top of page

PRIVACY POLICY

Last update: 09/09/2025

 

1. Data Controller

 

The website IRO – International Register of Osteopaths (hereinafter “IRO”) is managed by: Milia Capital Invest S.R.L.
Registered office: Municipiul Timisoara, Calea MARTIRILOR 1989, Nr. 42, Scara B, Age] 1, Ap. 8, Judet Timis

Contact email: lauravoicu.isom@gmail.com

The Data Controller is Milia Capital Invest S.R.L., which is committed to ensuring the protection of users’ personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

 

2. Types of Data Collected

 

Through the IRO website, the following categories of data may be collected:

  • Browsing data: IP addresses, logs, browser type, device information.

  • Data voluntarily provided by the user: name, surname, email, phone number, address, profession, registration details.

  • Payment data (for membership fees or subscription payments): information required for the transaction (e.g., card number, IBAN), processed via secure third-party payment systems.

  • Cookies and tracking tools: for details, please refer to the [Cookie Policy].

 

3. Purposes of Processing

 

Personal data is processed for the following purposes:

  1. Membership management: to create and manage the professional profile of the osteopath.

  2. Provision of online services: access to the members’ area, profile publication, event management, and communications.

  3. Institutional communications: sending informative emails related to IRO (events, updates, news).

  4. Legal and fiscal obligations: management of registrations and payments.

  5. Security and abuse prevention: monitoring and protection of the website and its users.

 

4. Legal Basis of Processing

 

The processing of data is based on:

  • Consent of the data subject (Art. 6.1.a GDPR) for registration and communications.

  • Performance of a contract (Art. 6.1.b GDPR) for membership and service management.

  • Legal obligations (Art. 6.1.c GDPR) for administrative and fiscal compliance.

  • Legitimate interest of the Controller (Art. 6.1.f GDPR) for site security and abuse prevention.

 

5. Processing Methods

 

Data is processed using electronic and telematic tools, adopting appropriate technical and organizational measures to ensure confidentiality, integrity, and availability.

 

6. Data Retention

 

Personal data will be retained:

  • For the duration of the membership and registration in the register.

  • For legal and fiscal purposes, until the terms set out by law.

  • Until consent is withdrawn for data processed for informative or promotional purposes.

 

7. Data Communication and Disclosure

 

Personal data may be shared with:

  • Authorized collaborators and staff designated by IRO.

  • Technical and administrative service providers (hosting, payment processing, IT services).

  • Competent authorities, where required by law.

Personal data will not be sold or disclosed to third parties for commercial purposes without explicit consent.

 

8. Data Transfer Outside the EU

 

The IRO website may use services (e.g., hosting, newsletters, payment systems) that involve the transfer of data outside the EU. In such cases, Standard Contractual Clauses and adequate safeguards will be implemented to ensure compliance with GDPR.

 

9. Rights of Data Subjects

 

Users have the right to:

  • Access their personal data.

  • Request rectification or deletion.

  • Restrict or object to processing.

  • Request data portability.

  • Withdraw consent at any time.

  • Lodge a complaint with the Supervisory Authority.

Requests may be sent to: lauravoicu.isom@gmail.com

 

10. Cookie Policy

 

For information on the use of cookies and similar technologies, please refer to the dedicated Cookie Policy.

 

11. Changes to This Policy

 

IRO reserves the right to amend this Privacy Policy at any time. Updates will be published on this page with the date of the last revision.

bottom of page