At Atlas Imagistica, the time required for the MRI examination is reduced by 30%, thanks to the advanced technology we have

Privacy Policy / GDPR

Website Confidentiality www.atlasimagistica.com

NOTICE REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with the provisions of the General Data Protection Regulation (GDPR), applicable from May 25, 2018, RS Diagnostics S.R.L has the obligation to process personal data (as defined by applicable law) safely, for the purposes specified in this Information Note, in the context of providing medical services within RS Diagnostics S.R.L.

The website www.atlasimagistica.com belongs to RS Diagnostics S.R.L.

Through this Information Note, we explain how your personal data is processed within RS Diagnostics, which commits to respect your confidentiality, complying with all applicable data protection laws and regulations, ensuring that your personal data is processed responsibly and in accordance with the law: General Data Protection Regulation (GDPR) EU 2016/679, Law no. 190 of July 18, 2018 on the implementation measures of Regulation (EU) 2016/679, Patient Rights Law no. 46/2003, Health Reform Law no. 95/2006. This website's policy www.atlasimagistica.coma and any other documents referenced in this policy govern the collection, processing, and use of your personal data.

Operator Identification Data

S.C. RS Diagnostics S.R.L. with registered office in Târgu-Mureș city, Verii Street, no.11 A, Mureș county, registered at the Trade Register under no. J26/1140/2015, fiscal code 35236919, organized workplace - Atlas Imagistica, Târgu-Mureș, Mihai Viteazul Street, no. 31C, contact phone: 0770 296 195 or 0770 341 500; email address [email protected]

Definitions

Data Subject: any identified or identifiable natural person - directly or indirectly - by means of personal data

Personal Data: data that can be associated with the data subject - name, surname, personal identification number, one or more specific physical, physiological, mental, economic, cultural, or social characteristics of the data subject, as well as any conclusion about the data subject that can be deduced from that data

Special Data: personal data regarding racial or ethnic origin, political opinion, membership of a political party, religious or philosophical beliefs, membership of trade unions, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person's sex life or sexual orientation, data relating to criminal convictions and offenses

Consent: the voluntary and unequivocal manifestation of the data subject's will, based on adequate information and expressing his clear agreement to the comprehensive or limited management of his own data

Objection: the data subject's statement opposing the processing of his personal data and requesting the cessation of management or deletion of data

Data Operator: a natural or legal person or organization without legal personality, who has the task of determining, independently or jointly with others, the purpose of data processing, making decisions regarding data processing (including decisions regarding the means used), and implementing these decisions independently or through a data processor with whom a contract has been concluded

Data Management: means - regardless of the method used - any operation or set of operations performed on data, especially collection, recording, organization, storage, alteration, use, interrogation, transmission, publication, coordination, interconnection, blocking, deletion or destruction, as well as preventing further use, taking photographs, making audio or video recordings, as well as recording physical characteristics (such as fingerprints and palm prints, DNA samples and iris photos) that enable the identification of persons

Data Transmission: making data available to a particular third party

Disclosure: making data available to any person (disclosure)

Data Deletion: distorting data in such a way that their restoration is no longer possible

Data Blocking: marking data with a distinctive mark in order to limit their processing for a specific or indefinite period

Data Processing: performing technical tasks related to data management operations, regardless of the methods or means used for these operations or the location of application, provided that the technical tasks are performed on the data in question

Data Processor: is a natural or legal person or an organization without legal personality that processes data based on a contract - including contracts concluded under legal provisions - concluded with the data operator

Third Party: is a natural or legal person or an organization without legal personality that is different from the data subject, the data operator, or the data processor

Incident: the illegal handling or processing of personal data, especially unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and deterioration

Contact details for the personal data protection responsible person:

Nadia Chear email: [email protected] (Please write to this email address only in cases related to data management!)

As a data controller, we, RS Diagnostics S.R.L inform you that

  • we comply with legal provisions regarding Personal Data Protection and implement technical and organizational measures to protect all operations related directly or indirectly to personal data, preventing unauthorized or illegal processing, as well as accidental or unlawful loss or destruction.
  • we do not use personal data for automated processing or for profiling. We do not make automated decisions about you except for the medical recommendation we inform you about. We use technical means to store data securely and process your data only for predefined purposes, for the necessary period and for the purpose of exercising rights and fulfilling obligations; we do not process data for secondary purposes incompatible with the purposes for which we collect them.
  • we respect and ensure strict professional secrecy and do not disclose your data except for pursuing your interests or fulfilling medical obligations.
  • we manage only those personal data that are essential for achieving the purpose of data processing and are suitable for achieving the objective.
  • in all cases when RS Diagnostics uses data collected for purposes other than the initial purpose of collection, it informs the person concerned about this fact and requests their prior, express consent, ensuring the possibility of prohibiting the use of data by that person.
  • during management, personal data collected by RS Diagnostics S.R.L can be accessed only by those employees or contractual partners of the Company who have specific tasks related to data management and are trained for this purpose.

The categories of personal data collected when creating your account through the www.atlasimagistica.com website: name/surname, contact details: phone number, email address, password your access codes in the PIXEL DATA medical portal in the For Patients section -> Patient Results (received upon your registration via the registration form.)

RS Diagnostics S.R.L will process your personal data for the purpose of providing medical services requested by the patient, and/or by their attending physician in order to identify medical diagnosis, establish appropriate treatment, monitor medical progress during and after treatment, positive or adverse reactions regarding the administration of a certain medical and/or medicinal treatment, for scientific purposes, the legitimate interest pursued by the controller being to contribute, through the information obtained, to the continuous development of medical science and to hold and process the most accurate record for the purpose of providing appropriate medical treatment in the primary interest of the patient. Personal data will be transmitted by the patient, for the purpose of voluntary health insurance administration in the insurance system. At the time of requesting medical services, this personal information: Name/surname, CNP, medical data transmitted by the patient or their history (this data includes information about the individual collected during their registration for medical assistance services or in the provision of such services to the individual concerned, as mentioned in Directive 2011/24/EU of the European Parliament and of the Council), will be transmitted to Partner Medical Institutions, as requested by the patient.

For this purpose, to facilitate your access and that of your attending physician (at their express request and only with your consent, access codes will be transmitted under maximum security conditions) to the results and images of examinations carried out within RS Diagnostics, we have created within the www.atlasimagistica.com website the section For Patients -> Patient Results which can be accessed by logging in with the identification code (PID) and examination code, which will be provided to you through the registration form.

We will also collect and process the following personal data: your gender and age through the satisfaction questionnaire, for the purpose of monitoring the satisfaction level of our patients regarding the medical services provided and how to improve them. Providing your data for this purpose is voluntary. The processing of your data for this purpose is based on the legitimate interest of RS Diagnostics SRL to continuously improve your experience at Atlas Imagistica. Refusal to provide your data for this purpose will not have negative consequences for you.

RS Diagnostics SRL expressly undertakes to manage in a secure manner the confidentiality and solely for the stated purposes, the personal medical data of patients. To achieve the aforementioned purposes, we use accredited service providers, respectively authorized under art. 28 GDPR. Personal data will not be made available to any third party, except to our partners with whom we collaborate for the provision of medical services: laboratories / medical institutions authorized by the Ministry of Health, as well as public authorities, only under the special conditions of the law.

Atlas Imagistica may disclose your personal data to one or more of the following categories of recipients:

  • You, your proxies or other parties with your explicit consent or at your instructions, upon request, meaning we may transmit the information to third parties to whom you consent or request us to make such a disclosure;
  • To the employees and collaborators of Atlas Imagistica, in accordance with the specific duties of their function;
  • To the authorized representatives of Atlas Imagistica: database hosting and storage companies, maintenance, companies providing traffic analysis and statistics services;
  • Courts, public prosecutor's offices or other central/local public authorities, at their request, in order to comply with the law or in response to a mandatory legal procedure (such as a search warrant or court order).

The personal data disclosed to the aforementioned representatives may be all data processed about you mentioned above. The data is provided to hosting and traffic analysis service providers because Atlas Imagistica uses their services to ensure the proper functioning of its websites. These entities are selected with special care to ensure that they meet specific requirements regarding the security and protection of personal data. The providers of these services have been selected after examining their security and confidentiality measures and practices.

The disclosure of your personal data to our representatives is based on agreements, understandings, or written contracts. These entities have limited capacity to use your information for purposes other than providing services to us. If in the future we disclose your personal data to other categories of recipients, we will inform you about the timing of the disclosure and the names of the recipients.

We keep the information we collect about you in the databases of our authorized providers or on our servers. This information can only be accessed by the personnel of our authorized representatives or that of Atlas Imagistica directly involved in the administration of their websites and services. We will keep this information for as long as necessary to achieve these objectives and as long as permitted or required by applicable law.

We will not disclose your information to third parties for their own marketing or commercial purposes without your consent.

The sources of data collection can be multiple: obtained directly from the patient, obtained from the insurer with whom the patient has a health insurance policy, obtained from the attending physician of the patient who requests additional investigations for establishing the medical diagnosis.

The processing of your data for the purpose of medical statistics will be carried out only at the written request of state institutions with responsibilities in the field of statistics. Your data will continue to be secured and kept confidential.

4. Legal basis for processing:

Art. 6 Para. 1 Lit b of EU 2016/679 GDPR, for the performance of medical procedures and services at the request of the data subject as well as Art. 6 Para. 1 Lit c of EU 2016/679 GDPR – legal obligation regulated by tax legislation. We will process your personal data collected through the registration form. Also, we will contact you by email, phone. For the purposes mentioned above, your data will be stored in our database, on our own PACS (picture archive communication system) server. This processing is based on Art. 6 Para. 1 Clause 1 Letter f) GDPR. It is necessary to pursue our legitimate interests in order to improve our services and our relationship with patients, which is a key factor for our success in the field of medicine. The collected and stored data help us learn more about your interests and needs. This allows us to take them into account and act accordingly, i.e., through personalized communication.

5. Data storage and processing period:

Your personal data will be stored until the termination of the patient relationship, except where we have a legal obligation to continue storing the data for the purpose of presenting them to public authorities, such as medical and tax authorities, etc. The storage and transfer of personal data to public authorities for the purpose of fulfilling a legal obligation is based on Art. 6 Para. 1 Clause 1 Letter c) GDPR.

6. Data subject rights:

By this, it is clearly, concisely, and unequivocally communicated that the patient has the right to request from the controller access to their personal data, rectification, deletion, restriction of processing or the right to object to processing, the right to data portability, the right not to be subject to automated decision-making, including profiling, the right to notify recipients regarding rectification, deletion or restriction of personal data, as well as the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing located at 28-30 G-ral Gh. Magheru Blvd., Sect. 1, Postal Code 010336, Bucharest.

7. Medical confidentiality

Excerpts from Patient Rights Law No. 46 of January 21, 2003 (updated version as of Jan 20, 2020)- The right to the confidentiality of patient information and privacyArt. 21: All information regarding the patient's condition, investigation results, diagnosis, prognosis, treatment, personal data are confidential even after their death.Art. 22 Confidential information may be provided only if the patient explicitly consents or if the law expressly requires it.Art. 23 If the information is necessary for other accredited medical service providers, the implication of consent is no longer mandatory.Art. 24 (1) The patient has access to their personal medical data. (2) The patient has the right to designate, through an agreement recorded in the annex to the general clinical observation sheet, a person who has full access, both during the patient's life and after the patient's death, to the confidential information in the observation sheet.

Norm of 12 Dec-2016 for the application of Patient Rights Law no. 46/2003
Art. 9 (1) Units must ensure unrestricted access for patients to their personal medical data. (2) Requests for the communication of personal medical data are addressed to the medical institution in writing, by completing the form 'Request for the communication of personal medical documents,' provided in Annex 3 to these regulations. (3) The delivery of copies of the requested medical documents is done by healthcare units within a maximum of 48 hours from the registration of the request.Art. 10 (1) In situations where confidential information is requested, units are obliged to ensure compliance with the legal framework for providing such information. (2) In situations where data regarding the private or family life of patients positively influences the establishment of diagnosis, treatment, or care provided, units may use them, but only with the consent of the patients, except in cases where patients represent dangers to themselves or public health.Art. 11 (1) Upon admission or during the provision of health services, as appropriate, the attending physician has the obligation to inform the patient that they have the right to request not to be informed in case the medical information presented by the doctor would cause them suffering, as well as the right to choose another person to be informed on their behalf. (2) The patient's agreement regarding the designation of persons who can be informed about their health status, investigation results, diagnosis, prognosis, treatment, personal data is expressed in writing, by completing the form

Medical Deontology Code – Approved by the General National Assembly of the College of Physicians of Romania no. 3/04.11.2016, published in the Official Gazette, Part I no. 981 of 07.12.2016, in force from 06.01.2017 - Professional secrecy and access to health status dataArt. 17 Professional secrecy: The physician will maintain professional secrecy and act in accordance with the legal right of each person to respect their private life from the point of view of information regarding their health.Art. 18 Extent of the obligation to maintain professional secrecy (1) The physician's obligation to maintain professional secrecy is enforceable even against family members of the respective person. (2) The physician's obligation to maintain professional secrecy persists even after the person has ceased to be their patient or has died.Art. 19 Transmission of data regarding the person's health (1) The physician will manage medical information based on the provisions of this code, the current legislation, or based on the patient's mandate. (2) The physician's obligation to inform ceases if the patient decides, in writing, that they no longer wish to be informed in case the information presented by the physician would cause them suffering.Art. 20 Exceptions to the rule of maintaining professional secrecy. Exceptions to the right of each person to respect their private life from the point of view of information regarding their health are only those expressly provided for by law.