SUNĂ ACUM

0736.622.462
0

GDPR

INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA (GDPR) BY PFA SERBAN ALEXANDRINA-DANIELA

  1. Details about this information note

PFA Serban Alexandrina-Daniela is the formal name, according to documents, for the professional activity led by me, Serban Alexandrina-Daniela.

In this information note I explain how your personal data is processed by me, as a representative of PFA Serban Alexandrina-Daniela, and in which I ensure that your personal data is processed responsibly and in accordance with the applicable personal data protection legislation.

I take respect for your data very seriously. Compliance with personal data protection legislation and good practices in the field, as well as ensuring a climate of transparency, safety and trust for my clients is a priority for me.

This information note contains important details. So I encourage you to take the time to read it in its entirety, carefully, and make sure you fully understand it. Do not hesitate to contact me to clarify any concerns you may have. I want it to be clear to you how personal information is used.

 

  1. Who represents PFA Serban Alexandrina-Daniela

 

For the purposes of this information note, PFA Serban Alexandrina-Daniela is a personal data operator. See below the complete information about my identity and contact details:

Full name: PFA Serban Alexandrina-Daniela

Fiscal registration code: 34696552

Representative: Serban Alexandrina-Daniela

Headquarters address: Str. Turbinei, No. 1 Sector 2, Bucharest

Correspondence ddress: Bd. Nicolae Bălcescu 35A, apt.6, sector 1, Bucharest

Phone number: +40.736.622.462

Email: contact@danielatordoi.ro

If you have any comments, suggestions, questions or concerns regarding any information in this note or about any other aspects relating to the data processing I carry out, please do not hesitate to contact me. Depending on your preferences, you can contact me through any of the communication channels above.

 

  1. What data do I process

 

The personal data that I will process are the data obtained directly from you or resulting from the provision of services by me. These include the following categories of data:

  • Personal details, such as: name, surname, gender, date of birth/age, citizenship, personal number code (CNP), the information in your identity document.
  • Contact details such as: home or residence address, telephone number, email address.
  • Payment details such as: billing address, bank account or bank card number, IBAN code, name and surname of the bank account or bank card holder (can be other than you if someone else has paid an invoice on your behalf), the date from which the bank card is valid, the expiring date of the bank card.
  • Professional details such as: employer, position.
  • Opinions, visions and life history information (may include sensitive data) such as: any opinions and visions you provide, your life story, experiences you went through and consider them significant, medical history, relational history, etc.
  • Data related to the provision of services and interaction with me, such as: records of interactions with me, details regarding the history of the provision of psychological services.

As you can see from the list above, you may provide me with information about other people – for example, your relationship history with a family member. Where it relates to identified or identifiable individuals, I will treat this information as the personal data of those individuals and provide them with the necessary protection as well. However, I will strictly respect the obligation of professional secrecy that I have towards you and will not inform these people about this processing.

 

  1. The source from which I receive your data

 

The source from which I get the above information is you. Or, if the beneficiary of psychological services is a minor, part of the information comes from the parent/legal guardian, and the rest comes from the minor. The scenarios in which you provide me with this data may be (but are not limited to):

  • Conclusion of a service contract;
  • Telephone conversations;
  • Conversations through a written method (SMS messages, whatsapp, e-mail, Skype, etc.);
  • Discussions during meetings;
  • Making payments for the sessions provided.

 

  1. The purposes for which I process your data

 

The purposes for which I process your personal data (other than sensitive data):

  • To be able to conclude or execute a contract with you, at your request. In order to conclude the contract, a series of personal data is required. Likewise to perform it, that is, to actually provide the psychological services and collect the money for these services.
  • To be able to fulfill my legal obligations, such as archiving or communication with public authorities.
  • Regarding marketing communications, personal data is processed based on consent for this specific purpose. For example, for newsletter subscription I will ask you to sign a form or tick a box (for electronic subscription), clearly stating why I am asking you to do this.

The purpose for which I process your sensitive personal data: to be able to perform psychotherapy activity, within which certain sensitive information may be relevant (for example, medical history or relational history). This information (and my obligation to keep it confidential) is legally protected by several documents:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of individuals with regard to the processing of personal data;
  • Law 213/2004 regarding the exercise of the profession of psychologist with the right of free practice;
  • The deontological code of the psychologist profession with the right of free practice.

 

  1. To whom and under what conditions will I disclose your data

 

In order to carry out my activity, I can use the services of several contractual partners. They have the status of authorized persons, such as accounting service providers. The personal data that I disclose to authorized persons is limited to the minimum personal information that is necessary for the provision of those services and I request that they not use the personal data for any other purpose. I make every effort to ensure that all entities I work with store your personal data safely and securely. The personal data indicated above may be made available or transmitted to third parties in the following situations:

 

  1. Public authorities, auditors or institutions with competence to carry out inspections and controls on the activity and assets of the PFA, which require information to be provided, by virtue of the legal obligations. These public authorities or institutions can be the National Authority for the Supervision of Personal Data Processing, the Labor Inspectorate, police bodies, the Authority for Consumer Protection, the National Agency for Fiscal Administration;
  2. To comply with a legal requirement or to protect the rights and assets of PFA Serban Alexandrina-Daniela or other entities or persons, such as courts;
  3. To authorized persons – the accounting company, the invoicing company – in the case of invoicing data.
  4. How long I store your personal data

I will store your personal data only for the period of time necessary to achieve the processing purposes, while respecting the legal requirements in force. If, after the expiry of the established period, PFA Serban Alexandrina-Daniela will consider that it has a legitimate interest or a legal obligation to continue processing your personal data for other purposes, I will inform you accordingly. I estimate that the processing activities will require the storage of personal data either for:

 

  • the period provided by law; or
  • an indefinite period, if applicable laws and regulations allow it. However, in this case, we inform you that any data processing will cease after receiving your request, that some or all of your data will be deleted; or
  • until the relevant purpose applicable to certain data ceases to exist.

Once the processing period indicated above expires and PFA Serban Alexandrina-Daniela no longer has legal or legitimate reasons to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymization or destruction.

 

  1. What are your rights and how can you exercise them

 

According to EU Regulation 2016/679, regardless of the basis of personal data processing, data subjects have the following rights in relation to the processing carried out:

  • Right to be informed;
  • Right of access to personal data;
  • Right to rectify or update personal data when inaccurate or incomplete;
  • Right to request the deletion of personal data in certain circumstances ( when personal data are no longer required in relation to the purpose );
  • Right to request a restriction on the processing of personal data;
  • The right to carry personal data;
  • The right to object to the processing of personal data;
  • Rights regarding the automatic processing of personal data;
  • The right to withdraw consent, at any time, for the processing of personal data to which it has previously been agreed;
  • Right to be notified in case of data security breaches.

To exercise one or more of these rights or to ask any questions about them, please use the contact details in section 2 above. I will try to answer all your questions and concerns as quickly and completely as possible.

 

  1. What can happen if you do not provide me with the data

 

You have no obligation to provide me with your personal data that we have mentioned in this document. However, without this personal data it will not be possible to provide you with the services you request.

 

  1. Changes to this notice

 

I may change this note from time to time. In such cases, I will inform you in advance and will not reduce the rights you have with respect to your data by any changes I could make to this note.

 

  1. Security Incidents

 

In the event of a security incident of your personal data, I will inform you of its occurrence. I will investigate the causes of the incident, take reasonable steps to mitigate the effects and minimize any damage resulting from that incident, as well as reasonable to prevent a similar data security breach from occurring again.

 

  1. Glossary, or terms relevant to this note

 

The supervisory authority for the processing of personal data: an independent public authority which, according to the law, has powers related to the supervision of compliance with the legislation on the protection of personal data. In Romania, this supervisory authority for the processing of personal data is the National Authority for the Supervision of Personal Data Processing.

Special categories of personal data (sensitive personal data/sensitive data): personal data that: reveals racial or ethnic origin, political opinions, religious confession or philosophical beliefs or trade union membership; genetic data; biometric data for the unique identification of a natural person; data regarding the health, sex life or sexual orientation of a natural person.

Personal data: any information relating to an identified or identifiable natural person (referred to as a “data subject”). A natural person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one/more specific elements, specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that person. Thus, for example, the following are included in the notion of personal data: name and surname; home or residence address; email address; phone number; personal number code (CNP); established diagnoses (sensitive data); genetic data (sensitive data); biometric data (sensitive data); geolocation data.

 

Authorized: means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator (for example, IT service providers, accounting service providers and/or online invoicing applications, etc.).

Operator: natural or legal person who  decides why (for what purpose) and how (by what means) personal data are processed. According to the law, the responsibility for compliance with the legislation regarding personal data rests primarily with the operator. In relation to you, I am the operator and you are the data subject.

Data subject: the natural person to whom certain personal data refers (to whom certain personal data “belongs”). In relation to me (the operator), you are the data subject.

 

Processing of personal data: any operation/set of operations performed/performed on personal data or sets of personal data, with or without the use of automated means; for example: collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying said personal data personal/personal data sets. These are just examples. Basically, processing means any operation on personal data, whether by automatic or manual means.