Sign In

GDPR Compliance

Effective Date: January 1, 2025
Last Updated: January 1, 2025

Introduction

AIR AMBULANCE COMPANIES SRL (“AAC,” “we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). As a Romanian-registered company within the European Union, we fully comply with GDPR requirements.

This page explains your rights under GDPR and how we process your personal data in accordance with European data protection laws.

Our Commitment to GDPR

Legal Basis

As a Romanian SRL registered in the EU, we are subject to GDPR and ensure:

  • Lawful Processing: All data processing has a legal basis
  • Transparency: Clear information about how we use your data
  • Data Minimization: We only collect data necessary for our services
  • Security: Appropriate technical and organizational measures protect your data
  • Accountability: We can demonstrate our compliance with GDPR

Data Controller Information

Data Controller: AIR AMBULANCE COMPANIES SRL
Registration Number: J202404521003
Tax Code: RO/NRC.J202404521003
Address: Calea Turzii 111 C, Et. 2, Ap. 6, Cluj-Napoca, Romania, 400501.
Contact: info@airambulancecompanies.com | (020) 3239-8488

Your Rights Under GDPR

1. Right to Information (Article 13-14)

You have the right to know:

  • What data we collect about you
  • Why we process your personal data
  • How long we keep your data
  • Who we share your data with
  • Your rights regarding your data

How to Exercise: This information is provided in our Privacy Policy and this GDPR page.

2. Right of Access (Article 15)

You have the right to:

  • Confirm if we process your personal data
  • Obtain a copy of your personal data
  • Receive information about the processing

What You Can Request:

  • Copy of your personal data we hold
  • Information about processing purposes
  • Categories of data we process
  • Recipients of your data
  • Retention periods
  • Source of data (if not collected from you)

How to Exercise: Submit a Data Subject Access Request using our online form or email dpo@airambulancecompanies.com

Response Time: Within 1 month (extendable by 2 months for complex requests)

3. Right to Rectification (Article 16)

You have the right to:

  • Correct inaccurate personal data
  • Complete incomplete personal data
  • Update outdated information

Examples:

  • Correct spelling errors in your name
  • Update your contact information
  • Add missing information to your profile

How to Exercise:

  • Update your account profile directly
  • Contact us at info@airambulancecompanies.com
  • Submit a rectification request through our Data Subject Request form

Response Time: Without undue delay, within 1 month

4. Right to Erasure – “Right to be Forgotten” (Article 17)

You have the right to request deletion of your personal data when:

  • No longer necessary: Data is no longer needed for the original purpose
  • Withdraw consent: You withdraw consent and there’s no other legal basis
  • Unlawful processing: Data has been processed unlawfully
  • Legal obligation: Deletion is required by law
  • Child data: Data was collected from a child

Limitations: We may not delete your data if we need it for:

  • Legal compliance (tax records, regulatory requirements)
  • Establishing or defending legal claims
  • Public health reasons
  • Archival purposes in the public interest

How to Exercise: Submit a deletion request via email or our Data Subject Request form

Response Time: Within 1 month

5. Right to Restrict Processing (Article 18)

You can request we limit how we use your data when:

  • Accuracy disputed: While we verify data accuracy
  • Unlawful processing: Instead of deletion, you prefer restriction
  • No longer needed: We don’t need the data but you need it for legal claims
  • Objection pending: While we consider your objection to processing

Effect of Restriction:

  • We can store the data but not use it
  • Processing only with your consent
  • For legal claims establishment or defense
  • To protect others’ rights

How to Exercise: Contact us explaining why you want processing restricted

Response Time: Within 1 month

6. Right to Data Portability (Article 20)

You have the right to:

  • Receive your data in a structured, machine-readable format
  • Transfer your data to another service provider
  • Direct transfer between controllers (where technically feasible)

Conditions:

  • Data must be provided by you
  • Processing must be based on consent or contract
  • Processing must be automated

Data Format:

  • JSON or CSV format
  • Structured and machine-readable
  • Commonly used format

How to Exercise: Request data export through our Data Subject Request form

Response Time: Within 1 month

7. Right to Object (Article 21)

You have the right to object to processing based on:

  • Legitimate interests: Our legitimate interests or public task
  • Direct marketing: All direct marketing activities
  • Profiling: Automated decision-making for marketing

Marketing Objection:

  • Absolute right: We must stop all direct marketing
  • No justification needed: Simply opt-out
  • Immediate effect: Takes effect immediately

Other Processing Objection:

  • We must stop unless we can demonstrate compelling legitimate grounds
  • Your interests must not override our legitimate interests

How to Exercise:

Response Time: Immediate for marketing; within 1 month for other processing

8. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

Our Use of Automated Processing:

  • Lead Matching: AI algorithms match clients with providers
  • Fraud Detection: Automated systems detect suspicious activity
  • Pricing Algorithms: Dynamic pricing based on various factors

Your Rights:

  • Human Review: Request human intervention in automated decisions
  • Express Opinion: Provide your perspective on automated decisions
  • Contest Decision: Challenge automated decisions that affect you

How to Exercise: Contact our Data Protection Officer for automated decision review

Legal Bases for Processing

Consent (Article 6(1)(a))

When We Use Consent:

  • Marketing communications
  • Non-essential cookies
  • Optional data collection

Your Rights:

  • Withdraw consent at any time
  • Consent withdrawal is as easy as giving consent
  • Withdrawal doesn’t affect past processing

Contract Performance (Article 6(1)(b))

When We Use This Basis:

  • Creating and managing your account
  • Processing service requests
  • Connecting you with providers
  • Payment processing

Legal Obligation (Article 6(1)(c))

When We Use This Basis:

  • Tax record keeping
  • Regulatory compliance
  • Anti-money laundering requirements
  • Health and safety reporting

Legitimate Interests (Article 6(1)(f))

When We Use This Basis:

  • Platform security and fraud prevention
  • Analytics and service improvement
  • Business communications
  • Network and information security

Balancing Test: We ensure our interests don’t override your rights and freedoms

Special Categories of Personal Data

Health Data Processing

As an air ambulance platform, we may process health data, which requires additional protection:

Legal Basis for Health Data:

  • Explicit Consent: For sharing medical information with providers
  • Health/Social Care: For medical transport coordination
  • Public Health: For emergency medical services

Additional Safeguards:

  • Enhanced security measures
  • Strict access controls
  • Regular audit and monitoring
  • Staff training on health data sensitivity

Children’s Data

Age Requirements:

  • Users must be 16 or older (or age of digital consent in their EU country)
  • Parental consent required for younger users
  • Special protection for children’s data

International Data Transfers

Transfers Outside EEA

When we transfer data outside the European Economic Area, we ensure adequate protection:

Adequacy Decisions:

  • Countries recognized by EU Commission as providing adequate protection
  • No additional safeguards required

Standard Contractual Clauses (SCCs):

  • EU-approved contractual clauses
  • Legally binding data protection obligations
  • Regular compliance monitoring

Certification Mechanisms:

  • Privacy Shield (where applicable)
  • Binding Corporate Rules
  • Industry certification schemes

Third-Party Processors

Key Partners and Safeguards:

  • Google (US): Privacy Shield certified, SCCs in place
  • Microsoft (US): Adequacy decision for certain services, SCCs
  • AWS (Various): Data residency options, SCCs

Data Breach Procedures

Our Obligations

Breach Notification:

  • To Supervisory Authority: Within 72 hours of becoming aware
  • To Data Subjects: Without undue delay if high risk to rights and freedoms
  • Documentation: Maintain records of all breaches

Your Rights in Case of Breach

Notification Contents:

  • Nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

Remedial Actions:

  • Immediate containment of the breach
  • Assessment of damage and risk
  • Implementation of additional security measures
  • Ongoing monitoring and support

Data Protection Officer (DPO)

Contact Information

Data Protection Officer
Email: dpo@airambulancecompanies.com
Phone: (020) 3239-8488
Post: Data Protection Officer, AIR AMBULANCE COMPANIES SRL, [Your Address]

DPO Responsibilities

  • Monitor compliance with GDPR
  • Provide advice on data protection matters
  • Conduct privacy impact assessments
  • Serve as contact point for supervisory authorities
  • Handle data subject requests

When to Contact Our DPO

  • Questions about your GDPR rights
  • Concerns about data processing
  • Complaints about privacy practices
  • Requests for data protection impact assessments

Supervisory Authorities

Primary Supervisory Authority

Romania – ANSPDCP
(Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
Website: https://www.dataprotection.ro/
Email: anspdcp@dataprotection.ro
Phone: +40 21 252 5599

Your Rights with Supervisory Authorities

  • Lodge complaints about our data processing
  • Seek enforcement of your GDPR rights
  • Request investigations into privacy violations
  • Receive guidance on data protection matters

Other EU Supervisory Authorities

If you’re located in another EU country, you can also contact your local supervisory authority:

  • Austria: Österreichische Datenschutzbehörde
  • Belgium: Autorité de protection des données
  • France: Commission Nationale de l’Informatique et des Libertés (CNIL)
  • Germany: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
  • Spain: Agencia Española de Protección de Datos

How to Exercise Your Rights

Data Subject Request Form

Online Form: Available at [your-website]/gdpr-request
Required Information:

  • Full name and contact details
  • Proof of identity (for security)
  • Specific request type
  • Detailed description of your request

Alternative Contact Methods

Email: dpo@airambulancecompanies.com
Phone: (020) 3239-8488
Post: Data Protection Officer, AIR AMBULANCE COMPANIES SRL

Verification Process

To protect your privacy, we may request:

  • Government-issued ID: To verify your identity
  • Account information: To locate your data
  • Additional details: To process complex requests

Response Timeframes

  • Standard requests: 1 month from receipt
  • Complex requests: Up to 3 months (with explanation)
  • Free of charge: First request is free
  • Subsequent requests: May charge reasonable fee for excessive requests

Privacy by Design and Default

Technical Measures

  • Data encryption in transit and at rest
  • Access controls and authentication systems
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery

Organizational Measures

  • Staff training on GDPR compliance
  • Privacy impact assessments for new processing
  • Data protection policies and procedures
  • Regular compliance reviews and updates

Data Minimization

  • Purpose limitation: Only collect data for specific purposes
  • Storage limitation: Keep data only as long as necessary
  • Accuracy maintenance: Ensure data is accurate and up-to-date
  • Integrity and confidentiality: Protect data from unauthorized access

Updates to GDPR Compliance

Regular Reviews

We regularly review and update our GDPR compliance:

  • Annual compliance audits
  • Quarterly policy reviews
  • Regular staff training updates
  • Continuous monitoring of regulatory changes

Notification of Changes

Significant Changes:

  • Email notification to registered users
  • Website banner notifications
  • Updated effective dates on all policies

Contact Information

General GDPR Inquiries

Email: gdpr@airambulancecompanies.com
Phone: (020) 3239-8488
Hours: Monday-Friday, 9:00 AM – 5:00 PM CET

Data Protection Officer

Email: dpo@airambulancecompanies.com
Direct Phone: (020) 3239-8488 ext. 101

Legal Department

Email: legal@airambulancecompanies.com
For legal matters related to GDPR compliance

Scroll to Top