Effective Date: September 11th, 2023
This Privacy Policy has been prepared Dikta Inc S.R.L., a limited liability company based in Romania, Bucharest, 4th District, 27 Frunzișului Street, registered with the Trade Register under no. J40 /11619 /2020, tax number RO 43048037, as owner of the Parol Platform (hereinafter, “we,” “us,” “our”). We take the private nature of your personal data very seriously. This Privacy Policy describes how we collect, use, process, and disclose your personal data in connection with your access to and use of the Parol website, platform, mobile applications, and related services (collectively, the “Services”). This Privacy Policy is prepared in compliance with art. 12-14 of the EU General Data Protection Regulation no. 679/2016 (the “GDPR”).
This Privacy Policy contains important information about how we use your data as data controllers – that is, when we decide what we do with your personal data and information and how we do this. When we operate our Parol Platform when you use our Services, we will use your personal data and information, as well as those of other persons such as your customers who are patients; however, we do this on behalf of our clients, in our capacity as data processors. In these cases, our clients act as data controllers and have the obligation, pursuant to the applicable legislation, to provide data subjects with adequate information on how their personal data and information are processed including the processing activities we conduct as data processors. If you are a patient whose personal data and information is processed via the Parol Platform, you should review the privacy notices made available by your clinic or doctor to understand how your personal data is processed via the Parol Platform.
We encourage you to take the time to read it fully and carefully before interacting with us. Please do not hesitate to let us know if you have any questions using the contact details provided in this notice. We want it to be clear to you why and how we use your data, how we protect it, and your rights in relation to our use of your data.
Data Protection Officer (DPO)
To exercise one or more of your rights set out below or to ask a question about these rights or our processing of your personal data, contact us at [email protected].
This Privacy Policy describes:
• what personal data we collect;
• how we use personal data;
• lawful bases for processing personal data;
• how we share and disclose personal data;
• international data transfers;
• data subject rights;
• how long we retain personal data.
- What Personal Data We Collect
Personal data is any information that identifies, relates to, describes, references, or can be linked to a particular individual thus enabling the identification of such individual. When you access or use the Services, we may collect the following categories of personal data about you:
• Contact details: information that allows us to contact you such as your name, email address, mailing address and phone number.
• Demographic data: information about you such as your age, gender, country, and preferred language.
• Authentication data: information that helps verify your identity such as account username, other login credentials and passwords.
• Transaction data: information about payments you make for our paid services such as payment method and history.
• Service data: information about your use of the Services such as session length, content you accessed, account settings, date and time when you use our Services.
• Content: any information you choose to provide directly to us such as audio recordings, transcripts, notes and other documentation.
• Device data: information collected from your devices such as IP addresses, device IDs, type of browser and operating system.
• Location data: information about your geographic location collected through GPS, WiFi networks, cell towers, or other methods.
• Cookies and tracking technologies data: information about you collected through tracking mechanisms like browser cookies, web beacons, pixels, and SDKs, which are used when we provide our Services to you.
When you communicate your personal data directly to us, please provide all categories of personal data requested by us. Otherwise, we may not be able to properly carry out the activity for which you contact us (including, among other things, responding to your requests).
- How We Use Personal Data
We collect your personal data for the purposes described below:
a) Provide the Services: Process your transactions, provide access to the Services, communicate with you about your account on the Parol Platform, address technical issues related to the provision of the Services or the functioning of the Parol Platform, comply with your settings, troubleshooting, make recommendations and assist with the implementation of specific settings, customizations, features, services, communicate with you in relation to our Services, etc.
b) Improve the Services: Analyze how you interact with and use the Services to monitor, and enhance our products, services, security, performances, features, etc.
c) Recommendations and communications: Make suggestions to you and send you communications on matters such as the Services, your account, customized content, features, services, offers, advertisements and other marketing and commercial purposes, via email, push notification, chat, phone, fax, mail, social media or otherwise, etc.
d) Comply with Legal Obligations: Adhere with laws and regulations that apply to us which may include appropriately disclosing your personal data when required, such as when we are running our accounting and making tax declarations.
e) Fraud Prevention and Security: Detect and prevent fraudulent, abusive, or unlawful activity that may jeopardize you, us or others. This includes investigating, mitigating and managing security risks.
f) Managing our interests and rights: Establish, exercise or defend our rights, perform contracts (including with your employer), answer your requests and claims, engage in contracts and transactions related to our Services or the Parol Platform, conduct reporting and intra-group activities, audits, etc.
- Lawful Bases for Processing Personal Data
We only process your personal data when we have a lawful basis for doing so under Article 6 of the EU’s General Data Protection Regulation no. 679/2016 (the “GDPR”). This includes:
• When you consent to the processing activity: our processing activities in Section 2 (How We Use Personal Data), para. c) above relies on this lawful basis when they concern our commercial and marketing approach to you.
• To perform a contract with you like providing the Services pursuant to our Terms of Service: our processing activities in Section 2 (How We Use Personal Data), paras. a) and b) above rely on this lawful basis when they concern our contractual obligations to you pursuant to our Terms of Service.
• To comply with legal obligations under law: our processing activities in Section 2 (How We Use Personal Data), para. d) above relies on this lawful basis
• To pursue our legitimate business interests (or those of third parties), where those interests are not overridden by your data protection rights and interests: our processing activities in Section 2 (How We Use Personal Data), paras. b), e) and f) above rely on this lawful basis; we have considered your interests and rights when we decided to conduct these processing activities and believe that they are sufficiently protected when we carry out these activities.
If we use your data on the basis of your consent, you should be aware that you can withdraw your consent at any time and we will no longer use your data from that point onwards. In any event, however, our activities performed prior to the withdrawal of your consent, including those involving your data, will remain in effect.
You may withdraw your consent to the processing of your data, where this is the basis on which we use your data as set out above, by contacting us to do so using the contact details set out in this Privacy Policy.
If you provide us with personal data of individuals other than yourself, please inform them, prior to disclosing the data to us, of how we intend to use their data, e.g., by sending a link to this Privacy Policy to them. If we come into direct contact with these individuals, e.g., to ask for their consent to the use of their data, where this is required, we will ensure that we pass on this Privacy Policy to them.
- How We Share and Disclose Personal Data
We may share or disclose your personal data with the following parties:
• Service Providers and Business Partners: With third party companies and individuals we use to support our business and who are contractually bound to keep personal data confidential. This includes service providers for IT services, data storage, security, fraud prevention, payment processing, customer support, marketing, analytics, etc.
• As Part of a Business Transaction: As part of a merger, acquisition, bankruptcy, dissolution, reorganization, sale, transfer, or other transaction involving all or part of our business or assets, when we may disclose your personal data and information to our counterparts and their legal counsel and advisors.
• Affiliates: With our corporate parent, subsidiaries, and affiliates for business purposes like internal reporting, product development, site operations, audits, research, etc.
• Legal Process and Law Enforcement: With law enforcement, government agencies, courts or authorized third parties, if compelled by subpoena, court order, or other legal process or requirement. This includes responding to lawful requests by public authorities.
• To Protect Rights and Interests: Where necessary to enforce our Terms of Service, protect our rights, property, safety, customers or others, or respond to or defend against legal claims.
• Other third parties: With third parties when you consent to the sharing.
• Anonymized and Aggregated Data: We may share non-personally identifying information with third parties for purposes like research, analytics, demographics, and advertising.
- International Data Transfers
We operate globally so it may be necessary to transfer your personal data to countries outside of the European Economic Area (EEA). We only transfer personal data outside the EEA where lawful data transfer mechanisms exist, so that your personal data remain protected at all times.
- Data Subject Rights
Under the GDPR, you have certain rights relating to your personal data. This includes rights to:
• Request access to your personal data: you can obtain from us the confirmation that we process your personal data, as well as information on the specifics of the processing such as: purpose, categories of personal data processed, recipients of the data, period for which the data is kept, existence of the right of rectification, erasure or restriction of processing. This right allows you to obtain a copy of the personal data processed free of charge as well as any additional copies for a fee.
• Correct or rectify your personal data: you may request us to amend your incorrect personal data or, if necessary, to complete incomplete data.
• Erase or delete your personal data: you may request the deletion of your personal data when: (i) it is no longer necessary for the purposes for which we collected and process it; (ii) you have withdrawn your consent to the processing of personal data and we can no longer process it on other legal grounds; (iii) personal data is processed unlawfully; or (iv) personal data must be deleted in compliance with the relevant legislation.
• Restrict or limit processing of your personal data: you may request the restriction of the processing of your personal data by us if: (i) you contest the accuracy of the personal data for a period that allows us to verify the accuracy of the data concerned; (ii) the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of its use; (iii) the data is no longer necessary for us to process, but you request the restriction of its processing and require the data for a legal claim; or (iv) if you have objected to the processing, for the period of time during which it is verified whether our legitimate rights as controller prevail over your rights as a data subject;
• Portability to obtain an electronic copy of your personal data: you may request us, under the terms of the applicable law, to provide your personal data that you have provided to us in a structured, frequently used and machine-readable form (e.g., CSV format). We may also, if you expressly request us to do so, transmit your personal data to another entity if technically possible. You will only be able to exercise your right to portability if (cumulatively): (i) the processing is carried out by automated means; and (ii) the processing is carried out on the basis of your consent or to perform a contract with you.
• Object to use of your personal data for direct marketing, research or profiling: you may object at any time to processing based on our legitimate interest by providing us with reasons relating to your specific situation.
• Not be subject to automated decision-making without human involvement: currently, we do not process your personal data exclusively through automated individual decision-making processes. Should we initiate such processing of personal data, we will supplement this Privacy Policy accordingly.
• Withdraw consent where we rely on your consent to process your personal data: you may withdraw your consent to the processing of personal data processed on the basis of consent at any time, without this in any way affecting the processing carried out prior to the withdrawal.
• Lodge a complaint with your local supervisory authority for data protection: You have the right to lodge a complaint with your local supervisory authority for data protection if you believe your rights have been breached. However, we respectfully request that you contact us with any complaints or concerns you may have before contacting the relevant authority.
If you would like to exercise any of these data subject rights under GDPR, please contact us at [email protected]. We will consider and respond to all requests in compliance with applicable data protection laws.
- How Long We Retain Personal Data
We intend to keep your personal data for as long as necessary to fulfil the data processing purposes we are pursuing. In some cases, we are required by law to retain certain information and data about you for lawful retention periods, which are generally set for archiving purposes (e.g., 5 years for financial accounting purposes). We also do not exclude that we may need to retain some data and information about you to support and protect our own interests; however, in this case we will not retain data and information about you for more than 3 years after the termination of our relationship, including our communications.
If you are a user of the Parol Platform, we retain your data while you are browsing the platform and thereafter in accordance with our Cookie Policy, available here: https://parol.app/policy.html
Where we use your data based on your consent, e.g., when sending you newsletters or interacting with you via social networks, we will retain your data in principle until you withdraw your consent.
If you contact us via the contact form, we will retain your data for no longer than the duration of the resolution of your request and for a reasonable period after the completion of your request, which will not exceed 12 months from the completion of your request, unless we deem it necessary to retain the data for longer to protect our rights and interests or according to our legal obligations (such as archiving for financial-accounting purposes).
If you are a representative of our business partners, we retain your data for the duration of the contractual relationship with our business partners and for up to 3 years after its termination.
- Cookies and Similar Technologies
We utilize cookies, web beacons, tracking pixels, and other tracking technologies on our Services to help analyze and customize the Services and improve your experience. Through these technologies we may automatically collect information about your equipment, browsing actions, or patterns. This includes information like your internet protocol (IP) address, browser type, operating system, referral URLs, device information, browsing history, and website usage data.
Our cookies allow you to use and customize certain features of the Services. You can manage browser cookies through your browser settings and other tools. However, disabling our cookies may interfere with proper functioning of the Services.
Please see more on the use of cookies and other tracking technologies on the Parol Platform in our Cookie Policy, available here: [INCLUDE A LINK TO THE COOKIE POLICY].
- Do Not Track Signals
Some web browsers incorporate “Do Not Track” signals. Currently, uniform standards for “Do Not Track” requests have not been adopted so our Services do not process or respond to “Do Not Track” signals. We cannot guarantee third party websites will honor “Do Not Track” requests.
- Third-Party Links
The Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy. We are not responsible for the privacy practices or content of these other sites.
- Changes to this Privacy Policy
We may update this Privacy Policy periodically as required by law or to reflect changes to our personal data practices. We encourage you to periodically review this page for the latest information on our privacy practices.
- Contact Us
If you have any questions or concerns about this Privacy Policy or our personal data practices, please contact us at:
Dikta Ink SRL
Str. Frunzișului 27,
București, România
[email protected]