Personal data processing notification – Confidentiality policy of MEDICLIM
The purpose of personal data processing
MEDICLIM processes personal data that it can provide in good faith to public institutions and to potential clients, for direct marketing purposes, using the potential personal data only for:
- Maintaining a relationship with the state authorities
- Identifying new customers/suppliers as well as for
- Keeping a relationship with the existing customers/suppliers
The immediate purpose of MEDICLIM is to identify the types of products and services that they might supply and to mediate the presentation of new technologies or improve the current ones.
The data is processed for the aforesaid legitimate purposes by automatic and/or manual means, as applicable, at the internal organizational units according to the organizational chart in order to fulfil the purpose for which MEDICLIM was established based on the Company’s Articles of Incorporation and for trading purposes.
The legal grounds of personal data processing is (EU) Regulation 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
The categories of persons subject to personal data processing are:
- the representatives and employees of public institutions;
- the representatives and employees of public or private customers/potential customers
- the representatives and employees of suppliers/potential suppliers
Categories of personal data processed by MEDICLIM :
- surname and name
- telephone number, fax number, email address;
- (public) position held;
- place of work, employer’s name ;
- Signature, if necessary
Categories of data recipients
The personal data is processed by MEDICLIM for the aforesaid purpose . This data will not be communicated to other entities unless otherwise stipulated by the law in force.
Personal data storage
The period of storage of personal data is directly proportional with the period needed for fulfilling the purposes for which the data is collected/processed (drawing up contracts, offers, tender documentation, balance confirmations, bank statements etc.)
The subsequent processing by storage/electronic archival or in hard copy of this data shall be made according to the legal rules of archival and for statistical purposes, not incompatible with the initial purpose for which it was collected, by observing the technical security measures against illegal processing.
Documents that include personal data shall be stored based on their purpose corroborated with the legal provisions in force regulating the specific storage periods for each document.
The rights of the data subjects
According to the (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, the data subjects can exercise the following rights under the specific conditions set out in GDPR:
l the right to know (art. 13, art. 14)
l the data subject’s right to access his/her personal data (art. 15); This right can be exercised by written request, dated and signed. The request can be submitted at MEDICLIM registry, sent by mail, fax or email (scanned) to the contact details mentioned on the website.
l the right to rectify (art. 16);
l the right to erase data („the right to be forgotten” - art. 17);
l the right to restrict the processing (art. 18);
l the right to notification regarding the rectification or erasure of personal data or restriction of processing (art. 19);
l the right to data portability (art. 20);
l the right to object (art. 21);
l the right not to be the object of an automated decision-making, including profiling (art. 22).
Moreover, data subjects have the right to inform the National Authority for Supervising Personal Data Processing (ANSPDCP) or to address the court.
Personal data are:
l processed legally, fairly and transparently in respect of the data subject (“legality, fairness and transparency ");
l collected for fixed, explicit and legitimate purposes and not further processed in a way that is not compatible with these purposes;
l adequate, relevant and limited to what is needed for the purposes for which they are processed (“minimizing the data”);
l accurate and, if they need to be updated, they must take all required actions to ensure that the personal data that is not accurate, based on the purposes of processing, are erased or rectified without delay (“accuracy’);
l kept in a form that allows the identification of the data subjects for a period that does not exceed the period needed to fulfil the purposes for which the data was processed;
l processed in a way that ensures the adequate security of personal data, including protection against unauthorized or illegal processing and against loss, destruction or accidental deterioration, by taking adequate technical or organizational measures („integrity and confidentiality").
In accordance with Art. 32 paragraph (1) of the General Data Protection Regulation, MEDICLIM ensures the implementation of adequate technical and organizational measures to ensure a proper security level for this risk, including among others, as applicable:
- Pseudonymisation and encryption of personal data;
- The capacity to ensure the confidentiality, integrity, availability and continuous resistance of processing systems and services;
- The capacity to re-establish the availability of personal data and the access thereto in due time if a physical or technical incident occurs;
- a process for periodical testing, evaluating and appreciating the efficacy of the technical and organizational measures to guarantee the security of the processing.”