We are committed to respecting your privacy by complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (EU) 2016/679 („GDPR"). Your right to privacy and the protection of the personal data you provide to us and the trust you place in us are important to us, and that is why through this Privacy Policy ("Policy") we provide you with important information about how Dr. Max Romania handles your personal data. This Policy applies to any service, website or application that collects, records, modifies, uses, accesses, transmits, or stores personal data. This Policy is intended to provide you with information about the personal data we collect from you or that you provide to us and how it will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. Please check for updates to this Policy. If we make any changes that we consider important, you will be able to view them online.

1. WHO WE ARE

Information about our company

Dr. Max Romania is represented by Dr.Max SRL and Mediplus Exim SRL.

Dr.Max SRL is located in Aeroportului Street, no. 53, Mogoșoaia and is registered in the Trade Register under no. J23/673/2007 with fiscal code no. RO9378655.

Mediplus Exim SRL has its registered office at 53 Aeroportului Street, Mogoșoaia, and is registered in the Trade Register under No J23/741/2007, with tax code No RO9311280.

For more information on the Company, please visit www.drmaxromania.com, contact us at dpo@drmax.ro or call 021 301 74 74.

2. USE OF WEBSITES

By accessing or using any part/function of our Websites you agree to accept and abide by the terms, conditions and policies mentioned and/or available via hyperlink and you are at least of legal age under applicable national law. If you do not accept the terms, conditions and policies set out in this documentation, then you should not continue to access our Website and/or use our services.

3. INTELLECTUAL PROPERTY LAW

The content of the Websites: images, texts, web graphics, scripts, software, design rights, model rights, patents, trademarks, constitute the entire property of Dr. Max Romania and are protected by copyright and related rights laws and by intellectual and industrial property laws. The use without Dr. Max Romania's consent of any of the elements listed above is punishable under the laws in force.

Dr. Max Romania may offer the user/customer, by means of an agreement, the right to use, in a described form, certain content of the site. This agreement applies strictly to the content(s) defined, for a period set out in the agreement and only to the person(s) allowed to use this content, without being able to use other content of the Dr. Max Romania Websites.

4. FOR WHAT PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

There are many types of situations in which we are in contact with you and your personal data. For example, we collect personal data in the following situations:

a. When you use or communicate with us via multimedia portals and/or social networks:

• • We process your data to take steps at your request prior to entering a contract (Art. 6/1/b of Regulation (EU) 2016/679)
  • In pursuit of our legitimate interest to respond to any questions, complaints, or recommendations you send us and to improve our services and the experience we provide to our customers (Art. 6/1/f of Regulation (EU) 2016/679).

When you communicate with us by telephone, fax, email, voicemail, text messaging (SMS), picture messaging (MMS), video messaging or instant messaging:

• • We process your data to take steps at your request prior to entering a contract (Art. 6/1/b of Regulation (EU) 2016/679)
  • In pursuit of our legitimate interest to respond to any questions, complaints, or recommendations you send us and to improve our services and the experience we provide to our customers (Art. 6/1/f of Regulation (EU) 2016/679).

c. When you send us any kind of address:

• • We process your data to take steps at your request prior to entering a contract (Art. 6/1/b of Regulation (EU) 2016/679)
  • In pursuit of our legitimate interest to respond to any questions, complaints, or recommendations you send us and to improve our services and the experience we provide to our customers (Art. 6/1/f of Regulation (EU) 2016/679).

d. When you use our websites:

• • We use cookies to make your navigation on our website easy and enjoyable, in our legitimate interest (Art. 6/1/f of Regulation (EU) 2016/679)
  • Non-essential cookies are not used without your consent (Art. 6/1/a of Regulation (EU) 2016/679)

e. When we have recruitment, selection, and talent evaluation processes:

• • We process your data to take steps at your request prior to entering a contract (Art. 6/1/b of Regulation (EU) 2016/679)

f. When we send you commercial and marketing communications:

• • We process your data to take steps at the request of the data subject prior to the conclusion of a contract (Art. 6/1/b of Regulation (EU) 2016/679)
  • We process data based on your consent (Art. 6/1/a of Regulation (EU) 2016/679), for marketing communications
  • We will process data in legitimate interest if you are already our customer and we consider that the information could be of great interest to you (Art. 6/1/f of Regulation (EU) 2016/679)

g. When using social plugins (see point 3 below for more details):

• • We will process your data in pursuit of our legitimate interest in facilitating easy sharing of content on our platform (Art. 6/1/f of Regulation (EU) 2016/679)

5. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

- IT service providers for our company (hosting and data storage) or providers to whom we outsource certain technical support services for our website or providers of customer relationship management systems

- The platform on which our website has been developed and which hosts our website

- The provider of the chat widget on the site (Facebook)

- Members of our group of companies (this includes our subsidiaries, our parent company and all its subsidiaries) as reasonably necessary for the purposes set out in this policy

- Social media platforms: Facebook, LinkedIn, Instagram, Twitter, Pinterest

- Regulators and other state authorities if required by legal or statutory requirements.

Additional information on social media platforms used: 

Facebook plugins ("share button"): You can recognize the plugins of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA by the Facebook logo or the "share button". For an overview of Facebook plugins, please click on: http://developers.facebook.com/docs/plugins/. When using our online services, the plugin establishes a direct connection between your browser and the Facebook server. Facebook is therefore informed that you are using our online services with your IP address. When you click on the "share button" on Facebook, while logged into your Facebook account, you can link the content of our online services with your Facebook profile. Facebook will then be able to associate the use of our online services with your user account. We would like to point out that we, as providers of online services, do not obtain any information about the content of the data transmitted and its use by Facebook. For more information, please see Facebook's privacy policy at https://www.facebook.com/policy.php. If you do not want Facebook to associate the use of our online services with your Facebook account, please log out of your Facebook user account. 

LinkedIn: The provider of the LinkedIn network is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our online services containing LinkedIn features, a connection to LinkedIn's servers is established. LinkedIn is informed that you are using our online services with your IP address. When you click on LinkedIn's "referral button" while connected to LinkedIn, your use of our online services may be associated with you and your user account. We would like to point out that we, as providers of the online services, are not made aware of the content of the data submitted and how LinkedIn uses it. For more information, please refer to LinkedIn's privacy policy at:        https://www.linkedin.com/legal/privacy-policy

6. TRANSFER OF PERSONAL DATA ABROAD

Dr. Max Romania shares personal data with partners operating outside the European Economic Area ("EEA").

List of international partners with whom we share data;

• Third parties that place cookies: LinkedIn, YouTube, Google, Facebook,
• Online platforms: Facebook, LinkedIn, Instagram, Twitter, Pinterest
• Marketing automation tool (newsletter submission)
• The platform on which our website was developed, and which provides hosting for our website

Personal data may be stored and processed in any country where we engage service providers. We may transfer the personal data we hold about you to recipients in countries other than the country in which the personal data was originally collected, including to the United States or Israel. These countries may have data protection rules that are different from those in your country. However, we will take steps to ensure that any such transfers comply with applicable data protection laws and that your personal data remains protected according to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may have the right to access your personal data.

Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms:

• EU standard contractual clauses with a data recipient outside the EEA or UK.
• Verification that the recipient has implemented binding corporate rules
• We will also ensure that all our international partners have taken additional steps in order to provide adequate safeguards, enforceable rights and effective legal remedies. The role of these measures is to provide additional guarantees to data subjects that the transfer of data under standard contractual clauses or binding corporate rules provides a level of protection equivalent to that guaranteed within the European Union.

7. HOW LONG WE STORE YOUR PERSONAL DATA

We will only store your personal data for the period necessary to achieve the processing purposes set out above, while complying with the legal requirements in force as well as the durations mentioned above. If, after the expiry of the set duration, the Company determines that it has a legitimate interest or legal obligation to further process your personal data for other purposes, you will be duly informed of this effect. Once the processing period indicated above expires and the Company no longer has legal or legitimate grounds to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymization, or destruction.

8. PROCESSING OF DATA OF CHILDREN UNDER THE AGE OF 16

All personal data processing activities described in this Policy relate exclusively to persons who are at least 16 years old. The use of the systems as well as the results of the processing is prohibited in respect of children under this age without the consent of their parents/legal guardians. If, despite our reasonable efforts to prevent it, such processing nevertheless takes place, we will stop it once we notice that users have not reached the age mentioned above. However, there may be pharmacovigilance/ cosmetic vigilance cases in relation to minors, so the minor's personal data necessary for the reporting and investigation of pharmacovigilance/ cosmetic vigilance cases may be processed based on legal requirements.

9. SECURITY OF DATA PROCESSING

The Company hereby informs you that it constantly evaluates and updates the security measures implemented to ensure the safe and secure processing of personal data.

10. RIGHTS OF DATA SUBJECTS

In the context of the processing of your personal data, you have the following rights:

1. Right to information: the right to be informed about the identity of the controller, the purpose for which the data is processed, the recipients or categories of recipients of the data, the existence of the rights provided for by the GDPR and the conditions under which the rights can be exercised.

1. Right of access to personal data processed: you have the right to obtain confirmation as to whether your personal data are being processed and, if so, to have access to the type of personal data and the conditions under which they are processed, by making a request to the data controller.
2. The right to request rectification or erasure of personal data: You have the possibility to request, by addressing a request to this effect to the data controller, the rectification of inaccurate personal data, the completion of incomplete data or the erasure of your personal data if (i) the data are no longer necessary for the original purpose (and there is no new lawful purpose), (ii) the legal basis for the processing is the data subject's consent, the data subject withdraws his or her consent and there is no other lawful basis, (iii) the data subject exercises the right to object and the controller has no overriding legitimate grounds for continuing the processing, (iv) the data have been unlawfully processed, (v) erasure is necessary for compliance with EU or Romanian law, or (vi) the data have been collected in connection with information society services offered to children (if applicable), where specific consent requirements apply.
3. Right to request restriction of processing: you have the right to obtain restriction of processing in cases where: (i) you consider that the personal data processed is inaccurate, for a period allowing the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, but you do not want us to delete your personal data but to restrict the use of this data; (iii) if the data controller no longer needs your personal data for the purposes mentioned above, but you need the data in order to establish, exercise or defend a legal claim; or (iv) you have objected to the processing, for the period of time within which we verify whether the data controller's legitimate grounds outweigh the data subject's rights
4. The right to withdraw your consent to the processing, where the processing is based on consent, but without affecting the lawfulness of the processing activities carried out up to that point.
5. The right to object to the processing of data on grounds relating to your particular situation, where the processing is based on legitimate interest, and to object at any time to the processing of data for direct marketing purposes, including profiling.
6. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or otherwise significantly affects them.
7. The right to data portability, meaning the right to receive your personal data that you have provided to the data controller in a structured, commonly used, and machine-readable form, and the right to transfer that data to another controller, where the processing is based on your consent or the performance of a contract and is carried out by automated means.
8. The right to lodge a complaint with the Data Protection Authority (ANSPDCP) and the right to apply to the competent courts.

The above rights can be exercised at any time. To exercise these rights, we encourage you to send a written request, dated and signed, to the following address: str. Aeroportului, nr. 53, Mogosoaia, jud. Ilfov or by e-mail to: dpo@drmax.ro.

11. CHANGES TO THIS POLICY

This policy may be updated to comply with any legislative changes regarding the protection of personal data. You are advised to check the Privacy Policy section periodically to be informed of such possible changes.

12. CONTACT

You may address any questions regarding this document to the Data Protection Officer, who can be contacted using the following address: dpo@drmax.ro. 

Version date: 11.04.2023.