This Information Note refers to personal data processed as a result of accessing any of the websites owned by Totem Communication SRL (hereinafter referred to as TOTEM and headquartered in 27 Popa Soare Street, 023981 Bucharest, registered with the Trade Registry under number J40 / 13710/2003, CUI RO15816821) or developed and / or operated by TOTEM for its partners and customers.

In the case of personal data that are processed through the websites, TOTEM acts, as the case may be, as controller, processor or associated operator.

In the case of this website, Totem is a personal data controller

Definitions

 User – any person visiting the website or using its services

Website – any page of the type: website, web page, landing page, platform, web application, webcast platform, etc. that can be accessed via the Internet

TOTEM website  – any website owned by TOTEM or developed and/or operated by TOTEM for its partners and customers.

Personal data – Any information related to the User that allows his identification directly or indirectly, such as name, surname, telephone number, e-mail, IP, geolocation and which is collected from the User or provided by him during the use of the website.

Information note (on the protection of personal data) – means this document

GDPR – means Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC.

Data subject  – i.e. an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Cookie – means a small file, consisting of letters and numbers, which will be stored on your computer, mobile terminal or other equipment of a user accessing the Internet. The cookie is installed by request issued by a web server to a browser (eg Internet Explorer, Chrome) and is completely “passive” (does not contain software, viruses or spyware and can not access the information on the user’s hard drive). 

Scope of application

This Privacy Notice is applicable to the information we collect about you. both directly from you. as well as from traffic reports recorded by the servers hosting our websites, as well as through cookies. Information is collected during interactions that you. you have them with TOTEM websites. 

Why do we need your personal data? And what data do we collect?

In order to ensure the functionality of our websites, we collect and use a series of personal data from you, as described in the list below.

Information is collected from visitors to its websites in the  following ways, but not limited to: a) Information you voluntarily provide to us (when you use various forms on the websites, when you contact us by phone or e-mail or communicate with us in any way, you voluntarily give us the information we process. This information includes name, surname, email address and telephone number and b) Information we collect automatically (when you browse our websites, we may collect information about your visit to these websites. This information may include: IP address, operating system, browser, browsing activity and other information about how you have interacted with the website. We may collect this information through the use of cookies, from traffic reports recorded by the servers hosting the site or other similar technologies.

Information provided directly by the visitor

The data we collect through various forms (eg contact form) is your name, email address and sent message, etc. This data is necessary for us to be able to respond to your message or to be able to offer you various services. When you contact us through the forms, we will consider all information collected from you as confidential and we will not transmit it to third parties without informing you about this or, as the case may be, without obtaining your express and prior consent.

Information collected from patient and healthcare professional websites

In the case of websites dedicated to various categories of patients and healthcare professionals and for which authentication is required to access specific sections, we may collect various other information to allow us to deliver in the best conditions the services or content at the level of these sections, to allow us to determine the eligibility of visitors at the level of these sections, etc. In certain situations (when special data is processed, for example) your consent will be requested. to process that data. In this regard, we may collect the following categories of data, but not limited to: patients – username and password, name and surname, socio-demographic data, contact data, data about the condition and treatment; doctors: username and password, name and surname, socio-demographic data, contact details, professional data, etc.

Information from the server traffic report

When you visit our website, you disclose certain information about yourself, namely: your email address. IP, time of your visit, website you came from when accessing our website, etc. Our  websites, like other websites, record this information in order to personalize their content, to protect themselves from external attacks against their technological capabilities or to track, over time, the traffic registered on the websites and the pages most accessed by its readers, in order to improve their content.

Information from cookies

In order to provide a personalized service to our users, we may use cookies to facilitate the storage and tracking of your preferences. For example, we may use cookies to identify you and provide you with information and services based on the preferences you have expressed during your visits. Previous. For more details about cookies, please see the Cookies Policy available on this website.

We do not sell, rent or otherwise disclose or disclose your personal data to third parties.

How do we use and share information about you?

We may use information about you:

• to respond to your questions and requests;
• to defend against cyber attacks;
• to provide and improve the services we offer.
• to allow access to certain sections of the site that are intended only for certain categories of users
• so we can determine your eligibility. within our programs
• to be able to access you on our platforms so that you. be able to use their services
• for marketing purposes, but only if you have given your prior consent

What is the legal basis on which your data is processed?

Our websites are generally presentation websites and intended for the general public, as well as patients and healthcare professionals. The information present on them is both of general interest, made available to users free of charge (public area of websites) and of specific interest to various categories of users (patients, healthcare professionals, etc.) and who may additionally have access to sections of the website based on username and password.

The legal basis on which we will process visitors’ personal data is the performance of a contract (Terms and Conditions). The data collected helps us to get to know our website visitors better and to adapt its content to traffic information. Also, some of the collected data are necessary for us to prevent cyber attacks and make criminal prosecution possible, in which case the legal basis for processing is the defense of a right in court.

The collected data is not used for purposes other than those declared. Our processing of your personal data Your personal information is designed in such a way that it prevents the processing of your personal data. for a secondary purpose that is incompatible with the primary purpose for which your personal data is used. Personal data were originally collected. If, however, this happens, then you will be informed before the processing of your personal data. personal in secondary purpose to take place. The data collected shall be adequate, relevant and limited to what is strictly necessary. If you voluntarily provide more information, it will not be taken into account and will be deleted immediately.

If we process special data (such as health data) or in the case of data processing for direct marketing purposes, the basis for processing is your consent.

Who do we share your data with? And how do we keep this data?

We may disclose your personal data under the following conditions:

• you expressly request this from us or expressly authorize disclosure;
• information is provided to our employees, suppliers or service providers who perform activities on our behalf;
• The information is provided to comply with the law (for example, to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you. or to protect our rights, property or safety or the rights, property or safety of our employees or others;
• in case we are talking about dealing with emergencies or force majeure cases
• where disclosure is necessary to resolve disputes, claims or persons holding a legal or beneficial interest;

We may disclose your personal data to one or more of the following categories of recipients:

• You, your proxies. or other parties with your consent or instructions, upon request, i.e. we may transmit the information to third parties to whom you consent or request us to make such disclosure.
• To our employees and collaborators, in accordance with the duties specific to their position
• Our processors: cloud hosting and storage companies, maintenance, companies providing traffic analysis and statistics services – Easyhost SRL (platform hosting), Google Inc. (traffic analysis and statistics), Microsoft Ireland Ltd, Amazon, Digital Ocean (cloud storage)
• Courts, prosecutor’s offices or other central/local public authorities, at their request, to comply with the law or in response to a mandatory legal procedure (such as a search warrant or court order);

 The personal data disclosed to the above-mentioned processors may be all previously mentioned processed data about you. The data is provided to hosting and traffic analysis service providers because we use their services to ensure the proper functioning of their websites.

These entities are selected with special care to ensure that they meet specific requirements for security and protection of personal data. The providers of these services were selected after reviewing their security and privacy measures and practices.

Disclosure of your personal data Your personal data to our proxies is based on written agreements, understandings or contracts. These entities have limited capacity to use your personal information. for purposes other than to provide services to us. If in the future we disclose your personal data to other categories of recipients, then we will inform you about the time of disclosure and the names of the recipients.

We retain the information we collect about you. in the databases of our authorized suppliers or on our servers. This information can only be accessed by our staff or proxies directly involved in the administration of their websites and services. We will retain this information for as long as necessary to achieve these purposes and for as long as permitted or required by applicable law.

We may collect aggregate data about website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers and/or other third parties for statistical, marketing or promotional purposes.

We will not disclose your information to third parties for use for their own marketing or commercial purposes without your consent.

In some cases, our websites may interlink with social media websites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our site through these services, you should review that service’s privacy policy. If you are a member of a social media website, interlinking may allow that website to give your website access to your personally identifiable information.

Where your personal data is transferred Personal?

Some of our websites use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) that helps us constantly analyze how users use our websites. For this purpose, Google Analytics uses “cookies”, which are text files placed on your computer.

Google will use this information for the purpose of evaluating website usage, compiling reports on website activities for website operators and providing other services related to website activity and internet usage.

The information generated by the cookies about how websites are used   – standard internet usage log information (including your IP address) and information on visitor behaviour in an anonymous form – is transmitted to and stored by Google, including on servers in the United States. Before being transmitted to Google, your IP address will be sent to Google. The IP is anonymized.

In accordance with the terms of use of Google Analytics, Google will not associate the IP address of users with any other data held by Google.

You can refuse the use of Google Analytics cookies by downloading and installing the Google Analytics Opt-out Browser Add-on.

Apart from the situation described above, we do not transfer any other personal data of yours. in countries outside the European Union (EU) and European Economic Area (EEA). The data provided to the hosting service provider is stored on servers located in the EU and EEA.

How long do we keep your personal data? Personal?

We limit the processing of your personal data. personal data to a extent, extent and frequency that are necessary for the purposes of processing. We store personal data only for the period necessary to fulfill the purposes, for a limited period or until the date of exercising your right. data intervention. The data collected by cookies is stored for different periods of time, depending on the characteristics of each cookie. For more details on how long this information is stored, please refer to the information in the cookies module on our websites.

After expiry of the processing period or on the date of exercising your right. to intervene on your data Personal data will be deleted or anonymized unless we have the right or are required to maintain some or all of the data in accordance with applicable law, in which case we will continue to process that personal data, as required by law.

How is the security of the data collected about you ensured?

When processing personal data, nothing is more important than how you understand to keep this data secure. And we’ve tried to do everything technically possible, at this point, to maintain an extremely high security standard. 

We have built a set of physical, technical and administrative security measures. We update and test our security technology continuously. We encrypt information where possible. We also use techniques to pseudonymise information. 

We have structured access to your personal data based on hierarchies of rights, so that our  employees can only access the data when they are entitled to do so. In addition, we train our employees on the importance of privacy and maintaining the confidentiality and security of your information. We undertake to take appropriate disciplinary measures to ensure compliance with our employees’ personal data protection responsibilities.

We protect the processing of personal data against threats to processing. We have carefully selected our proxies (hosting companies, maintenance, etc.) so that the data security measures they put into practice are likely to ensure the protection of your data. personal. Both our staff and that of our processors are responsible for the secure processing of personal data. We control access to the personal data we hold and we control that only people who have the right to access the personal data held can access this data. We also ensure that unauthorized physical access to your personal data is prevented and that loss, destruction, damage and alteration of the personal data storage medium is prevented.

TOTEM protects the processing of personal data against threats to processing. The data security measures we have put in place are such as to ensure the protection of your personal data. personal. We have implemented and certified quality and security standards that ensure the highest level of protection for your data. (ISO/IEC 27001:2013 – Data Security Management System, ISO 9001:2015 – Quality Management). Both our staff and that of our processors are responsible for the secure processing of personal data. We control access to the personal data we hold and we control that only people who have the right to access the personal data held can access this data. We also ensure that unauthorized physical access to your personal data is not authorized to you. personal data is prevented and prevents loss, destruction, damage and alteration of the storage medium of personal data. Every year we perform internal audits within an internal system of quality control and data security.

For more details on how we ensure data security, please refer to our Information Security Policy, available here www.totem.com.ro/datasecurity/.

What are your rights? on the data collected?

In accordance with the legislation in force, you are hereby deemed to be informed of the following rights in relation to the processing of personal data:

i) The right to be informed about personal data, as well as about the data undergoing processing and the origin of such data. Once we collect from you. certain personal data, we will inform you about everything that happens with them, what they are used for, how they can be accessed, modified, deleted, etc. At the same time, you have the right to access your personal data whenever you want it.

(ii) The right to access personal data. Upon your request, we will confirm whether or not we process your personal data. Personal. This right includes only personal data concerning you and does not apply to third parties. The right also covers pseudonymous data that can be clearly linked to you. If we confirm that we process such data, you will receive access to it if you request it. You will also receive a copy of this data if you request it.

(iii)  The right to intervene (rectification, restriction, erasure – “the right to be forgotten”) on personal data.

We will rectify your personal data that we process, if they are inaccurate or incomplete and request their recovery or completion. Whenever you notice that an error has crept into the information we collect from you, you can report it to us and we will proceed to rectify the error as soon as possible.

At your request we will restrict the processing  , i.e. block the processing of your data for a certain period of time. (e.g. if you believe that the data is inaccurate or that the processing is illegal, etc.). We will inform you what measures have been taken and also when the restriction has been lifted.

Upon your request, we will delete without undue delay your personal data that we process, if (i) the data are no longer necessary for the purposes for which they were collected, (ii) we process your data based on a legitimate interest over which your objection prevails and there is no other basis for processing, (iii) the data have been processed unlawfully,  (iv) you withdraw your consent and there is no other legal basis for processing (for data processed on the basis of consent, if applicable).

(iv) The right to object to the processing of personal data. If you exercise this right, we will cease processing your data, but if the processing takes place on the basis of a legal obligation or if we process your data based on a legitimate interest over which your objection prevails, this processing will continue.

(v) The right not to be subject to an individual decision, adopted exclusively on the basis of personal data processing by automatic means. For the present processing we do not use your personal data. to make automated decisions about you. which produce legal effects concerning you or significantly affect you.

(vi) Right to data portability. If data processing is carried out on the basis of a consent or contract with you, then you have the right to request and receive the data processed by automated means and decide what to do with it, to keep it exclusively for your use. private or you can opt for transfer to another operator.

(vii)  The right to file a complaint with the National Supervisory Authority for Personal Data Processing (supervisory authority), as well as to address the court, in accordance with the legislation in force.

Regarding the exercise of these rights, please consider the following:

These rights may be limited in certain situations: for example, where we can demonstrate that there is a legal obligation to process your data. This means that we may retain your personal data. even if you exercise your data intervention rights.

Time period: We will try to respond to your request within 30 days. However, the deadline may be extended for specific reasons related to specific legal law or the complexity of your request.

Restricting access: In certain situations, we may not be able to provide you with access to all or some of your personal data due to legal provisions. If we refuse your request. of access, we will inform you of the reason for the refusal.

Failure to identify you – In some cases, we may not be able to search for your personal data due to identifiers you provide in your request. An example of personal data that we cannot consult when you provide us with your name and email address is data collected through browser cookies. In such cases, where we cannot identify you as a data subject, we are unable to comply with your request, unless you provide us with additional information allowing identification.

How can you exercise your rights and at what address can you contact us?

 Your personal data are collected and used by TOTEM as a personal data operator directly or through proxies and sub-processors and having the following contact details:

 TOTEM Communication, str. Popa Soare no. 27, C1, Floor, room 2, Sector 2, 023981 Bucharest, email: dataprotection@totem.com.ro, phone: 021/3215054, to the attention of the Data Protection Officer

 If you wish to exercise any of these rights or if, at any time, you have any questions or concerns about this Information Note, you can make a request to this effect at the contact details above.

 We will make every reasonable effort to respond promptly to  your requests or resolve your issue. You will receive our reply to the postal or e-mail address you indicate or, in the absence of an express indication, to the postal or e-mail address used when you submitted your request. Your request will be dealt with within 30 days of receipt, unless a longer time is required to respond, in which case we will notify you of the delay. 

Any other details?

If there is a change to this information note, the new version will be notified to you and communicated by the means most appropriate for you. We may change this Privacy Notice at any time. All updates and changes to this Information Note are valid immediately upon notification, which we will make by posting on the site and / or notification by e-mail.

We are a Romanian entity providing services to residents of Romania, therefore the applicable law is Romanian law.

For more details on how we ensure the protection of personal data, please refer to our Data Protection Policy, available here https://totem.com.ro/dataprotection-hcp/

This information note is prepared on the basis of the General Data Protection Regulation, in force and applicable since May 25, 2018.

This Information Note was last updated on 23.10.2023.