0724 389 090
Appointment

APPENDIX TO THE TREATMENT SHEET

1. ABOUT THIS NOTICE

Vhala Smile S.R.L. (“Molarch”) is a personal data controller. You can find information about our contact details and Molarch’s Data Protection Officer below.
In this Information Notice (“Notice”) we explain how your Personal Data is processed
by Molarch and where we ensure that your Personal Data is processed responsibly in accordance with personal data protection legislation.
This Note contains important information. Therefore, please read it carefully, in its entirety, and make sure you fully understand it. Do not hesitate to contact us with any concerns you may have, we will be happy to answer you: Thank you for trusting our services and the way we work with your Data.

2. WHO WE ARE

Contacts. VHALA SMILE S.R.L., George Constantinescu str. no. 4B, GlobalWorth campus building, A, Ground floor, Sector 2, Bucharest; telephone number: 0724 389 090; email address: DOP@molarch.ro

3. WHAT DATA OF YOURS WE PROCESS

The Personal Data relating to you that we will process is data obtained directly from you (as a patient) and includes the following categories of data:
► Health Data or Medical Data (Sensitive Personal Data), such as: data about the current state of health; general medical history; allergies; whether or not the patient is under medical supervision; drugs administered; the existence or not of a pregnancy, in the case of women; dental history; dental diagnosis; dental treatment plan; your dental record; dental x-rays, image.
► Personal data / contact data, such as: name; first name; date of birth; age, sex, no. phone; e-mail; signature
holography, image, video recordings (where we have CCTV video surveillance cameras installed, these are indicated by visible signs), lifestyle information; the name and surname of the person who recommended us.
► Payment details such as: billing address; no. bank account or bank card/IBAN code; the name and surname of the holder of the bank account or bank card (it can be different from you if someone else has paid an invoice on your behalf); the date from which the bank card is valid; bank card expiry date.
► Opinions and views (may include sensitive data), such as: any opinions, views that you send to us, or any opinions and views that you publicly post about us on social media (social media) or that you make known on other public channels.
You may provide us with information about other people – for example, the person who referred us. Where it relates to individuals who are identified or whom we can identify, we will treat this information as Personal Data of those individuals and give them the necessary protection as well.

4. PURPOSE AND BASIS FOR WHICH WE PROCESS YOUR DATA. PERSONAL CHARACTER

In general, we process your Personal Data to perform the medical act and to fulfill our legal and contractual obligation to you, to public authority or required or permitted by law.
We process your Personal Data, other than Sensitive Data, on the following legal grounds:

• we may process your Personal Data (other than Sensitive Data) based on your consent to the processing, in relation to our marketing communications.
• for the fulfillment of our legal obligations, such as: for the fulfillment of our archiving, fiscal obligations, obligations to communicate certain information to public authorities, upon request, or other legal obligations.
• on the basis of our legitimate interest, or that of a third party, we may process your data, for example if we are defending our interests before a regulatory and supervisory body, or in court.
• Also, if the processing is necessary to protect your health, your vital interests or that of another natural person.

The grounds for which we process your Sensitive Personal Data – Health Data:
• Considering the specifics of our activity – provision of dental medical services – it is normal to collect or process your Sensitive Personal Data – Medical Data.
• We will process your Personal Data based on our legal obligations provided by Law no. 95/2006
• regarding health reform, with subsequent amendments and additions, Law no. 46/2003 of the patient’s right, the Code of Ethics of the Dentist; as well as under any applicable legal provisions.

We will carry out this processing based on the following legal grounds:

• when the processing is necessary for purposes related to the establishment of a dental medical diagnosis, the performance of a dental medical treatment or the management of dental health services, generally for the performance of the dental medical act.

• to fulfill our legal obligations, some Personal Data are processed by Molarch based on legal obligations in the field of health, financial — accounting and fiscal, archiving.

In the event that disputes arise between you and us that we cannot resolve together amicably, we may process your Sensitive Data (e.g. x-rays on the basis of which a certain diagnosis was decided and a certain treatment plan was developed treatment) to establish, exercise or defend a right of ours in court.

The purposes for which we process your Personal Data are as follows:

• the provision of dental medical services — Molarch processes your Sensitive Personal Data for the following purposes: to provide dental medical assistance and monitor oral health status, to establish a diagnosis, to develop a treatment plan, to perform the medical act and carrying out the work according to the treatment plan agreed by you, for making appointments, for fulfilling the obligations of completing specific records and forms, for completing the general health assessment questionnaire, as well as the oral one and the treatment sheet, to obtain your informed consent, to carry out the contractual relationship with you, including issuing tax invoices, as well as to improve our services, including by requesting feedback, in order to fulfill our legitimate interests, to register the medical services provided, including the provision of services promotions or information about our promotions; identifying you and the services provided.
• marketing communications — communicating with you by any means (e.g. email, mobile or landline phone, text messages (SMS), post, messages sent on social media platforms or in person), news about available medical services at Molarch, subscribe to the newsletter or provide other information that may interest you.
• managing our communications and IT (information technology) systems — managing our communications systems; managing our IT security.
• fulfilling our related obligations — regarding archiving, health, security, record keeping and other obligations that the legislation imposes on us.
• financial management — issuing vouchers, invoices and receipts to you; refunding money to you: sending notices; referral to court; preparing financial/operational reports, activity reports and issuing financial statements.
• dispute resolution — formula

5. WHO WE TRANSMIT YOUR DATA TO

The Personal Data mentioned in this Note may be provided to contractual partners, collaborators of Molarch or other independent legal entities, such as:
• employees, collaborating physicians and other medical service providers, such as dental technician and dental radiology service providers; each of them being required by law to keep your Data confidential.
• natural or legal persons acting as authorized persons for Molarch, in various fields (e.g. database management services, archiving or document destruction services, etc.).
• accountants, auditors, lawyers, bailiffs, in various forms of organization and/or other external professional consultants. They generally have a legal duty of confidentiality. In addition, in the contracts concluded with them we will insert contradictory clauses aimed at the protection of your Personal Data, as appropriate.
• public authorities, persons vested with public power, public institutions, relevant courts, etc. from Romania (e.g. tax authorities, judicial or arbitration courts, mediators, etc.) — in case of control or at their request or at our initiative, in accordance with the applicable legislation.
• insurers from Romania or other countries — In relation to the services you benefited from in the Molarch clinic.
• our partners, with whom we are in contractual relations — marketing service providers.
• College of Dentists from Romania.
• The Ministry of Health and its subordinate structures, including public health departments.
• any buyer or investor (including potential buyers or investors), or liquidators, including their advisers in the event that various transactions/sale operations (in whole or in part) are being considered, intended, negotiated, concluded or implemented by the parties social, assets, business of Molarch, or merger, division, reorganization, dissolution. We will conclude contractual clauses with them aimed at ensuring the protection of your Personal Data, including data security and confidentiality.
• other third parties, in cases provided for or permitted by law as well as, in other cases, with your prior information.

Please note that we will enter into contractual terms with those mentioned above
aimed at protecting your personal data, including data security and privacy.
As of the date of this Note, Molarch generally does not transfer and does not intend to transfer your personal data or third party data received from you to entities or individuals outside the European Union or international organizations.

6. HOW LONG WE KEEP YOUR DATA

Your Personal Medical Data are processed in order to perform the medical act, which also involves the identification of the patient’s general medical and dental history, and will be stored for a period between 6 months and 100 years in the case of medical documents. To store your Data (in electronic format), we use our own servers or those of other companies specialized in database management or electronic archiving.
Your Personal Data is also processed for the duration necessary to fulfill legal obligations, including applicable obligations in the matter of archiving, in the matter of debt recovery, as well as when there is a legitimate interest of Molarch (such as improving services, defending rights and interests).
If you have expressed your consent for marketing activities, the Data may be processed for this purpose until you exercise your right of opposition or until you withdraw your consent.
The withdrawal of consent will have effects for the future, without affecting the legality of the processing carried out previously.

7. WHAT ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM

Your rights:

• the right of access to data — you have the right to obtain access to your data that we process or control or to copies thereof; you also have the right to obtain from us information about the nature, processing and disclosure of this data.
• the right to data rectification — you have the right to obtain the rectification of inaccuracies in your data that we process or control.
• the right to data erasure (“the right to be forgotten”) — you have the right to obtain from us the erasure of your data that we process or control.
• the right to restrict data processing — you have the right to restrict the processing of your data that we process or control.
• the right to object — you have the right to object to the processing of your data by us or on our behalf.
• the right to data portability — you have the right to obtain the transfer to another operator of your data that we process or control.
• the right to withdraw consent. Where we process your data based on your consent, you have the right to withdraw your consent; you can do this at any time, at least as easily as you originally gave us consent; the withdrawal of consent will not affect the lawfulness of the processing of your data that we carried out before the withdrawal.
• the right to lodge a complaint with the supervisory authority — you have the right to lodge a complaint with the supervisory authority for the processing of personal data regarding the processing of your Data by us or on our behalf.

How can you exercise your rights?

To exercise one or more of these rights (including the right to withdraw your consent, where we process your data based on it) or to ask any questions about any of these rights or any provision of this Notice or any other matter of our processing of your data, please use the contact details in this Notice whenever you wish.

We will consider all your questions, requests and complaints and try to respond to you as quickly and completely as possible, in any case, in compliance with the deadlines provided by law.
We also trust that you will not exercise these rights in an unreasonable, excessive or otherwise abusive manner.
If you are not satisfied with the way we have handled or responded to your request or complaint, or you consider that the processing is done in violation of the applicable legislation, you can file a complaint with the Romanian data supervisory authority:

National Supervisory Authority for Personal Data Processing (ANSPDCP).
At the date of this, ANSPDCP has the following contact details:
Headquarters: Bd. Gheorghe Magheru no. 28-30, Bucharest, Sector I, postal code OI 0336, Romania
Email: anspdcp@dataprotection.ro
Fax: +40.318.059.602
Website: www.dataprotection.ro

WHAT CAN HAPPEN IF YOU DON’T PROVIDE US WITH YOUR DATA

You have the obligation to provide the personal data provided by law in order to be able to fulfill the legal requirements related to obtaining the informed consent of the patient (except for the situations specified in the legislation), to the preparation of medical records and to the provision of dental assistance. Otherwise, it will not be possible for us to provide you with the dental services you request and which are necessary to maintain your oral health.
You are under no obligation to provide us with your personal data that we request based on your consent.

CHANGES TO THIS NOTICE

We may change this Notice from time to time. In such cases, we will notify you in advance and will not reduce the rights you have with respect to your data by any changes we may make to this Notice.

We will also post this Note on our website, www.molarch.ro. We will also keep all previous versions of this Notice in an archive on our website for you to refer to at any time. You can also consult the Processing Policy on the same website

WHAT THE TERMS WE USE IN THIS NOTE MEAN

The terms used in this Note are taken over and have the meaning assigned to them by EU Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR Regulation).