EUVITRO S.L.U., company owner of the website www.cirh.es, only obtains and keeps the following information of the visitors to our website:
- The IP address that gives access to the Internet. This way, we can draw up statistics on the countries and servers that access to our website with most frequency.
- The date and time of access to our website. This allows us to find out at which time the highest number of people access to our website and to make the necessary adjustments to avoid problems of saturation at peak times.
- The number of pages consulted and the length of time that each has been kept open for, as well as the entry and exit pages to and from the website and the route of the clicks carried out. With this information, we can establish the priorities of our visitors and discover the most popular areas in order to improve their content, with the aim of providing the users with results that are more satisfactory.
- The Internet address which contained the link that led to our website. Thanks to this information, we can judge the effectiveness of the different banners and links that redirect users to our server with the aim of maximising those which provide the best results.
The information obtained is totally anonymous, and in no circumstances could be associated to a specific, identified user.
The regulation establishes that, taking into account the state of the art, the costs of application, and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the appropriate technical and organizational measures will be applied in order to guarantee a level of security appropriate to the risk, which, where applicable, includes, among others: i) the pseudonymisation and encryption of personal data; ii) the ability to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services; iii) the ability to restore the availability and access to personal data quickly in the event of a physical or technical incident; iv) a process of regular verification, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the processing security.
In data transmissions over the Internet, it must be ensured that the data is encoded or encrypted to prevent third party access. In this regard, CIRH has arranged all the measures allowed by the available technology as at CIRH we take your security and privacy very seriously. Thus, VERISIGN, leader in security on the Net, certifies that the data contained herein has been encrypted in a secure manner, and that our website is duly authenticated.
Data protection policy
Objective of the processing
The collection and use of personal data, except for the cases described in the following section «data processing to allow access to the web», are only possible if you voluntarily provide us with your personal data. This applies to the following situations and purposes:
Medical treatment («the Treatment»)
The personal data provided in the course of your treatment request (the «Request») will be collected, processed and used in order to manage your request for the subsequent execution of the Contract entered into, and for the purpose of maintaining the contractual relationship, the management, administration, provision, extension and improvement of the services, as well as the sending of technical and operational information related to the Treatment, by any means, including electronic mail and/or equivalent means. In this regard, we hereby inform you that your personal data together with the result of possible user satisfaction surveys will be used to evaluate your opinion and the study of your particular profile, with the sole purpose of improving the services we provide and thus adapt and design our commercial offerings.
For the case of collecting health data, the purpose will be to provide medical services, which according to your express request, are more effectively suited to your personal and health circumstances. Health data will not be released to third parties, except for a legal obligation or the fulfilment of a legitimate interest of the company, a third party or yourself or as part of the treatment chosen. In relation to your health data, in the case of it not being provided, CIRH reserves the right to refuse the corresponding service.
At the time of making the request, you can also upload the personal data of other members. Therefore, we ask that you make sure that this information is provided with the consent of your partners.
Transfer of your personal data
We hereby inform you that we will have to communicate your requisite personal data to the different suppliers of the products and services that are necessary for the implementation of the Treatment object of the contract, who will be obliged to use the data, solely and exclusively, to fulfil the purpose thereof and all this, by virtue of the contracts previously concluded with third parties.
Data retention period upon registration
The personal data provided during the Treatment will be retained while the commercial relationship between the parties is maintained and for a maximum period of time; i) in the case of patients, at least 15 years from the start date of each healthcare process; and ii) in the case of a donor, 30 years after clinical use or expiration of the cells obtained.
Legitimation of treatment
The legal basis for the treatment of your personal data is, in relation to the aforementioned purposes, the implementation of the requested Treatment (Law 14/1986, of April 25, General Health).
Additional purposes to the Treatment
For any other treatment that is not the one mentioned in the previous section, CIRH, at all times, will require your express and unequivocal consent. Thus, for when the further processing of personal data for a purpose other than that for which it was collected is planned, information on that other purpose and any additional pertinent information will be provided prior to said further processing so that the user may give their express and unequivocal consent.
Data processing legitimation
The legal basis for the processing of your personal data, in relation to the aforementioned purposes, is the consent given by the user through the acceptance of the Commercial Communications Policy.
Objectives of processing to allow the use of the website
When you visit any of our websites, we collect the necessary data so that you can access it (usage data). This includes your IP address and data on the start, end and subject of your website use, as well as possibly identification data (for example, your login data if you register in the Secure Private area). This data is used for the provision and design of the service based on the needs of each user and is deleted as soon as it is no longer needed.
- Use profiles with pseudonyms for advertising and market research (monitoring and web analysis)
- Data collection by third party providers/social networks
Our website contains links to social network operators (for example, Facebook, XING, Google Plus, LinkedIn, Twitter, etc.). These social networks are operated exclusively by third parties. If you follow the links, the information can be transmitted to these third parties. In order to know the purpose and scope of the collection of your data by social networks and the subsequent local processing, as well as your rights and the way to protect your privacy, you must find out about the respective privacy policies of the operators themselves.
- Communication of data to third parties
No data will be transferred to third parties unless you have given your express and unequivocal prior consent, or because of a requirement or legal decision or the fulfilment of a legitimate interest of the company, a third party or yourself. Nevertheless, your data may be communicated to other entities of the corporate group to which CIRH belongs for the correct execution of the purposes described in the section on Purpose of collection, processing and use of personal data of this policy.
Exercise of rights of access, rectification, cancellation and opposition
We hereby inform you that you have the right, free of charge and to the extent that the legal requirements are met, to obtain confirmation as to whether or not we process personal information about you at CIRH. As an interested person you have the right to access your personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. Likewise, you may request the limitation of the processing of your data, in which case we will only retain it for the exercise or defence of claims or for compelling legitimate reasons.
In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. CIRH will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
In all communications whose purpose is the sending of advertising you may exercise your right of opposition. To the extent that you have granted the data protection consent, you may at any time, with effect for the future, revoke it.
To exercise these rights you can write to CIRH using the reference «GDPR Rights», to CIRH, Patient Care Department, Plza. Eguilaz, 14 08017 Barcelona or by email to the CIRH DPO (firstname.lastname@example.org) by attaching a copy of an official identification document or by directed email.
Claims before the data protection authority
The user can direct their claims arising from the processing of their personal data before the Spanish Agency for Data Protection (www.agpd.es).
Commercial communications policy
Eugin Clinic’s communications policy
- Sending of commercial communications. Sending commercial communications, whether on paper or by electronic or telematic means, and direct contact regarding the services which, at any given time, CIRH commercialises.
- Other commercial mailings. CIRH may process the personal data you have provided (such as contact information and personal details, for instance your date of birth or hobbies) in order to send selected information about its services, to carry out market research or for other regular marketing communications. (such as announcements of events and/or fairs).
- Retention period. The incorporated data will be cancelled at the moment in which a user requests to cancel this data for said purpose.
- Data Processing legitimation. The legal basis for the processing of your personal data in relation to the aforementioned purposes is the consent given by the user through the acceptance of these general conditions, which will be applicable based on the consents expressly granted to CIRH related to the previous points.
- Exercise of rights by the user. The user has the right to access their personal data, as well as to request the rectification of inaccurate data or to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. The user will be able to access their information, rectify it, request cancellation or oppose its processing, as well as withdraw consent at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal by writing to email@example.com.
- Claims before the data protection authority. The user can direct their claims arising from the processing of their personal data to the Spanish Agency for Data Protection (www.agpd.es).