or if you object to the processing;

The right to data portability  - You have the right to obtain the transfer to any other operator of your data that we process or control;

Withdrawal of Consent  - To the extent that you have consented to the processing of your Personal Data, you may at any time withdraw your consent, without affecting the lawfulness of the processing based on the consent before its withdrawal.

The right not to be subject to any automatic individual decision  - you have the right not to be subject to a decision based solely on automatic processing, including personalization, which produces legal effects that concern or significantly affect you. Such a right cannot be exercised when the decision: (i) is necessary for the conclusion of a contract or for the performance of a contract between you and CARDIOSCIENCE; (ii) it is necessary to take appropriate measures to protect your rights, freedoms and legitimate interests; or (iii) is based on your explicit consent.

Right to file complaints with the supervisory authority -  you have the right to file a complaint with the National Supervisory Authority for the Processing of Personal Data (“DPA”) in connection with any violation of your rights regarding the processing of your personal data. personal character. The contact details of DPA are: Bulevardul Gheorghe Magheru 28-30, Sector 1, Postal Code 010336, Bucharest, Romania; e-mail: anspdcp@dataprotection.ro. Complete list of data protection authorities in the European Union: https://edpb.europa.eu/about-edpb/board/members_en

  1. HOW YOU CAN EXERCISE YOUR DATA RIGHTS. PERSONAL?

Certain rights can be exercised by sending an e-mail to  office@cardioscience.ro . To ensure that the person who contacts us about your personal data is you, we reserve the right to perform your verification. identity prior to the transmission of any type of response regarding the confidential data, precisely in order to ensure the confidentiality of all data. 

You can usually exercise your rights for free. However, manifestly unfounded, unjustifiably repetitive or excessive claims may be subject to a CARDIOSCIENCE fee. 

We will respond to this type of request within one month of receiving the request. This period could be extended by another two months, if necessary, taking into account the degree of complexity and the number of applications, in which case we will inform you of any extension and the reasons for the delay. 

  1. TO WHOM CAN WE DISCLOSE YOUR DATA?

Currently, CARDIOSCIENCE discloses your personal data to:

service providers (acting either as Partners or as persons authorized by CARDIOSCIENCE) and whom CARDIOSCIENCE contacts for administrative services, functional development, marketing and other service providers (eg IT service providers, data storage services etc.);

CARDIOSCIENCE partners to which you have access through the functionalities of the Application or CARDIOSCIENCE products.

other companies with which we can develop joint programs to offer on the market our products and services with which we will have confidentiality agreements.

accountants, auditors, lawyers and other external professional staff, who will be bound by legal or contractual obligations of confidentiality;

public authorities, if disclosure is necessary to comply with an obligation under applicable law.

The personal data provided to CARDIOSCIENCE may be transferred outside Romania to other states to other entities / Partners accredited to process personal data according to the regulations in force in the country of origin. 

  1. SECURITY MEASURES WE IMPLEMENTED TO PROTECT YOUR DATA.

We take all necessary precautions, taking into account the nature of personal data and the risks related to data processing, to maintain data security and, in particular, to prevent distortion, damage or unauthorized access of third parties (physical protection of the location, procedures personal access authentication, secured by confidential identifiers and passwords, a login log, encryption or anonymization of personal data, storage in secure environments, however, despite our efforts, we cannot always guarantee the effectiveness of the security measures implemented and , therefore, we cannot guarantee the security of personal data at any time. 

  1. UPDATING THE PERSONAL DATA PROCESSING POLICY

This Policy became applicable on July 5, 2021. We will update or amend this Privacy Policy as necessary and will notify you of such changes. We also recommend that you consult this page from time to time if you wish to be informed of how your data is collected and protected. 

In order to request more details regarding the measures taken to protect your personal information in the cases mentioned above, you can contact us at any time, at  office@cardioscience.ro