Last updated: July 01, 2025

Introduction

LaMed Clinic (“LaMed”, “we”, “us” or “our”) is committed to protecting the privacy of our patients and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with our website (www.LaMed.com) or services. We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Romanian laws in respect of personal data protection. This Policy applies to all users in Romania and across the European Union who use our services or visit our website.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. We encourage you to read it carefully to understand our practices regarding your personal data.

Data Controller and Contact Information

The Data Controller for your personal data is LaMed Clinic, a medical clinic operating in Romania and serving clients across the EU. We have not appointed a dedicated Data Protection Officer (DPO) as we are not legally required to do so; instead, our internal team will handle all privacy-related matters. If you have any questions about this Policy or wish to exercise your data protection rights, please contact us:

You may also contact us at the above details to request any information regarding your personal data or this Policy. We will respond to your inquiries and requests as promptly as possible and in any event within the timeframe required by law.

Personal Data We Collect

We only collect personal data that is necessary for the purposes described in this Policy. The types of personal data we may collect include:

  • Identity and Contact Data: Full name, email address, and telephone number.
  • Appointment Request Information: Details you provide when requesting an appointment (e.g. preferred date and time, medical service or doctor requested, and any additional information you choose to include in your message).
  • Website Usage Data: Technical information collected when you visit our site, such as your IP address, browser type, operating system, referring website, pages viewed, and the dates/times of access. This may be collected through server logs and analytics cookies.
  • Cookies and Tracking Data: Data collected through cookies and similar tracking technologies (including Google Analytics cookies and Meta Pixel tags) about your interactions with our website, such as which pages you visited and your actions on the site. See the Cookies and Tracking Technologies section below for more details.

We do not actively collect any special categories of personal data (such as health information) through our website, unless you voluntarily provide it (for example, by describing your condition when requesting an appointment). Any health-related information that you choose to share with us will be treated with strict confidentiality and processed only in accordance with applicable laws and for the purpose of providing you with medical services.

How We Collect Your Data

We collect personal data through the following methods:

  • Directly from You: You may provide personal data to us when filling out forms on our website (such as the appointment request or contact form), when subscribing to our newsletter, or when contacting us via email or phone.
  • Automatically: When you visit our website, certain technical data (such as IP address and device information) is automatically collected via cookies and other tracking technologies integrated into our site. These technologies gather information about your browsing actions and patterns. (Please refer to the Cookies and Tracking Technologies section for more information.)
  • Through Third-Party Tools: We use third-party analytics and advertising tools (e.g. Google Analytics and Meta Pixel) that may collect data about your interaction with our website on our behalf.

If you choose not to provide certain personal data (e.g. not providing contact information for an appointment), we may not be able to fulfill the corresponding service or request (for example, we cannot schedule an appointment without a name and contact method). However, you can browse the informational portions of our website without providing personal data, aside from what is collected through cookies or other technical means.

Purposes and Legal Bases for Processing

We process your personal data for the specific purposes outlined below, and only where we have a valid legal basis under GDPR to do so. Depending on the context, one or more of the following legal bases may apply:

  • Appointment Scheduling and Medical Services: We use your identity and contact data, along with any appointment details you provide, to schedule and confirm appointments, provide you with medical consultations or treatments, and manage our patient relationship with you. Legal Basis: This processing is necessary to take steps at your request prior to entering into a contract and to perform our contract with you (GDPR Article 6(1)(b)). If you provide health-related information as part of an appointment request, we will process such special category data on the basis of your explicit consent or under the GDPR Article 9(2)(h) exception (processing needed for medical diagnosis and healthcare provision under confidentiality obligations), as appropriate.
  • Communication and Customer Support: If you contact us with an inquiry, request, or feedback (whether via our website contact form, email, or phone), we will process your provided data to communicate with you and respond to your questions or requests. Legal Basis: Our legitimate interest in providing prompt and effective communication to individuals who contact us (GDPR Article 6(1)(f)). If your inquiry is in relation to entering a service contract (e.g. asking about our services before booking), this processing may also be viewed as a pre-contractual step at your request (GDPR Article 6(1)(b)).
  • Email Newsletters and Health Updates: With your consent, we will use your name and email address to send you our email newsletter, health tips, or other marketing communications about our services. Legal Basis: Consent (GDPR Article 6(1)(a)). We will only send you such communications if you have actively opted-in (for example, by subscribing on our website or ticking the appropriate box on a form). You have the right to withdraw your consent at any time, and if you do so, we will cease sending you the newsletter or marketing emails. (Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawaldrmunteanu.ro.)
  • Analytics and Service Improvement: We analyze how visitors use our website in order to improve our services, user experience, and website functionality. For this purpose, we use tools like Google Analytics to collect information about website traffic and interactions. Legal Basis: Your consent, where required under applicable law, for the use of analytics cookies (GDPR Article 6(1)(a)). We obtain your consent for analytics cookies through our cookie consent banner when you first visit our site. In certain cases, we may rely on our legitimate interest in understanding and improving our services (GDPR Article 6(1)(f)) – for example, by analyzing aggregated usage data – but we will do so only in ways that do not override your rights and freedoms and in compliance with ePrivacy requirements. You can disable analytics cookies at any time (see Cookies section below).
  • Advertising and Marketing (Meta Pixel): We use the Meta Pixel (Facebook/Instagram pixel) to help us deliver targeted advertisements about our clinic on social media platforms to people who have visited our site or shown interest in our services. This involves processing data about your visit and sharing it with Meta (Facebook/Instagram) for marketing purposes. Legal Basis: Consent (GDPR Article 6(1)(a)). We will only deploy marketing/tracking cookies like the Meta Pixel with your consent obtained via our cookie banner. You can opt out of such tracking at any time through our cookie settings or via your browser settings.
  • Compliance with Legal Obligations: We process personal data as needed to comply with our legal and regulatory obligations. This includes maintaining records required by law (for example, for tax, accounting, or medical regulations), verifying identity where required by healthcare laws, or disclosing information to authorities if legally mandated. Legal Basis: Compliance with a legal obligation (GDPR Article 6(1)(c)). For instance, Romanian healthcare regulations may require us to retain certain patient records for a minimum period, and tax laws may require retention of transaction records.
  • Security and Fraud Prevention: We may process personal data (such as IP addresses or other usage data) to monitor, maintain, and improve the security of our website, IT systems, and patients’ information. This includes using data to prevent unauthorized access, combat malware or hacking attempts, and detect or investigate fraud or other abuses of our services. Legal Basis: Legitimate interests (GDPR Article 6(1)(f)) in protecting our business, website, and users from security threats or fraud. We have a legitimate interest in ensuring the integrity and safety of our operations, and we implement measures that respect your privacy while achieving these aims.

We will not use your personal data for purposes that are incompatible with the above purposes without first obtaining your consent or unless required or permitted by law. We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on you. If we ever decide to process your data for a new purpose, we will update this Privacy Policy and inform you as required.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience, analyze website performance, and support our marketing efforts. Cookies are small text files that are placed on your device when you visit a website. We use both first-party and third-party cookies on our site for various functions:

  • Essential Cookies: These cookies are necessary for the website to function properly (for example, to remember your cookie preferences). They do not require consent.
  • Analytics Cookies: We use Google Analytics cookies to collect information about how visitors use our site (e.g. which pages are visited most, how users navigate between pages, etc.). This helps us improve the website’s performance and content. Google Analytics may set cookies to gather usage data and report website trends. We have configured Google Analytics to anonymize IP addresses where possible.
  • Marketing Cookies: With your permission, we use the Meta Pixel (provided by Meta Platforms, Inc., the company behind Facebook and Instagram) on our site. The Meta Pixel tracks certain actions you take on our website (such as visiting specific pages), and allows us to later show you relevant advertisements for our clinic when you visit Facebook or Instagram. These cookies also help us measure the effectiveness of our ads.

We will ask for your consent to use analytics and marketing cookies when you first visit our website, through a cookie consent banner. Optional analytics and marketing cookies will only be set if you expressly consent to themdrmunteanu.ro. If you do not consent, your browsing experience on our site won’t be significantly affected, but we will not include you in our analytics or targeted advertising audiences.

You can manage or withdraw your cookie consent at any time. This can be done by using the cookie settings tool on our website or by adjusting your browser settings to refuse cookies. Most web browsers allow you to delete or block cookies, or to alert you when cookies are being sent. Please note, however, that disabling all cookies (including essential cookies) might impact some features of our site (for example, forms might not remember your input).

For more information on how we use cookies, you can refer to our Cookie Policy (if available) or contact us. To learn more about cookies in general, including how to see what cookies have been set on your device and how to manage or delete them, visit AllAboutCookies or the browser developer’s web pages.

Data Sharing and Third-Party Recipients

We treat your personal data with care and confidentiality. We do not sell or rent your personal information to third parties. However, we may share your data with certain trusted third parties, in the following situations and for the purposes described below:

  • Service Providers (Processors): We may share personal data with third-party companies that provide services to us and act on our instructions (“data processors”). These include:
    • Website Hosting and IT Infrastructure Providers: who host our website and databases and provide technical support. (Such providers may incidentally process your IP address or other data when you interact with our site.)
    • Analytics Services: such as Google Analytics (provided by Google). We send usage data to Google for the purpose of analyzing website traffic. Google acts as our processor in providing aggregated analytics reports.
    • Marketing and Advertising Partners: such as Meta Platforms (Facebook/Instagram) through the use of Meta Pixel on our site. We share data with Meta to help us target our Facebook/Instagram ads to relevant audiences. Meta may act as a joint controller or independent controller for the data it receives via the Pixel for its own advertising purposes, but we ensure any such integration is done in compliance with GDPR (including obtaining your consent for setting the Pixel cookies).
    • Email Newsletter Service: If we send out email newsletters or campaigns, we use a third-party email service provider (for example, a platform like MailChimp or a similar service) to manage our subscriber list and distribute emails. We share your email address and name with that provider solely for the purpose of sending you the communications you subscribed to.
    • Other Vendors: We might engage other vendors for services such as appointment scheduling platforms, payment processing (if applicable), or customer relationship management. They will process data only as necessary to provide their services to us.
      All our service providers are bound by confidentiality and data protection agreements. They cannot use your personal data for any purpose other than to provide the agreed services to us, and they must protect your data in compliance with GDPR.
  • Affiliates: If LaMed Clinic is part of a group of companies or has affiliates, we may share data within our corporate group as needed for administrative purposes or patient services. Note: As of now, LaMed Clinic operates as a single entity with no parent or subsidiary companies; if this changes, we will update our policy.
  • Legal Requirements and Protection: We may disclose personal data to third parties if we determine that such disclosure is necessary to:
    • Comply with a legal obligation, applicable law or respond to valid legal process (e.g. subpoenas, court orders, or requests from authorities);
    • Enforce our terms and conditions or other agreements;
    • Protect the rights, property, or safety of LaMed Clinic, our patients, or others. This may include exchanging information with law enforcement or regulatory authorities, or with legal advisors, as required or permitted by law.

Except for the cases outlined above, we will not share your personal data with third parties without your knowledge and (where legally required) your consent.

International Data Transfers

As a rule, we prefer to store and process personal data within the European Union. Our primary servers and operations are located in Romania (EU). However, some of our external partners and service providers may be based in or have servers in countries outside the European Economic Area (EEA):

  • Google Analytics and Meta (Facebook/Instagram): The providers of these services (Google and Meta) are multinational companies that may process data in the United States or other countries outside the EU. When we use their analytics or advertising services, certain information (such as your IP address or cookie identifiers) might be transferred to servers in the United States or elsewhere.
  • Email Service Providers or Other Tools: If we use an email newsletter service or cloud-based service, it may involve transferring your contact information outside the EEA (for example, if the provider is based in the US or another country).

Whenever we transfer personal data outside the EEA, we will ensure that adequate safeguards are in place as required by GDPR. These safeguards may include:

  • Relying on a European Commission adequacy decision (if the destination country is recognized as providing an adequate level of data protection);
  • Using standard contractual clauses (SCCs) approved by the European Commission, which contractually oblige the recipient to protect your data to EU standards; or
  • For transfers to the U.S., ensuring the recipient is certified under any approved data transfer framework (if applicable) or otherwise implementing supplementary measures to protect data.

You can contact us if you have questions about the specific safeguards in place for transfers of your personal data outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Policy, and to comply with legal or regulatory requirements. In general, this means:

  • Patient and Appointment Data: If you become a patient of LaMed Clinic or request an appointment, we will retain your personal data for at least five (5) years from the date of your last interaction with us (such as your last appointment or communication), or longer if a longer retention period is required or permitted by applicable law. Medical records may be kept for a minimum period as mandated by Romanian healthcare regulations, which can extend beyond 5 years. We retain this data to have medical history available for continuity of care and to comply with record-keeping obligations.
  • Communications Data: If you contact us but do not become a patient (for example, you make an inquiry but do not schedule an appointment), we will typically retain your communications and associated contact data for up to 5 years, in case follow-up is needed or to establish a history of interactions, unless you request deletion earlier (where permissible).
  • Newsletter Subscription Data: We retain your email address and any related profile information for as long as you remain subscribed to our newsletter or marketing communications. If you unsubscribe or opt-out, we may keep your email on a suppression list to ensure we respect your opt-out (and we will no longer send you marketing emails).
  • Analytics Data: Data collected via Google Analytics and similar tools is generally retained for a shorter period (as determined by our Google Analytics settings – typically 14 months or as otherwise configured) in aggregate form. Identifiable analytics and cookie data is either deleted or anonymized after it is no longer needed for analysis.
  • Legal Compliance: In cases where we need to keep data for compliance with legal obligations, we will retain the data for the period mandated by law. For example, certain financial records must be kept for a number of years under tax law, and certain medical records must be kept under healthcare laws.

After the applicable retention period expires, or if we no longer need your data, we will either securely delete or anonymize your personal data so that it can no longer be associated with you. If deletion or anonymization is not immediately possible (for instance, because the data is stored in backup archives), we will securely store and isolate the data from any further processing until deletion is possible.

Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:

  • SSL Encryption: Our website is secured via SSL/TLS encryption (HTTPS). This means that any data you submit through web forms on our site (such as personal details in the appointment request form) is encrypted in transit between your browser and our servers.
  • Access Control: Personal data we store is accessible only by authorized personnel on a need-to-know basis. Our staff are trained in data protection and are bound by confidentiality obligations.
  • Secure Data Storage: We store digital data on secure servers with up-to-date security protections (firewalls, anti-malware, etc.). We use strong passwords and, where applicable, encryption at rest for particularly sensitive data. Physical records (if any) are kept in locked facilities with restricted access.
  • Data Minimization: We collect and retain only the personal information that is necessary for the purposes stated. We regularly review our data collection practices to ensure we are not gathering or storing unnecessary data.
  • Third-Party Assurance: When we work with third-party service providers (processors) that handle personal data, we ensure they too implement adequate security measures. We have data processing agreements in place requiring them to protect your data and to use it only for the services requested. We carefully vet these providers and monitor their compliance with data security standards.
  • Testing and Updates: We periodically review and update our security measures in light of new risks, vulnerabilities, or technological advancements. Security patches and updates are applied to our systems and software as needed to maintain security.

While we strive to protect your personal data, please be aware that no method of transmission over the Internet or method of electronic storage is completely secure. We thus cannot guarantee absolute security of information. However, we continuously work to improve and ensure the ongoing confidentiality, integrity, and availability of your data. If we detect any data breaches that affect your personal data, we will follow the applicable GDPR breach notification requirements.

Your Rights Under GDPR

As a data subject under the GDPR, you have several rights regarding your personal data. LaMed Clinic is committed to facilitating the exercise of these rights. You have the following rights:

  • Right to Access: You have the right to obtain confirmation as to whether or not we are processing personal data about you, and if so, the right to request a copy of the personal data we hold about you (GDPR Article 15). This is commonly known as a “data subject access request.” We will provide you with a copy of your data, along with information about how it is used, subject to any legal exceptions. For additional copies, we may charge a reasonable fee based on administrative costs, as permitted by law.
  • Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you (GDPR Article 16). We encourage you to contact us if any of your data has changed or you believe it is inaccurate, so we can keep our records up to date.
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (GDPR Article 17). This right, also known as the “right to be forgotten,” applies, for example, if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent and we have no other legal basis for processing. Please note that this right is not absolute – sometimes we must retain certain information to comply with legal obligations or to establish or defend legal claims. If these exceptions apply, we will inform you in our response to your request.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions (GDPR Article 18). For instance, you can request restriction if you contest the accuracy of the data (for a period allowing us to verify it) or if you object to our processing and we are considering your request. When processing is restricted, we will still store your data but not use it (except, for example, to establish legal claims or if you consent).
  • Right to Object: You have the right to object to our processing of your personal data when such processing is based on our legitimate interests (GDPR Article 21) or is for direct marketing purposes. You may object to processing based on legitimate interest on grounds relating to your particular situation. If you lodge an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless it is needed for legal claims. If you object to processing for direct marketing, we will cease such processing immediately upon your objection.
  • Right to Data Portability: For personal data that you have provided to us and that we process by automated means based on your consent or on a contract with you, you have the right to request a copy of such data in a structured, commonly used, machine-readable format (GDPR Article 20). You also have the right to request that we transmit this data directly to another data controller where technically feasible. The right to data portability applies only to the extent that it does not adversely affect the rights and freedoms of others.
  • Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. It will, however, mean that we stop the specific processing that was based on consent. For example, if you withdraw your consent to receive our newsletter, we will stop sending it to you. You can withdraw consent by contacting us or, where applicable (such as for cookies or newsletters), by using the provided opt-out mechanisms. Note: Withdrawal of consent does not affect the legality of processing done prior to the withdrawaldrmunteanu.ro.
  • Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to file a complaint with a supervisory authority (GDPR Article 77). You can do this in the EU Member State where you reside, where you work, or where the alleged infringement occurred. As LaMed Clinic is established in Romania, you may choose to contact the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)drmunteanu.ro. The ANSPDCP can be contacted at www.dataprotection.ro, and its address is 28–30 General Gheorghe Magheru Blvd., Sector 1, 010336 Bucharest, Romania. If you reside in another EU country, you may contact your local Data Protection Authority instead. We would, however, appreciate the chance to address your concerns directly before you approach a DPA, so we encourage you to contact us first with any complaints or issues.

Exercising Your Rights: You can exercise any of your rights by contacting us via email at contact@LaMed.com or by phone at +40 722 222 222. We may need to verify your identity before fulfilling certain requests (to ensure we do not disclose data to the wrong person). We will respond to your request within one month, as mandated by GDPR, unless the request is complex or numerous in which case we may extend the response period by up to two further months (we will inform you if this is the case). Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on the request, as permitted by law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update the Policy, we will post the new version on this page and change the “Last updated” date at the top. If the changes are significant, we may also notify you by additional means (such as a notice on our website or via email, if appropriate). We encourage you to review this Policy periodically to stay informed about how we are protecting your personal data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:

LaMed Clinic (Data Privacy Team)
Email: contact@LaMed.com
Phone: +40 722 222 222

Postal mail or in-person inquiries can be directed to our clinic’s management at our primary place of business in Romania (please call or email us to obtain the current address if needed).

We are committed to respecting your privacy and addressing any concerns you have about the processing of your personal data.

Thank you for trusting LaMed Clinic with your healthcare needs and personal data. We take this responsibility seriously and strive to protect your privacy at all times.