Privacy Policy

Information about personal data processing in accordance with GDPR

GDPR
EHDS
NIS2

Data Controller

EuroMed Advice is the data controller for the processing of your personal data.

  • EuroMed Advice
  • Email: contact@klarmedicin.com
  • București, România

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR) - For processing medical data and marketing communications
  • Contract performance (Art. 6(1)(b) GDPR) - For providing medical consultation services
  • Legal obligation (Art. 6(1)(c) GDPR) - For compliance with healthcare legislation
  • Legitimate interest (Art. 6(1)(f) GDPR) - For service improvement and system security

Data We Collect

We collect and process the following categories of data:

Identity Data

  • Full name
  • Email address
  • Profile picture (optional)

Medical Data

  • Uploaded medical documents
  • Consultation history
  • Medical feedback

Processing Purposes

  • Providing online medical consultation services
  • Communication regarding appointments and consultations
  • Account security and fraud prevention
  • Compliance with healthcare legal requirements
  • Improvement of our services

Data Retention

We retain your data only for as long as necessary:

  • Account data - For account lifetime + 30 days after deletion
  • Medical documents - Per medical legislation (minimum 10 years)
  • Security logs - 12 months
GDPR Art. 15-22

Your Rights Under GDPR

The General Data Protection Regulation (GDPR) grants you specific rights over your personal data. Here is a detailed explanation of each right under Articles 15-22.

Right of Access (Art. 15)

Art. 15 GDPR

You have the right to obtain confirmation that your personal data is being processed and to request access to it. Upon request, we will provide you with a free copy of the processed personal data.

  • The purposes of data processing
  • Categories of personal data processed
  • Recipients or categories of data recipients
  • The planned retention period
  • The source of data (if not collected directly from you)

Right to Rectification (Art. 16)

Art. 16 GDPR

You have the right to obtain the rectification of inaccurate personal data and the completion of incomplete data. You can update your profile information at any time directly from Settings or by contacting us.

Right to Erasure ("Right to be Forgotten") (Art. 17)

Art. 17 GDPR

You can request the erasure of personal data in the following situations:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • The data has been processed unlawfully

Exception: According to Romanian medical legislation (Law 46/2003), medical documents must be retained for a minimum of 10 years. This legal obligation takes precedence over the right to erasure for medical data.

Right to Restriction of Processing (Art. 18)

Art. 18 GDPR

You can request the restriction of processing in certain situations, such as when you contest the accuracy of the data or when processing is unlawful but you do not want erasure. During this period, the data will only be stored, not processed.

Right to Data Portability (Art. 20)

Art. 20 GDPR

You have the right to receive personal data in a structured, commonly used, and machine-readable format:

  • Export in JSON or CSV format with all your account data
  • Ability to transfer data to another controller, upon request

Right to Object (Art. 21)

Art. 21 GDPR

You have the right to object at any time to the processing of data based on our legitimate interest. We will comply with your request unless we demonstrate compelling legitimate grounds that override your interests.

Right Not to be Subject to Automated Decisions (Art. 22)

Art. 22 GDPR

We do not use fully automated decision-making systems that produce legal effects or similarly significantly affect you. All medical evaluations are performed by qualified human professionals. AI tools are used only as assistance, not for final decisions.

EHDS 2025

European Health Data Space (EHDS)

EHDS is a new European legislative framework that will improve patient access to their own medical data and facilitate the exchange of health data across the European Union.

What is EHDS?

European Health Data Space (EHDS) is a major European Union initiative expected to come into full effect by 2025-2026. This regulation will revolutionize how health data is managed, accessed, and shared throughout Europe, providing you with extended rights over your personal medical data.

Your Rights Under EHDS (Primary Use)

Primary use refers to access and control of your own health data for medical care:

  • Electronic access to all your health data, including prescriptions, lab results, imaging, and medical reports
  • Ability to share data with any healthcare provider in the EU
  • Access to cross-border healthcare with automatic recognition of prescriptions and medical records
  • Full control over who can access your medical data

Cross-Border Access to Medical Data

Under EHDS, you will be able to access healthcare services in any EU member state with automatic transfer of your electronic health record. This means a doctor in Germany, France, or any other EU country will be able to consult your medical history, prescriptions, and test results, with your consent.

MyHealth@EU - European Infrastructure

MyHealth@EU is the digital infrastructure that will connect health systems across all member states. EuroMed Advice is committed to complying with EHDS standards and integrating our services into this European infrastructure to provide you with seamless access to pan-European healthcare.

Supervisory Authority

If you believe that the processing of your data violates GDPR, you have the right to file a complaint with the national supervisory authority. For Romania, this is:

National Supervisory Authority for Personal Data Processing (ANSPDCP)

B-dul G-ral. Gheorghe Magheru 28-30, București, România
+40 318 059 211
anspdcp@dataprotection.ro
www.dataprotection.ro

International Transfers

Your data is stored in data centers within the European Union. We do not transfer data outside the EEA without adequate safeguards per GDPR.

Data Security

We implement appropriate technical and organizational measures for data protection:

  • End-to-end encryption for medical documents
  • Strict role-based access control
  • Regular security monitoring and auditing
  • Secure backup and recovery plan

How to Exercise Your Rights

To exercise any of the above-mentioned rights, you can use the "Profile Settings" section in your account or contact us directly:

contact@klarmedicin.com

We will respond to your request within 30 days. For complex requests, the deadline may be extended by an additional 60 days, with prior notice.

Last updated

Request an opinion