A

roxunap

Professional Consultation

Expert Joint Health Guidance

Privacy Policy

Last Updated: January 2025

Effective Date: January 1, 2025

1. Introduction

roxunap ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our JointCareX consultation services and website, in compliance with the General Data Protection Regulation (GDPR) and Romanian Law 190/2018 on implementing GDPR measures.

As your data controller, we are responsible for ensuring your personal data is processed lawfully, fairly, and transparently.

2. Data Controller Information

Data Controller: roxunap

Services: Joint health consultation and wellness education

Legal Basis: Legitimate business interest in providing consultation services

Contact for Data Protection Inquiries: Use the contact form on our website

Supervisory Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

3. Information We Collect

3.1 Personal Information You Provide

  • Contact information (name, email address, phone number)
  • Health-related information you choose to share during consultations
  • Communication preferences and consultation requests
  • Feedback and survey responses

3.2 Automatically Collected Information

  • Technical data (IP address, browser type, device information)
  • Usage data (pages visited, time spent on site, interaction patterns)
  • Cookies and similar tracking technologies (see our Cookie Policy)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Consent (Article 6(1)(a)): When you explicitly agree to processing for specific purposes
  • Contract Performance (Article 6(1)(b)): To provide consultation services you have requested
  • Legitimate Interest (Article 6(1)(f)): For business operations, fraud prevention, and service improvement
  • Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations

5. How We Use Your Information

  • Provide and deliver consultation services
  • Communicate with you about appointments and services
  • Improve our services and website functionality
  • Ensure website security and prevent fraud
  • Comply with legal obligations and respond to legal requests
  • Send service-related communications and updates

6. Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. We may share your information only in the following circumstances:

  • Service Providers: Trusted third parties who assist in operating our services (hosting, analytics, communication tools)
  • Legal Requirements: When required by law, court order, or government regulations
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Consent: When you have given explicit consent for specific sharing purposes

7. International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Your explicit consent for the transfer

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Consultation Records: 7 years from last interaction (for professional liability purposes)
  • Contact Information: Until you request deletion or withdraw consent
  • Technical Data: 2 years from collection
  • Marketing Data: Until you unsubscribe or withdraw consent

9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Article 15): Request copies of your personal data
  • Right to Rectification (Article 16): Request correction of inaccurate data
  • Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Request limitation of data processing
  • Right to Data Portability (Article 20): Request transfer of your data
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us using the form on our website. We will respond within 30 days of receiving your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and employee training
  • Secure hosting and backup procedures
  • Incident response and breach notification procedures

11. Cookies and Tracking

We use cookies and similar technologies to improve your browsing experience. For detailed information about our cookie usage, please see our Cookie Policy.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the "Last Updated" date.

14. Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about your data:

  • Use the contact form on our website
  • Contact our data protection team through our main consultation request form

15. Supervisory Authority

You have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) if you believe your data protection rights have been violated:

Romanian ANSPDCP

Website: dataprotection.ro

You may also contact your local EU data protection authority.

Contact Us About Your Data