Privacy policy

This privacy policy informs you about the information we collect from you when you use our site. In collecting this information, we act as the controller of personal data and, by law, we are obliged to provide you with information about us, about the purpose and the way we use your data and about the rights you have over your personal data.

Before using www.cardionline.ro, please read the information below carefully.

1. Who are we?

The contact details of our data protection officer are:

2. How do we use your information?

2.1 When you use our site

When you use our site to search for our services and to view the information we provide, a number of cookies are used by us (first party cookies) and third party cookies to allow the site to function, to collect useful information about visitors and to give you the best possible experience in using our site.

Some of the cookies we use are strictly necessary for our site to work and we do not ask your consent to put them on your computer. These cookies are listed below.

Cu toate acestea, pentru acele cookie-uri care sunt utile, dar nu strict necesare, vom cere mereu consimțământul dvs. înainte de a le plasa. Acestea sunt:

For more information on the use of cookies, please see our cookie policy.

2.2 When you submit a request through our site

When you submit a request through our site, we ask for your name and email address.

We use this information to respond to your request, including the provision of information about our products and services. We may send you an email more than once after you have made a request to ensure that we have answered your question and to improve our user experience.

Your request is stored and processed: the name, email, and content of the request will be saved in our database so that we can respond to your request.

We do not use the information you provide to make automated decisions that may affect you.

We keep emails from requests for two years, after which we delete them.

2.3 When you use the mobile application and the telemonitoring / telerehabilitation services

As part of the cardiovascular telemonitoring and telerehabilitation services provided through the CardiOnline platform (including the mobile application), we collect and process health data about you (a special category of personal data under Article 9 GDPR). This data is essential for delivering the medical service remotely and for monitoring your clinical evolution.

Categories of health data collected:

• Vital and physiological data measured by your devices or connected sensors: heart rate (pulse), blood pressure (systolic/diastolic), blood oxygen saturation (SpO₂), body weight, body temperature, ECG tracings, physical activity level (steps, distance, calories burned), sleep duration and quality
• Clinical and medical history data: cardiology diagnosis, medical history, current medication, cardiovascular risk factors, reported symptoms
• Rehabilitation programme data: exercises performed, duration and intensity of sessions, vital parameters recorded during training, progress against set goals
• Teleconsultation data: notes from the attending physician, therapeutic recommendations, prescriptions, recordings (where explicit consent has been given)

Purposes of processing:

• Remote monitoring of your health status by authorised medical personnel
• Delivery of personalised cardiovascular rehabilitation programmes
• Alerting the medical team when abnormal parameters are detected
• Adapting your treatment plan based on your clinical evolution
• Conducting remote cardiology consultations
• Creating and maintaining your electronic medical record, in accordance with applicable legislation

Legal basis for processing:

• Article 9(2)(h) of Regulation (EU) 2016/679 (GDPR) – processing is necessary for the purposes of preventive medicine, medical diagnosis, the provision of health care, and the management of health systems and services
• Article 9(2)(a) GDPR – the explicit consent of the data subject for the use of telemedicine services
• Romanian Law no. 95/2006 on healthcare reform
• Romanian Law no. 46/2003 on patient rights

Source of the data:

Health data comes directly from you — through manual entry in the application, through connected medical devices (blood pressure monitors, pulse oximeters, Holter monitors, smart scales, wearable devices), or through integration with platforms such as Google Fit / Health Connect / Apple HealthKit, only if you have granted explicit permissions in that regard. Permissions can be revoked at any time from your device settings.

Who we share this data with:

Health data is accessible exclusively to you and to the authorised medical personnel of CardiOnline (attending cardiologist, nurse, physiotherapist) who oversee your case. We do not sell, rent, or transfer this data to third parties for commercial, advertising, or profiling purposes. The data is not used for advertising.

Storage and security:

Health data is stored encrypted, on servers located within the European Union, with strictly controlled role-based access and authentication. We apply technical and organisational measures consistent with applicable medical-sector standards.

Retention period:

Medical data is retained for the duration necessary to provide the medical services and thereafter in accordance with the periods set out in applicable Romanian medical legislation (generally, a minimum of 5 years for the electronic medical record, in accordance with Ministry of Health regulations). Upon termination of the contract, you may request a copy of the data or its deletion, to the extent that there is no legal obligation to retain it.

Data deletion:

You may request the deletion of your health data by sending a request to the email address listed in the Who are we? section. Additionally, the mobile application provides the option to deactivate your account and request the deletion of associated data.

3. Your rights as a data subject

You can ask us what information we have about you and ask us to correct it if it is inaccurate. If we have asked for your consent to the processing of your personal data, you may withdraw this consent at any time.

If we process your personal data to fulfill a contract or consent, you may ask us to provide you with a copy of the information in a readable format so that you can transfer it to another provider.

If we process your personal data on the basis of consent or legitimate interest, you may request that your data be deleted.

You have the right to ask us not to use your information for a period of time if you believe that we are not doing so legally.

Finally, under certain circumstances, you may ask us not to make decisions that affect you using automated processing or profiling.

To send a request for your personal information via email, mail or telephone, use the contact information provided above in the Who are we? of this policy.

4. Your right to file a complaint

If you have a complaint about your use of your information, we'd prefer you contact us first so that we can resolve your request amicably. However, you can also contact the National Authority for the Supervision of the Processing of Personal Data for Information through their website at https://www.dataprotection.ro or write to them at: B-dul G -ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania.

5. Updates to this privacy policy

We regularly review and, as appropriate, regularly update this privacy policy when changes occur as a result of the provision of services. If we want to use your personal data in a way that we have not previously identified, we will contact you to provide information about it and, if necessary, to request your consent.

We will update the version number and date of this document each time it is modified.