Personal data processing notification
STATUS is a solution for managing virtual health records and collaborating with patients that enables doctors and medical health providers a better way to interact with their patients in a secure environment, designed to meet the requirements of Regulation no. 679/2016 on the protection of individuals regarding the personal data processing and its free circulation („GDPR”).
To ensure a higher level of security for the STATUS application, it can also be made available to customers as a service in the Star Storage data centre, TIER-3 data centre authorized by MCSI ( http://www.star-vault.ro/centrul-de-date ).
This Notification was prepared to inform people (,,Data Subjects”) about the personal data collected by Star Storage during its activity, the processing reason and the use of the data.
Data protection responsible
Since May 25, 2018, Star storage has an internal Data Protection Officer (DPO) to contact if you any question or concerns about Star Storage policies or practices on personal data. Contact Star Storage DPO by sending an email message to the following address: email@example.com.
How do we collect Personal Data?
We mainly collect the personal data you provide us directly by filling in the form asking you information about our product at www.star-storage.ro or while you visit us or meet our agents. Additional information is collected during out phone interviews developed by our marketing department.
We also collect personal data from you or your company during the execution of the contracts.
Our process of collecting the personal data is performed through:
- Website, mobile applications, emails, digital media or 3 rd party software, including recruitment portals;
- Contract, applications, forms, call centre, remote technical assistance, sales and marketing units, cookies on websites, business cards, telephone, etc.;
- Face-to-face interviews.
What Personal Data do we collect?
When you register, we collect information about you, including your full name, your employer’s name your position in your company, your email address, and also your phone numbers (home/fixed and mobile).
When your company purchases our products or services, we collect information about customer company representatives, contact persons, project team members and users. The information collected include the full name, employer’s name, role, work address, email address, phone numbers (home/fixed and mobile) and fax number. These are provided directly by you or your company.
Why processing the Personal data?
We process the personal data we collect from two main reasons:
- To lead our business and provide the products and services we offer
- To send marketing communications about our products and services.
When processing your personal data to provide products and services, these are necessary for the negotiation, conclusion and execution of the contract with interests pursued in the performance of such contracts.
The processing performed to carry out our activity includes:
- Setting, maintaining and ending the business contract/relationship;
- Customizing the products and services available according to the requests; updating and improving products and services available according to the customer needs, legal and technical development.
- Register users in systems, namely for available products and services;
- Keeping and tracking visitor records;
- Providing services to customers according to contracts.
When processing your personal data for our marketing communication strategy, it is based on the legitimate interest in promoting our products and services. This kind of marketing activities include:
- Advertising for new or existing products, services and campaigns; performing sales and marketing activities;
- Develop market researches;
- Obtain statistics and analysis of product use;
- Contact/communication, including through third party social platforms;
- Contact for customer satisfaction surveys.
Who do we share your personal data with and for what purposes?
We will not share your information with third parties outside our company, except when this is required by a legal obligation or when required to execute the contract with you. For any other transfer to third parties, we will first ask for your consent.
Your personal data can be transferred to third parties, in the EU or abroad: audit companies (on the basis of legal requirements), consultants, legal authorities or public authorities, resellers, service companies, suppliers, shareholders and other companies in the logo group.
If we consider a transfer abroad, we will ensure it will be done in a country that benefits from an appropriate decision issued by the European Commission or, alternatively, based on approved standard contractual clauses.
What security measures do we dispose?
We undertake to protect the security of your personal data and to prevent unauthorized access, use or disclosure, by:
- Physical access control in our premises and locations where we store personal data
- Use of updated technological methods
- Enforce strong access policies (complex passwords, firewall rules, granulised access authorization, etc.)
- Encrypted storage of personal data
- Continuous monitoring of your own systems
- Updating policies
- Training and informing employees of third parties
- Providing secure data transfer
- Limited access to sensitive locations (both physically and logically)
What are your rights as a Data Subject?
According to GDPR, as a Data Subject, you have a number of rights in relation to your personal data, and Star Storage, as data operator, is committed to respect your confidentiality and guaranteeing these rights.
Access – you have the right to confirm Star Storage to process your personal data and you can access these data. Also, you can request information about: the purpose of the processing; the categories of personal data processed; to whom, other than Star Storage, the data may have been sent; what was the source of the information (if you did not provide the data directly to Star Storage) and how long they will be stored.
Rectification – you can ask us to rectify or correlate inaccurate personal data. At the same time, if your records are not complete and additional processing data is required, you have the right to fill in your personal information.
Erasure (“right to be forgotten”) – if there is no mandatory reason for continuous processing, you have the right to delete or remove your personal data from our databases. Keep in mind that it is not an absolute right, and Star Storage reserves the right to limit it under GDPR cases (for example, if the data (for example, if the data are no longer needed in correlation to the purposes they were collected for, if you chose to oppose the processing of your personal data or if the processing is illegal).
Restriction – you have the right to ask to restrict your personal data processing for a period of time necessary to verify their accuracy, if you object further processing on the basis of legitimate interest, or block the data for defending legal claims. At the same time, you can request to block your data in the case of illegal processing, if you do not want to delete it.
Data portability – you can ask us to provide you your personal data to you in a structured, commonly used, machine-readable format, when: the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.
Objection – you can object, at any time, to any processing of your personal data for direct marketing purposes. For processing purposes other than marketing, you still have the right to oppose, but it is possible that the legal obligations of Star Storage prevail, as well as its preeminent legitimate interest in continuing to process such data, including in the exercise or defense of a legal provision.
Withdrawal of Consent – you have the right to withdraw the consent to process your personal data at any time.
You can exercise your rights by sending a request to firstname.lastname@example.org. We reserve the right to contact you to ensure that the request comes from you.
The response to your requests does not involve any cost, unless the claims are unfounded, repetitive or excessive, in which case we may request a fee based on the administrative costs of your request.
Your requests will receive an answer as soon as possible, depending on the nature of the request and within thirty days, except when we need to extend this deadline, taking into account the complexity of the request and/or the number of requests.
In the course of an application, in the event of incomplete or incorrect information sharing or if the request is not clearly expressed, it is possible to have difficulties in solving your requests, which may cause delays in the investigation process. Our company reserves all legal rights in the case of incorrect applications, contrary to the facts/laws or malicious intent.
If you consider your personal data is misused or that their processing by Star Storage contradicts GDPR, please inform the DPO at email@example.com about your data processing issues and ask them to take appropriate action. If the issue cannot be solved in this way, you can fila a complaint with the national supervisory authority, whose contact can be found on its website, www.dataprotection.ro .
Using our website
Like most websites, the Star Storage website automatically collects certain information and stores then in log files. The information may include Internet Protocol (IP) addresses, region, or general location where your computer or device accesses the Internet, the browser type, the operating system, and other information about using the Star Storage website, including a history of the pages you are viewing. This information is used to build a better design of our website in accordance with the user needs. We can also use your IP address to help diagnose issues with our server and manage our website, analyze trends, track visits to our web pages, and collect general demographics that help us identify visitor preferences.