Privacy Policy

Healing Care SRL ("we", "us", "our") is the data controller responsible for your personal data. You can contact us at:

Healing Care SRL
Bucharest, Romania
Email: privacy@healing.care
Phone: +40 XXX XXX XXX

We use your personal data for the following purposes:

• To provide and maintain our healthcare platform services
• To connect you with verified healthcare professionals
• To process appointments and payments
• To respond to your health questions through our Q&A feature
• To send appointment reminders and important notifications
• To improve our services and user experience
• To comply with legal obligations and healthcare regulations
• To prevent fraud and ensure platform security

We process your personal data based on the following legal grounds:

• Consent: For marketing communications and non-essential cookies
• Contract: To provide our services when you create an account or book an appointment
• Legal Obligation: To comply with healthcare regulations and tax laws
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Vital Interests: In emergency health situations where consent cannot be obtained

As a healthcare platform, we process special categories of personal data including health information. We process this data based on:

• Your explicit consent when you submit health questions or medical history
• The necessity to provide healthcare services
• Where necessary for medical diagnosis or treatment

We implement additional safeguards for health data, including encryption, access controls, and audit logging.

We may share your personal data with:

• Healthcare Providers: Doctors and clinics you interact with on our platform
• Payment Processors: Stripe for secure payment processing
• Cloud Service Providers: AWS for hosting and data storage
• Chat Service Providers: For in-app messaging functionality
• Analytics Providers: For improving our services (anonymized where possible)
• Legal Authorities: When required by law or to protect rights

We ensure all third-party processors have appropriate data protection agreements in place.

Your data may be transferred to countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods:

• Account data: For the duration of your account plus 30 days after deletion
• Medical records: 7 years (as required by healthcare regulations)
• Payment records: 7 years (as required by tax laws)
• Chat messages: 2 years
• Log files: 90 days
• Marketing consent records: 3 years

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Request limitation of processing
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, visit your Account Settings or contact us at privacy@healing.care. We will respond within 30 days.

We use cookies and similar technologies to:

• Essential Cookies: Required for platform functionality (always active)
• Performance Cookies: Help us understand how you use our platform
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Deliver relevant advertisements (with your consent)

You can manage cookie preferences through our cookie banner or your browser settings.

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with multi-factor options
• Regular security assessments and penetration testing
• Access controls and audit logging
• Employee training on data protection
• Incident response procedures

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy or our data practices, please contact us:

Healing Care SRL
Data Protection Inquiries
Email: privacy@healing.care
Address: Bucharest, Romania

You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) or your local supervisory authority.