Privacy Policy
This Privacy Policy describes the privacy practices of telemedica, a Software as a Service (SaaS) application (hereinafter referred to as “telemedica“) offered by High-Tech Systems & Software SRL, a limited liability company, operating in accordance with the laws of Romania, with registered office in Bucharest, Sector 1, Bulevardul Bucurestii Noi, nr. 25A, registered with the Trade Registry Office under no. J40/4847/2012, with Tax Identification Number 30126940 (hereinafter referred to as the “Company“).
The purpose of this Privacy Policy is to describe what personal data the Company may collect and process, as well as the scope and legal grounds for such processing.
In addition, this Privacy Policy describes the personal data collected and processed as well as the scope and legal grounds for such processing by the Customer with respect to the personal data of the Customer Representative and Users.
This Privacy Policy applies to all telemedica users, i.e. any person who provides personal information/data to telemedica or the Company in connection with telemedica, i.e. Customer Representatives and Users (hereinafter “Data Subject“), as detailed below. By accessing and using telemedica, Data Subjects consent to the processing of their personal data in accordance with the terms of this Privacy Policy and the relevant Terms of Use.
“Applicable law” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR“), Law No 190/2018 implementing the GDPR, relevant decisions/guidelines issued by the EDPB for guidance on the interpretation of the provisions of the GDPR, and national legislation on the processing of personal data of data subjects, if not in conflict with any provision of the GDPR. This includes also any other applicable law, taking into account the location of the Customer’s principal place of business and the nationality of Customer Representatives and Users.
“Customer”: a legal entity that wishes to benefit from the telemedica features and enters into a contract with the Company for this purpose;
“Customer Representative”: the Customer’s representative with administrative rights in telemedica, who can add, edit and manage data related to the organization, its divisions, locations, employees, working hours, can create and add users, etc.
“User(s)”: the Customer’s employee(s) for whom the Customer Representative has created an account on Telemedica. User(s) access to telemedica depends on the relationship between the Client and the User and the role of the User within the organisation (director, manager, employee, etc.).
“Personal data” – means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Controller” – means the Company/Customer, which, individually or jointly with others, determines the purposes and means of personal data processing.
“Processor” – means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. The Company is a Processor when they process the personal data of data subjects for the Client in order to provide support services as requested by the Client.
This Privacy Policy and the Terms of Use complement each other.
Capitalized terms not defined herein shall have the meaning given in the Terms of Use.
Any reference to the singular includes the plural and vice versa.
- GENERAL PRINCIPLES
-
- By accessing and using telemedica, data subjects consent to the processing of their personal data in accordance with the terms of this Privacy Policy and the relevant Terms of Service.
- If data subjects do not agree to this Privacy Policy and the related Terms of Service, they will not be able to access and use telemedica. The personal data subject to processing are provided on a voluntary basis by the data subject or by any third parties who have the prior consent of said data subject. In order to use telemedica, the data subject may be required to fill in some personal data considered by telemedica as “mandatory”, but the data subject may voluntarily provide any additional personal data which are considered as “optional“.
- COLLECTION AND PROCESSING OF PERSONAL DATA BY THE COMPANY
-
- The security of personal data is of particular importance to the Company and the Company ensures that the personal data collected and processed is kept secure and is not used for purposes other than those specified herein as well as in the Terms of Service and the Cookie Policy.
- The Company processes the personal data of the Customer Representatives, in their capacity as Controller, for the purpose of concluding and implementing the contract between the Company and the Customer so that the latter can benefit from the telemedica Services, including maintenance, namely the Company will process the personal data for maintaining the relationship with the Customer (such as correspondence, notifications, service interventions, etc.), and will create and personalize the Customer Representative’s account. The processing is also necessary for legitimate interest purposes (telemedica development and research, advertising and marketing, statistics) pursued by the Company or a third party or the data subject has consented to the processing of personal data. The legitimate interests of the Company in the processing of personal data do not override the interests or fundamental rights and freedoms of the data subject. The interests or fundamental rights and freedoms of the data subject are in no way affected by the data processing carried out via telemedica.
- Personal data collected and processed:
- client’s representative data:
- first name, last name;
- date of birth;
- e-mail address;
- password;
- quality within the Client;
- login and service data on telemedica use;
- Because telemedica can be accessed via browser and mobile devices using an internet connection, one, several or all of the personal data mentioned below may be collected when you access and use telemedica:
- IP address;
- location;
- the type of device used;
- time and date of access;
- time spent on telemedica;
- access and use habits;
- internet connection speed;
- the unique identification number of the device used;
- encrypted password;
- The personal data mentioned above may be disclosed/partially disclosed/transferred to third parties for the fulfilment of processing purposes. Thus, personal data may be shared with one, more or all of the following, on a need-to-know basis, in accordance with the scope:
- service providers (companies and individuals who provide services on behalf of the Company or who help the Company operate telemedicine and its business, such as hosting, technical support, analytics, customer support, email and SMS delivery, etc.);
- advisers (may include lawyers, auditors, bankers and insurers if necessary);
- authorities and other persons (may include law enforcement authorities, central or local authorities, supervisory authorities, where required by law or to help protect the rights and safety of the data subjects or other persons);
- other companies or individuals in the event of a telemedica assignment, transfer of business or change of control of the Company.
- THE COMPANY DOES NOT HAVE ACCESS TO THE DATA UPLOADED TO TELEMEDICA OR TO THE USERS’DATA, ANY INTERVENTION FOR USAGE PURPOSES WILL ONLY BE DONE WITH THE PERMISSION OF THE CLIENT. For this purpose, the Company will be a data processor and will follow the instructions of the Client, any access to personal data uploaded to telemedica will be done as a processor, the Company will not process said personal data for any other purpose than to provide their support services to the Client.
- telemedica is hosted by a third party cloud service provider, acting as a sub-processor for the Company. Cloud Services terms and conditions of use and related privacy policy can be accessed here _______________.
- the storage of personal data collected and processed by the Company as controller or processor is done on the Company’s servers or on the sub-processor’s servers.
- COLLECTION AND PROCESSING OF PERSONAL DATA BY THE CLIENT
- The Client collects and processes, as Controller, the personal data of the Client’s Representative and Users for the purpose of complying with a legal obligation to which the Client must comply with, for the performance of the contract(s) concluded with the data subject(s), as well as for the consent or legitimate interest thereto, as stated in their internal policies.
- Any or all of the following personal data may be collected, recorded, organized, disclosed, modified, retrieved, accessed, stored and ultimately deleted or destroyed:
-
- name;
- date of birth;
- e-mail address;
- password;
- job description / position within the organisation;
- data on working days / working hours / shifts / productivity / length of contract with the organisation;
- data on the special needs of the data subject as a member of the organisation;
- image, if a profile photo is provided;
- login and service data on telemedica use;
- other details uploaded to telemedica.
-
- Because telemedica can be accessed via browser and mobile devices using your internet connection, some or all of the following personal data may be collected when accessing and using telemedica:
- IP address;
- location;
- the type of device used;
- time and date of access;
- time spent on telemedica;
- access and use habits;
- internet connection speed;
- the unique identification number of the device used;
- encrypted password.
- Personal data, together with any other information that the data subject may send to the Client in connection with telemedica, will be stored on the sub-processors’ servers (_________________).
- Personal data is processed by the Client for one, several or all of the following purposes:
- managing their activity and planning for the change of users’ programme;
- creating and maintaining accounts;
- creating and maintaining profiles;
- adding and managing users and data thereof;
- notification to data subjects of other data subjects who have joined or are using telemedica, announcements, updates, security alerts and support and administrative messages, if applicable;
- responding to requests, questions, feedback from data subjects.
- Personal data may be shared on a need-to-know basis, in accordance with the application scope, with one, more or all of the following:
- with the Customer’s Representative and other Customer’s Users – which will be visible on their public profile;
- Service providers (companies and individuals who provide services on behalf of the Company/Customer or who help the Company/Customer operate telemedica and their business, such as hosting, technical support, analytics, customer support, email and SMS delivery, etc.);
- advisers (may include lawyers, auditors, bankers and insurers if necessary);
- authorities and other persons (may include law enforcement authorities, central or local authorities, supervisory authorities, where required by law or to help protect the rights and safety of data subjects or other persons).
- RIGHTS AND OBLIGATIONS OF DATA SUBJECTS
- Data subjects are aware of the general rights they enjoy as data subjects under applicable law, namely: the right to information; the right of access to personal data; the right to rectification; the right to erasure (“right to be forgotten“); the right to restriction of processing; the right to data portability; the right to object to the processing of personal data; the right to bring an action before the competent court or a supervisory authority, where this right is provided for as per the applicable law.
- Data subjects are aware that the rights mentioned hereinabove are not absolute rights and accept that there is a possibility that certain personal data used for the fulfilment of such purposes may not be deleted (e.g. personal data for which there is an obligation to report to authorities or for which there is an obligation to store same).
- Data subjects have the following obligations:
-
- to provide true, accurate and complete personal data in accordance with telemedica forms. If the personal data provided are not true, accurate and complete or have been altered, data subjects are obliged to inform the Controller, via telemedica or by e-mail at _____________, of this fact and to provide the correct personal data as soon as possible;
- update their personal data whenever necessary;
- refrain from posting obscene, defamatory, threatening or malicious information, reviews and ratings of the Controller, their employees/collaborators or any other person concerned, as well as any material or information prohibited by applicable law.
- If a data subject breaches their obligations hereunder, the Controller has the right to take all legal measures to ensure that the previous situation is restored (deletion of information published by the data subject, blocking access to telemedica, etc.) and to hold the data subject liable under penalty of law.
- PROCESSING TIME. DELETION OF PERSONAL DATA
- Personal data will be stored for the period of time necessary to achieve the purposes for which it was collected, i.e. for the period necessary for the provision of telemedica services, throughout the existence of the account, and for a subsequent period of time necessary for reporting to the competent authorities. Personal data will be deleted when the Customer unsubscribes or the data subject chooses to unsubscribe and delete their account (applicable to both the Customer Representative account and the User account). Where national law requires the Controller to store certain personal data, in particular in relation to employment, the Controller will comply with said provisions and the personal data will be stored for the interval mentioned. Where the Customer is subject to such obligations, the Controller will take reasonable steps to assist the Customer in this regard.
- Log-in and access history and habits will be stored for a period of ___ days, after which they will be deleted.
- MODIFICATION OF THIS PRIVACY POLICY
-
- This Privacy Policy may be amended at any time by the Company as a result of legislative changes or telemedica adjustments.
- The updated privacy policy will be published on telemedica and will be effective from the moment of publication and will be available to all data subjects.
- By continuing to use telemedica, data subjects agree to the new provisions of the Privacy Policy, indicating that they have read and acknowledged the new Privacy Policy.
If data subjects do not agree with one or more of the current or future provisions of this Privacy Policy, they will not be able to access and use telemedica.
- DISCLAIMER
Data Subjects fully understand and agree that all Data Subjects’ personal data are provided on a voluntary basis, either by the Customer, the Customer’s representative and/or the User and that the Company assumes no liability for the accuracy of said personal data. If personal data is provided by the Customer or the Customer’s Representative, the Data Subject fully understands and agrees that the Customer or the Customer’s Representative has the right to disclose such personal data to the Company and/or sub-processors. The Company cannot be held liable for any loss or damage caused to the data subject as a result of the processing of any personal data provided by the Customer, the Customer’s Representative and/or User.