On the Protection and Processing of Personal Data
SIMEDERA CLINIC:
The subject of this Regulation is to define the organizational and technical procedures, measures for the protection of personal data and security, as well as the storage and administration of personal data by the structures of SIMEDERA CLINIC.
The purpose of this Regulation is to establish the rules based on which SIMEDERA CLINIC protects the personal data of its patients and employees (or applicants) from misuse by any unauthorized person and in any manner not compliant with Law No. 9887, dated 10.03.2008 “On the Protection of Personal Data”, as amended, and with the internal policies of the Clinic.
For the purposes of this Regulation, the following terms shall have the meanings below:
“Controller” – For the purposes of this Regulation, these are employees of SIMEDERA CLINIC who, alone or jointly with others, determine the purposes and means of processing personal data, in accordance with applicable laws and by-laws, and are responsible for fulfilling the obligations provided by law.
Other terms used in the implementation of this Regulation shall have the same meaning as defined in Law No. 9887, dated 10.03.2008 “On the Protection of Personal Data”, as amended.
This Regulation applies to the processing of personal data, wholly or partially, through automated means, as well as by other means forming part of a filing system or intended to form part of a filing system within SIMEDERA CLINIC.
Every employee of SIMEDERA CLINIC involved in the processing of personal data is obliged to comply with the requirements of the Law “On the Protection of Personal Data”.
Employees of SIMEDERA CLINIC may use personal data solely for the performance of duties provided by law and in accordance with legal and sub-legal acts governing the processing of personal data.
Employees of all structures of SIMEDERA CLINIC who process personal data shall base their actions on the criteria set out in Article 6 of the Law “On the Protection of Personal Data”, as amended.
The processing of sensitive personal data shall be carried out in accordance with the criteria set out in Article 7 of the Law “On the Protection of Personal Data”, as amended.
In cases of international transfer of personal data, employees of SIMEDERA CLINIC shall comply with Articles 8 and 9 of the Law “On the Protection of Personal Data”, as amended, as well as relevant by-laws, including Instruction No. 41, dated 13.06.2014, the Guide on International Transfer of Personal Data, and Decision of the Commissioner No. 3, dated 20.11.2012 on countries with an adequate level of data protection.
The disclosure or communication of personal data shall be carried out in accordance with the purpose for which such data were collected.
Every individual has the right to be informed about their processed personal data through a written request.
Employees of SIMEDERA CLINIC processing personal data are obliged to ensure the exercise of data subject rights in accordance with Law No. 9887, as amended.
Requests for information may be submitted by:
- The data subject;
- A legal representative with appropriate authorization;
- Other persons who, although lacking a direct interest, prove a legitimate interest consistent with the purpose of data collection;
- A parent or legal guardian when:
- The child lacks full legal capacity;
- The parent is acting in the best interest of the child.
Responses shall be sent to the address specified by the request
SIMEDERA CLINIC adopts appropriate organizational and technical measures to protect personal data from unlawful or accidental destruction, loss, unauthorized access, disclosure, or any other unlawful processing.
Security measures include, but are not limited to:
- Clear definition of responsibilities for data usage;
- Authorized access only;
- Staff training on data protection obligations;
- Access control to systems and archives;
- Logging and documentation of data modifications;
- Mandatory workstation locking when unattended;
- Secure storage and destruction of documents;
- Identity verification and password-protected access;
- Use of personal, confidential passwords;
- Retention of data only for necessary periods;
- Compliance with all applicable legal and regulatory acts.
Premises where personal data are processed shall be protected through organizational, physical, and technical measures to prevent unauthorized access.
Security measures include:
- Restricted access to authorized personnel only;
- Continuous video surveillance;
- Electronic security systems (alarms, cameras);
- Secure cabinets and safes for document storage;
- Reinforced doors and windows;
- 24/7 physical security supervision.
Electronic equipment used for data processing at SIMEDERA CLINIC shall be used solely for official purposes and only by trained employees.
System errors or malfunctions must be reported to the system administrator.
Passwords must be kept confidential and changed periodically (every 3–6 months).
Access to personal data is subject to special security controls ensuring data integrity and updates.
The system verifies user identity and enables continuous monitoring of user activity for the duration data are stored.
Documents and communication tools containing personal data are subject to defined confidentiality levels in accordance with applicable legal acts.
Any employee of SIMEDERA CLINIC who violates obligations related to personal data protection shall be subject to disciplinary and administrative measures, in accordance with applicable laws and regulations.
The implementation and supervision of personal data protection measures shall be carried out by designated responsible persons.
Employees of SIMEDERA CLINIC who process or become aware of personal data are prohibited from disclosing such data to third parties.
The obligation of confidentiality continues even after termination of employment or function.
Image
Simedera Health Tourism pioneered the FAIR method and 3D-scan technology. Simedera stands for Safety, Medical Excellence, and Reliable Assistance.
Quic