Login

Privacy Policy

This policy briefly explains how PALMED processes personal data on the website palmedromhealth.com.

2. What data we collect

  • Member accounts (clinics): clinic name, contact person, login email, passwords (hashed), account settings.

  • Patient appointments: first name, last name, email, phone, country, date of birth, selected clinic/doctor/specialty/procedure, preferred time slot, options (transport/accommodation/transfer), uploaded medical files, message.

  • Newsletter: email (and, optionally, name).

  • Usage/analytics data: cookie identifiers (Google Analytics), anonymized IP addresses, pages visited, session duration, traffic sources, device/browser type.

3. Purposes and legal bases

  • Member account administration: providing access and operating the platform – Art. 6(1)(b) and/or Art. 6(1)(f) GDPR.

  • Forwarding appointment requests to clinics: steps taken at the request of the data subject – Art. 6(1)(b) GDPR; for any health data, processing by the clinic is based on Art. 9(2)(h) GDPR, and transmission via the platform is based on the patient’s explicit consent – Art. 9(2)(a) GDPR.

  • Newsletter: sending communications – consent – Art. 6(1)(a) GDPR (withdrawable at any time).

  • Analytics (Google Analytics) and website improvement: audience measurement and service quality – Art. 6(1)(a) GDPR (per the Cookie Policy) or Art. 6(1)(f) GDPR (legitimate interest), with user control options.

  • PALMED’s own statistics: PALMED may use website data about visitors (e.g., traffic, types of requests) strictly for its own statistical purposes, in aggregated and/or anonymized form, without the possibility of identifying individuals.


4. Who receives the data

  • The selected clinic: receives the appointment request (by email and in its platform account) and processes the data as an independent controller for scheduling and medical services.

  • PALMED’s IT providers (processors): hosting and maintenance, email, analytics (Google), acting under contracts and strict instructions.

  • Authorities: only where there is a legal obligation.


5. How long we keep the data

  • Member accounts: for the duration of the contractual relationship; upon termination, deletion/deactivation within a reasonable period.

  • Appointments: temporary storage by PALMED for transmission/technical confirmation; thereafter, the clinic retains data according to its own policies. PALMED may keep only aggregated/anonymous statistics (no personal data).

  • Newsletter: until unsubscribe or prolonged inactivity.

  • Analytics: according to Google settings/the Cookie Policy; users may opt out.

6. Your rights

Access, rectification, erasure, restriction, portability, objection (including to marketing), withdrawal of consent, and the right to lodge a complaint with the ANSPDCP (www.dataprotection.ro).
To exercise your rights: office@palmed.ro. Requests regarding appointments may require contacting the clinic (the relevant data controller); PALMED will assist with forwarding and resolution.

7. Security

We apply appropriate technical and organizational measures (TLS, access control, logging and monitoring, backups, authorized staff confidentiality). Access to appointment content is strictly limited to technical administration; we do not use appointment data for our own purposes.

8. Transfers

If we use services located outside the EEA (e.g., Google), we ensure appropriate safeguards (standard contractual clauses, etc.).

9. Updates

We may amend this policy; the current version is available on the website and indicates the date of the last update.

Last updated: 1 November 2025