Privacy Policy

1. Introduction

DoctorADHD.com ("we", "our website" or "platform") respects your privacy and is committed to protecting the personal data we collect and process in accordance with:

• General Data Protection Regulation (EU) 2016/679 ("GDPR")
• Law No. 190/2018 on implementation measures for GDPR in Romania
• Directive 2002/58/EC on privacy and electronic communications ("ePrivacy Directive")
• UK GDPR and Data Protection Act 2018 (United Kingdom)

This privacy policy explains what personal data we collect, why we collect it, how we use it, and what your rights are.

2. Data controller and data protection contact

Data controller:

Andrei Hodorog
Email: [email protected]
Address: United Kingdom

Data protection contact:

For any questions regarding the processing of your personal data, you can contact us at:
Email: [email protected]

3. What personal data we collect

3.1. Automatically collected data

When you visit our website, we automatically collect:

• Browsing data: IP address, browser type, operating system, pages visited, time spent on site
• Technical data: referrer URL, screen resolution, language preferences
• Cookies and similar technologies: details in Cookie Policy

3.2. Voluntarily provided data

If you choose to contact us or use forms on our site, we may collect:

• Identification data: first name, last name
• Contact data: email address, phone number
• Communication data: content of messages sent through contact forms

3.3. Healthcare professionals' data

Our website lists ADHD healthcare professionals (psychiatrists, psychologists, psychotherapists). Published data about them includes:

• Name and professional title
• Medical specialty
• Professional contact details (phone, email, website)
• Office/clinic address and geographic coordinates
• Working hours
• Consultation prices
• Services offered
• Professional experience

This data is considered public as it is provided by professionals for marketing purposes and patient contact. Professionals can request modification or deletion of their profile by contacting us at the email address mentioned above.

4. Purpose and legal basis of processing

5. Who we share your data with

5.1. Third-party service providers

We may share your data with the following data processors:

• OpenStreetMap (OSMF): for displaying medical office locations on a map (map tile provider, based in the EU)
• Hosting providers: for storing website data
• Cloudflare: for security and performance optimization

5.2. International data transfers

Some service providers may process data outside the European Economic Area (EEA), including in the United Kingdom. We ensure such transfers are protected through:

• European Commission adequacy decisions (e.g., UK GDPR Adequacy Decision)
• EU-approved Standard Contractual Clauses (SCC)
• EU-U.S. Data Privacy Framework (DPF) certifications

6. How long we keep your data

• Browsing and IP data: maximum 14 months (per CNIL and ANSPDCP recommendations)
• Contact messages: up to 3 years from last communication or until consent withdrawal
• Cookies: according to periods specified in Cookie Policy (maximum 1 year)
• Professional profiles: as long as profile is active or until deletion request
• Reviews: for the duration of the reviewed professional's active profile or until deletion request, maximum 3 years from publication
• Consent logs: 5 years from the date of collection, as required to demonstrate consent (Art. 7(1) GDPR)

7. Your rights under GDPR

As a data subject, you have the following rights:

7.1. Right of access (Art. 15 GDPR)

You can request a copy of the personal data we hold about you.

7.2. Right to rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete data.

7.3. Right to erasure ("right to be forgotten") (Art. 17 GDPR)

You can request deletion of your data under certain conditions (e.g., consent withdrawal, unlawfully processed data, data no longer necessary).

7.4. Right to restriction of processing (Art. 18 GDPR)

You can request limitation of processing in certain cases (e.g., contesting data accuracy).

7.5. Right to data portability (Art. 20 GDPR)

You can request to receive your data in a structured, commonly used, machine-readable format.

7.6. Right to object (Art. 21 GDPR)

You can object to processing based on legitimate interests at any time, unless we have compelling legitimate grounds.

7.7. Right not to be subject to automated decision-making (Art. 22 GDPR)

We do not use automated decision-making or profiling.

7.8. Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority:

National Supervisory Authority for Personal Data Processing (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Phone: +40.318.059.211 | +40.318.059.212
Email: [email protected]
Website: www.dataprotection.ro

For users in the United Kingdom:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Email: [email protected]

How to exercise your rights:

To exercise any of these rights, send an email to [email protected] with the subject "GDPR Request". We will respond within 30 days (per Art. 12(3) GDPR).

8. Data security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption: all data transmitted between browser and server is encrypted
• Firewall and DDoS protection: via Cloudflare
• Restricted access: only authorized personnel have access to personal data
• Regular backups: to prevent data loss
• Security monitoring: detection and prevention of data breaches

In case of a security breach that could pose a high risk to your rights, we will notify ANSPDCP within 72 hours and inform you directly if necessary (per Art. 33-34 GDPR).

9. Cookies and tracking technologies

Our website uses cookies and similar technologies. For full details, please consult our Cookie Policy.

Our site uses only strictly necessary cookies for operation and security. We do not use analytics, marketing, or tracking cookies. Full details are available in the Cookie Policy.

10. Minors

Our website is not intended for minors under 16 years of age. We do not knowingly collect personal data from children under this age without parental/guardian consent, per Art. 8 GDPR.

If you become aware that a child has provided us with personal data without parental consent, please contact us immediately to delete that information.

11. Changes to privacy policy

We reserve the right to update this privacy policy periodically to reflect changes in our practices or legal requirements.

Significant changes will be communicated by displaying a notice on the site or via email (if we have your email address). The date of last update is indicated at the top of this page.

We recommend reviewing this policy periodically to stay informed about how we protect your data.

12. Applicable law and jurisdiction

This privacy policy is governed by Romanian and European Union law, particularly GDPR and Law No. 190/2018.

Although the data controller is established in the United Kingdom, we process data of EU/EEA residents, so GDPR applies in full to our services.

Any disputes will be resolved primarily through direct negotiation. If no agreement is reached, competent jurisdiction will be determined according to EU regulations on judicial competence (Brussels I bis Regulation).

13. Contact

For any questions, concerns or requests related to this privacy policy or processing of your personal data, you can contact us:

Email: [email protected]
Data Controller: Andrei Hodorog
Response time: maximum 30 days