What is GDPR and why it matters
The General Data Protection Regulation (GDPR — EU Regulation 2016/679) is the European law that gives you control over your personal data. Complemented in Romania by Law no. 190/2018, GDPR requires organisations that process personal data to respect your rights and be transparent about how your information is used.
TayDen Medical, as data controller, guarantees the full exercise of the rights described below.
Right of access (Art. 15)
You have the right to obtain from us:
• Confirmation that we are processing your personal data; • A copy of the personal data we hold about you; • Information about the purpose of processing, categories of data, recipients, retention period and your rights.
We respond to access requests within 30 calendar days.
Right to rectification (Art. 16)
If the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction or completion. We will process your request without undue delay.
Right to erasure — the right to be forgotten (Art. 17)
You may request erasure of your personal data in the following circumstances:
• The data is no longer necessary for the purpose for which it was collected; • You withdraw consent and there is no other legal basis for processing; • The data has been processed unlawfully; • Erasure is required by a legal obligation.
We cannot delete data we are legally required to retain.
Right to restriction of processing (Art. 18)
You have the right to request restriction of the processing of your data where:
• You contest the accuracy of the data — for the period necessary to verify it; • Processing is unlawful, but you prefer restriction to erasure; • We no longer need the data, but you require it for the establishment, exercise or defence of legal claims; • You have lodged an objection, pending resolution.
Right to data portability (Art. 20)
You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format (e.g. CSV or JSON). You may also request direct transfer to another controller, where technically feasible.
This right applies only to data processed on the basis of consent or a contract, by automated means.
Right to object (Art. 21)
You may object at any time to the processing of your personal data based on the legitimate interest of the controller. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent (Art. 7(3))
Where processing is based on your consent (e.g. storing the cookie preference in localStorage), you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To withdraw cookie consent, clear your browser's browsing data (Settings → Clear browsing data → Cached images and files).
How to submit a request
To exercise any of the rights above:
1. Send a written request to: gdpr@tayden.ro 2. Include: your full name, the right you wish to exercise and, where applicable, the data in question. 3. We will acknowledge receipt and respond within 30 calendar days (Art. 12 GDPR). The deadline may be extended by 60 days for complex cases, with notification to you. 4. Verification of your identity may be required to prevent unauthorised access to others' data.
Right to lodge a complaint
If you believe your rights have been violated, you have the right to lodge a complaint with:
National Supervisory Authority for Personal Data Processing (ANSPDCP) • Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania • Phone: +40 318 059 211 / +40 318 059 212 • Email: anspdcp@dataprotection.ro • Website: www.dataprotection.ro
You may also file a complaint online via the form available on the ANSPDCP website.