Privacy Policy β ENDOAGE
ENDOAGE
Dr. Miruna Muha
endoage.eu | endoageclinic@gmail.com
PRIVACY POLICY
In accordance with Regulation (EU) 2016/679 (GDPR)
1. Identity and Contact Details of the Data Controller
The data controller responsible for your personal data is:
Business name: EndoAge β Functional & Longevity Medicine
Representative: Dr. Miruna Muha β Endocrinologist, Andrologist & Longevity Specialist
Address: Bucharest, Sector 1, Romania
Website: https://www.endoage.eu
GDPR contact e-mail: endoageclinic@gmail.com
By accessing www.endoage.eu, completing any contact or booking form, or using any services offered by EndoAge, you agree to the processing of your personal data as described in this Privacy Policy.
2. Categories of Personal Data Processed
2.1. Data you provide directly
Identification data: full name, date of birth, gender
Contact data: email address, phone number, country of residence
Medical data (special category): symptoms, medical history, test results, previous treatments, lifestyle information (nutrition, exercise, sleep, stress)
Financial data: payment information required to process service fees (where applicable)
Communications: messages sent via the contact form, email, or booking platforms (e.g. Calendly)
2.2. Data collected automatically
Technical data: IP address, browser type, operating system, pages visited, session duration
Behavioural data: pages and links accessed, time of visit
Cookie data: as described in our Cookie Policy (see Section 8)
3. Purposes and Legal Basis for Processing
We process your personal data on the following legal bases under Article 6 and Article 9 of the GDPR:
a) Performance of a contract (Art. 6(1)(b) GDPR)
We process data necessary to provide the medical services you have requested, including telemedicine consultations, personalised health protocols, and progress monitoring.
b) Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR)
Medical data (special category data) is processed exclusively on the basis of your explicit consent, obtained before any medical relationship begins. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
c) Legal obligation (Art. 6(1)(c) GDPR)
We process data when required by applicable law, including obligations to retain medical records under Romanian legislation (Law no. 46/2003 on Patients' Rights and regulations issued by the Romanian College of Physicians).
d) Legitimate interests (Art. 6(1)(f) GDPR)
For website security, fraud prevention, service improvement and administrative communications, to the extent that our legitimate interests do not override your rights and freedoms.
4. Recipients of Personal Data
Your data may be shared with the following recipients, strictly to the extent necessary:
Booking platform providers (e.g. Calendly) β for appointment management
Email and communication service providers β for medical correspondence
Payment service providers β for processing transactions (where applicable)
Hosting and IT infrastructure providers (Squarespace) β for website operation
Medical collaborators (nutritionists, other specialists) β exclusively with your explicit consent
Public authorities β where required by law (e.g. ANSPDCP, courts)
We do not sell, rent or transfer your personal data to third parties for commercial purposes.
5. International Data Transfers
Some of our service providers (e.g. Calendly, Squarespace) may process data outside the European Economic Area (EEA). In such cases, we ensure that transfers are carried out with appropriate safeguards as required by the GDPR, including:
Standard Contractual Clauses approved by the European Commission
Recognised certification mechanisms (e.g. EU-U.S. Data Privacy Framework)
You may request further information about the applicable safeguards by contacting us at: endoageclinic@gmail.com.
6. Data Retention Periods
Medical data: minimum 10 years from the last consultation, in accordance with applicable Romanian medical legislation
Contact data and communications: 3 years from the last interaction, or until consent is withdrawn
Billing data: 5 years (statutory tax obligation)
Browsing data and cookies: as per our Cookie Policy (generally no longer than 13 months)
Upon expiry of the retention period, data is securely deleted or anonymised.
7. Your Rights as a Data Subject
Under the GDPR, you have the following rights, which you may exercise at any time by contacting us:
Right of access (Art. 15 GDPR)
You may request confirmation that we process your data and obtain a copy of it.
Right to rectification (Art. 16 GDPR)
You may request correction of inaccurate data or completion of incomplete data.
Right to erasure (Art. 17 GDPR)
You may request deletion of your data when it is no longer necessary for the original purpose, unless processing is required by law (e.g. medical records).
Right to restriction of processing (Art. 18 GDPR)
You may request that we limit processing of your data in certain circumstances (e.g. while a dispute is being resolved).
Right to data portability (Art. 20 GDPR)
You may request that data you have provided to us be transmitted in a structured, commonly used, machine-readable format.
Right to object (Art. 21 GDPR)
You may object to processing based on our legitimate interests, including the use of your data for direct marketing purposes.
Right to withdraw consent
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint with a supervisory authority
If you believe your rights have been infringed, you may lodge a complaint with the Romanian data protection authority (ANSPDCP) or the supervisory authority of your country of residence:
ANSPDCP: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Website: www.dataprotection.ro | Email: anspdcp@dataprotection.ro
To exercise any of the above rights, please send a written request to: endoageclinic@gmail.com. We will respond within 30 calendar days.
8. Cookie Policy
The website www.endoage.eu uses cookies and similar technologies to ensure optimal functionality and to analyse how the site is used.
8.1. Types of cookies used
Essential cookies (strictly necessary)
Indispensable for the website to function (e.g. session management). These do not require your consent.
Analytical / statistical cookies
Help us understand how the site is used (e.g. Squarespace Analytics). These require your consent.
Third-party cookies
Originating from integrated external services (e.g. Calendly, social media buttons). These are governed by the privacy policies of the respective platforms.
8.2. Managing cookies
On your first visit to the site you will be informed about the use of cookies and asked for your consent for non-essential categories. You can change your preferences at any time via your browser settings or through the site's cookie banner.
Disabling certain cookies may affect the functionality of the site.
9. Data Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or disclosure, including:
Encrypted communications via HTTPS/TLS
Access to medical data restricted on a strict need-to-know basis
Confidentiality agreements with all collaborators who have access to patient data
Regular security risk assessments
In the event of a security incident that could affect your rights and freedoms, we will notify you in accordance with our obligations under the GDPR (Art. 33-34).
10. Personal Data of Minors
EndoAge services are primarily intended for individuals aged 18 and over. We do not knowingly collect personal data from minors without parental or legal guardian consent. If you believe a minor has provided their data without parental consent, please contact us so we can arrange for its deletion.
11. Changes to this Privacy Policy
We reserve the right to update this Privacy Policy at any time to reflect changes in legislation, our practices, or the services we offer. The updated version will be published on the website with the effective date clearly indicated.
We encourage you to review this page periodically. Continued use of the website after changes are published constitutes acceptance of the revised Policy.
12. Contact
For any questions, requests or complaints regarding the processing of your personal data, please contact us:
π§ Email: endoageclinic@gmail.com
π Website: https://www.endoage.eu/contact
π Address: Bucharest, Sector 1, Romania
EndoAge β Dr. Miruna Muha | endoage.eu
This policy has been drafted in accordance with GDPR (EU Regulation 2016/679) and applicable national legislation.