This Privacy Policy describes the privacy practices of omnimedica, a Software as a Service (SaaS) application (hereinafter referred to as “omnimedica“) offered by High-Tech Systems & Software SRL, a limited liability company, operating in accordance with the laws of Romania, with registered office in Bucharest, Sector 1, Bulevardul Bucurestii Noi, nr. 25A, registered with the Trade Register under no. J40/4847/2012, with VAT Identification Number 30126940 (hereinafter referred to as the “Company“).

The purpose of this Privacy Policy is to describe what personal data the Company collects and processes as well as the scope and legal grounds for such processing.

In addition, this Privacy Policy details the personal data collected and processed, the scope and legal grounds of such processing by the Customer with respect to the personal data of the Customer Representative and Users.

This Privacy Policy applies to all users of omnimedica, i.e. any person who provides personal information/data to omnimedica or the Company in connection with omnimedica, i.e. Customer Representatives and Users (hereinafter referred to as “Data Subject“), as detailed below. By accessing and using omnimedica, Data Subjects consent to the processing of their personal data in accordance with the terms of this Privacy Policy and the relevant Terms of Use.

“Applicable Law” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (“GDPR”), Law No. 190/2018 implementing the GDPR, relevant decisions/guidelines issued by the EDPB for guidance on the interpretation of the GDPR provisions, and national legislation on the processing of personal data of data subjects, if not in conflict with any provision of the GDPR. And any other applicable law, taking into account the location of the Customer’s principal place of business and the nationality of Customer Representatives and Users.

“Customer“: a legal entity that wishes to benefit from the Omnimedica Features and enters into a contract with the Company for this purpose; 

“Customer Representative“: the Customer’s representative with administrative rights in omnimedica, who can add, edit and manage the data related to the organization, its divisions, locations, employees, working hours, create and add Users, etc.

“User(s)“: the Customer’s employee(s) for whom the Customer’s Representative has created an account on omnimedica. User access to omnimedica depends on the relationship between the Customer and the User and the User’s role within the organisation (director, manager, employee, etc.). 

“Personal data” – means any information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Controller” – means the Company/Customer, which, individually or jointly with others, determines the purposes and methods of personal data processing.

“Processor” – means a natural or legal person, public authority, agency or other body that processes any personal data on behalf of the data Controller. The Company is a Processor when it processes personal data of data subjects for the Customer in order to provide support services as requested by the Customer.

This Privacy Policy and the Terms of Use complement each other. 

Capitalized terms not defined herein shall have the meaning given in the Terms of Use.

Any reference to the singular includes the plural and vice versa.

A. GENERAL PRINCIPLES

1.

1. By accessing and using omnimedica, data subjects consent to the processing of their personal data in accordance with the terms of this Privacy Policy and the relevant Terms of Service.

2. If data subjects do not agree to this Privacy Policy and the relevant Terms of Service, they will not be able to access and use omnimedica. Processed personal data are provided on a voluntary basis by the data subject or by third parties who have the prior consent of the Data Subject. In order to use omnimedica, it may be necessary for the Data Subject to fill in some personal data considered by omnimedica as “mandatory“, but the Data Subject may voluntarily provide additional personal data considered as “optional”.

B. COLLECTION AND PROCESSING OF PERSONAL DATA BY THE COMPANY

1.

1. The security of personal data is of particular importance to the Company and the Company ensures that collected and processed personal data is kept secure and is not used for purposes other than those specified in this Privacy Policy, the Terms of Service and the Cookie Policy.

2. The Company processes the personal data of the Customer Representatives, as Operator, for the purpose of concluding and implementing the contract between the Company and the Customer in order for the latter to benefit from the omnimedica Services, including maintenance, i.e. the Company will process the personal data for maintaining the relationship with the Customer (correspondence, notifications, service interventions, etc.), creating the Customer Representative’s account and personalization. The processing is also necessary for legitimate interest purposes (omnimedica development and research, advertising and marketing, statistics) pursued by the Company or any third party or the Data Subject has consented to the processing of their personal data. The legitimate interests of the Company in the processing of personal data do not override the interests or fundamental rights and freedoms of the Data Subject. The interests or fundamental rights and freedoms of the Data Subject shall in no way be affected by the processing carried out through omnimedica. 

3. Processed and collected personal data: 

4. of the Customer’s representative:

o name, surname;

o date of birth;

o e-mail address;

o  password;

o  position within the Customer;

o login and service details for omnimedica use;

5. Because omnimedica can be accessed via browser and mobile devices using an internet connection, one, more or all of the following personal data may be collected when you access and use omnimedica :

o IP address

o Location

o type of device used

o time and date of access

o time spent on omnimedica

o access and usage habits

o Internet connection speed

o the unique identification number of the device used

o encrypted password

6. The personal data mentioned above may be disclosed/partially disclosed/transferred to third parties for the fulfilment of processing purposes. Thus, personal data may be shared with one, more or all of the following on a need-to-know basis in accordance with the scope thereof, namely: 

7. service providers (companies and individuals who provide services on behalf of the Company or who help the Company operate omnimedica and its business, such as hosting, technical support, analytics, customer support, email and SMS delivery, etc.);

8. advisors (these may include lawyers, auditors, bankers and insurers if necessary);

9. authorities and other persons (they may include law enforcement authorities, central or local authorities, supervisory authorities, where required by law or to help protect the rights and safety of Data Subjects or others);

10. other companies or individuals, in the event of an omnimedica disposal, transfer of business or change of control of the Company.

11. THE COMPANY HAS NO ACCESS TO ANY DATA STORED ON omnimedica OR ANY USERS’DATE, HENCE ANY INTERVENTION FOR USAGE PURPOSES WILL BE MADE ONLY WITH THE CUSTOMER’S CONSENT. For this purpose, the Company will be a data processor and will follow the instructions of the Customer, any access to the personal data uploaded on omnimedica will be done as a processor, the Company will not process the personal data for purposes other than providing support services to the Customer.

12. omnimedica is hosted by a third party cloud service provider, acting as a sub-processor for the Company. The terms and conditions of use and privacy policy of the cloud service can be accessed here _______________.

13. The storage of personal data collected and processed by the Company as controller or processor is on the Company’s servers or on the sub-processor’s servers.

C. COLLECTION AND PROCESSING OF PERSONAL DATA BY THE CUSTOMER

1. The Customer collects and processes, as the Controller, the personal data of the Customer’s Representative and the Users for the purpose of complying with a legal obligation to which the Customer is bound, for the performance of the contract(s) concluded with the Data Subject(s) and their consent or legitimate interest, as specified in the internal policies.

2. One, more or all of the personal data below may be collected, recorded, organised, disclosed, modified, retrieved, accessed, stored and ultimately deleted or destroyed: 

o name;

o date of birth;

o e-mail address;

o password;

o job description/position within the organisation;

o data on working days / working hours / shifts / productivity / length of contract with the organisation;

o data on the special needs of the Data Subject as a member of the organisation;

o picture, if a photo is provided for the profile;

o login and service data on omnimedica use;

o other details uploaded on omnimedica.

3. As omnimedica can be accessed via browser and mobile devices using your internet connection, some or all of the following personal data may be collected when accessing and using omnimedica:

o IP address

o Location

o type of device used

o time and date of access

o time spent on omnimedica

o access and usage habits

o Internet connection speed

o the unique identification number of the device used

o encrypted password

4. Personal data, together with any other information that the Data Subject may send to the Customer in connection with omnimedica, will be stored on the sub-processors’ servers (_________________). 

5. Personal data are processed by the Customer for one, more or all of the following purposes:

o management of its activity and planning of the change of the user program

o creating and maintaining accounts

o creating and maintaining profiles

o adding and managing users and their data

o notifying Data Subjects of other Data Subjects who have joined or are using omnimedica, announcements, updates, security alerts, and support and administrative messages, if applicable

o responding to requests, questions, feedback from Data Subjects.

6. Personal data may be shared with one, more or all of the following individuals on a need-to-know basis in accordance with the scope thereof:

7. with the Customer Representative and other Customer Users – fact which will be visible on their public profile;

8. service providers (companies and individuals who provide services on behalf of the Company/Customer or who help the Company/Customer operate omnimedica and its business, such as hosting, technical support, analytics, customer support, email and SMS delivery, etc. );

9. advisors (these may include lawyers, auditors, bankers and insurers if required);

10. authorities and other persons (they may include law enforcement authorities, central or local authorities, supervisory authorities, where required by law or to help protect the rights and safety of Data Subjects or others).

D. RIGHTS AND OBLIGATIONS OF DATA SUBJECTS

1. Data Subjects are aware of the general rights they enjoy as Data Subjects under applicable law, namely: the right to information; the right of access to personal data; the right to rectification; the right to erasure (“right to be forgotten“); the right to restriction of processing; the right to data portability; the right to object to personal data processing; the right to bring an action before the competent court or a supervisory authority, where this right is provided for pursuant to the provisions of applicable law.

2. Data Subjects are aware that the above-mentioned rights are not absolute rights and accept that there is a possibility that certain personal data used for the fulfilment of  related purposes may not be erased (e.g. personal data for which there is an obligation to report to the authorities or for which there is an obligation to store).

3. Data Subjects have the following obligations:

1.

o to provide true, accurate and complete personal data in accordance with the omnimedica forms. If the personal data provided are not true, accurate and complete or have been altered, Data Subjects are obliged to inform the Collector, via omnimedica or by e-mail at _____________ about this and to provide the correct personal data as soon as possible;

o update their personal data whenever necessary;

o refrain from posting obscene, defamatory, threatening or malicious information, reviews and ratings against the Collector, their employees/collaborators or any other Data Subject, as well as any material or information prohibited as per the applicable law.

2. If a Data Subject breaches their obligations hereunder, the Collector shall have the right to take all legal measures to ensure that the previous situation has been restored (deletion of information published by the Data Subject, blocking of access to omnimedica, etc.) and to hold the Data Subject liable under penalty of law.

E. TERM OF PROCESSING. DELETION OF PERSONAL DATA

1. Personal data will be stored for the period of time necessary to achieve the purposes for which they were collected, i.e. for the period of time necessary to provide omnimedica services, the existence of the account, as well as for a subsequent period of time necessary for the reporting to the competent authorities. Personal data will be deleted when the Customer unsubscribes or the Data Subject chooses to unsubscribe and delete their account (applicable to both the Customer Representative account and the User account). Where national law requires the Controller to store certain personal data, in particular in relation to employment, the Controller will comply with these provisions and said personal data will be stored for the period mentioned thereby. Where the Customer is subject to such obligations, the Controller will take reasonable steps to assist the Customer in this regard.

2. Log-in and access history and habits will be stored for a period of ___ days, after which they will be deleted.

F. MODIFICATION OF THIS PRIVACY POLICY

1.

1. This Privacy Policy may be amended at any time by the Company as a result of legislative changes or omnimedica adjustments.

2. The updated Privacy Policy will be published on omnimedica and will be effective upon publication  thereof and available to Data Subjects.

3. By continuing to use omnimedica, Data Subjects agree to the new provisions of the Privacy Policy by indicating that they have read and acknowledged the new Privacy Policy.

If Data Subjects do not agree with one or more of the current or future provisions of this Privacy Policy, they will not be able to access and use omnimedica.

G. DISCLAIMER

Data Subjects fully understand and agree that all personal data of the Data Subjects is provided voluntarily, either by the Customer, the Customer’s representative and/or the User, and that the Company assumes no responsibility for the accuracy of said  provided personal data. Where personal data is provided by the Customer or the Customer’s Representative, the Data Subject fully understands and agrees that the Customer or the Customer’s Representative has the right to disclose such personal data to the Company and/or sub-processors. The Company cannot be held liable for any loss or damage caused to the Data Subject as a result of the processing of personal data provided by the Customer, Customer Representative and/or User.