Last updated: 20/04/2022
Mediclinics, S.A. (hereinafter, “Mediclinics”) with N.I.F. A-08359994 and address in Calle Industria, n.º 54 – 08025 Barcelona, duly registered in the Mercantile Registry of Barcelona in Book 2018, Page 28126, Volume 2639 and Sheet 44 declares that it is the owner of the website https://www.mediclinics.com/ (hereinafter, the “Web”), in accordance with the obligations provided for in the Law 34/2002, of July 11th, on services of the information society and electronic commerce (hereinafter, the “LSSICE”).
DATA PROTECTION BASIC INFORMATION
|Data Controller||Mediclinics, S.A.|
|Purpose of the processing||To manage the provision of the services and accessory services.|
|Respond to requests, quotation and queries raised though the Contact form enabled for this purpose on the Web.|
|Sending commercial communications of the activities, services, promotions, publicity, news, newsletter and other information about the products and services of Mediclinics by electronic media; and management of the CRM.|
|Legal basis||The processing of your data may be based on the performance of a contract; consent and/or a legal obligation.|
|Recipients||Data will not be transferred to third parties or other entities of the Mediclinics Group, unless it is based on your consent or on the performance of the contract.|
|Rights||Access, rectification, erasure, opposition, restriction of processing, data portability, not to be the subject of automated individual decisions and to revoke the given consent. You may also file a complaint before the Spanish Data Protection Agency, if you deem it appropriate.|
|Additional information||Detailed information on data protection can be found below.|
ADDITIONAL INFORMATION REGARDING DATA PROCESSING
1. Identity and contact details of the Data Controller
Under the terms of the applicable data protection regulations and, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”), and the Organic Law 3/2018, of December 5th, on the Protection of Personal Data and the guarantee of digital rights (hereinafter, the “LOPDGDD”), the Data Controller is:
|Data Controller||Mediclinics, S.A.|
|Domicile||Calle Industria, nº 54 – 08025 Barcelona|
|Telephone||(+34) 934 464 700|
2. Compliance with applicable regulations
Mediclinics has adapted the Web to the GDPR and the LOPDGDD. To this end, it has put into practice those policies, means and technical and organizational procedures to guarantee and protect the confidentiality, integrity and availability of your personal data.
The transmission of data by the user of Mediclinics services through the Web (hereinafter, the “User”), is carried out voluntarily and being informed prior to the processing of its uses and purposes
3. Principles we apply to your personal data
The data supplied to Mediclinics by different means, online or offline contact forms or any other procedure used for the collection of your data, will be carried out in accord with current data protection regulations, and with the unique purpose of providing the service that has been informed.
In the processing of your personal data, we apply the following principles that comply with the requirements of the GDPR:
- Principle of legality, loyalty and transparency: We will always have a legal basis for the processing of your personal data for one or more specific purposes that we will inform you in advance with absolute transparency. Mediclinics informs you that it only collects that information necessary to achieve the purpose of the treatment, and it will only process the data you have provided for the purpose(s) for which you were informed.
- Principle of data minimization: We will only ask you for the strictly necessary data in relation to the purposes reported.
- Principle of limitation of the retention period: Personal data will be kept for the time strictly necessary until the purpose for which they were collected ends, and as long as the cause that legitimized the processing of these personal data is maintained. Once the cause that legitimized the processing has ended, the personal data will be kept duly blocked during the limitation period of the actions that may arise from the relationship between the parties and/or the legally stipulated retention periods.
- Principle of integrity: Your data will be processed in such a way as to ensure adequate security of personal data and guarantee confidentiality. You should know that we take all necessary precautions to prevent unauthorized access or abuse of data by third parties.
- Principle of confidentiality: Mediclinics, in its capacity as Data Controller, guarantees confidentiality in the processing of all the personal data of the User to which it has access. The Data Controller, like any other person who intervenes in any phase of the processing, is subject to the strictest professional secrecy, with a special commitment to adopt the levels of protection and the necessary measures, both technical and organizational, to guarantee the security of personal data and prevent its alteration, abuse, loss, theft, treatment or unauthorized access.
- Principle of data accuracy: All information that the User provides to Mediclinics must be truthful, and will be the responsible for any false or inaccurate statements he makes and for the damages he causes to Mediclinics or third parties.
Mediclinics reserves the right to exclude from the services any User who has provided false data, without prejudice to other legal actions that may apply.
4. Processing of personal data
4.1. Collection and processing of personal data
By providing us with your data through the Web, online or offline forms or by any other means, the User guarantees that these are true, exact, complete and up-to-date, being responsible for any damage, direct or indirect, that may be caused as a result of the breach of such obligation.
In the event that you provide Mediclinics with third-party data, the User must have their consent and undertake to transfer the information contained in this clause to them, exempting Mediclinics from any responsibility in this regard. However, Mediclinics may carry out the actions to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.
4.2. Purposes of the processing
The purposes of the processing carried out by Mediclinics of the User’s personal data are:
|Data processing||Purpose of the processing||Legal basis||Retention period|
|Provision of services||To manage the provision of the services and accessory services.||Performance of a contract||6 years after the resolution of the commercial relationship|
|Resolution of queries||Respond to requests, quotation and queries raised though the Contact form enabled for this purpose on the Web.||Performance of a contract or consent of the data subject||12 months after the queries resolution.|
|Subscription to commercial and/or promotional communications||Sending commercial communications of the activities, services, promotions, publicity, news, newsletter and other information about the products and services of Mediclinics by electronic media; and management of the CRM.||Consent of the data subject||Revocation of the consent of the data subject|
4.3. Data category
In accordance with the aforementioned purposes, Mediclinics collects and processes the following categories of data from Users:
- Contact data: Name, surname, address, email and phone number.
- Also, through cookies we collect certain information related to the User’s navigation. To obtain more information about the uses of the cookies, you can consult our Cookies Policy.
Regarding the queries made using the form available in the “CONTACT” section, it is allowed to briefly explain the reason of the query. Keep in mind that personal inquiries cannot be answered there, except those strictly established by current legislation. Under no circumstances will the User communicate special categories of data (such as, for example, health data, religion, etc.). In case of doing so, the User exempts Mediclinics from total responsibility. In the event that queries or inappropriate content are sent, Mediclinics will proceed to its elimination.
5. Processing of data by third parties and transfer
Depending on the purposes for which personal data is collected, your personal data may be processed by:
- Authorised Mediclinics personel, its representatives acting on their behalf, or entities of the group such as Labclinics, S. A, where applicable, subject to the applicable data protection regulations.
- Administrations, Authorities and Public Bodies, including Courts and Tribunals, when required by applicable regulations.
- Third party providers of external services that Mediclinics hires and that have the status of data processor [IT service providers, hosting servers, maintenance of database support, software and applications]. All this only after carrying out the necessary measures to ensure that we can share such information in compliance with data protection regulations.
If there is a sale, a merger, consolidation, change in corporate control, substantial transfer of assets, reorganization or liquidation of Mediclinics, then, at our discretion, we may transfer, sell or assign the information collected on the Web to one or more relevant parties.
6. Security measures
Mediclinics adopts the security levels required by the GDPR appropriate to the nature of the data that is being always processed for its activity. In this sense, it uses encryption techniques that do not allow a third party to trace the identity of the User who interacts with our services. Likewise, it may also carry out secure anonymization techniques for the personal data it processes to carry out its activity. However, technical security in a medium such as the Internet is not impregnable and there may be malicious actions by third parties, although Mediclinics uses all the means at its disposal to avoid such actions.
7. International data transfer
We do not transfer the User’s personal data to third parties outside the European Economic Area. In the case of international data transfers, we will carry out the appropriate technical and organizational measures to guarantee data security.
8. Rights of the data subjects
In accordance with the GDPR and the LOPDGDD, Users can exercise the following rights:
- Right to access: The User may ask Mediclinics if it is processing their data and, if so, access them.
- Right to rectification: The User may request the rectification of the data if they are inaccurate or incomplete.
- Right to request the deletion of your data, when it is possible. In any case, at the time the User exercises this right, all personal data linked to their account, as well as the information and content that are included in their profile will be unsubscribed and will remain blocked until the end of the established legal term. Likewise, in the event that the User exercises the right to erasure the data necessary for Mediclinics to be able to provide the services of the Web, Mediclinics will be obliged to finish its relationship with the User, proceeding to cancel it, without right to any claim.
- Right to request the limitation of your processing: In this case, we will only keep them for the exercise or defence of claims.
- Right to object to processing: Mediclinics will stop processing personal data, with the exception that they must continue to be processed for reasons of compelling legitimate interest or for the exercise or defence of possible claims.
- Right to data portability: If the User wants their data to be processed by another data controller, Mediclinics will facilitate the transfer of their data to the new controller in the event that both have the necessary technical means to it.
- Right not to be the subject of a decision based only on the automated processing of your personal data.
- Right to revoke consent: If the User had granted consent for any specific purpose, he may withdraw it whenever he wishes, without affecting the legality of the processing based on the previous consent to its withdrawal.
- Right to file a claim to the Spanish Data Protection Agency: If you consider that Mediclinics has committed an infringement of data protection legislation regarding the processing of your personal data, you can file a claim to the Spanish Data Protection Agency (hereinafter the “AEPD”) (https://www.aepd.es/es)
To exercise your rights, you can use the models and forms available on the official page of the AEPD (https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos), and send a communication to the domicile of Mediclinics or by email to the address firstname.lastname@example.org, REF: “Data Protection”.
9. User consent
The User undertakes to hold Mediclinics harmless from any possible claim, fine or sanction that it may be obliged to bear as a result of the User’s breach of the duty described in this paragraph.
11. Applicable law
The privacy of all the information provided, both by the User through the different personal data request forms, and that accessible through the Web, is regulated by current data protection regulations, especially by the GDPR and the LOPDGDD.
Those Users who do not wish to activate cookies or want to be informed before they are stored on their devices, can configure their own device for this purpose. For more information, you can consult our Cookies Policy.