National Institute of Public Health (INSP)

1. General Provisions

This Cookie Policy (“the Policy”) establishes the legal framework applicable to the use of cookies and similar technologies on the websites and digital platforms administered by the National Institute of Public Health (hereinafter referred to as “INSP” or “the Controller”).

The purpose of this Policy is to inform users about:

– the nature of the cookies used;
– the purposes of their processing;
– the storage duration;
– users’ rights and the methods available to control cookies.

This Policy is drafted in accordance with:

– Regulation (EU) 2016/679 (“GDPR”);
– Directive 2002/58/EC (ePrivacy Directive);
– Law No. 506/2004;
– applicable national and European legislation in the field of data protection and information security.

2. Definition of Cookies

Cookies are small text files stored on the user’s device (computer, tablet, smartphone) when accessing the INSP website. They enable device recognition and contribute to the secure, efficient, and optimized functioning of the platform.

The Cookies:

– do not contain malicious software;
– cannot access data stored on the user’s device;
– do not store medical data or sensitive health information.

3. Purpose of Using Cookies

INSP uses cookies exclusively for legitimate, specific, and proportionate purposes, namely:

– ensuring the proper functioning of the platform;
– securing user access;
– protecting IT infrastructure;
– improving user experience;
– analyzing platform usage for statistical purposes.

4. Categories of Cookies Used

4.1 Strictly Necessary (Essential) Cookies

These cookies are indispensable for the functioning of the platform and cannot be disabled.

They are used for:

– managing user sessions;
– secure authentication;
– implementing role-based access control;
– applying security mechanisms (including multi-factor authentication – MFA);
– preventing unauthorized access;
– protecting the confidentiality, integrity, and availability of processed or transmitted information.

Legal basis:
Article 6(1)(c) and (f) GDPR – legal obligation and legitimate interest regarding IT system security.

4.2 Functional Cookies

These cookies allow the storage of user preferences (e.g., language, display settings), facilitating efficient website use.

They are used only with the user’s consent.

Legal basis:
Article 6(1)(a) GDPR – consent.

4.3 Analytics and Performance Cookies

INSP may use analytics cookies to collect aggregated or anonymized statistical data regarding:

– how the platform is used;
– pages accessed;
– session duration;
– identification of technical errors.

The data are used exclusively to optimize platform performance and security.

Legal basis:
User consent.

4.4 Security Cookies

The platform uses security-dedicated cookies for:

– monitoring transactions;
– detecting unauthorized activities;
– preventing cyberattacks;
– ensuring traceability of access and operations performed within the system.

These cookies do not contain medical data and do not allow direct identification of individuals.

5. Cookies and Personal Data

Through cookies, technical personal data may be processed (e.g., IP address, online identifiers).

INSP guarantees that:

– it does not collect medical data through cookies;
– it does not use cookies for profiling;
– it complies with the principles of data minimization, lawfulness, and proportionality.

6. Third-Party Cookies

In certain cases, INSP websites may use cookies provided by third parties (e.g., traffic analytics services). These providers are required to comply with applicable data protection legislation.

INSP does not directly control cookies placed by third parties but ensures that their use complies with legal requirements.

7. Storage Duration

Cookies may be:

– session cookies, automatically deleted when the browser is closed;
– persistent cookies, stored for a limited period strictly necessary for their purpose.

The storage duration is determined in accordance with the principle of storage limitation.

8. User Management of Cookies

Users may:

– accept or refuse non-essential cookies through the consent mechanism;
– modify browser settings to block or delete cookies.

Disabling strictly necessary cookies may affect the proper functioning of the platform.

9. Consent

Consent for the use of non-essential cookies is explicitly requested upon first access to the website. It may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

10. Information Security

INSP implements appropriate technical and organizational measures to:

– secure electronic communications;
– protect data against unauthorized access;
– ensure the integrity of transmitted messages;
– prevent accidental loss or alteration of information.

All communications are carried out through advanced encryption protocols compliant with applicable standards.

11. Policy Amendments

INSP reserves the right to update this Policy whenever necessary. The updated version will be published on the website and shall take effect from the date of publication.

12. Contact Details

For additional information regarding the use of cookies, users may contact:

National Institute of Public Health
Address: Str. Dr. Leonte Anastasievici No. 1–3, District 5, Postal Code 050463, Bucharest, Romania
Secretariat telephone: +40 213 183 620, +40 213 183 619
Fax: +40 213 123 426
E-mail: directie.generala@insp.gov.ro