The Company Design Your Travel S.R.L hereinafter referred to as MEDEVENTS processes personal data according to the legal provisions in the field of processing personal data and free movement of these data, EU Regulation no. 679/2016 (also known as GDPR).
The aim of this notice is to explain the method and purpose for which your personal data are processed and how we make sure that your rights are respected and we reduce to minimum the risks of unauthorized access or use of these data.
Please read carefully this notice.
I. For what purposes do we process personal data?
MEDEVENTS processes your personal data for the following purposes:
- For the purpose of conclusion and performance of the contract on the basis of which we provide the services related to participation in events (co-)organized by us (by virtue of article 6 paragraph 1 letter b) of Regulation – conclusion and performance of contract);
- For the purpose of observing the legal obligations (by virtue of article 6 paragraph 1, letter c) of Regulation – fulfilment of legal obligations);
- For the purpose of informing you about other similar events we organize and for the permanent improvement of the quality of services offered (art. 6 paragraph 1 letter f) – legitimate interest of Regulation).
In principle, MEDEVENTS does not process personal data such as those that involve the obtaining of consent of Data subjects.
II. What personal data do we process?
- your surname and first names, residence, personal identification number, position, rank and professional specialization, bank account, so that we can provide you with the services you contracted with us and for the fulfilment of legal obligations related to the records of customers and payments;
- your surname and first names, telephone number and email address, for an efficient communication regarding the organization of the event in which you chose to participate. We can send you information about the location, programme, accommodation facilities, related social events etc. but also related to the recording of summaries, about the guests who confirmed their attendance and about the deadlines specific of such events;
- your surname and first names and food preferences if you communicate us such specific needs, these data are processed only temporarily and have the unique purpose of adequate offer of contracted services;
- the data mentioned in your identity document and temporarily for processing or checking of accuracy, its copy if you request the provision of adjacent services, such as the acquisition of plane tickets;
- photo and video images of events we organize for the fulfilment of our contractual obligations towards the participants and the professional companies with which we collaborate in organization of events.
III. Duration and method by which we process personal data
The personal data will be stored as long as it is objectively necessary for the purposes mentioned above. For example, for observing the legal provisions, the invoice, banker’s draft, and other such documents must be kept for 5 years, and the contract documents and proofs for fulfilment of obligations undertaken must be kept for the period of contract fulfilment and for the prescription period that is, in principle, 3 years.
These data will be stored according to the legislation in force and we apply technical and organizational measures for the protection of all operations regarding personal data directly or indirectly, which prevent unauthorized or illegal processing, and the accidental or illegal losses or destructions.
We mention that the personal data collected and processed by our company can be considered as the object of a transfer to a third country because we use the storage service ”cloud” offered by Microsoft Company, that provides high security and confidentiality guarantees recognized by the European Union as adequate based on the system known as ”EU-US privacy shield”.
Our company does NOT process your personal data by an automated decision-making process and does NOT create profiles.
IV. Recipients of personal data
For the purposes mentioned above and to allow us to focus on what we know how to do best – organization of high-quality events – the personal data are processed not only by our staff, but can be transmitted to the following categories of recipients, as applicable, according to the particularity of the event organized:
- professional and non-governmental organizations such as the College of Physicians of Romania;
- the legal persons who are the initiator or beneficiary of event such as branch scientific societies or medical, educational or research units;
- our providers of services such as those related to Information Technology (IT), marketing, photo/ video, prints, services of tour-operators with whom we collaborate, accommodation units, security and protection, insurance units etc.
Of course, in our capacity of personal data controller we always make sure that we give adequate guarantees for the protection of your personal data, including when they were transmitted to third parties whether they have in relation with us, the capacity of processor or associated controller, or another capacity set out by the law.
We want to assure you that the personal data collected and processed by our company are NOT transmitted to third parties for marketing purposes or any purposes other than those for which they were collected.
V. What are your rights regarding your personal data?
(1) The right of access to personal data – you can request information about the activities of processing your personal data.
(2) The right to rectification – you can correct the inaccurate personal data or you can complete them.
(3) The right to data erasure – you can request the deletion of your personal data if their processing was not or is no longer legitimate or in other cases provided by the law.
(4) The right to withdraw your consent – in the cases when the processing is based on your consent, you can withdraw your consent anytime. The withdrawal of your consent will have effects only for the future, the processing performed before the withdrawal will continue to be legitimate.
(5) The right to restriction of processing – you can request and obtain the restriction of processing of your personal data if you contest the accuracy of data, the legitimacy of their holding or in other cases set out by the law.
(6) The right to data portability – you can receive under the legal conditions, the personal data you provided to us, in a format which can be automatically read and you can request that those data are transferred to another controller.
(7) The right of opposition – you can oppose especially to the processing of data which is founded on our legitimate interest.
(8) The right to lodge a complaint to our company or to the competent supervisory authority for data protection (ANSPDCP – www.dataprotection.ro).
(9) The right to go to court.
VI. How you can exercise concretely the rights mentioned above
For the exercise of your rights mentioned above, and for any further questions regarding this Notice or in connection with the use by our company of your personal data, please contact our Data Protection Officer. The contact data of the Data Protection Officer from our company are: gdpr@medevents.ro; telephone +40 364 146 681.
If you want to exercise the right to make a complaint to the competent state authority, this is the National Authority for Supervision of Personal Data Processing (ANSPDCP – www.dataprotection.ro) which has the right to investigate by administrative means the situation reported and to dispose measures for the adequate resolution of your dissatisfactions including filling a legal action in court in your name if the legal action is required and you do not do it directly (according to the provisions of Law no. 129/2018).
VII. Amendments to this notice
The personal data protection legislation is in full dynamics, and Romania will adopt a law (a bill is in Parliamentary debate) and by decisions of ANSPDCP, it will adopt regulations regarding the application in Romania of EU regulation (GDPR). Also, the European Data Protection Board is elaborating or revising various guidelines for the application of GDPR and codes of conduct, certification schemes and such other instruments will appear in time. Therefore, although MEDEVENTS has properly implemented GDPR, it is very likely that regular adjustments of the privacy policy and personal data protection policy are required to keep up with legislation and good practices under evolution, and with the development of our company and technologies and practices on the market, so that this notice will suffer changes that we will display on our website www.medevents.ro.