This Policy governs the relations between BREDENT MEDICAL ROMANIA S.R.L. based in Romania, having a unique registration code 26940620, the owner of fastandfixed.com website, (hereinafter referred to as “bredent” or “the Company”) and the persons using (hereinafter referred to as “the User”) the website www.fastandfixed.com (hereinafter referred to as “the Site”) ). This Policy describes what types of personal data are processed, how they are used, what your options are in relation to such processing, and how the Company will respect your rights as a data subject under the Regulation (EU). ) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”). We therefore recommend that before using our site, you carefully read this Policy to understand the manner in which your personal data is processed.
CATEGORIES OF PROCESSED DATA AND PURPOSE OF PROCESSING
The company may processes the personal data that you provide us when you use the site, when you register on our page or if you participate in any of our actions by willingly filling in one of the forms that may be available on the site at some point.
The personal data processed by the Company are both name, surname, e-mail address and home address, telephone number, as well as some sensitive personal data such as medical data consisting of: allergies, diagnosis, tests and medications administered, blood group, x-ray results; medical recommendations; data from the medical file, such as dental radiography.
All the data provided by you by filling in the online form will be used only for the purpose of your registration in the campaign “Smile rewards you!” and respectively for the purpose of claiming the prizes awarded.
YOUR RIGHTS AS A TARGET PERSON
In accordance with Chapter III of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), the following rights as data subject:
- The right to information and the right of access – the right to obtain from the Company, upon request and free of charge, the confirmation of the fact that the data concerning it are or are not processed by the Company;
- The right to rectification – The data subject has the right to obtain from the Company, without undue delay, the rectification of inaccurate personal data concerning him. Taking into account the purposes for which the data were processed, the data subject has the right to obtain the completion of personal data that are incomplete, including by providing an additional statement;
- Right to deletion of data – Right to deletion of data (“right to be forgotten”) – The data subject has the right to obtain from the Company the deletion of personal data concerning him, without undue delay, and the operator has the obligation to delete personal data without undue delay if one of the following reasons applies:
- a) personal data are no longer necessary for the purposes for which they were collected or processed;
(b) the data subject withdraws his or her consent on the basis of which processing takes place in accordance with Article 6 (1) (a) or Article 9 (2) (a) and there is no other legal basis for the processing;
(c) the data subject opposes the processing pursuant to Article 21 (1) and there are no legitimate reasons prevailing in respect of the processing or the data subject opposes the processing pursuant to Article 21 (2);
- d) personal data have been processed illegally;
- e) personal data must be deleted for compliance
a legal obligation incumbent on the operator under Union or national law to which the operator is subject;
- f) personal data have been collected in connection with the provision of information society services referred to in Article 8 (1).
- If the controller has made his personal data public and is obliged, pursuant to paragraph 1, to delete them, the controller, taking into account the data technology
HOW LONG WILL WE STORE YOUR DATA
We will store your data strictly for the period necessary to carry out the Campaign, and in the event that there is a legal requirement, we will store them only as long as the law provides.
To store your data in electronic format, we inform you that we have secured and encrypted all personal data in a MYSQL database, as well as a specialized security team that constantly analyses and improves the measures you take. we have adopted for the protection of your personal data against any unauthorized access, accidental loss, disclosure or destruction.
SECURITY OF YOUR DATA
We have implemented the following technical and organizational measures to ensure the security of personal data:
(i) Dedicated policies. We adopt and review our customers ‘and others’ data processing practices and policies, including physical and electronic security measures, to protect our unauthorized access systems and other potential security threats. We constantly check the way we apply our own personal data protection policies and the way we respect the data protection legislation;
(ii) Data minimization. We have ensured that your personal data that we process is limited to those that are necessary, appropriate and relevant for the purposes stated in this note;
(iii) Restricting access to data. We strictly restrict access to personal data that we process to employees, collaborators and other people who need to access it in order to process it for us;
(iv) Specific technical measures. We use technologies to ensure that the security of their data is protected. We take the necessary measures to protect personal data against loss, misuse and unauthorized access, disclosure, modification or destruction. These measures include, but are not limited to:
- training and communication of appropriate policies and practices;
- restricting access and monitoring of the building, systems and files – installation of the anti-burglary system, intervention in case of alarm is provided by a protection and security company;
- technical measures – mounting the files and securing them in a MYSQL database;
- monitoring of systems, IT applications by technical means and signalling systems (including firewalls, internet protocols, e-mail access files, etc.), use of personal passwords to access the database, the register of medical records and patient files;
- authorization requirements for granting access to personal data and only to those persons who need to know them for the above purposes;
- backups and security audits. We work to protect our access systems or the unauthorized or accidental modification of your data and other possible threats to their security. We make daily archives (back-ups), which we keep secure for at least six (6) months. All the technical equipment we use to process your data is secure and up-to-date to protect your data.
(v) Staff training. We constantly train and test our employees and collaborators on the legislation and best practices in the field of personal data processing.
(vi) Anonymization of data. Where possible and appropriate to our activity, we anonymize / pseudo-anonymize the personal data we process, so that we can no longer identify the persons to whom they refer.
To exercise one or more of these rights or to ask any questions about any of these rights or other aspects of our data processing by us, please use the contact details in the “How to contact us” section whenever you wish. From lower.
We will try to respond to your request within 30 days. In any case, if this period is extended, we will inform you of the extension period and the reasons that led to this extension.
In certain situations, we may not be able to grant you access to all or part of your personal data due to legal restrictions. If we deny your request for access, we will notify you of the reason for such denial.
In some cases, we may not be able to identify your personal data due to the identification you provide in our application. In such cases, if we are unable to identify you as a data subject, we will not process your request in accordance with this section unless you provide us with additional information to enable us to identify you. We will inform you and we will offer support in clarifying the additional questions.
HOW YOU CAN CONTACT US
If you have any questions or concerns regarding this set of Terms and Conditions, you may contact us at email@example.com