Last updated: March 2026
IDAVA Global is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.
This policy applies to all personal data collected through our website (idava.global), our job application portal, our customer portal (for iStoma/iClinic clinic accounts), and our doctor collaboration portal, in compliance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and applicable Romanian data protection law.
This policy applies to the following categories of users:
The data controller responsible for your personal data is:
IDAVA Solutions SRLWhen you browse our website, we may collect:
If you submit a message through our contact form, we also collect your name, email address, and the content of your message.
When you apply for a position through our recruitment portal, we collect:
When a clinic accesses the Customer Portal, we process:
When a doctor accesses the Doctor Portal, we process:
We use the following types of cookies and session technologies:
| Name | Type | Purpose | Duration |
|---|---|---|---|
ASP.NET_SessionId |
Session | Maintains server-side session state for the current browsing session | Session (closes with browser) |
cp_type |
Persistent — Authentication | Stores the account type (clinic or doctor) for the "Keep me signed in" feature | 1 year |
cp_id |
Persistent — Authentication | Stores the account identifier for automatic re-authentication | 1 year |
cp_token |
Persistent — Authentication | Stores a hashed authentication token for automatic re-authentication | 1 year |
cp_consent |
Functional | Records your cookie consent preference | 1 year |
The persistent authentication cookies (cp_type, cp_id, cp_token)
are only set when you explicitly check the "Keep me signed in" option at login.
They are marked HttpOnly and Secure, meaning they cannot be accessed via JavaScript
and are only transmitted over encrypted HTTPS connections. They are deleted immediately upon logout.
We do not use advertising cookies, cross-site tracking cookies, or sell any cookie data to third parties.
Our login pages use Google reCAPTCHA v2 to protect against automated abuse. When you interact with reCAPTCHA, Google may collect your IP address and behavioral data. This is subject to Google's Privacy Policy.
| Purpose | Applies To | Legal Basis |
|---|---|---|
| Processing and evaluating job applications | Applicants | Legitimate interest / Pre-contractual steps |
| Email verification during application | Applicants | Legitimate interest |
| Storing candidate profiles in our internal CRM | Applicants | Legitimate interest |
| Communicating about application status | Applicants | Legitimate interest / Consent |
| Preventing duplicate applications within 12 months | Applicants | Legitimate interest |
| Onboarding document collection for accepted candidates | Accepted Applicants | Pre-contractual / Contractual steps |
| Authentication and session management (Customer Portal) | Clinic Customers | Contract performance |
| Displaying financial statements, invoices and subscription status | Clinic Customers | Contract performance |
| Processing online payments via Netopia | Clinic Customers | Contract performance |
| Desktop auto-login via temporary token | Clinic Customers | Contract performance / Legitimate interest |
| Authentication and session management (Doctor Portal) | Collaborating Doctors | Contract performance / Legitimate interest |
| Displaying prescriptions and clinic associations | Collaborating Doctors | Contract performance |
| Generating prescription PDFs | Collaborating Doctors | Contract performance / Legal obligation |
| Responding to contact form messages | Visitors | Legitimate interest / Consent |
| Fraud prevention via reCAPTCHA | All authenticated users | Legitimate interest |
We do not use your data for marketing purposes, and we do not sell your data to any third party.
You may request deletion of your data at any time (see Section 8), subject to applicable legal retention obligations.
Your personal data is processed internally and stored in our secure systems. We share data with the following third-party processors only to the extent necessary to deliver our services:
| Processor | Purpose | Applies To |
|---|---|---|
| iClinic CRM (crm.iclinic.ro) | Central CRM for storing and managing candidate profiles, clinic accounts, doctor accounts, invoices, prescriptions, and all portal-related data | All authenticated users |
| Netopia Payments | Processing online card payments for clinic subscriptions | Clinic Customers |
| Google reCAPTCHA | Bot and abuse prevention on login and registration forms | All authenticated users |
| WhatsApp (Meta) | Automated recruitment conversations via WhatsApp bot | Applicants (WhatsApp channel) |
| Telegram | Automated recruitment conversations via Telegram bot | Applicants (Telegram channel) |
| Email service provider | Delivery of PIN verification emails during application and doctor registration | Applicants, Doctors |
All third-party processors act under appropriate data processing agreements and are required to maintain appropriate technical and organizational security measures. We do not share your data with any third party for advertising or marketing purposes.
We may also disclose your data where required by law, such as in response to a valid legal request from competent Romanian or EU authorities.
We implement appropriate technical and organizational measures to protect your personal data, including:
HttpOnly and Secure, inaccessible to JavaScriptIn the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (ANSPDCP) within 72 hours and, where required, affected individuals without undue delay.
As a data subject under GDPR, you have the following rights:
To exercise any of these rights, contact us at: hi@idava.global
We will respond to your request within 30 days. In complex cases this may be extended by a further 2 months, with notification.
We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests, but may charge a reasonable fee or refuse manifestly unfounded or excessive requests.
Your data is processed primarily within the European Union. Where data is transferred outside the EU/EEA (for example, through Google reCAPTCHA or WhatsApp/Meta), such transfers are carried out under appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions where applicable.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian data protection authority:
ANSPDCP — Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter PersonalYou also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.
We may update this Privacy Policy from time to time to reflect changes in our processing activities, applicable law, or operational practices. The updated version will be indicated by a revised "Last updated" date at the top of this page.
For significant changes that affect your rights or how we process your data, we will make reasonable efforts to notify you directly (for example, by email where we hold your address) before the changes take effect. We encourage you to review this policy periodically.
For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact:
IDAVA Solutions SRLBy clicking "Accept all cookies", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.