ASOCIAȚIA GRUPUL STUDENȚILOR MEDICINIȘTI CU ACTIVITATE ȘTIINȚIFICĂ (SCIENTIFIC ORGANISATION OF MEDICAL STUDENTS | SOMS) respects the privacy of every individual who visits our website. This policy outlines the use of personal data under General Data Protection Regulations (“GDPR”).EU General Data Protection Regulation (the “GDPR”) and Law no. 190/2018.
For the purpose of Law no. 190/2018 and GDPR, we are the data controller and any inquiry regarding the collection or processing of your data should be emailed to [email protected].
Protecting your personal data is very important to us. This Privacy Notice describes our practices regarding the collecting and use of your personal data – for example, what data we collect, why, and for what purpose, and explains your rights in relation to the personal data.
The controller of your personal information is ASOCIAȚIA GRUPUL STUDENȚILOR MEDICINIȘTI CU ACTIVITATE ȘTIINȚIFICĂ (“SOMS”, “MEDICS”, “we”, “us”, “our”). If you have any query in respect of your personal information, you can contact us at the following:
|Data controller||ASOCIAȚIA GRUPUL STUDENȚILOR MEDICINIȘTI CU ACTIVITATE ȘTIINȚIFICĂ|
|Address||Str. Eroii Sanitari nr.8, Sector 5, București|
|Telephone||+40 724 313 393|
Your data may be referred to as “personal data” or “personal information”. Personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.
Handling, collecting, protecting and storing your personal data or any such action may be collectively referred to as “processing” of personal data.
This document will help you understand the following:
- What personal data we collect and process about you as a customer and as a user of our website, mobile applications and online services;
- Why we collect and process your data;
- How the Company collects and processes your personal data;
- Where we obtain the data from;
- Your rights under EU General Data Protection Regulation (‘GDPR’);
- How and when we share your personal data with other third parties (for example, our service providers).
This document is directed to natural persons who are either current or potential customers of the Company, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of the Company.
Types of personal data we process
Personal data is all information which allows the data subject to be identified. Such data include for example your name, contact details, payment details.
Specifically, we may collect the following types of personal data:
- The data you give us for the creation of your account. Generally, these include your Name, home address, e-mail address, telephone number, passport or other recognized personal ID card number and details.
- The data you give us when you apply for a visa. This includes Name, home address, University, current address, nationality, country of residence, University, passport number, ID number, passport/ID documents photocopies.
- The data you provide in relation to your identity and or residence. Generally, these include copies of your identity document(s), proof of residence (e.g. utility bill) and copies of your credit/debit card(s).
- The data you enter when funding your account. Generally, these include your credit/debit card details or other payment details (IBAN, SWIFT codes etc).
We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, weblogs and other communication data (but this data will not identify you personally). An example of such data would include the type of internet browser or the type of computer you are using, or the domain name of the website from which you linked to our site. We use ‘cookie’ technology and IP addresses only to obtain non-personal information from online visitors to provide them with the best possible personalized online experience.
The Company does not collect personal data from minors.
How do we collect your personal information?
We collect your personal information through different methods, including:
- Information you give us. You may give us your identity, contact and financial data when you fill in our contact forms, make a purchase from our website or create an account with us. We may store some or all information in encrypted format in a cookie on your computer.
- Information we automatically collect about you. We may automatically collect technical data about your equipment, browsing actions and patterns as you interact with our websites. We collect this personal data by using cookies and other similar technologies.
- Information we receive from other sources. We may receive personal data about you from various third parties and public sources. For example, we may receive:
- technical data from analytics providers;
- cookies that allow third party review or interaction with our website that have been saved on your computer from other websites you have visited; and
- identity and contact data from selected business partners, data brokers or aggregators.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose if you cannot be identified in any way. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending direct marketing communications to you by electronic means or permitting our selected third parties to do so. You have the right to withdraw consent to marketing at any time by contacting us.
Please be aware that our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
What if you do not want to provide your personal information?
You can visit our website without completing any personal data. When we ask you to complete your personal information to give you access to certain features or services of the site, we will mark some fields as mandatory, as these are the information we need to provide you with service or to give you access to that functionality.
Please note that if you decide not to provide this information, you may not be able to complete your registration as a user or benefit from these services or features.
We collect your personal information automatically using technical means as and when you use our website. It is important to understand the difference in the cookies that we use. Our websites use both 1st party cookies (which are set by the Site being visited) and 3rd party cookies (which are set by a server located outside of the site that you have visited).
You can choose whether to accept cookies by changing the settings on your browser. Information about the procedure to enable or disable cookies can be found on your Internet browser provider’s website via its help meu or further information can be found at: http://www.allaboutcookies.org/manage-cookies/index.html . However, if you disable this function, your experience on our websites may be reduced and some features may not work as intended.
How we process your data?
We collect your personal data when the law allows us to do it. Most frequently, we will use your personal information in the following circumstances:
- when it is necessary for our legitimate interests (or those of third parties) and your interests and fundamental rights do not go beyond these interests;
- when we have to comply with legal or statutory obligations.
Generally, we do not rely on consent as a legal basis for processing your personal data unless we have marketing communications via email, phone or text messages. You have the option to withdraw your marketing consent at any time by contacting us at the email address above mentioned.
The purposes for which we collect your personal data
|Sign-up/ Register as a user||If you decide to register as a user on our site,|
we need to process your data to identify you
as its user and to give you access to its various features, products and services available to you as a registered user. You can cancel your registered user account at any time either from your account on the site or by sending a request to the email address above mentioned.
Please notice that if you cancel your account after paying the participation fee, the refund of the participation fee is subject to our Terms&Conditions.
SOMS uses the data collected during the
1. To create and send your electronic Certificate of Participation;
2. To print your Certificate of Participation, if requested and paid by you;
3. To print your personal conference badge;
4. To create and print the abstract book (for presenting authors and co-authors)
5. To print any other diploma or material or the conference that needs your personal details;
6. To arrange the scientific or social events you registered for, if applicable including external service providers;
7. To keep you informed about the conference via e-mail, social media or telephone;
8. If you enter into a sweepstake, contest, or similar promotion we may use the information you provide to administer those programs;
9. To fill any electronic form needed to organise the conference
|Requests made through Customer Service/Support||We process only the personal data strictly necessary to manage or resolve your request.|
|Marketing||We will process your personal data for this purpose mainly in the following cases:|
If you subscribe to the newsletter, we will process your personal information to manage your communication preferences, including sending personalized information about our products or services by various means (such as by email or SMS). We will also be able to send you this information via push notifications if you have them enabled on your mobile device or browser.
Please be aware that this data processing involves analyzing your user or client profile in order to create profiles that determine what your preferences are at a certain moment based on the navigation history and the choices made and, products and services best fit you at the time of submitting the information to us.
You will be able to unsubscribe from the newsletter at any time and totally free of charge through the Newsletter section, or through the instructions provided in each communication. If you do not want to receive push notifications, you can disable this option on your mobile device or browser.
|Improving services||If you access our site, we inform you that we will process your data for analytical and statistical purposes in order to understand how users interact with our site and thus improve them.|
The legal basis of our data processing
We process your personal data in strict accordance with the provisions allowing data processing under GDPR and the local data protection law. We will only process your personal data where we have a legal basis to do so. This legal basis may vary according to the reasons for which we need to use your personal data. We may process your personal data if the processing is founded on one or more of the following legal bases:
- The processing is necessary for compliance with a legal obligation to which we are subject
The legal framework governing our operations imposes on us obligations which involve the process of personal data for the performance of identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
- You have specifically consented to your personal data being used by us for a specific purpose.
Such consent shall usually be relied upon for sending you marketing communications, news emails, financial market updates, announcements that may interest you etc. You may revoke your consent to this processing anytime.
- The processing is necessary for the purposes of our legitimate interests (e.g. signing-up/register as a user; responding to requests made through Support Service; improving our website services, etc).
The retention period for your data is primarily dependent on the retention rules imposed upon us by the applicable legislation.
We will keep your data only as long as necessary to achieve the purpose for which we have collected the data or to fulfill our obligations under the law.
To know how long your data can be stored, we use the following criteria:
- If you contact us for a question, we keep your personal data for as long as your questions are processed, but no more than 3 years after the last mail you sent;
- If you create an account, we retain your personal data until you ask us to delete it or after a period of inactivity. In this regard, please note that data processed for this purpose will be deleted 3 years after the last user account interaction (for example, login to your account);
- If you have given your consent to direct marketing, we retain your personal data until you unsubscribe or ask us to delete it;
- If cookies are stored on your computer, we keep them for as long as they are needed to reach their goals.
Transmission of data to third-parties
In order to facilitate the performance of the activities with respect to the purposes detailed above, we can communicate this data to third parties, including Company partners, such as:
- Supervisory, regulatory and public authorities, including courts of justice, law enforcement authorities and other governmental bodies
- Financial institutions, payment service providers, card payment processors, correspondent banks
- Auditors and accounting consultants
- Marketing and customer support service providers
- Data storage and archiving providers
We require third parties to respect the security of your personal data and to treat them in accordance with the law. We do not allow third-party vendors to use your personal data for their own purposes and allow them to process your personal data for the purposes specified and in accordance with our instructions.
Transfer of data outside the EU
While our operations are targeting the EU and EEA areas exclusively, we may transfer your data to a third party in a non-EU country if such a transfer is necessary and has a legal basis as described in this document. The third-party processors in this case shall either be approved by the European Commission as providing adequate level of data protection or they shall be contractually bound to data protection standards equivalent to those of EU legislation and shall act in accordance with Article 46 of Regulation (EU) 2016/679.
Automated decision-making and profiling
In general, your data is not processed automatically and no decision is taken based on automated processes. The only automatic “profiling” we may do based on your data is a risk assessment for Anti-Money-Laundering and Counter-Terrorism Financing purposes and for establishing your investment risk appetite and tolerances. This process is however not entirely automatic and ultimately depends on manual overview and decision taking.
Your data protection rights
If you are a physical person who is the data subject of what is legally considered “personal data” which we hold as a “controller” and/or “processor” you are entitled to certain rights. Without prejudice to the above, your rights are not absolute and may be limited due to the legal basis relied upon by the Company to process your data.
- Right to information. You may request to know whether we hold any of your personal data, and, if so, information on the Company, what type of data we process and why/how we are processing it.
- Data subject access request. You may request to receive a copy of your personal data and check that the processing is lawful.
- Right to rectification. You may request that we rectify and incorrect data we hold and you may complete any incomplete data we may hold.
- Right to erasure (‘right to be forgotten’). You may request that your personal data is deleted, provided that you meet the legal criteria for this request. Generally, you may request to be forgotten if the processing is unnecessary, unlawful, illegitimate, or you have objected to it.
- Object to processing of your personal information. If we are processing your data based on our (or a third party’s) legitimate interest and you are in a particular situation which gives you reason to object to the processing you may submit this request. You may also object if we are processing your data for direct marketing purposes. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- Right to restriction. You may request the restriction of the processing of your data under some circumstances, for example so as to determine if the data is accurate or to establish the reason for processing it.
- Right to data portability. You may request a copy of your personal information in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller. This right may not be fully applicable in cases where the processing is done due to a legal obligation of the Company.
- Right to withdraw consent. Where you have consented to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once your consent is withdrawn, the processing of your data will be halted, unless said processing is found on another legitimate basis, for example due to a legal obligation to keep your data.
- Right to file a complaint with supervisory authority.
If you want to do for the purposes of the above, please send us an e-mail to [email protected]. We may ask you to prove your identity by communicating a copy of a valid ID to comply with our security obligations and to prevent unauthorized disclosure of the data.
We are committed to protecting your information, and we take extra precautions to ensure that your data is safe using the following procedures:
- We use two layers of firewall protection (one at the application level and one at the server level) to ensure that no unauthorized access attempts are allowed.
- We use an advanced Verisign SSL to authenticate users and data transfers.
- The server that handles our traders’ online activity is separate from the transaction information, which is stored on another data server.
- The server farms are protected by armed guards at all times. Any unauthorized personnel are forbidden to enter the premises of the server farms.
We use both, session ID and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your internet browser’s “Help” file.
Personal data for you provide for other individuals
If you have any questions or concerns about how we treat and use your personal data or wish to exercise any of your above rights, please contact us to [email protected] or in writing to Eroii Sanitari nr. 8, Sectorul 5, București, ASOCIAȚIA GRUPUL STUDENȚILOR MEDICINIȘTI CU ACTIVITATE ȘTIINȚIFICĂ.
We will take into consideration any requests or complaints we receive and we will give you a timely response. If you are not satisfied with our response, you may submit the complaint to the National Supervisory Authority for Personal Data Processing – located in Bd. Gheorghe Magheru no. 28-30, Bucharest, Romania.
Changes to this policy
We may update this policy to reflect changes to the website and customer feedback. Please regularly review this policy to be informed of how we are protecting your personal data.
This Policy was last updated on 12.12.2019