RSMI Members

Privacy Policy on Personal Data

Introduction

• Art. 1 In accordance with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), issued by the European Parliament and the Council of the European Union, it is necessary to adopt and develop this privacy policy on the processing of personal data, related to the online page, owned by the Romanian Society of Medical Informatics, https://srimed.ro.
• Art. 2 As a personal data controller, the Romanian Medical Information Company, through the https://srimed.ro page, processes the data that are voluntarily provided to it or, in the possession of which, it automatically enters by visiting the https://srimed.ro website, in accordance with the General Data Protection Regulation and Law no. 235/2015 on the processing of personal data and the protection of privacy in the sector electronic communications, safely, only for the purpose for which they were collected.
• Art. 3 The Romanian Society of Medical Informatics, through the https://srimed.ro page, respects the confidentiality of all data, information related to the beneficiary registered on the website. At the same time, the IT system has implemented appropriate methods for the protection of the beneficiaries' personal data, as well as for the operations and transactions that the beneficiary performs through this page.
• Art. 4 Your visit to the website and your access to it is subject to the "Privacy Policy on the Storage, Use, Processing and Portability of Your Personal Data.
• Art. 5 Also , visiting or accessing the website implies your explicit acceptance of the provisions of the "Privacy Policy" representing the entire agreement between the parties.
• Art. 6 By filling in the registration forms, respectively by continuing the transaction by using the "Send" command, you expressly express your consent to the storage, use and processing of personal information by the authorized personnel of the Romanian Society of Medical Informatics, through the https://srimed.ro page.
• Definition of terms
• Art. 7 The terms used have the following definition, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), but not limited to the terms set out in Regulation (EU) 2016/679:
• Personal data: means any information relating to an identified or identifiable natural person ("data subject"); An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
• Processing of personal data: means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Storage: the storage of the collected personal data on any medium.
• Confidentiality of personal data processing: refers to the protection of personal data against unauthorized access. The electronic files created, sent, received or stored on the computer systems owned, administered or in the custody and under the control of the Romanian Society of Medical Informatics, are the property of the institution in accordance with the provisions of the legislation in force. The user is personally responsible for the confidentiality of the data entrusted through the procedures for accessing the online payment platform.
• Integrity: refers to the measures and procedures used to protect data against unauthorized modification or destruction.
• User: a person, an automated application or user process authorized by the Romanian Society of Medical Informatics, in accordance with the procedures and regulations in force, to use the online payment platform.
• Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law.
• Processor: natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
• Third party: any natural or legal person, governed by private or public law, including public authorities, their institutions and territorial structures, other than the data subject, the controller or the processor or the persons who, under the direct authority of the controller or the processor, are authorised to process data.
• Data subject: a natural person whose personal data is processed.
• Consent: of the data subject means any free, specific, informed and unambiguous manifestation of the data subject's will by which he or she agrees, by an unequivocal statement or action, to the processing of personal data concerning him or her, in accordance with the General Data Protection Regulation.
• Collecting: collecting, collecting, receiving personal data from data subjects, through the registration forms, related to the online payment platform.
• Use: use personal data by and within the controller.
• Page https://srimed.ro/: represents the main means of online communication of the Romanian Society of Medical Informatics, between the beneficiary (participants in SRIM events, courses, members, doctors, students, researchers) and the bank.

General provisions

• Art. 8 The purpose of this privacy policy is to guarantee and protect the fundamental rights and freedoms of natural persons, in particular the right to intimate, family and private life, with regard to the processing of personal data stored and processed by the Romanian Medical Informatics Company, through the https://srimed.ro/ page.
• Art. 9 The personal data stored and processed, through the page, are those data filled in by the beneficiary in the registration forms (company registration form, donations, event taxes, respectively other taxes).
• Art. 10 The exercise of the rights provided for in this privacy policy may not be restricted except in express and limiting cases provided by law.
• Art. 11 This privacy policy is made based on the collaboration between public authorities, banking institutions and society, regarding the access and use of the online payment service by its beneficiaries.
• Art. 12 This online payment page is a secure service developed by the company's staff and made available to the beneficiaries to facilitate the possibility of online payment of various fees, thus avoiding a longer time spent collecting taxes by receipt at the company's or banks' headquarters.
• Art. 13 At the same time, by choosing this method of payment of various fees, the beneficiaries agree to the need to store and process the personal data that each beneficiary has filled in the registration forms (member payment registration form, event fees, respectively other fees).
• Art. 14 The Romanian Society of Medical Informatics, through the technical and organizational measures taken, guarantees the security of the storage and processing of the personal data filled in the registration forms, in accordance with the provisions of the General Regulation on the protection of personal data, respectively of the legislation in force on information systems.
• Art. 16 Also, the Romanian Society of Medical Informatics securely manages, only for the purposes specified and provided by law, the personal information you provide about yourself or another person.

Scope

• Art. 17 This privacy policy applies to the processing of personal data, carried out, in whole or in part, by automated means, as well as to the processing by means other than automatic ones, of personal data, which are part of a record system or which are intended to be included in such a system.

The objective of implementing the online payment platform

• Art. 18 The objective of implementing such a service was the idea of an online transaction, meant to help the beneficiary and also to save the time necessary for payments made at the company's or banks' headquarters.

Objective of the implementation of the privacy policy

• Art. 19 This privacy policy describes the rights that the beneficiary of this platform has in relation to the use, access, modification, respectively deletion of personal data.
• Art. 20 The purpose of this privacy policy is to implement the provisions of the General Data Protection Regulation.
• Art. 21 At the same time, by implementing a confidentiality policy related to the online financial service provided by the Romanian Medical Informatics Company and https://netopia-payments.com associates, respectively Banca Comercială Romanian, the aim is to ensure the safe conduct of the financial transactions carried out.
• Art. 22 This document describes the way in which personal data is stored, processed and ported through the online payment page. This information is taken from the tax registration forms (dues, other fees) filled in by you for the purpose of carrying out financial transactions.
• Art. 23 In accordance with the provisions of the General Data Protection Regulation, respectively in accordance with the laws governing the telecommunications system, by using all the services made available through the online payment platform, you agree and accept the terms of this document and agree to the storage, use, processing and porting of personal data, in accordance with the provisions of this policy. By clicking on the "Send" button, you agree to the storage and processing policy of the personal data filled in the form. Thus, you exercise your online financial payment option, to the detriment of the cash one at the company's or banks' headquarters.

Types of personal data stored and processed

• Art. 24 Your personal data stored through the registration forms on the online payment platform are as follows:• Name• Surname
• Name of Institution• CNP/Passport/CIF• Tax Type
• Amount(RON)• Email Address
• Art. 25 The need to store and process all such personal information is important in order to carry out the online process of payment of membership fees, event fees or other types of fees. At the same time, this information is ported to the banking institution, respectively the bank's associates, in order to conclude the online transaction process.
• Art. 26 Filling in the registration forms on the https://srimed.ro platform does not require filling in the data related to the card (card number, expiration date, card verification code). We are not responsible for transactions made on https://srimed.ro website.

The need to implement the privacy policy

• Art. 27 In accordance with the provisions of the General Data Protection Regulation, the need for the storage or processing of personal data is expressed: "The processing of personal data to the extent strictly necessary and proportionate, for the purpose of ensuring the security of networks and information, namely, the ability of a network or information system to cope, at a certain level of trust, accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted, as well as the security of the related services offered by these networks and systems, or accessible through them, by public authorities, computer emergency response teams, intervention teams in the event of incidents affecting security providers of electronic communications networks and services, as well as providers of security services and technologies, constitute a legitimate interest of the data controller concerned. This could include, for example, preventing unauthorised access to electronic communications networks and the dissemination of harmful codes, and stopping 'shutdown of service' attacks, as well as preventing damage to computers and electronic communications systems'.
• How personal data is collected
• Art. 28 In order to provide financial payment services, the Romanian Society of Medical Informatics stores and processes your personal data, which have been filled in the registration forms.
• Art. 29 At the same time, the Romanian Medical Informatics Company portrays your personal data to the banking institution with which it has a contract, in this case the Commercial Bank Romanian, respectively, to the bank's partners, (https://netopia-payments.com) in order to carry out the financial transaction process. The porting of personal data is necessary in order for the authorized staff of the banking institution to be able to process these data in order to carry out the online payment process, respectively to offer the facilities related to the financial service (payment verification, payment completion, payment confirmation).
• Art. 30 The collection of personal data is done through the information provided by you by filling in the forms on the platform. Personal data is stored and processed for the payment of the membership fee, for the payment of the event fee, respectively for other types of fees.
• Art. 31 The online platform https://srimed.ro does not use cookies to track your browsing options, record your searches or other potentially intrusive elements.
• Sharing personal data with third parties
• Art. 32 The Romanian Medical Informatics Company, through the online payment platform, ports your personal data to third parties (Banca Comercială Romanian, respectively https://netopia-payments.com/). They ensure the provision of online payment services within the Romanian Society of Medical Informatics.
• Art. 33 The personal data that the institution shares with third parties (the bank, respectively the bank's associates) are the data that you fill in the registration forms. These completed data are either directly related to you (• Name, Surname, Institution Name, CNP/Passport/CIF, Tax Type, Amount(RON), Email Address), or in combination with other data, but which may lead to your person (member registrations).
• Art. 34 In accordance with the provisions of the current legislation, the Romanian Society of Medical Informatics may provide personal data to the authorities of the Romanian state. The law allows the institution, with the consent of its legal representative, to disclose your personal data without your consent, as follows:• On the basis of warrants or court or other decisions, respectively in order to comply with the law.• In the event that the rights, property, safety or security of a person is in danger.• In the event that it is found that your actions violate the provisions of this "Privacy Policy" or any other "legal rights".• In other cases where applicable law requires or permits the portability of your personal data.

Period of storage of personal information

• Art. 35 The Romanian Society of Medical Informatics will keep personal information for as long as necessary in order to provide and develop the services and applications related to the online payment platform. The period of retention of personal data may be extended for as long as necessary for the fulfillment of legal obligations, for the resolution of disputes or for the performance of contracts.
• Art. 36 The beneficiaries of the online payment platform, according to the General Data Protection Regulation, have the following rights:
• Right of access (art. 15 of the Regulation) – you have the right to obtain confirmation of the processing of personal data by the Romanian Society of Medical Informatics and the right of access to the respective data.• Right to rectification (art. 16 of the Regulation) – you have the right to obtain from the Romanian Society of Medical Informatics, the rectification of your inaccurate personal data. Taking into account the purposes for which the data was processed, you have the right to obtain the completion of data that is incomplete.
• The right to erasure of data "the right to be forgotten" (art. 17 of the Regulation) – in situations where: 1) the data are no longer necessary for the fulfillment of the purposes; 2) you have withdrawn your consent and there is no other ground for processing; 3) you object to the processing and there are no overriding legitimate grounds in relation to the processing; 4) If your personal data has been unlawfully processed, you have the right to obtain the erasure of your data. In the event that the beneficiary wishes to delete personal data, the institution reserves the right to interrupt the provision of services to the beneficiary, as the necessary conditions for ensuring the security of information systems and electronic transactions cannot be met.
• Right to restriction of processing (art. 18 of the Regulation) – you have the right to obtain the restriction of the processing of personal data by the Romanian Society of Medical Informatics, in the event that one of the following cases applies: 1) you contest the accuracy of the data, for a period that allows their accuracy to be verified; 2) the processing is unlawful and you object to the erasure of the personal data, requesting instead the restriction of their use; 3) The Romanian Society of Medical Informatics no longer needs your personal data, but you request that they be kept only for the establishment, exercise or defense of a right in court; 4) you have objected to the processing in accordance with art. 21 para. (1) of the Regulation, for the period of time in which it is verified whether the legitimate rights of the Romanian Society of Medical Informatics prevail over your rights.
• Right to data portability (Art. 20 of the Regulation) – you have the right to receive personal data concerning you and that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller, if: 1) the processing is based on consent pursuant to Art. 6 para. (1) letter (a) or art. 9 para. (2) letter (a) of the Regulation or on a contract pursuant to art. 6 para. (1) letter (b) of the Regulation; 2) the processing is carried out by automated means.
• The right not to be subject to a decision based solely on automated processing (Art. 22 of the Regulation) – you have the right not to be subject to a decision assessing personal matters relating to you, which is based solely on automated processing and which produces legal effects that concern you or similarly affect you to a significant extent, such as job performance. This right cannot be invoked if the decision: 1) is necessary for the performance of a contract between you and the Romanian Society of Medical Informatics; (2) it is authorised by Union or national law applicable to the controller and which also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; 3) is based on your explicit consent.
• The right to withdraw consent (art. 7 para. (3) of the Regulation) – if the processing is based on consent, you can withdraw your consent at any time by an express request. Also, as stated in the "Right to erasure of data", the institution reserves the right to interrupt the provision of services to the beneficiary, as the necessary conditions for ensuring the security of information systems and electronic transactions cannot be met.
• Art. 37 In the event that you consider that your rights regarding the processing of your personal data have been violated, you have:
• The right to lodge a complaint with the National Supervisory Authority for Personal Data Processing;
• The right to apply to the competent court.
• Art. 38 In order to request access to personal data, the beneficiary or his legal representative must make a written address to the legal representative of the institution. The data will be transmitted only to these persons or entities in accordance with the legislation and security conditions regarding the transfer of personal data.

Transfer of personal data

• Art. 39 The Romanian Medical Informatics Company, through the online payment platform https://srimed.ro, does not transfer your data to countries within or outside the European Union, except for the situations expressly provided for by law or when this is necessary from the point of view of the purpose of collection. In the event of any changes, we will inform you of this.

Consequences of not providing the requested personal data

• Art. 40 If a beneficiary of the online payment platform https://srimed.ro refuses to provide certain information essential to the purpose of processing the registration form, the Romanian Society of Medical Informatics reserves the right not to comply with the visitor's request.

Privacy of personal data related to minors

• Art. 41 Personal data related to minors are not requested. Persons under the age of 16 must not submit personal data without the consent (consent) of their parents or guardians. Such data is not intentionally collected and is not disclosed to third parties.
• The institution's commitment to the security of personal data
• Art. 42 The Romanian Society of Medical Informatics, through authorized personnel, has implemented procedures and has taken technical-organizational measures, regarding the increase of the degree of security in order to protect the data of the beneficiaries transmitted through the registration forms, on the online payment platform https://srimed.ro . This ensures an appropriate level of security against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access to your personal data. However, with all these procedures and measures undertaken by the institution's authorized staff, the absolute security of your personal data cannot be guaranteed. There can be no guarantee that communication lines cannot be illegally intercepted or that personal data will not be illegally accessed by third parties.

Links to External Websites

• Art. 44 The https://srimed.ro online platform does not contain links to external websites.

Changes to this Privacy Policy

• Art. 45 The Romanian Society of Medical Informatics reserves the right to modify this privacy policy, depending on the needs and legislative regulations.
• Art. 46 Any changes to this privacy policy will be posted on https://srimed.ro website, prior to its application.

Document version: 1.0