OPERATOR
The Company KeyMind S.R.L. is a personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. In this document, it will be identified as “the Controller”.
Identification data of the Operator KeyMind S.R.L., owner of the website https://psihosensus.eu
Address: Arinii Dornei nr. 14, Bl. 16 Sc. D, Et. P, Ap. 48, Bucharest
Chamber of Commerce Registration: J40/12127/2021, CIF 44587285
Phone: +40773394730
Email: hello@psihosensus.eu
Websites: psihosensus.eu, academy.psihosensus.eu
Identification data of the Associated Operator Cabinet Individual De Psihologie Dragomir Ileana Valentina, provider of the contracted services on the website https://psihosensus.eu
Address: Str Orșova 14, Bl F2, Ap 4, București, România
CUI/CIF: 45925880
Phone: +40773394730
Email: hello@psihosensus.eu
Website: psihosensus.eu
CONTROLLER COMPLIANCE WITH GDPR
Your personal data is stored in compliance with the legal provisions and in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC – referred to herein as GDPR.
The Operator has implemented and complies with the GDPR by processing personal data in a confidential, organized, secure, and responsible manner.
The Operator understands the importance of processing data in an appropriate manner, such that only authorized persons have access to data subjects’ personal data, according to internally regulated policies and workflows.
In order to ensure an adequate level of security, we have in place appropriate technical and organizational measures with the ability to ensure the confidentiality, integrity of personal data, and to restore the availability of personal data in a timely manner in the event of a physical or technical incident.
In order to protect personal data, all data storage devices are properly secured, data encryption is used for some operations, and a process is in place for testing, evaluation, and periodic assessment of the effectiveness of technical and organizational measures to ensure the security of processing.
Any request concerning the processing of personal data can be sent to the e-mail address: hello@psihosensus.eu
DEFINITION OF CERTAIN TERMS
Personal data – means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
Processing – shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.
Controller/operator – shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;
Data subject – is the person whose personal data are processed;
Recipient – means the natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities to which personal data may be disclosed in the framework of a particular inquiry in accordance with Union or national law are not considered recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;
THE RIGHTS OF THE DATA SUBJECT
RIGHT TO INFORMATION – you have the right to be informed about the processing and protection of personal data;
THE RIGHT OF ACCESS TO DATA – you have the right to obtain confirmation from the data controller as to whether or not personal data are being processed by him/her;
THE RIGHT TO RECTIFICATION – you have the right to obtain the rectification of inaccurate data, as well as the completion of incomplete data;
THE RIGHT TO DATA ERASURE (“THE RIGHT TO BE FORGOTTEN”) – you have the right to obtain, to the extent that the legal requirements are met, the erasure of personal data;
THE RIGHT TO RESTRICTION OF PROCESSING – you have the right to obtain, insofar as the legal requirements are met, the marking of stored personal data in order to restrict further processing;
THE RIGHT TO DATA PORTABILITY – you have the right to receive your personal data in a structured, commonly used and easily readable format and the right to have your personal data transmitted by another data controller, provided that the legal requirements are met;
THE RIGHT TO COMPLAIN TO THE JUSTICE OR THE NATIONAL DATA PROTECTION SUPERVISORY AUTHORITY – you have the right to complain to the National Data Protection Supervisory Authority or to take legal action to defend any rights guaranteed by the applicable personal data protection legislation that have been violated.
THE RIGHT TO OPPOSE – you have the right to object at any time, on compelling legitimate grounds relating to your particular situation, to the processing of your personal data, insofar as the legal requirements are met;
THE RIGHT NOT TO BE SUBJECTED TO AN INDIVIDUAL DECISION – you have the right to request and obtain the withdrawal, erasure, or reassessment of any decision based solely on processing operations carried out by automated means (including profiling) which produces legal effects or similarly affects, to a significant degree, the data subjects.
PERSONAL DATA PROCESSED
We inform you that the undersigned works as an Associated Operator with Cabinet Individual de psihologie Dragomir Ileana Valentina, a Romanian legal entity based in Str Orșova 14, Bl F2, Ap 4, București, CUI/CIF: 45925880.
The use of the contact form is a request for the services provided by the Associate Operator Cabinet Individual de psihologie Dragomir Ileana Valentina, and has contractual value, the parties being the service provider (Cabinet Individual de psihologie Dragomir Ileana Valentina) and the beneficiary of the service, personally or through a legal representative.
In order to be able to benefit from our services, it is necessary to consent to the dissemination of your data with the Associate Operator Cabinet Individual De Psihologie Dragomir Ileana Valentina.
By contacting the site through the contact form, we process the following personal data: name, surname, telephone number, e-mail address, postal address in some situations, including country of domicile or residence, cookies according to the Cookie Policy that you can find on our website, IP, bank data processed through the payment processor, according to its personal data processing policy, and any other personal data that you provide us with through the contact form.
Image, voice, and behavior are processed for online sessions. This data is not stored, except in situations where you have expressly consented to registration.
By contacting contact persons by telephone, we process your voice for the duration of the call. The operator does not record, store or otherwise process your voice.
We also inform you that the undersigned works as Associate Operator with Cabinet Individual De Psihologie Dragomir Ileana Valentina, Romanian legal entity based in Str Orșova 14, Bl F2, Ap 4, București, CUI/CIF: 45925880 the data necessary for marketing communications, insofar as you have expressed your consent to this by subscribing to the informative materials of interest to you, being disseminated with this declaring Associated Operator.
Cookies are processed when accessing the website. For details, please consult the Cookies Policy. The Operator respects the rights of data subjects regarding the acceptance of Cookies by requiring consent and respecting the right to object where we use specific Cookies. In some situations, your IP address is also processed. As per Google’s policy, the IP address is processed for a short period of time and is geocoded (transformed) to areas where the user has access.
In the case of third party technologies, we do not have access to your IP address. The association of aggregated data cannot be done from within third party platforms, with data collected directly through your own server.
The operator does not operate data transfers to third countries.
PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING
All data is processed for the purposes initially stated and for which you have been informed. We do not further process personal data for purposes incompatible with the original purpose.
Are processed for contractual and contact purposes, name, surname, country and where applicable postal address, e-mail address and telephone number, data collected on the website through the contact form, as well as voice in the situation of initiating a telephone call.
Voice, image and behavior, in the case of online sessions, are processed on the basis of the contact. To the extent that you will request or agree with the Operator’s proposal to record and store this data collected in therapy sessions, the basis will be the consent, which you will expressly and explicitly provide, as required by law.
Cookies are processed for the purposes of providing our services and maintaining the functionality of the website, as described in detail in the Cookies Policy.
We process, for direct marketing purposes, your name, surname, telephone number, and e-mail address, subject to the existence of your consent expressed in accordance with the law.
For communications of a commercial nature, for the dissemination of data to the Associated Operator for marketing purposes if there is your consent, the basis for processing is consent.
The OPERATOR does not process any category of personal data for other purposes incompatible with the purposes initially established and does not process personal data for a longer period of time than the period established for the processing of that category of personal data.
GROUNDS FOR PROCESSING
The grounds for processing are: contract for the category of data necessary for contracting with us, legitimate interest for the processing of Cookies and for other categories of data in certain situations, legal obligation in the situation of controls carried out by the authorities, declaration, documentation and resolution of security incidents, endorsements and/or accreditations/authorizations, provision to authorized third parties as a result of situations in which the controller may be directly or collaterally involved or initiated by the controller, as a result of complaints, disputes, complaints, requests made by data subjects or third parties. For communications of a commercial nature, for the dissemination of data to the Associated Operator, and for the registration of online sessions, the basis for processing is consent.
MANNER OF PROCESSING
Your data are processed by collection, recording, organization, storage/archiving and structuring, consultation, use, retrieval, modification/rectification, blocking/restriction, erasure or destruction at the request of the data subject where there is such a legal obligation or after the expiry of the period for which they have been processed, where applicable.
The e-mail address processed for the purpose of communicating with you and sending you news and events, through campaigns and newsletters, on the legal basis of your consent, may be processed by collecting, recording, organizing, structuring, storing, archiving, adapting, modifying, modifying, retrieving, consulting, using, disclosing by transmitting (including to third parties), disseminating or otherwise making available, linking/aligning or combining, blocking/restricting, erasing or destroying.
DURATION OF PROCESSING
Data collected on the website for the purpose of contracting will be deleted after a maximum period of 10 years after the end of the contractual period and after a period of 3 years in the event that the services requested on the website have not resulted in a contract and there is no marketing agreement.
If the contact on the website has not been followed by the conclusion of a contract for the purpose of providing the requested services, the database will be erased once every 3 years. Except in the situation where this data will be necessary for legitimate interest or as a legal obligation.
Cookies are processed according to the retention terms described in the Cookies Policy.
Personal data having a legal basis for processing the legal obligation will be processed for a period equal to the period during which the legal obligation to process subsists.
Personal data with legitimate interest as the legal basis for processing shall be processed for a period equal to the duration of the legitimate interest.
Personal data processed with consent as the legal basis for processing is processed until the date of withdrawal of consent.
THIRD PARTY RECIPIENTS AND ASSOCIATED OPERATORS
Personal data is processed by the IT department under conditions of security and confidentiality, with appropriate guarantees.
In the case of newsletter communication, the third-party recipient is the newsletter provider.
Where applicable, the authorized representatives of the controller are the IT and marketing-communication departments. Third party recipients may be different providers of website traffic analysis services, providers of marketing and advertising services on different websites or applications.
Associate Operator is Associated Operator with Cabinet Individual De Psihologie Dragomir Ileana Valentina, Romanian legal entity based in Str Orșova 14, Bl F2, Ap 4, București, CUI/CIF: 45925880, legally represented by Administrator Dragomir Ileana Valentina. The Associated Operator processes the same data, as the Operator and under the same conditions stated in this GDPR Policy.
Personal data may be shared with state authorities and other institutions that may support the internal process of the Operator for the stated purposes.
Personal Data is not shared with any third parties other than the declared ones.
PROCESSING OF DATA OF MINORS
The controller does not process personal data of minors on the website; the website is not addressed to persons under 18 years of age. To the extent that you are aware that data of your child has been provided on the website, you may contact us and we will resolve your request according to the law. To the extent that you are requesting services for a minor, the data will be filled out on our website by the minor’s legal representative.
ACCESS TO DATA
The operator shall not disclose data to unauthorized third parties. Access to the data shall be only by persons authorized to do so and with limitations on any unauthorized access to the data.
The Operator has implemented policies by which information security is ensured and has appropriate safeguards in place as follows:
- has implemented appropriate technical and organizational measures to comply with the principles listed in Article 5 of the General Data Protection Regulation, in particular data minimization, integrity, and confidentiality principles respectively;
- has established through internal GDPR procedures: storage time limits depending on the nature of the data and the purpose of the processing, as well as specific time limits within which personal data must be deleted or reviewed for deletion.
SECURITY OF PROCESSING
The operator has implemented appropriate technical and organizational measures and ensures on the site and in the company an adequate level of security for the processing of personal data, in accordance with Law No. 190/2018 on measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
The operator has developed procedures for all divisions and security policies to prevent accidental or unlawful loss, disclosure, alteration, copying, accidental or unlawful destruction, or accidental loss of data and to limit unauthorized access to personal data.
BREACH OF DATA SECURITY
The Associated Operators and the Authorized Operators in relation to the Controller are responsible for notifying, assessing, and documenting any security incidents and for ensuring measures to prevent any breach likely to lead to a security incident as provided for in Article 4 para 12 of Regulation No. 679/2016 (EU).
In this regard, the Operator has processing agreements in place with all the associated controllers and with all the authorized controllers, regulating procedures to limit the effects of security incidents.
DATA PROTECTION OFFICER – DPO
The Operator, although it has not appointed a company-wide DPO, will ensure that we maintain adequate security levels for the processing of personal data and that any requests in relation to the processing of personal data addressed to the Operator will be dealt with in accordance with the law. Requests concerning your personal data can be sent to the dedicated e-mail address hello@psihosensus.eu
Last update: 11-2024