zoramel ("we," "our," or "us") operates the FlexiJoint consultation service website. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you use our educational consultation services, in accordance with the General Data Protection Regulation (GDPR) and Romanian data protection laws.

We are committed to protecting your privacy and ensuring transparent handling of your personal data. This policy applies to all users of our FlexiJoint consultation services operating within Romania and the European Union.

3.1 Personal Information You Provide

• Name and contact information (email, phone number)
• Consultation requests and health-related interests you choose to share
• Communication preferences and feedback
• Any additional information you voluntarily provide during consultations

3.2 Automatically Collected Information

• Technical data such as IP address, browser type, and device information
• Website usage patterns and preferences
• Cookie data as described in our Cookie Policy
• Time stamps and access logs for security purposes

Under GDPR Article 6, we process your personal data based on:

• Consent (6.1.a): When you voluntarily submit consultation requests
• Contract Performance (6.1.b): To provide our consultation services
• Legitimate Interest (6.1.f): For service improvement and security purposes
• Legal Compliance (6.1.c): To meet our regulatory obligations

We use your personal information for the following purposes:

• Providing FlexiJoint consultation services and educational materials
• Responding to your inquiries and scheduling consultations
• Improving our services based on feedback and usage patterns
• Ensuring website security and preventing fraud
• Complying with legal obligations and regulatory requirements
• Sending service-related communications (not marketing)

We do not sell or rent your personal information to third parties. We may share your data only in the following circumstances:

• With qualified wellness professionals conducting your consultation
• With trusted service providers who assist in service delivery (under strict confidentiality agreements)
• When required by law or to protect our legitimate interests
• In case of business transfer, with appropriate data protection guarantees

All third parties are carefully vetted and bound by appropriate data protection agreements.

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us through our website contact form. We will respond within one month of receiving your request.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure data storage with reputable service providers
• Regular monitoring for potential security threats

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law:

• Consultation records: Retained for service delivery and follow-up support
• Contact information: Until you request deletion or withdraw consent
• Technical data: Typically deleted within 24 months unless required for security
• Legal compliance data: Retained as required by Romanian and EU law

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable
• Your explicit consent for specific transfers

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and, where appropriate, by direct communication.

For any questions about this Privacy Policy or to exercise your rights under GDPR, please contact us using the contact form available on our website. We are committed to addressing your concerns promptly and transparently.