PERSONAL DATA PROCESSING POLICY

 

CARDIOSCIENCE SRL, based in Bucharest, Str. Hatmanul Arbore, No. 15-19, Office No. 4, Et. 2, Ap. 209, Sector 1, Unique Registration Code: 38882485, Registered with the Trade Register under no. J40/2293/2018, phone: 0723189104, e-mail: office@cardioscience.ro , as Personal Data Operator, hereinafter referred to as “CARDIOSCIENCE” has developed this personal data processing policy (“Privacy Policy”) to inform you about the conditions under which your personal data are collected, processed, used and protected (” Personal data”), as defined by the European Regulation 679/2016 on the protection of natural persons, regarding the processing of personal data and on the free movement of such data (“GDPR”).

 

This Privacy Policy is an integral part of the Terms and conditions of use of the Cardioscience Service, which we ask you to consult carefully by following the link: https://www.cardioscience.ro/termeni-si-conditii/

Every time they are used in the Privacy Policy, unless the context requires a different interpretation, the terms used and written in capital letters will have the same meaning as the one assigned to them in the Terms and conditions of use of the Cardioscience Service.

This Privacy Policy is intended to inform you, as the data subject, about the manner in which CARDIOSCIENCE acts in relation to you in accessing and using the Service (eg the Dahna Application, the web platforms https://www.cardioscience.ro/

, https://dahnapp.com/en/ ) , as well as regarding the communication channels through which you can get in touch with our representatives to report any deviation from the Privacy Policy or for any other questions regarding this aspect.

 

Please read this Policy carefully of confidentiality, because the installation of the Application and in general the use of the Service, means that you have read, understood and agree to all the terms of this Privacy Policy, and as a result you express your consent regarding the processing of Personal Data in accordance with those described in the Privacy Policy.

You do not have an obligation to provide us with your Personal Data mentioned in the Privacy Policy. However, if you do not provide us with the Personal Data mentioned in this document, it will not be possible for Cardioscience to provide the Service you request. If you do not agree with this Privacy Policy and/or with the Terms and conditions of use of the Service, you will not be able to access the Service and please delete the Application and do not continue using the Service offered by CARDIOSCIENCE.

 

The service is hosted on servers in Romania (member of the European Union), Personal Data being processed in accordance with GDPR and national regulations, currently by the agent Rise App, with whom CARDIOSCIENCE concluded a confidentiality agreement regarding the processing of Personal Data . By using the Service, including the Application, and providing us with information, you consent to the transfer and processing of your information in accordance with the GDPR and, unless otherwise provided in this Privacy Policy, we use this consent as the legal basis for the processing of Personal Data . The provisions of the Privacy Policy are supplemented by the mandatory legal norms applicable in the field of personal data protection, if they are more favorable.

 

1 . WHAT PERSONAL DATA DOES CARDIOSCIENCE PROCESS?

“Personal data” means, but is not limited to, any information that can be used to identify you, directly or indirectly, in particular by reference to an identifier such as a name, address email, phone number, an identification number, location data, an online identifier, or to one or more specific elements of your physical, physiological, genetic, psychological, economic, cultural or social identity.

The personal data relating to you that the Application will process are the data obtained directly from you (at the time of registration in the Application, of using the web platform www.cardioscience.ro or any other web platform operated or controlled by CARDIOSCIENCE).

 

This Personal Data currently includes: name; first name; phone number, email address, gender; age, height, current body weight, desired body weight, Body Mass Index, physical activity, culinary preferences, activity habits, study data, values of some biomarkers (cholesterol, LDL cholesterol, HDL cholesterol), residence/domicile address , geolocation data or any other information that you choose to provide in the Cardioscience Application or to the CARDIOSCIENCE Partners.

The personal data collected and stored will only be used by the decision of CARDIOSCIENCE.

 

  1. HOW DO WE OBTAIN YOUR DATA?

We generally collect your Personal Data directly from you, so you have control over the type of information you give us. For example, we receive information from you as follows:

  1. When creating the account or when you use the Service offered by Cardioscience The personal data that must be provided by you may include: name, first name, email address, phone number, username, gender, geolocation data .

To configure certain functionalities in the Application: eg weight goal, the Application collects the User’s data – current body weight, desired weight. These data will only be used for the purpose for which they were collected and stored, namely the configuration of the login account in the Application and the User profile, any other use of them will be subject to a detailed and expressly specified consent, agreed by the User.

  1. When placing an order , provide information such as: desired product, name and surname, delivery address, billing details, payment method, phone number, bank card details, etc.

c . When you enter data about your health and habits, lifestyle, etc. within our Service or use the Service that collects data directly from mobile device sensors

User health and lifestyle data means data you provide related to your eating habits, dietary restrictions, exercise/fitness level, fitness goals, lifestyle (e.g. sleep habits), height , weight, measurements, heart rate, BMI, biometric data and similar types of data related to your physiological state and activity. We collect this data to provide the Service and to tailor features, advertising and the Service to your interests and goals, including providing personalized menu, training plans and services related to creating the personalized menu and product recommendations.

 

During navigation , certain information may be collected and subsequently processed regarding your behavior while visiting our website or using the smartphone Application, in order to personalize your online experience and provide you with offers adapted to your profile. We invite you to find out more about this by consulting the section on purposes of processing below.

 

On our website and in the smartphone application we can store and collect information in cookies and similar technologies, according to the Cookie Policy https://www.cardioscience.ro/politica-de-cookie/

 

You also have the possibility to register and use the Service through your Facebook or Google account. If you opt for one of these options, you will be directed to a page managed by Facebook Inc / Google LLC, where they will inform you about the transfer of your data to CARDIOSCIENCE. You can consult the Facebook and Google privacy policies on the sacestora website or using the following links:

https://www.facebook.com/about/privacy

https://policies.google.com/privacy

 

  1. FOR WHAT PURPOSE DO WE COLLECT YOUR DATA?

We use your data collected in point 2 for:

Development of the contractual relationship between you and CARDIOSCIENCE, resulting from the use of the Application and/or the Service

 

Purpose: creating a personalized profile of the User, issuing personalized menus, creating personalized lists of ingredients exactly in the quantities needed by your personalized profile created on the basis of the data communicated by you, for the processing of transactions made by you within the orders addressed to CARDIOSCIENCE Partners ; solving technical connection problems, solving your complaints. We will use the data to create an algorithm for an automated decision-making process, more precisely the automation of menus and recipes based on culinary preferences correlated with nutritional cardiology medical recommendations. The consequences will be the diversity of menus, the possibility of filtering according to culinary preferences and the integration of medical recommendations with the main objective of reducing the degree of risk of cardiometabolic disease.

Duration of processing: the data will be stored for a period of 5 years, calculated from the date of termination of the User status.

Analyzes and statistics regarding the use of the Application/Service

Purpose: optimization of the CARDIOSCIENCE Service in order to improve the satisfaction of CARDIOSCIENCE clients and Partners, improving services, identifying potential problems with regard to the existing functionalities in order to improve them.

Periodic Cardioscience may send you questionnaires and forms for completion in order to improve the functionalities of the Service. Their completion by the User will be voluntary and anonymized, and the completed data are subject to the same confidentiality regime.

Duration of processing: the data will be stored for a period of up to 5 years calculated from the date of termination of the user status.

Direct marketing and other commercial communications

Purpose: offering discounts, promotions, launches of new functionalities, products or services, the appearance of new Partners, etc., both from CARDIOSCIENCE and Partners (third legal entities), who have a contractual relationship with CARDIOSCIENCE. Notifications can be disabled in the phone settings. Communications essential and necessary for the smooth running of the contractual relationship cannot be unsubscribed and are stopped only at the end of the contractual relationship.

 

Duration of processing: the data will be stored for a period of up to 5 years from the date of termination of the User status or will be deleted within 5 working days, in the case of the request to be excluded from commercial and marketing communications.

CARDIOSCIENCE can delete your personal data when it considers that it is no longer necessary for the purposes for which it was collected.

In any case, you have the right to withdraw your consent for the processing or to oppose the processing and, if there are no legitimate and compelling reasons for the processing that prevail, we will stop the data processing.

 

SCIENTIFIC RESEARCH/Statistical purposes

Your health data are also processed for scientific research purposes and/or for statistical purposes related to the cardiometabolic profile. The main goal is to analyze the impact of diet in the evolution of the degree of risk of cardiometabolic diseases, the inclusion of risk factors such as diet and physical activity from the lifestyle in algorithms for the prevention of cardiometabolic diseases .

The statistical results can be used later for different purposes, including for scientific research purposes.

 

  1. WHAT IS THE BASIS ON WHICH WE PROCESS YOUR DATA?

Since we obtain most of the information directly from you, it is processed based on Article 6 paragraph (1) letter (a) of the GDPR – processing based on the consent of the data subject.

CARDIOSCIENCE processes your personal data pursuant to article 6 paragraph (1) letter (b) of the GDPR – processing for pre-contractual and contractual purposes, respectively art. 6 para. (1) letter c) of the GDPR – processing for the fulfillment of legal obligations incumbent on the operator (CARDIOSCIENCE).

Also, in the processing of special categories of personal data, CARDIOSCIENCE will request consent in accordance with the provisions of art. 9 para. (2) lit. (a) of the GDPR. The carrying out of statistical studies and/or scientific research regarding these categories of data, to the extent that they will be done, will be done based on art. 9 para. (2) lit. (j) of the GDPR.

CARDIOSCIENCE mainly processes:

your personal data to be able to conclude a contract with you, at your request, or to execute a contract concluded with an organization (for example your employer) of which you are a part (through which we commit to provide you with our services) . We can also process your data to fulfill our archiving obligations, the legal obligations to communicate certain information to public authorities. At the same time, there are cases in which we process your data based on our legitimate interest.

 

  1. WHAT ARE YOUR RIGHTS. ABOUT PERSONAL DATA?

You have the following rights regarding the processing of your Personal Data:

The right of access – You have the right to obtain from us confirmation that your personal data is processed by us, as well as information about the specific processing, such as: purposes of processing, categories of personal data processed, recipients of personal data , the period for which personal data is stored, if we transfer personal data abroad and how we protect it;

 

The right to rectification – You have the possibility to request the rectification of your personal data if you identify that they are erroneous or incomplete; taking into account the purposes for which the data were processed, you have the right to obtain the completion of Personal Data that are incomplete, including by providing an additional statement.

 

The right to object – in certain situations, you have the right to object to the processing of your personal data by us.

 

The right to erasure – In certain situations, you have the possibility to request the erasure of personal data, namely when they are no longer necessary to fulfill the purposes for which they were collected or processed, if you withdraw your consent regarding the processing (and there is no other legal basis for the processing) or if you object to the processing, including the creation of profiles, either for reasons related to the particular situation you are in, and there are no legitimate reasons that prevail, or when the purpose of the processing is direct marketing;

The right to restriction of processing

The right to data portability – You have the right to obtain the transfer to any other operator of your data that we process or control;

 

Withdrawal of consent – To the extent that you have consented to the processing of your Personal Data, you can withdraw your consent at any time, without affecting the legality of the processing based on consent before its withdrawal.

 

The right not to be subject to any automatic individual decision – you have the right not to be subject to a decision based exclusively on automatic processing, including profiling, which produces legal effects that concern or significantly affect you. Such a right cannot be exercised when the decision: (i) is necessary for the conclusion of a contract or for the execution of a contract between you and CARDIOSCIENCE; (ii) is authorized by the Union law or the national law that applies to Cardioscience and which also provides for appropriate measures to protect your rights, freedoms and legitimate interests; or (iii) is based on your explicit consent.

 

The right to lodge complaints with the supervisory authority – you have the right to lodge a complaint with the National Supervisory Authority for the Processing of Personal Data (“DPA”) in relation to any violation of your rights regarding the processing of your data with personal character. DPA’s contact details are: Bulevardul Gheorghe Magheru 28-30, Sector 1, Postal Code 010336, Bucharest, Romania; e-mail: anspdcp@dataprotection.ro. Complete list of data protection authorities in the European Union: https://edpb.europa.eu/about-edpb/board/members_en

  1. HOW YOU CAN EXERCISE YOUR RIGHTS REGARDING YOUR DATA. PERSONAL?

Your rights regarding Personal Data can be exercised by sending an e-mail to the address office@cardioscience.ro . To ensure that the person who contacts us regarding your personal data is you, we reserve the right to verify your identity before sending any type of response regarding confidential data, precisely in order to ensure the confidentiality of all data.

 

As a rule, you can exercise your rights for free. However, obviously unfounded, unreasonably repetitive or excessive requests may be subject to a fee decided by CARDIOSCIENCE.

We will respond to your request within one month of receiving the request. This period could be extended by another month, if necessary, taking into account the degree of complexity and the number of requests, in which case we will inform you of any extension and the reasons for the delay.

 

  1. TO WHOM CAN WE DISCLOSE YOUR DATA?

CARDIOSCIENCE may disclose your personal data to:

service providers (acting either as Partners or as persons authorized by CARDIOSCIENCE) and whom CARDIOSCIENCE contacts for administrative services, for functionality development, marketing and other service providers (for example, IT service providers, data storage services etc.);

 

CARDIOSCIENCE partners to which you have access through the functionalities of the Application or CARDIOSCIENCE products. Cardioscience’s partners have access to the User’s data such as email address, telephone, location only for the realization of the functionalities that imply the need to own these data and without which the functionalities of the Application could not be realized. The services offered by the PARTNERS are individually individualized in the Application, are subject to the respective partner’s terms and conditions and can be purchased by you directly from it, through the Application, only by your acceptance of these additional terms and conditions. Purchases of services offered in the Application by other Partners are mediated by CARDIOSCIENCE. Any contractual relationship will be concluded directly between you and the respective Partner, according to their commercial terms and policies.

 

other companies with which we can develop joint programs for offering our products and services on the market with which we will have confidentiality agreements.

 

accountants, auditors, lawyers and other external professional staff, who will be bound by legal or contractual obligations of confidentiality;

 

public authorities, if the disclosure is necessary to comply with an obligation stipulated by the applicable legislation.

 

The personal data provided to CARDIOSCIENCE can be transferred outside Romania to other countries to other entities/Partners accredited to process personal data according to the regulations in force in the country of origin.

 

  1. WHAT SECURITY MEASURES HAVE WE IMPLEMENTED TO PROTECT YOUR DATA.

We take all necessary precautions, considering the nature of personal data and the risks related to data processing, to maintain data security and, in particular, to prevent distortion, damage or unauthorized access by third parties (physical protection of the location, access limited to certain people to the database, authentication procedures with personal access, secured by identifiers and confidential passwords, a login log, periodic database backups, encryption or anonymization of personal data, storage in media However, despite our best efforts, we cannot always guarantee the effectiveness of the security measures implemented and therefore cannot guarantee the security of personal data at all times.

 

  1. MODIFICATION OF THE POLICY REGARDING THE PROCESSING OF PERSONAL DATA

This Privacy Policy may be modified periodically. We will update or modify this Privacy Policy as necessary, and will notify you of such changes by posting the updated policy on the web platform or by email. We also recommend that you consult this page from time to time if you want to be informed about the way in which your data is collected and protected.

 

To request more details regarding the measures taken to protect your personal information in the cases mentioned above, you can contact us at any time at office@cardioscience.ro