DENT ESTET Logo
DENT ESTET Logo

RO

EN

phone icon

Choose city

AradBrasovBucharestCluj-NapocaCraiovaOradeaPloiestiSibiuTimisoara
calendar icon

Schedule a consultation

RO

EN

HERITAGE

TEAM

AESTHETIC DENTISTRY

DENTAL IMPLANT

DIGITAL ORTHODONTICS

TREATMENTS

ThinkDENT

SMILE COLLECTION

RO

EN

phone icon

Choose city

AradBrasovBucharestCluj-NapocaCraiovaOradeaPloiestiSibiuTimisoara
calendar icon

Schedule a consultation

GDPR

INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA BY
DENT ESTET CLINIC S.A.

In accordance with the provisions of European Regulation No. 679/2016 (hereinafter referred to as “GDPR”), in force since May 25, 2018, DENT ESTET CLINIC S.A. (“Dent Estet”) has the obligation to process personal data, safely, for the general purposes specified in this notice, in the context of providing the medical services you benefit from within Dent Estet clinics.

1. PREAMBLE

Dent Estet is committed to providing a level of privacy, availability, and integrity of personal data appropriate to the GDPR rules for any data subject through its processing activities, including our service or marketing actions.

Through this notice, we want to explain how your personal data is processed by Dent Estet.

Personal data (representing any kind of information that can lead to the identification, directly or indirectly, of a natural person) are detailed in section 6 below and are defined in consideration of the applicable legal provisions.

For the purposes of this notice, we inform you that Dent Estet is a personal data controller as defined according to GDPR.

2. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

Name:                            DENT ESTET CLINIC S.A.

Registered office:       Bucharest, Sector 1, Şos. Nordului nr. 82-92, Tronson Constance, basement

C.U.I.:                               15801244

ORC No.:                        J40/13510/2003

Phone:                           0748 358 358

E-mail:                            smile@dentestet.ro

 

3. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)

The contact details of the data protection officer (also known as “DPO”, Data Protection Officer) at Dent Estet, whom you can contact regarding any issues related to the protection of your personal data:

E-mail:                   smile@dentestet.ro

4. PURPOSES FOR WHICH YOUR PERSONAL DATA IS PROCESSED

The processing and storage of personal data are done under optimal security conditions and for legitimate purposes mainly related to the provision of medical services or related to human resources activities, advertising, marketing, publicity, statistics, or scientific purposes. Whenever we request the collection, subsequent processing, and possible transfer of personal data, the use will only be for the mentioned purpose; for other purposes, you will either provide your consent or be informed according to GDPR provisions.

Your personal data indicated in section 6 below will be processed for the following purposes:

  1. Provision of medical services: Providing the medical services requested by you, establishing a medical diagnosis, providing medical assistance or treatment, or managing health systems and services, recording the medical services provided, communicating with you regarding the medical services provided, informing you about the provided medical services, appointments, identifying you and the services accessed. 
  2. Marketing: Periodic medical information or information related to Dent Estet services, promotions, etc. Processing for this purpose will be carried out only if your written consent has been obtained and only as long as you maintain this consent. You can withdraw this consent at any time by clicking the “Unsubscribe” link at the bottom of any email you receive from us or by contacting us at smile@dentestet.ro
  3. Medical statistics or scientific purposes: Processing for this purpose will be carried out only at the written request of state institutions with responsibilities in the field of statistics, or for scientific purposes. Your personal data will remain secure and completely confidential and will not be disclosed to third parties. 
  4. Fulfillment of legal obligations: Processing to fulfill various legal obligations of Dent Estet (such as in the fields of health, security, accounting, archiving, or other obligations imposed by current laws). 
  5. Improving services and resolving complaints: Identifying problems or relevant issues related to existing services to improve them, implementing new services or improvements to existing ones, resolving complaints made by you. 
  6. Video surveillance: Dent Estet processes personal data through video surveillance means, processing aimed at ensuring the security of persons and goods, as well as the protection and security of goods, buildings, and values, without prejudicing your fundamental rights and freedoms or your interest. Processing personal data through the use of video surveillance systems takes into account the following rules: video surveillance cameras are placed in visible, signposted locations, and the data subjects are informed of their existence through an information panel designed for this purpose; video surveillance means do not process personal data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, health, or sex life; video surveillance cameras are not installed inside offices or in areas where ensuring personal privacy is necessary or which are not intended for work tasks, such as changing rooms, showers, toilets, and other similar locations. 
  7. Financial records: Issuing financial-accounting documents to you (e.g., receipts or tax invoices), collecting payments for services you benefit from, recovering debts from you (which may involve third parties for debt collection), refunding amounts of money to you, sending notifications related to the financial situation/payment status, preparing various reports or situations related to financial records. 
  8. Dispute resolution: Making various requests/opinions in case of disputes related to the services provided to you and/or concerning the relationship established between you and Dent Estet. 
  9. Management of internal and external audit activities: Conducting internal and external audit activities to verify operational activities.

 

Dent Estet mentions that there is no automated decision-making process (including profiling) based on your personal data, and we assume responsibility and ensure security only for the information, personal data, and special categories of personal data (health data; genetic data; if applicable), which are provided and processed by Dent Estet staff (including doctors and nurses) exclusively and through the following coordinates:

  1. in Dent Estet clinics;
  2. in Dent Estet's computer/informatic/electronic systems, hardware and software tools, and records;
  3. during the working hours of Dent Estet clinics.

Dent Estet is not responsible for processing carried out, in any form, outside the above-mentioned coordinates (including through the exchange of information/records of personal data in conversations between doctors and patients).

5. LEGAL BASIS FOR PROCESSING PERSONAL DATA

The legal bases for the personal data processing operations carried out by Dent Estet are:

  1. Legal bases for processing personal data not included in special categories of personal data (according to Article 6 of GDPR):

Personal data not included in special categories of personal data (as defined by Article 9 of GDPR) are processed by Dent Estet based on the following legal bases:

  1. To offer or perform a contract concluded by Dent Estet with you (concerning the medical services provided by Dent Estet);
  2. In marketing communications, we will process your personal data based on your express consent (this consent is requested either by filling out a form at one of Dent Estet clinics, which can be done either at the initial registration in the database or later by enrolling in the web forms, participating in events, etc.), as detailed above;
  3. For the continuous improvement of medical services, your personal data is processed based on your prior expressed consent;
  4. Fulfillment of Dent Estet's legal obligations (including archiving, health, security, record-keeping, a request from a public authority, and other obligations imposed by law);
  5. In certain situations, we will process personal data based on Dent Estet's or a third party's legitimate interest (such as maintaining medical service records; scheduling records in the software system; resolving requests and complaints received from patients; concluding and executing medical service provision contracts with partners and collaborators who provide medical services for Dent Estet; video surveillance for ensuring the security of goods and people – if there is no legal obligation in this regard; management of internal and external audit activities, transmission within the group to which Dent Estet belongs).

 

  1. Processing of personal data included in special categories of personal data (according to Article 9 of GDPR):

Considering the specificity of the activity/medical services provided by Dent Estet, we will process personal data included in special categories (as defined by Article 9 of GDPR) based on the following legal bases (bases that will apply in addition to those detailed in Article 6 of GDPR):

  1. To establish a medical diagnosis, provide medical assistance or treatment, or manage health systems and/or services;
  2. Considering certain situations you may find yourself in (physically or legally) that may make it difficult for you to express your consent to the processing (for example: emergency situations), personal data will be processed to protect your vital interests or those of another natural person;
  3. Processing is necessary for public interest reasons in the field of public health (such as protection against serious cross-border health threats or ensuring high standards of quality and safety in healthcare and medicinal products or medical devices, based on European Union or national law); and/or
  4. Processing is necessary to establish, exercise, or defend a legal claim, considering that, during the relationship with Dent Estet, such situations cannot be excluded in the context of the services provided (as long as such disputes are addressed in courts).

6. CATEGORIES OF PERSONAL DATA CONCERNED. CONSEQUENCES OF REFUSING TO PROVIDE PERSONAL DATA

The personal data processed by Dent Estet are:

  1. data obtained directly from you, in the context of the services provided or
  2. data/results obtained as a result of the services provided by Dent Estet.


Personal information you provide during telephone appointments, by email, or in clinics (name, surname, phone, email, date of birth, symptoms, data on tests and investigations performed or that you want to perform, CNP) is recorded and processed by Dent Estet only to the extent that this information has been provided by you without any constraint and with prior information. Dent Estet assumes no responsibility for the inaccurate, incorrect information/data/documents you provide us. You are obliged to inform us of any changes to your personal data so that they are always accurate and up-to-date. If Dent Estet has suspicions about the authenticity of the documents or information provided, it is entitled to notify the authorities/public institutions with investigation, supervision, and control competencies.

Personal data include the following categories:

  1. contact data, such as: name and surname, home/residence address, phone number (landline and/or mobile) and/or fax, email address, correspondence address;
  2. personal data, such as: date of birth; gender; age; information on tobacco, alcohol, caffeine, or drug use; information about lifestyle and environment; ID series and number; personal numerical code (CNP); other information included in the identity card; video images (obtained from video recordings in Dent Estet spaces, where video surveillance cameras are installed); signature;
  3. medical data (part of the special categories of personal data), such as: health data related to the medical services provided (such as: medical services accessed in Dent Estet clinics; diagnosis; test results that we perform or that you provide us; prescribed or administered treatment; doctor accessed or being accessed; medical recommendations; symptoms; medical history; previous illnesses; blood group; information you provide us about your family members, if applicable); physical characteristics (various conditions); genetic data; dental impression, dental technical work related to the dental impression; imaging, as well as any other medical information you provide us or that results from the services provided by Dent Estet;
  4. professional situation data, such as: employer; occupation;
  5. insurance data, such as: insured/uninsured status; insurer; insurance policy number;
  6. payment data, such as: billing details; bank account number; amounts paid and/or due; payment status;
  7. data related to the relationship with Dent Estet, such as: the history of the relationship with Dent Estet; any suggestions or similar opinions you transmit to us, either directly or through other communication means (which may include social networks or other public communication channels).

In principle, there is no obligation for you to provide us with the personal data indicated in this Information Note. However, please note that if you do not provide the described personal data, we will not be able to offer you some of the services provided. For example, if you withdraw your consent, we will not be able to provide the requested medical services and/or you will not be able to benefit from all the facilities Dent Estet offers (for example: not providing your phone number/email address will not allow us to communicate with you regarding the confirmation/possible changes of appointments). If, in the context of the services Dent Estet provides to you, you provide us with personal data about other persons besides yourself (such as possible conditions encountered in the family), we inform you that we will treat this information as confidential and use it only for the purpose of providing medical services to you. We also assure you that we will take all necessary measures to protect this information appropriately, considering Dent Estet's obligation to maintain professional/medical confidentiality.

7. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

As a general rule, your personal data will be processed by Dent Estet. However, considering the complexity of the services provided to you by Dent Estet, its membership in a group of companies that provide similar or complementary medical services to those provided by Dent Estet, and Dent Estet's need to call on certain external partners who offer support in the conduct of the activity, we inform you that personal data may be transmitted to other individuals or legal entities for processing purposes detailed in this Information Note.

In this regard, personal data may be transmitted to:

  1. Collaborating doctors and accredited partner medical service providers, partner clinics. In this regard, we inform you that data/information regarding your health condition, dental impression, or biological samples, regardless of their content or volume, may be communicated to accredited medical service providers, according to the applicable legal provisions. Dent Estet makes every effort to ensure that collaborating doctors and other accredited medical service providers comply with data protection laws.
  2. Judicial, research, supervision, and control institutions and/or authorities, insofar as, according to the legal provisions in force, personal data/information are requested by various bodies and/or institutions (for example: criminal investigation bodies, police, financial control bodies, courts, the National Health Insurance House, and any other supervision and control institutions and/or authorities), in the sense that Dent Estet has the obligation to provide the requested data/information without asking for your prior consent, even if you oppose or do not express your point of view. Additionally, it is possible that, in certain situations, such data/information may need to be provided without a prior request from these institutions, bodies, and/or authorities, in which case Dent Estet will transmit the necessary data/information in accordance with legal requirements;
  3. Other companies within the group to which Dent Estet belongs;
  4. Other recipients, such as: IT support service providers or technical and organizational services related to activities involving the maintenance of medical equipment, marketing service providers, payment services, archiving services, legal consultants, auditors, financial-accounting consultants, or other consultants of the Company and/or entities within the Dent Estet group, in connection with extraordinary business operations (e.g., mergers, acquisitions, and similar transactions), in which case confidentiality agreements will be concluded. Additionally, personal data may be transmitted to other individuals or legal entities in Romania or abroad in the context necessary for establishing, exercising, and/or defending a right of Dent Estet or another entity within the Dent Estet group in court.

If personal data processing operations are carried out by Dent Estet through processors, Dent Estet will ensure compliance with the specific requirements imposed by the provisions of Article 28 of GDPR, ensuring, among other things, that (i) the respective personal data processing operations are carried out based on a contract addressing the specific issues of the controller-processor relationship, according to GDPR, and (ii) the processor will process personal data based on Dent Estet's instructions.

8. TRANSFER TO THIRD COUNTRIES

In certain specific situations, your personal data will be transferred to entities located in other countries within the European Union and/or the European Economic Area to conduct various analyses or obtain specialized medical opinions in the context of the services provided by Dent Estet to you. In such cases, we will ensure that appropriate safeguards are applied to allow the transfer appropriately, in accordance with GDPR requirements and personal data protection legislation (safeguards that may include: applying standard data protection contractual clauses or the existence of a European Commission decision adopted in this regard). In each case, and to perform the actual transfer, the patient is informed and asked to express their consent/disagreement regarding the situation imposed by the respective medical service, health condition, etc.

9. PERIOD FOR WHICH PERSONAL DATA WILL BE STORED

We will store personal data for the entire period of the relationship established with you and subsequently for a certain period of time, considering the applicable legal provisions. Thus, personal data will be kept for:

  1. A period between 1 and 30 years (the extended retention period generally applies to medical documents that must be kept for such periods) and
  2. The duration of the medical informatic system's existence concerning laboratory analysis result bulletins, in accordance with the legislation in the field, under maximum security conditions.

If certain personal data are included in or related to Dent Estet's accounting documents, for which a specific retention period must be respected (e.g., 5 or 10 years), the respective personal data will be kept for the applicable periods.

Regarding images obtained through video surveillance means, these will be maintained for a maximum of 30 calendar days from the recording date, except in well-justified cases or when a longer period is permitted or imposed by applicable legislation.

10. YOUR RIGHTS REGARDING PERSONAL DATA

In accordance with the applicable provisions regarding personal data, we inform you that you have the following main rights:

  1. Right of access to processed personal data means your right to obtain from Dent Estet confirmation as to whether or not personal data concerning you is being processed and, if so, access to the data and the conditions under which they are processed (including the purpose of processing, the categories of data processed, the recipients of the data).
  2. Right to request rectification of personal data means your right to request the rectification of inaccurate, outdated, or incomplete personal data.
  3. Right to erasure of personal data includes: The situation where personal data is no longer necessary for the purposes of processing; The situation where the data subject opposes processing and there are no overriding legitimate grounds for processing; The situation where personal data has been unlawfully processed.
  4. Right to request restriction of processing means your right to obtain from Dent Estet restriction of processing in the following cases: (i) You contest the accuracy of the data (the restriction will last as long as Dent Estet verifies the accuracy of the personal data); (ii) The processing is unlawful and you oppose the erasure of the data, requesting instead the restriction of their use; (iii) Dent Estet no longer needs the personal data for the above-mentioned purposes, but you request the personal data for establishing, exercising, or defending a legal claim; or (iv) You have objected to processing, for the period in which Dent Estet verifies whether Dent Estet's legitimate rights override your rights.
  5. Right to object to processing means your right to object to processing for reasons related to your particular situation, when processing (i) is based on Dent Estet's or a third party's legitimate interests, including profiling activities based on this ground, or (ii) as applicable, is carried out for direct marketing communications involving profiling.
  6. Right to withdraw consent at any time, if processing is based on consent, without affecting the lawfulness of processing carried out based on consent before its withdrawal.
  7. Right not to be subject to automated decision-making means that, as a user of our services, you will not be subject to a decision based solely on automated processing of your data (including profiling) that produces legal effects concerning you or significantly affects you in a similar manner.
  8. Right to data portability means your right to request the transfer, copying, or moving of your personal data existing in Dent Estet's database to another database in a structured, commonly used, and machine-readable format, if processing is based on consent or a contract and is carried out by automated means.
  9. Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (Bucharest, Bd. General Gheorghe Magheru 28-30, Sector 1, Postal Code 010336, Bucharest, Romania, phone: 031 805 92 11, email: anspdcp@dataprotection.ro) and to address competent courts.

The rights mentioned in points A-I above can be exercised through a written, signed, and registered request at Dent Estet, using the following communication channels (to the attention of the Data Protection Officer - DPO): (i) at the email address smile@dentestet.ro, (ii) at Dent Estet clinics, or (iii) by sending the request by mail to the address Dent Estet CLINIC S.A., Bucharest, Bd. Aviatorilor no. 15, Sector 1.

In your request, you can mention if you want the information to be communicated to you at a specific address (which can also be an email address) or through a correspondence service that ensures personal delivery.

Communication of the requested information will be made within 1 (one) month from the date of receipt of the request, respecting your possible communication option.

If it is not possible to meet the above deadline, you will be informed of the reason for the delay, also communicating the procedure considered for solving your request and the estimated term.