Privacy Policy

How we collect and use your data

The Romanian Student Society of Surgery operates the www.surgicon.ro website, which provides the SERVICE.

This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service, the SURGICON 2020 website.

If you choose to use our Service, then you agree to the collection and use of information in relation with this policy. The Personal Information that we collect are used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at www.surgicon.ro, unless otherwise defined in this Privacy Policy.

ASOCIAȚIA SOCIETATEA STUDENTEASCA DE CHIRURGIE DIN ROMANIA (SSCR) respects the privacy of every individual who visits our website. This policy outlines the use of personal data under General Data Protection Regulations (“GDPR”).EU General Data Protection Regulation (the “GDPR”) and Law no. 190/2018.

For the purpose of Law no. 190/2018 and GDPR, we are the data controller and any inquiry regarding the collection or processing of your data should be emailed to president@surgicon.ro.

Protecting your personal data is very important to us. This Privacy Notice describes our practices regarding the collecting and use of your personal data – for example, what data we collect, why, and for what purpose, and explains your rights in relation to the personal data.

The controller of your personal information is ASOCIAȚIA SOCIETATEA STUDENTEASCA DE CHIRURGIE DIN ROMANIA (“SSCR”, “SURGICON”, “we”, “us”, “our”). If you have any query in respect of your personal information, you can contact us at the following:

Your data may be referred to as “personal data” or “personal information”. Personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.

Handling, collecting, protecting and storing your personal data or any such action may be collectively referred to as “processing” of personal data.

The Company is committed to safeguarding your privacy and handling your personal data in an open and transparent manner which respects the privacy of any user that accesses our site(s). Our Privacy Policy is intended to explain how we protect the privacy of your personal and financial information. We will only use your information as described in our Privacy Policy.

This document will help you understand the following:

  • What personal data we collect and process about you as a customer and as a user of our website, mobile applications and online services;
  • Why we collect and process your data;
  • How the Company collects and processes your personal data;
  • Where we obtain the data from;
  • Your rights under EU General Data Protection Regulation (‘GDPR’);
  • How and when we share your personal data with other third parties (for example, our service providers).

This document is directed to natural persons who are either current or potential customers of the Company, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of the Company.

Types of personal data we process

Personal data is all information which allows the data subject to be identified. Such data include for example your name, contact details, payment details.

Specifically, we may collect the following types of personal data:

  • The data you give us for the creation of your account. Generally, these include your Name, home address, e-mail address, telephone number, passport or other recognized personal ID card number and details.
  • The data you enter when funding your account. Generally, these include your credit/debit card details or other payment details (IBAN, SWIFT codes etc).

We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, weblogs and other communication data (but this data will not identify you personally). An example of such data would include the type of internet browser or the type of computer you are using, or the domain name of the website from which you linked to our site. We use ‘cookie’ technology and IP addresses only to obtain non-personal information from online visitors to provide them with the best possible personalized online experience.

The Company does not collect personal data from minors.

How do we collect your personal information?

We collect your personal information through different methods, including:

  • Information you give us. You may give us your identity, contact and financial data when you fill in our contact forms, make a purchase from our website or create an account with us. We may store some or all information in encrypted format in a cookie on your computer.
  • Information we automatically collect about you. We may automatically collect technical data about your equipment, browsing actions and patterns as you interact with our websites. We collect this personal data by using cookies and other similar technologies.
  • Information we receive from other sources. We may receive personal data about you from various third parties and public sources. For example, we may receive:
    • technical data from analytics providers;
    • cookies that allow third party review or interaction with our website that have been saved on your computer from other websites you have visited; and
    • identity and contact data from selected business partners, data brokers or aggregators.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose if you cannot be identified in any way. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending direct marketing communications to you by electronic means or permitting our selected third parties to do so. You have the right to withdraw consent to marketing at any time by contacting us.

Please be aware that our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

What if you do not want to provide your personal information?

You can visit our website without completing any personal data. When we ask you to complete your personal information to give you access to certain features or services of the site, we will mark some fields as mandatory, as these are the information we need to provide you with service or to give you access to that functionality.

Please note that if you decide not to provide this information, you may not be able to complete your registration as a user or benefit from these services or features.

We collect your personal information automatically using technical means as and when you use our website. It is important to understand the difference in the cookies that we use. Our websites use both 1st party cookies (which are set by the Site being visited) and 3rd party cookies (which are set by a server located outside of the site that you have visited).

You can choose whether to accept cookies by changing the settings on your browser. Information about the procedure to enable or disable cookies can be found on your Internet browser provider’s website via its help meu or further information can be found at: http://www.allaboutcookies.org/manage-cookies/index.html . However, if you disable this function, your experience on our websites may be reduced and some features may not work as intended.

How we process your data?

We collect your personal data when the law allows us to do it. Most frequently, we will use your personal information in the following circumstances:

  • when it is necessary for our legitimate interests (or those of third parties) and your interests and fundamental rights do not go beyond these interests;
  • when we have to comply with legal or statutory obligations.

Generally, we do not rely on consent as a legal basis for processing your personal data unless we have marketing communications via email, phone or text messages. You have the option to withdraw your marketing consent at any time by contacting us at the email address above mentioned.

The legal basis of our data processing

We process your personal data in strict accordance with the provisions allowing data processing under GDPR and the local data protection law. We will only process your personal data where we have a legal basis to do so. This legal basis may vary according to the reasons for which we need to use your personal data. We may process your personal data if the processing is founded on one or more of the following legal bases:

  • The processing is necessary for compliance with a legal obligation to which we are subject. The legal framework governing our operations imposes on us obligations which involve the process of personal data for the performance of identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
  • You have specifically consented to your personal data being used by us for a specific purpose. Such consent shall usually be relied upon for sending you marketing communications, news emails, financial market updates, announcements that may interest you etc. You may revoke your consent to this processing anytime.
  • The processing is necessary for the purposes of our legitimate interests (e.g. signing-up/register as a user; responding to requests made through Support Service; improving our website services, etc).

Retention period

The retention period for your data is primarily dependent on the retention rules imposed upon us by the applicable legislation.

We will keep your data only as long as necessary to achieve the purpose for which we have collected the data or to fulfill our obligations under the law.

To know how long your data can be stored, we use the following criteria:

  • If you contact us for a question, we keep your personal data for as long as your questions are processed, but no more than 3 years after the last mail you sent;
  • If you create an account, we retain your personal data until you ask us to delete it or after a period of inactivity. In this regard, please note that data processed for this purpose will be deleted 3 years after the last user account interaction (for example, login to your account);
  • If you have given your consent to direct marketing, we retain your personal data until you unsubscribe or ask us to delete it;
  • If cookies are stored on your computer, we keep them for as long as they are needed to reach their goals.

Transmission of data to third-parties

In order to facilitate the performance of the activities with respect to the purposes detailed above, we can communicate this data to third parties, including Company partners, such as:

  • Supervisory, regulatory and public authorities, including courts of justice, law enforcement authorities and other governmental bodies
  • Financial institutions, payment service providers, card payment processors, correspondent banks
  • Auditors and accounting consultants
  • Marketing and customer support service providers
  • Data storage and archiving providers

We require third parties to respect the security of your personal data and to treat them in accordance with the law. We do not allow third-party vendors to use your personal data for their own purposes and allow them to process your personal data for the purposes specified and in accordance with our instructions.

Transfer of data outside the EU

While our operations are targeting the EU and EEA areas exclusively, we may transfer your data to a third party in a non-EU country if such a transfer is necessary and has a legal basis as described in this document. The third-party processors in this case shall either be approved by the European Commission as providing adequate level of data protection or they shall be contractually bound to data protection standards equivalent to those of EU legislation and shall act in accordance with Article 46 of Regulation (EU) 2016/679.

Automated decision-making and profiling

In general, your data is not processed automatically and no decision is taken based on automated processes. The only automatic “profiling” we may do based on your data is a risk assessment for Anti-Money-Laundering and Counter-Terrorism Financing purposes and for establishing your investment risk appetite and tolerances. This process is however not entirely automatic and ultimately depends on manual overview and decision taking.

Your data protection rights

If you are a physical person who is the data subject of what is legally considered “personal data” which we hold as a “controller” and/or “processor” you are entitled to certain rights. Without prejudice to the above, your rights are not absolute and may be limited due to the legal basis relied upon by the Company to process your data.

  • Right to information. You may request to know whether we hold any of your personal data, and, if so, information on the Company, what type of data we process and why/how we are processing it.
  • Data subject access request. You may request to receive a copy of your personal data and check that the processing is lawful.
  • Right to rectification. You may request that we rectify and incorrect data we hold and you may complete any incomplete data we may hold.
  • Right to erasure (‘right to be forgotten’). You may request that your personal data is deleted, provided that you meet the legal criteria for this request. Generally, you may request to be forgotten if the processing is unnecessary, unlawful, illegitimate, or you have objected to it.
  • Object to processing of your personal information. If we are processing your data based on our (or a third party’s) legitimate interest and you are in a particular situation which gives you reason to object to the processing you may submit this request. You may also object if we are processing your data for direct marketing purposes. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
  • Right to restriction. You may request the restriction of the processing of your data under some circumstances, for example so as to determine if the data is accurate or to establish the reason for processing it.
  • Right to data portability. You may request a copy of your personal information in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller. This right may not be fully applicable in cases where the processing is done due to a legal obligation of the Company.
  • Right to withdraw consent. Where you have consented to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once your consent is withdrawn, the processing of your data will be halted, unless said processing is found on another legitimate basis, for example due to a legal obligation to keep your data.
  • Right to file a complaint with supervisory authority.

If you want to do for the purposes of the above, please send us an e-mail to presedinte.bucuresti@sscr.ro. We may ask you to prove your identity by communicating a copy of a valid ID to comply with our security obligations and to prevent unauthorized disclosure of the data.

Site security

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Cookies

A cookie is a small text file stored on your computer for record-keeping purposes. UFX uses cookies on its site(s).

You may reject our cookies, which could result in a lower quality user experience. Some of our business partners use cookies on their site(s). We have no access or control over these cookies.

Personal data for you provide for other individuals

If you provide us with personal data about another person you must ensure that you have the right to disclose this data personal data and that, without further action, we may collect, use and disclose that personal data as described in this Privacy Policy.

In particular, you must ensure that the individual concerned is aware of the various aspects dealt with in this Privacy Policy, as they relate to the individual, including our identity, the way we can contact, the purposes in which we collect, our practices of disclosing personal data (including disclosure to recipients abroad), the right of the individual to access personal data and to complain about the management of personal data, and the consequences of non-disclosure of personal data.

Contact

If you have any questions or concerns about how we treat and use your personal data or wish to exercise any of your above rights, please contact us to presedinte.bucuresti@sscr.ro.

Changes to this policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.

This Privacy Policy was last updated on 09.06.2020