The companies Mediplus Exim S.R.L. with registered office in Mogosoaia, 53rd Aeroportului St., Ilfov, registered at the Trade Register Office under no. J23/741/2007, SIN RO9311280, and DR.MAX S.R.L., with registered office in Mogosoaia, 53rd Aeroportului St., Ilfov, registered at the Trade Register with order number J23/673/2007, SIN RO9378655, as controllers(„the Companies”), hereby inform you on the processing of your personal data in the context of certain operations carried out by the Companies.
The Companies acts as a personal data controller for the purpose of ensuring the security and protection of property and persons on the premises belonging to the Companies, by implementing a video surveillance system at the access points thereto, as well as rules on access to the premises of the Companies, by issuing and granting access cards.
This information notice relates to your status as employees, customers, visitors to the Companies' premises, including agents, operators, occupants, contractors and/or suppliers or other categories of persons who may have access to the Companies' premises.
The Companies processes the personal data listed in Section 2 below for the following purposes, based on the legal grounds indicated for each purpose:
| Scope/ Data categories | Legal ground |
1 |
Categories of data images of individuals entering the premises of the Companies, allowing direct or indirect identification of these individuals | Legal obligation provided for by Law no. 333/2003, as amended, on the security of objectives, goods, values, and protection of persons - regarding the security and protection of goods and values of the Companies, against any unlawful actions that damage the right of ownership, their material existence. Legitimate interest to protect the Companies' assets and values..
|
2 |
Categories of data: Name, surname, number, and number of the identity card of the persons to whom the access card is granted | Legal obligation provided for by Law no. 333/2003, as amended, on the security of objectives, goods, values, and protection of persons - regarding the security and protection of goods and values of the Companies, against any unlawful actions that damage the right of ownership, their material existence. Legitimate interest to protect the Companies' assets and values.
|
2. Collection of personal data
The Companies have collected your personal data from the following sources:
2.1 For video surveillance: the video surveillance system located on the premises of the Companies, which has been mounted in visible places at the access points.
2.2 For the implementation of the rules on access to the Companies' premises, by issuing and granting access cards: the data is collected directly from the data subject.
In order to fulfil the purposes mentioned above, the Companies uses the services of several contractual partners.
Some of them are processors, such as specialized security and protection companies, companies that carry out security activities for objectives, goods or values, in conditions of maximum security of the same, as well as the protection of persons and are active in the protection and security sector and carry out their commercial activity in Romania, Bucharest, and they may be provided with your personal data to be used within the limits of the obligations they assume towards the Companies. The personal data that we disclose to our assignees is limited to the minimum personal information that is necessary for the provision of those services and we ask them not to use personal data for any other purpose.
We make every effort to ensure that all entities we work with store your personal data in a safe and secure manner.
The personal data indicated above may also be made available or transmitted to third parties in the following situations: (i) public authorities, auditors, or institutions with powers to carry out inspections and controls on the Companies' activity and assets and/or which request the Companies to provide information, by virtue of the latter's legal obligations. Such public authorities or institutions may be courts, police; or (ii) to comply with a legal requirement or to protect the rights and assets of our Companies or other entities or persons, such as courts.
In addition, for the purposes of the above processing, we may distribute your personal data to Group companies, that will fully comply with the Companies' instructions regarding the processing of your personal data.
4. Processing time
We will store your personal data only for the period necessary to achieve the above processing purposes, while complying with the legal requirements in force. Should the Companies determine that it has a legitimate interest or legal obligation to further process your personal data for other purposes, you will be duly informed to this effect.
We estimate that the processing activities detailed above will require the storage of personal data for the following periods:
| Scope | Period |
1 | Ensuring the security and protection of goods and persons on the premises of the Companies by implementing a video surveillance system. | 30 days*; |
2 | Ensuring the security and protection of property and persons on the Companies' premises, by implementing rules on access to the Companies' premises by issuing and granting access cards and filling in the details of the person to whom the card is granted in the visitors' register. | [12 months] |
**Except where necessary to protect the legitimate interests of the controller or where there are legal obligations of retention. In such cases, we will act in accordance with the law, including informing you.
5. What happens to your personal data after the processing has ended
Once the processing period indicated above expires and the Companies no longer have legal or legitimate grounds to process your personal data, the data will be deleted in accordance with its procedures, which involves their destruction.
6. Refusal of processing and its consequences
The data processing described in section 1, purposes 1, 2 and 3, is a legal obligation of the Companies, to ensure the security and protection of the establishments where it holds valuables and assets. If you do not wish your data to be processed for this purpose, you will not be able to access the premises of the Companies.
7. Security of data processing
The Companies hereby inform you that we constantly evaluate and update the security measures implemented to ensure safe and secure processing of personal data.
8. Rights of the data subject regarding data processing
In the context of the processing of your personal data, you have the following rights:
The above rights can be exercised at any time. To exercise these rights, we encourage you to send a written, dated and signed request or an electronic request to the following address: Mogoșoaia, 53rd Aeroportulul St., Ilfov or by e-mail to dpo@drmax.ro
9. Data Protection Officer
You may address any questions regarding this document to the Data Protection Officer, who can be contacted using the following contract details:
E-mail dpo@drmax.ro
Tel: 021.301.74.74
Fax: 021.301.74.75
Address: Mogoșoaia, 53rd Aeroportulul St., Ilfov.
Data: 11.04.2023
Dr. Max România is a subsidiary of Dr. Max Group – established in 2004.
Dr. Max Group offers distribution, pharmaceutical retail and marketing & sales services in 17 countries, and has a turnover of over 3 billion euros.
More information on www.drmax.eu.
© Dr. Max România, 2024