Book now

Privacy Policy

As of May 25, 2018, the General Data Protection Regulation 2016/679/EU (GDPR) enters into force. The Regulation aims to create a single European legislative framework to protect the rights of individuals with regard to the processing of personal data and to regulate the flow of personal data.

Introduction

VENART, meaning:

CLINICA VASCULARA VENART SRL, CUI: 30214391

Is committed to ensuring your privacy when processing your personal information. This privacy policy provides details about the information we collect about you, how we use it and how we protect it. It also provides information about your rights.

Purpose

The purpose of this policy is to ensure that VENART complies with applicable General Data Protection Regulation (GDPR) legislation.

In this privacy policy, “we”, “us”, “our” means “the Company”.

Scope of our privacy policy

This privacy policy applies to anyone who interacts with us about our products and services (“you” “yours”) in any way (e.g., by e-mail, through our website, by phone, through our app, face-to-face). At any time, we may provide you with more privacy information if necessary for particular methods of contact or in connection with specific products or services.

This privacy policy applies to you if you ask us about or use our products and services. It describes how we process your information, regardless of how you contact us (e.g. by e-mail, through our website, by phone, through our app, etc.).

This policy is also generally valid for specific cases, for example if we provide you with access to our applications during the course of your collaboration, additional policies and procedures will be communicated to you.

Tasks and responsibilities

The General Manager (GM) is responsible for the application of this policy in the day-to-day work and has the obligation to monitor its implementation at all levels of the organization, including the work of the other members of the company’s management committee.

The managers of our sites will promptly report to the General Manager the status of implementation and any deviations from the provisions of this policy, with the obligation to ensure that site employees take responsibility for compliance in their day-to-day activities.

Data Protection Officers (DPO) The Company has appointed a Data Protection Officer within the organizational structure in a manner that ensures that the function is free from any influence that may compromise its ability to perform its work in an objective, fair and independent manner.

The Data Protection Officer reports directly to the Managing Director of the Company.

While performing his/her duties, the Data Protection Officer may, where appropriate, cooperate with all other departments of the Company, together with the GDPR committee explicitly designated by the Company. The Data Protection Officer shall provide advice to the Chief Executive Officer of the Company on any matter related to this Policy and the Regulation. The GDPR requires the Data Protection Officer to operate independently and without instructions from the Employer as to how to carry out their duties.

How we collect personal data

We collect personal information from you and from third parties (any person acting on your behalf, online forms, from the recording of phone calls or directly from the phone call, with the clear consent of the person with whom we interact, your employer, brokers, healthcare providers and so on).

When you provide us with information about other people, you must make sure that they have seen a copy of this privacy policy and agree to provide us with their information.

We collect personal information from you:

  • Through contact with us, including by telephone (we may record or monitor telephone calls to ensure they comply with laws, codes of practice and internal policies as well as for quality assurance purposes), by email, through our websites, through apps, by post, by completing an application or other forms (including on our website), through social media or face to face (for example, at our receptions, consultations or medical investigations).

     

For all our customers, we may collect information from:

  • your parents or guardians if you are under 18;
  • your employer if he has taken out a health subscription or health insurance for you;
  • a family member or someone else acting on your behalf;
  • doctors, other clinicians and healthcare professionals, hospitals, clinics or other healthcare providers;
  • any service providers who work with us in connection with the product or service for you, if it is not provided directly to you by us, such as providing applications, medical treatment, dental treatment or health assessments;
  • publicly available sources of information.

If we provide insurance products and services to you, we may collect information from:

  • the primary insured, if you are dependent under a family insurance policy;
  • your employer if you are covered by an insurance policy they have taken out;
  • Brokers and other agents (may be your broker if you have one, or your employer’s broker if they have one); and other third parties with whom we work, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, lawyers, translators and interpreters, tax consultants, debt collection agencies, credit reporting agencies, fraud detection agencies (including health insurance fraud groups), regulatory authorities, data protection supervisory authorities, medical professionals, other health care providers and health care providers;
  • People who pay for products or services we provide to you, including other insurers, public sector bodies and embassies.

Categories of personal information

We process two categories of personal information about you and (where applicable) your dependents:

  • standard personal information (for example, information we use to contact you, identify you or manage our relationship with you);
  • special categories of information (for example, health information that allows us to tailor care for you).

Standard personal information includes:

  • contact information, such as your name, home town, e-mail address and telephone numbers;
  • your date of birth and national identifiers (such as your CNP, ID card number or passport number); other data from your identity document (such as the series and number of your identity card);
  • birth certificate data – for minors;
  • information provided during the phone call to the Call center or directly in our clinics;
  • location and position within the employing company, in the case of occupational health services;
  • marital status, citizenship, signature, ethnic origin;
  • details of any contact we have had with you, such as any complaints or incidents;
  • image, through the surveillance cameras in our premises (in the premises where we have installed video surveillance cameras, they are indicated by visible signs);
  • payment details such as: billing address; first and last name, bank account.
  • geo-location data, if you drive the Venart company car or if you access the Venart application, based on your explicit consent.
  • information about how you use our website, applications or other technologies, including IP addresses or other device information, cookies.
  • information that you make public through social media.

Information in special categories includes:

  • information about your health (we may obtain this information from the application forms you have completed, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in the details of the contact we have had with you, such as information about complaints or incidents, evidence of medical services you have received) such as: medical history data, personal history data (physiological personal history and pathological personal history), tests and other services performed within the Venart network, medications administered within the network and in the past, blood group, hospitalization/observation sheet data, medical recommendations received, list of doctors and specialties accessed, family medical history data, genetic and biometric data.

Grounds on which we process your personal data

The grounds on which we process your personal data are the following:

  • In order to conclude or perform a contract with you according to Art. 6 para. 1 lit. b) of the GDPR, namely “the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”;
  • Based on your consent we may process data for marketing communications in accordance with Art. 6 para. 1 lit. a) of the GDPR, namely “the data subject has consented to the processing of his/her personal data for one or more specific purposes”;
  • In order to comply with a legal obligation, such as the obligation to communicate information to public authorities or entities authorized by them, or to comply with the archiving obligation in accordance with Art. 1 lit. c) of GDPR, namely “processing is necessary for compliance with a legal obligation incumbent on the controller”;
  • The processing is necessary for the purposes of our legitimate interests, in accordance with art. 6, paragraph 1 letter f) of the GDPR, namely “the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party…”, in compliance with the provisions of art.5 of the GDPR.

 

The grounds on which we process your sensitive data are:

  • The processing is necessary for the purposes of evaluating the ability to work, for employment or for periodical evaluation, in accordance with Art. 9, para.  2, letter b) of the GDPR: “processing is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject ….” .
  • The processing is necessary in situations of medical urgency or your inability to give your consent to the processing in accordance with Art. 9, para. 2, lit. c) of the GDPR: “processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent”
  • The processing is necessary for the establishment, exercise or defense of a right we have in court, in the event of disagreements, in accordance with Art. 9, para. 2, lit. f) of the GDPR: “processing is necessary for the establishment, exercise or defense of a right in court or whenever the courts act in their judicial function”

  • The processing is necessary for the effective provision of the medical service, taking into account the specificity of our activity, in accordance with art. 9, para. 2, lit. h) of the GDPR: “the processing is necessary for purposes related to preventive or occupational medicine, the assessment of the employee’s ability to work, the establishment of a medical diagnosis, the provision of medical or social care or medical treatment”.

  • The processing is necessary for reasons of public interest in the field of public health, in accordance with Art. 9, para. 2, lit. i) of the GDPR: “processing is necessary for reasons of public interest, such as the protection against serious cross-border threats to health or the provision of high standards of quality and safety of healthcare and medicines or medical devices, on the basis of European Union law or national law….”

  • The processing is necessary for the purposes of public archiving, in accordance with Article 9, paragraph 2, lit. j) of the GDPR: “processing is necessary for archiving purposes in the public interest, for purposes of scientific or historical research….”

Purpose of use of your personal data

We process your personal information for the purposes set out in this privacy policy. We have also set out a number of legal grounds on which we may process your personal information (these depend on what category of personal information we process). We normally process standard personal information if it is necessary to provide the services set out in a contract, if it is in our legitimate interests or those of third parties, or if it is required or permitted by any applicable law. Read below for more information about this and why we may need to process special category information.

By law, we must have a lawful reason for processing personal information. We process standard personal information about you if it is:

  • necessary to provide the services set out in a contract – if we have a contract with you, if you have a subscription with your employer or another person on your behalf, we will process your personal information in order to fulfill that contract (i.e. to provide you and your dependents with our services);
  • for our legitimate interests;
  • based on your consent;
  • required or permitted by law.

 

We process information in special categories about you because:

  • are necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, for medical diagnosis, to provide medical treatment, or to manage health care (including monitoring whether we are meeting expectations regarding our clinical or non-clinical performance);
  • are necessary for the purposes of fulfilling obligations and exercising specific rights in the field of employment and social security and social protection;
  • are necessary in order to analyze your complaints;
  • are necessary for a purpose designed to protect the public against dishonesty, malpractice or other improper conduct;
  • are necessary in case of a dispute, based on the legitimate interest of the company;
  • are necessary to protect your vital interest;
  • is in the public interest in accordance with applicable laws;
  • is information that you have made public; or

  • we have your permission In accordance with best practice, we will ask your permission to process your personal information if there is no other lawful reason to process it. If we need to ask your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us this permission. If we can’t provide a product or service without your permission (for example, we can’t manage and run a health trust without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on obtaining your permission.

  • where we provide you with insurance products, we may process your personal data for the purpose of settling claims.

Legitimate interests

We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and to exercise our rights or resolve complaints.

Legitimate interest is one of the legal reasons we can process your personal information. Taking into account your interests, rights, and freedoms, the legitimate interests that allow us to process your personal information include:

  • to manage our relationship with you, with our business and with third parties who provide products or services to us (for example, to schedule you for a requested service, to check whether you have received a service);
  • to provide healthcare services on behalf of a third party (for example, your employer);
  • debt recovery;
  • data processing in the event of a dispute;
  • video surveillance for the safety of you and your company’s employees/assets;
  • investigating and reporting security breaches;
  • recording and monitoring phone calls;
  • making sure complaints are handled efficiently and investigating complaints (for example, we might ask your treatment provider for info to make sure we get accurate info and to monitor the quality of treatment and care);
  • to update our records and provide you with marketing materials permitted by law;
  • for research and statistical analysis so that we can monitor and improve our products, services, websites and applications or develop new ones;
  • to monitor how well we meet our clinical and non-clinical performance expectations for health care providers;
    to enforce or apply our terms and conditions for use of the Site, our terms and conditions of policies or other contracts, or to protect our (or our clients’ or others’) rights, property or safety;
  • to exercise our rights, defend ourselves against claims and comply with the laws and regulations that apply to us and to third parties with whom we work;
  • to participate in, or be the subject of, any sale, purchase, merger or takeover of the Venart Group or any part of it.

Marketing and preferences

We may use your personal information to send you marketing materials by mail, telephone, social media, e-mail and text messages.

We may only use your personal information to send you marketing materials if we have your permission, given during your visit to one of our clinics, by completing consent, or by checking the options in your online account, or for legitimate interests as described above.

If you do not wish to receive emails from us, you can click the “unsubscribe” link that appears in all emails we send. If you do not want to receive text messages from us, you can tell us by contacting us at any time. Otherwise, you can always contact us to update your contact preferences.

You have the right to object to direct marketing and profiling (the automatic processing of your information to help us evaluate certain things about you, for example, your personal preferences and interests) related to direct marketing. See the section on your rights for more details.

Processing for profiling and automated decision-making

Like many companies, we sometimes use automation to provide you with faster, better, more consistent and accurate service and marketing information that we believe will be of interest to you (including discounts on our products and services). This will involve evaluating information about you and, in some cases, using technology to provide automated responses or decisions.

You have the right to object to direct marketing and profiling related to direct marketing. You may also have the right to object to other types of profiling and automated decision making outlined below. In these cases, you have the right to ask us to ensure that one of our advisors reviews an automated decision, to let us know how you feel about it, and to ask us to reconsider the decision.  We may only use processing for profiling if we have your explicit consent.

By law, we must define the following for you:

  • automated decision-making – making a decision using technology, without involving a person; and
  • profiling – the automatic processing of your information to help us assess certain things about you (for example, your personal preferences and interests).

 

This is because you have certain rights regarding automated decision making and profiling. You have the right to object to profiling in connection with direct marketing. If you do so, we will no longer be able to create profiles for direct marketing purposes. You also have the right to object to profiling in the other circumstances set out below.

The processes set out below involve both profiling and automated decision making.

  • Depending on the type of health insurance product you are applying for, in order to help us decide what level of cover we can offer you, we will ask you to provide us with information about your medical history. We may use software programs to review this information to find out if you have any previous or existing health problems that we cannot cover and which will be excluded from your policy.

  • We may use software programs to help us price products and services based on what we know about you and other customers. For example, our technology can analyze information about your claims history and compare it with information we have about past claims to assess the likelihood that you will need to make a claim. We may also assess your age, where you live and other details relating to your health (such as existing health problems and whether you smoke) to calculate prices for products priced in the community, which are based on pre-defined groups with similar risk profiles.

 

The processes outlined below involve creating profiles.

  • In order to improve outcomes and to be more efficient and allow us to advise you on different avenues of treatment (for example, alternatives to surgery or other invasive treatments), we may use software programs to evaluate medical history and general population information in an area to identify clients who may most need this advice.
  • When your policy is up for renewal, our software program tells us this and can also evaluate your payment and claims history, general information in a particular field, and other third party information to automatically provide you with information about incentives we may offer and marketing messages you will receive.

  • We ask other organizations to conduct some of our consumer and market research to improve our marketing processes. This involves sharing personal information about our customers with third parties who specialize in profiling and segmenting people (putting different types of customers into groups, based on the different information collected about them, to help us better target our products to them).

 

These companies match the information we provide with information they receive from other sources to improve the accuracy of their analysis. We use the results of this analysis to help target our marketing and offers.

  • We may use information about the products you have purchased and information about other customers who have purchased the same products as you, to ensure that we send you information about the products you are most likely to be interested in.
  • We may share your personal information (including your name, date of birth, gender and country of residence) with third party companies, which we use to carry out anti-fraud checks. We will review any matches in this process. (We will not use automated decision making for this.)

Distributing your information

We distribute your information within the Venart Group, to your employer, to persons acting on your behalf (e.g. brokers and other agents) and to others who help us provide services (e.g. health care providers and health care suppliers) or from whom we need information to enable us to manage or confirm claims or entitlements. We also distribute your information in accordance with the law.

It is sometimes necessary to distribute your information to other individuals or organizations for the purposes set forth in this Privacy Policy.

For all of our customers, we may share your information:

  • other VenArt team members;
  • other organizations to which you belong or with which you are professionally associated, to confirm your right to claim discounts on our products and services;
  • doctors, clinicians and other healthcare professionals, hospitals, clinics or other healthcare providers;
  • suppliers who contribute to the delivery of products or services on our behalf, suppliers who carry out customer opinion and satisfaction (quality) surveys;
  • to persons or organizations to whom we must, or are permitted by law (for example, for fraud prevention or protection) to distribute them;
  • lawyers, external consultants, auditors from Romania or abroad, debt recovery companies;
  • state authorities empowered by law or any entities authorized by them, in particular public authorities in the field of health in Romania: the National Health Insurance House, the Public Health Directorate, the Ministry of Health, local and/or central institutions and others;
  • financial and banking institutions;
  • bailiffs;
  • the police and other law enforcement agencies to help them carry out their duties, or other persons if we are required to do so by law or court order;
  • if we (or any member of the Venart Group) sell or buy any business or assets, to the prospective buyer or seller of that business or those assets; and to a third party acquiring Venart Group’s assets (in this case, personal information we hold about customers or site visitors may be one of the assets that the third party acquires).
  • your employer, if they pay for the services we provide;
  • our insurance partners, e.g. brokers, reinsurers, actuaries, auditors, auditors, lawyers, translators and interpreters, tax consultants, debt collection agencies, fraud detection agencies, regulators, data protection supervisory authorities;
  • those who pay for the products or services we provide to you, including insurers, public sector bodies and embassies;
  • those who offer you treatment and other benefits;
  • national registers;
  • national screening databases;
  • government authorities and agencies.

 

If we provide you with insurance, we distribute the information:

  • to the policyholder or their agent, if you are not the principal member under an individual policy (we will send them all membership documents and confirmation of how we have dealt with a claim and all persons who are insured under the policy can access correspondence and other information);
  • to your employer (or broker or agent) for product or service administration purposes, if you are a member or beneficiary under the employer group scheme;
  • your broker or agent (or both);

  • other third parties that we work with to provide our products and services to you, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, lawyers, translators and interpreters, tax consultants, debt collection agencies, credit reporting agencies, fraud detection agencies (including healthcare anti-fraud groups), regulators, data protection supervisory authorities, medical professionals, other healthcare providers and healthcare providers;

  • and organizations that provide you with treatment and other benefits, including travel assistance services.

If we share your personal information, we will ensure that adequate safeguards are in place to protect your personal information in accordance with data protection laws.

Anonymized and combined information

We support ethically approved clinical research. We may use anonymized information (with all names and other identifying information removed) or information that is combined with other people’s information, or disclose it to others for research or statistical purposes. You cannot be identified from this information and we will only share the information in accordance with legal agreements that establish an agreed, limited purpose and prevent the information from being used for commercial gain.

Transfer of information outside the European Economic Area

We take steps to ensure that, when we transfer your personal information to another country, there are adequate safeguards in place in accordance with data protection laws. Often, this protection is established under a contract with the receiving organization.

Retention time of personal information

We keep your personal information in accordance with established periods, calculated using the following criteria.

  • How long you have been our customer, the types of products or services you have from us and when you will no longer be our customer.
  • As long as it is reasonable to keep records to show that we have fulfilled our obligations to you and the law.
  • Until the deadline for making a claim, in the case of insurance products.
  • Any information retention periods established by law or recommended by regulatory authorities, professional bodies or associations.
  • Orice procedura relevanta care applies.

 

In general, medical data is stored for up to 50 years in accordance with Venart’s internal policies.

Your rights

You have the right to access your information and to ask us to correct any mistakes and to delete and restrict the use of your information. You also have the right to object to the use of your information, to ask us to transfer the information you have provided, to withdraw the permission you have provided to us to use the information and to ask us not to use automated decision-making processes that may produce legal effects.

You have the following rights (certain exceptions apply):

Right of access: the right to make a written request for details of your personal information and a copy of that personal information;

Right of rectification: the right to correct or delete inaccurate information about you;

The right to erasure (“right to be forgotten”): the right to erasure of certain personal information about you;

Right to restriction of processing: the right to request that your personal information be used only for restricted purposes;

Right to object: the right to object to the processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or if we have informed you that the processing is necessary for our legitimate interests or those of a third party. You may object to the use of your information for profiling purposes where direct marketing is involved;

Right to data portability: the right to request that the personal information you have provided to us be transferred to a third party in a machine-readable format;

Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of the Company’s use of your personal information prior to your withdrawal of consent and we will notify you if we can no longer provide you with the product or service you have chosen;

The right in relation to automated decision-making: you have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless it is necessary to enter into a contract with you, is authorized by law or unless you have given your explicit consent. We will notify you when such decisions are made, the legal grounds on which we are relying and the rights you have.

Please note: apart from your right to object to the use of your data for direct marketing (and profiling to the extent it is used for direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to resolve your request.

If you make a request, we will ask you to confirm your identity, if necessary, and to provide information to help us better understand your request. If we do not resolve your request, we will explain why.

Processing security

VenArt attaches particular importance to the secure and confidential processing of your data and utilizes, whenever possible, the latest technologies and methodologies in the field.

Thus, Venart will carry out the transmission of data both within its network and, where appropriate, outside it, only by using secure encryption methods and updated to the latest. Furthermore, during the operational processing of personal data and special data, it will use modern pseudonymization and anonymization methods whenever possible, thus minimizing the risk of security breaches.

Venart will always process only the data that is absolutely necessary in accordance with the purpose and legal grounds.

Failure to provide your data

If you do not agree to the provision of your data, we are unable to provide the services you request.

Contact details regarding data protection

If you have any questions, comments, complaints or suggestions about this policy or any other concerns about how we process information about you, you can contact us at: gdpr@clinica-vasculara.ro

You also have the right to submit a complaint to the National Supervisory Authority for the Processing of Personal Data.

Entry into force and revision

This policy has been adopted by the Company’s Management Team and is effective immediately upon adoption.

The Policy will be reviewed annually, even if no changes have been made to its contents or whenever the Society deems necessary.

References:

Let’s keep in touch!

Thank you for choosing us as your healthcare provider. Your trust means a lot to us and part of our responsibility is to protect your personal data.

Phone:

Email:

Appointments:

Cluj-Napoca

Address: 27 René Descartes St, 400486

Address: 56 Calea Turzii , 400193

Bucharest

Address: 5 Ghiță Pădureanu St, 020311

Address: 79-91 Traian Popovici St, (former Unității), 031424

S.C. Clinica Vasculară Venart S.R.L.

J12/1354/18.05.2012 / CUI: 30214391

Head Office

12 Mamaia St, Fl. 4, Ap. 30, Cluj-Napoca, Cluj County, 400024, Romania

Bank accounts:

Libra Bank: RO24BREL0002000886450100

Banca Transilvania: RO35BTRLRONCRT0252610501

  • © 2025 VenArt Clinica. All rights reserved.
Poza care reprezinta logo-ul gdpr
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.