We treat seriously and responsibly the confidentiality of personal data, and their security is a priority for us.
That is why, we are committed to complying with the new rules imposed by European Regulation no. 679/2016, referred to as the “Regulation” (completed by Law 190/2018) as regards the processing of personal data and the free movement of such data.
Through this policy, we will explain what personal data we process, how we collect it, how we use it, and, above all, how we protect this data.
We also inform you about the rights you benefit from and guide you on how to exercise them.
S.C. BESMAX MEDICAL CONCIERGE S.R.L. is a Romanian legal entity. Our registered office is in Bucharest, 10 Baneasa Str., District 1, Tax Registration Code RO31112624, J40/609/19.01.2013.
The legal representative of the company is Angela-Manuela Hozoc and can be contacted at the address in 10 Baneasa Street, District 1, Bucharest, and at by e-mail at email@example.com.
From the point of view of the EU Regulation 679/2016, S.C. BESMAX MEDICAL CONCIERGE S.R.L. is a personal data operator, Cristiana Ruseni has been appointed as a contact person in matters concerning the application of the Regulation, to be contacted as follows:
- By e-mail, at firstname.lastname@example.org;
- By mail: 10 Baneasa Str., District 1, Bucharest, to the attention of the PERSONAL DATA RESPONSIBLE.
3. WHAT DATA WE COLLECT AND HOW WE COLLECT IT
We only use the information strictly necessary and relevant to our business and your needs as a consumer, and we collect it through our website, hosted and managed in Romania.
We come in possession of your data, mainly because you choose to disclose it voluntarily, but also by automatic capture at the time you access our website, as a result of the use of specific technology and software.
Although you can visit our site without having to disclose your identity, you can directly provide your personal data when you use:
1. The customer care contact form* îwhere you fill in and communicate your identification and contact information in order to enable us to respond to your requests
* Available on https://besmax.ro/contact/
2. The contact form, referred to as “Do you want us to contact you?”* where you fill in and communicate your identification and contact information in order to enable us to contact you.
* Accessible through the orange button located to the left of the screen
3. The contact form, referred to as „Ask the specialist”* where you fill in and communicate your identification and contact information in order to enable us to contact you.
* Accessible through the turquoise button located to the left of the screen
If you do not agree to disclose this information, we will be unable to honour your request.
Automatic data capture is done through:
- cookie technology; cookie is a piece of information transmitted from the web page, saved by the browser on your computer’s hard drive, which we can access later on. It retains the statistical information needed for a web page to customize the browsing session (e.g., by displaying dynamic interest-rate images), such as previously visited web pages, downloads made, Internet provider used, site visitor’s country of origin.
The most common cookies are:
- Technical: they are absolutely necessary for us, in order to ensure the site’s efficiency from a technical point of view,
- Functional: memorizes your choices and helps us improve your browsing experience on our site,
- Performance: helps us measure site performance by using information about how visitors are browsing the site,
- Redirect: helps us place ads on other webpages you use
- Social media plug-ins: to connect our customers to different social media channels.
We only collect and process the data provided by cookie technology if you allow us to do so.
- standard web server logs provide us with statistical information on the number of visitors and allow us to evaluate the technical capacity of our page.
Through them, we collect some IP address information, but they are not able to identify you directly, but provide us with statistical data about the traffic on the page.
Our website uses the “Google AdWords / Analytics” web analytics service of Google Inc., for statistical purposes.
If IP anonymization is enabled, your IP will be shortened to the Member States of the European Union or other third countries members of the European Economic Area. Only in exceptional cases will the entire IP address be sent to a US server in the US and shortened there. IP Anonymization is enabled for this site. Google will use this information on behalf of this site operator for the purpose of evaluating the use of the site, generate reports on site activity for web site operators, and provide them with other services related to site activity and the use of the Internet.
For newsletters and mailing lists, we use MailChimp, a proprietary service of Rocket Science Group LLC. Rocket Science Group LLC is a limited liability company in Georgia, USA.
MailChimp declares it has certified its compliance with the Privacy Shield between the EU and USA on personal data protection.
You can contact MailChimp if you have any questions or comments, or if you want to update, delete or modify your personal information or if you are concerned about how they have dealt with any confidentiality issues. Please send them a written message or an email to:
Attn. Privacy Officer
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308 USA
If you choose to navigate without these technologies or programs, some features or functions of the site will not be available.
If you fill in all the forms posted on the site and if you accept the full use of automatic capture programs and technologies, we will collect the following data:
- identity data: Name and surname, Company name you represent
- contact details: email address, telephone, eventually address and invoicing details
- business transaction data: services and products purchased from us, payment method
- technical data: login data, including IP, system and operating platform, browser identification, location, technologies used on the devices used to access the site
- usage data: the website, our products and services,,
- marketing data: your preference to receive information from us or from third parties
4. THE PURPOSE OF COLLECTION AND LEGAL GROUNDS
We collect information that contain personal or technical data primarily for:
1. To fulfil our contractual obligations towards you (request processing, including customer service).
The grounds for the collection are a legal and necessary one in order to conclude a contract between you and our company.
2. Improve our services and your browsing experience on our site.
In order to achieve this, we rely on our legitimate interest in doing business, but we are also careful to respect your rights and freedoms so that we offer you the easy way to unsubscribe from using the programs and technologies we use in the process of collecting and data processing.
3. Direct marketing.
We base our marketing communications on your prior consent. You can change your mind at any time by going to the unsubscribe button in the messages you receive from us.
4. Safety reasons for our hardware and software infrastructure.
The point of collection and processing for this purpose is both a legal one, namely the obligation to guard goods and one based on our legitimate interest in protecting our business.
Insofar as we use the information held for purposes other than the above, we will expressly request your consent and explain to you why you are entitled to such rights in this case.
5. IMPOSSIBILITY / REFUSAL TO PROVIDE CERTAIN PERSONAL DATA
If you do not provide us with the requested information, you are likely not to be able to use our site in our normal parameters and we will not be able to accept and process your request and not be able to provide you with information of interest to you.
Your data is used by S.C. BESMAX MEDICAL CONCIERGE S.R.L. and we will never distribute your personal information to a third party for purposes other than those described in this Policy.
We may pass on your personal information to our trusted partners who are able to provide security and privacy about your data and process the data only in accordance with our instructions.
Our partners are generally third-party service providers with whom we collaborate and who work in areas such as IT and maintenance services, hosting of internal and EU databases, behavioural analysis services (Google Analytics), accounting and taxation, consultancy and assistance legal, marketing, financing, advertising, payment processing, delivery or other services, public authorities.
7. PLACE OF STORAGE
Both the website and the electronic database containing personal information are hosted / stored on secure servers in Romania.
To the extent we transfer certain personal data to entities located within or outside the European Union, including in countries where the European Commission has not recognized an adequate level of personal data protection, we will take steps to protect your rights and interests.
Transfers will be protected by contract terms or other safeguards, such as the certification schemes it is part of, and the Privacy Shield for the protection of personal data transferred from within the EU to the United States of America.
8. SECURITY MEASURES
Although your data is collected in the online media, some of it is stored on paper (e.g., invoices).
SC BESMAX MEDICAL CONCIERGE S.R.L. is particularly and constantly concerned with the implementation of effective security measures, to protect your personal data and avoid security breaches in terms of online information.
Regardless of the means of storage, your data is kept in secure environments that have protection against unauthorized access, use, disclosure, modification, or destruction.
We have also implemented special measures on network security and data transfer, infrastructure auditing and testing, trained personnel, data transfers outside Romania made only to entities that can provide similar protection, etc.
9. STORAGE PERIOD
If we process your data to perform pre-contractual / contractual obligations, we will store the data for as long as it is necessary for the performance of the contract and for a further subsequent period.
If we process your data by virtue of a legal obligation or in the public interest, we will store the data as long as it is necessary to comply with legal obligations or as long as the interest is qualified as being of public utility.
If we process your data to protect our legitimate business interests, we will store the data until you request us to stop unless we can prove that the reason we collect, and store is a priority over your interests, rights and freedoms.
If we process your data based on your express agreement, we will store the data until you ask us to stop.
We store personal data collected through the contact form on the contact page 3 years from the last interaction.
We store personal data collected through the contact form referred to as „Do you want us to contact you?” 3 years from the last interaction.
We store personal data collected through the contact form referred to as „Ask the Specialist” 3 years from the last interaction.
10. AUTOMATION OF THE DECISION PROCESS
SC BESMAX MEDICAL CONCIERGE S.R.L. does not use automated processes that can generate legal effects that concern you or that may affect you to a significant extent.
You may at any time request that you not be the subject of a decision solely based on automatic processing, if that decision produces legal effects with respect to you or otherwise affects you to a similar extent and to a significant extent.
You cannot benefit from this option if the decision taken as a result of automatic data processing is required to enter into or execute a contract or is permitted by law and there are appropriate safeguards for your rights and freedoms.
If you have given us your consent for the automatic processing and then change your mind, you may at any time withdraw this consent by making a written request to communicate to us using the data listed in the Contact section of the site.
- Right to information – you have the right to know if your personal data is being processed; what data are collected, where they are obtained from, and why, by whom they are processed, for what period and whether this data is subject to automatic processing capable of producing legal effects or of significantly affecting you.
- Right of access – You have the right to access, free of charge and at reasonable intervals, the data collected from you / yourself. This includes your right to request and obtain a copy of your personal data collected.
- Right to update / rectify e – You have the right to request the rectification or update of your personal data, which is inaccurate or incomplete.
- Right of Deletion – If you have withdrawn your consent, you oppose to data processing, processing is not in compliance with the provisions of the Regulation, or is no longer necessary to achieve the purposes for which data was collected and processed, you may request that your personal data is deleted from our records.
- Right to Restrict Processing – in some cases you have the right to oppose the processing of your personal data, for example in the case of direct marketing.
- 6. Right of opposition
- Opposition to automatic processing – If your personal data is subject to automated processing, including the creation of profiles, which may have legal effects or affect you in a meaningful manner, you are entitled to requesting to exclude your data from any automated decision-making process.
- Right to data portability – You have the right to obtain your personal data in an appropriate format or, if possible, by transferring it directly from one processor to another.
- Right to assistance from the supervisory authority – You have the right to seek the assistance of a supervisory authority and the right to other remedies, such as the claim for damages..
- Right to withdraw consent – You have the right to withdraw your data processing agreement at any time. Withdrawal of consent does not affect the lawfulness of the processing prior to its withdrawal.
- Right to file a complaint – if you want to make a complaint about the way we process your personal data, we invite you to contact us:
- By e-mail, at email@example.com;
- By mail: 10 Baneasa Str., District 1, Bucharest, to the attention of the PERSONAL DATA RESPONSIBLE.
We assure you that all your complaints and requests are treated with seriousness, professionalism and full confidentiality.
If you are still unhappy with the way we respond to your complaints, you can address the authorities that have a controlling role on our activity relating to personal data.
In Romania, this authority is represented by the National Supervisory Authority for Personal Data Processing, whose contact information is:
- Address: 28-30 G-ral. Gheorghe Magheru Blvd., District 1, post code 010336, Bucharest, Romania
- Telephone: +40.318.059.211 or +40.318.059.212;
- E-mail: firstname.lastname@example.org