PRIVACY POLICY: MEDIKTOR
Version 2.0, 26 June 2024
The following is the Privacy Policy ("Privacy Policy" or "Policy") governing the processing of personal data carried out through [PLATFORM_NAME] ("the Platform"), under the ownership of [SERVICE_PROVIDER_NAME] (hereinafter "[SERVICE_PROVIDER_NAME]" or "we" or "us").
PLEASE TAKE A FEW MINUTES TO READ OUR PRIVACY POLICY. IT WON'T TAKE LONG. WE WANT TO EXPLAIN IN A SIMPLE, CLEAR AND TRANSPARENT WAY HOW WE HANDLE AND PROTECT PERSONAL INFORMATION AND THE RIGHTS ASSOCIATED WITH IT. THE SECURITY OF YOUR PERSONAL INFORMATION IS FUNDAMENTAL TO [SERVICE_PROVIDER_NAME] AND WE TAKE YOUR PRIVACY VERY SERIOUSLY.
1.- TO WHOM IS THIS POLICY ADDRESSED AND APPLIED?
2.- IF YOU BROWSE OR USE OUR PLATFORM, WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?
3.- WHO IS THE DATA PROTECTION OFFICER (DPD) OF ?
4.- DATA PROCESSING CARRIED OUT THROUGH THE PLATFORM
5.- WHAT ARE THE CONSEQUENCES OF NOT PROVIDING US WITH THE DATA?
6.- DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?
7.- IS PERSONAL DATA TRANSFERRED INTERNATIONALLY?
8.- WHAT RIGHTS DO USERS HAVE, WHAT DO THEY MEAN AND HOW CAN THEY EXERCISE THEM?
9.- ARE SECURITY AND PERSONAL DATA PROTECTION MEASURES IN PLACE?
10.- VALIDITY AND MODIFICATION OF THE PRIVACY POLICY
1.- TO WHOM IS THIS POLICY ADDRESSED AND APPLIED?
This policy applies to all users of the Platform, whether or not they are customers of [SERVICE_PROVIDER_NAME] (hereinafter, indistinctly, "the user" or "the users") who are considered natural persons. By personal data, we mean any information about an identified or identifiable natural person.
2.- IF YOU BROWSE OR USE OUR PLATFORM, WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?
We are responsible for the processing of personal data:
| Full name of the organisation | [SERVICE_PROVIDER_NAME] |
| Registered office | [SERVICE_PROVIDER_ADDRESS] |
| CIF | [SERVICE_PROVIDER_ID] |
| Contact telephone number(s) | [SERVICE_PROVIDER_PHONE] |
| Contact e-mail (general) | [SERVICE_PROVIDER_EMAIL] |
3.- WHO IS THE DATA PROTECTION OFFICER (DPO) OF [SERVICE_PROVIDER_NAME] ?
[SERVICE_PROVIDER_NAME] has appointed a DATA PROTECTION DELEGATE (DPO), whom users, if they so wish, may contact regarding all matters relating to the processing of their personal data and for the exercise of their rights under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR). You can contact our DPD via the following contact details:
Postal address: [DPD_ADDRESS].
Contact e-mail: [DPD_EMAIL].
4.- DATA PROCESSING CARRIED OUT THROUGH THE PLATFORM
|
Purposes of treatment |
Additional information |
Data categories |
Legal basis |
Conservation period |
|
Navigating the Platform |
Enabling access to information and content.
In addition, if you access the Platform, we will process the browsing data for analytical, advertising and statistical purposes, provided that the corresponding cookies have been accepted in accordance with the Cookie Policy provided for this purpose, and you may configure your preferences regarding the processing of personal data at any time. |
Platform browsing data (web browsing data supported by cookies, web pages visited, connection time, IP address, information about the user's computer or mobile phone, etc.). |
Consent (in the case of accepting or authorising the use of cookies that so require).
The satisfaction of the legitimate interest, own or third party, associated with the adequate technical usability, management, maintenance, development and evolution of the Platform, tools, network and associated information systems. |
The data will be kept for the essential and necessary time to enable the correct navigation and use of our platform and content .
With regard to the data associated with the browsing profile, in relation to the analytical cookies that have been accepted, you must comply with the section relating to the temporality of the same (see Cookie Policy). |
|
Management and control of user profile data |
||||
|
Assessing symptoms |
Using the symptom evaluator available on the Platform, after a short questionnaire, the symptom evaluator displays a list of diseases related to the information the user has provided about his or her physical and health status.
There is also the possibility to evaluate symptoms anonymously, i.e. without having to register as a user. |
Sex, date of birth, height, weight, ethnicity, allergy information, risk factors, medical history, surgical history and medications taken regularly. |
Explicit consent. |
If the user does not register, their data will not be retained. In the event that the user accesses the symptom evaluator after having registered, their data will be retained for as long as they remain registered on the Platform and do not exercise their right of deletion. |
|
Geolocation |
Subject to your consent, [SERVICE_PROVIDER_NAME] will collect data relating to your location, including geographical location, in order to be able to assess your symptoms in the required detail. |
Location-related data, including the real-time geographic location of the computer or mobile device you are using. |
Consent |
For the time strictly necessary for the fulfilment of the purpose for which the data are collected and, in any case, until you remain registered on the Platform and do not exercise your right of deletion. |
Where the legitimate basis for the processing of personal data is the user's consent, we remind the user that he/she has the right to revoke this consent at any time simply and free of charge by writing to [DPO_EMAIL].
With regard to the retention period, in general, when the personal data are no longer necessary for the purposes for which they were collected, they will be blocked, remaining available only to the competent authorities for the possible purge of legal responsibilities during the processing thereof, always in accordance with the applicable regulations, and may not be used for purposes other than these. Once the corresponding legal deadlines have elapsed in the event of blocking, the data will be deleted in accordance with the applicable regulations, and may also, if applicable, be securely anonymised by [SERVICE_PROVIDER_NAME] (anonymised/non-personal data).
With regard to the processing of anonymous data, i.e. data from which the user cannot be identified, we inform you that they may be used for statistical and/or medical purposes only.
You are also informed that under no circumstances will [SERVICE_PROVIDER_NAME] use your personal data for purposes other than those mentioned above, unless we have informed you in advance and given you a reasonable period of time to allow you to object to such processing.
5.- WHAT ARE THE CONSEQUENCES OF NOT PROVIDING US WITH THE DATA?
We endeavour to request or apply the minimum and essential data necessary to carry out the processing of personal data that we carry out in the development of our services. All of this, in accordance with the principles contained in the applicable regulations.
However, failure to provide personal data may make it impossible for the user to access certain content or services (for example, if the data necessary to assess symptoms are not provided, it will not be possible to carry out the assessment).
In all cases, the information and personal data provided by the user, where applicable, must have the following characteristics
- Sufficient, but narrow, limited and proportionate to the legitimate purposes of the processing reported in each case, with the utmost respect for the principles of purpose limitation and minimisation of personal data.
- Accurate, up-to-date and truthful, in order to be able to adequately verify the identity, capacity and, where appropriate, representation, as well as to be able to adjust, in each case, the data processing carried out. All of this in accordance with the principle of accuracy of personal data.
In all cases, users shall be fully responsible for the personal data and information they provide to [SERVICE_PROVIDER_NAME] within the framework of the Platform.
6.- DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?
In general, we do not share data with third parties. However, personal data may be communicated to public administrations in the cases provided for by law; to state security forces and agencies; and to courts and tribunals for the following purposes:
- Enforce or apply the General Terms and Conditions of Use.
- Protect the rights, property or safety of [SERVICE_PROVIDER_NAME] its users and/or third parties.
- Fraud protection and credit risk reduction.
- Respond to requests for information relating to criminal investigations and alleged illegal activities.
In addition, the data may also be communicated to those collaborating entities that act as data processors for the purposes detailed below:
|
Processor |
Purpose of data processing |
|
XXXX |
YYYYY |
These personal data processors will only process the data to the extent strictly necessary for the provision of the services contracted with them. Such processors operate under a service contract under the terms, conditions and guarantees contained in article 28 of the GDPR, with [SERVICE_PROVIDER_NAME] carrying out the corresponding controls, inspections and audits in this area to verify that such processors strictly comply with the contracts entered into for this purpose and the applicable regulations. Any information provided directly by users to such suppliers, outside the control of [SERVICE_PROVIDER_NAME], is not covered by this Policy.
Similarly, data will be shared with Google Analytics, Google Tag Manager or Amazon for advertising or metric purposes in relation to the use of the Platform, in line with our Cookie Policy.
7.- IS PERSONAL DATA TRANSFERRED INTERNATIONALLY?
We inform you that, in general, international transfers of personal data are not envisaged, the necessary measures and guarantees being adopted by [SERVICE_PROVIDER_NAME] in this area in accordance with current personal data protection regulations.
In the event that in the future any of our suppliers is located outside the European Economic Area and the transfer of personal data to such third country becomes necessary, [SERVICE_PROVIDER_NAME] will review the EU Commission's decisions regarding which countries have an adequate level of protection for personal data before making any transfer and will only transfer personal data to such countries. Otherwise, [SERVICE_PROVIDER_NAME] will enter into standard contractual clauses with the provider to implement appropriate technical and organisational measures to ensure that the processing of the data will comply with the requirement of the GDPR and ensure the protection of users' rights.
Likewise, without prejudice to the foregoing, our cookies policy provides information on the use of cookies by third parties that may carry out international transfers of personal data. You can consult the privacy information of third parties that serve cookies on this Platform, through our Cookie Policy.
8.- WHAT RIGHTS DO USERS HAVE, WHAT DO THEY MEAN AND HOW CAN THEY EXERCISE THEM?
The user may exercise the rights of access, rectification, deletion, portability, limitation of processing and opposition by letter addressed to the registered office of the company (Calle Sant Antoni Maria Claret 167, 08025 Barcelona, Spain), or by e-mail addressed to [DPO_EMAIL], enclosing, if necessary to prove identification, a copy of the national identity card or equivalent identification document (passport, N.I.E., etc.).
We also inform you that if you do not consider that your personal rights have been duly respected, you may lodge a complaint with the competent supervisory authority.
In any case, we recommend that users contact us, and especially the DPO of [SERVICE_PROVIDER_NAME] ([DPD_EMAIL]), before lodging any complaint or claim with the competent supervisory authority, in order to analyse the specific situation in question and, if necessary, seek an effective and amicable solution.
9.- ARE SECURITY AND PERSONAL DATA PROTECTION MEASURES IN PLACE?
We are committed to protecting the personal information of our users and customers by applying the most stringent security measures commensurate with the level of risk presented by the data processing. Taking into account the nature, scope, context and stated purposes of the processing, as well as the risks of varying likelihood and severity to rights and freedoms. [SERVICE_PROVIDER_NAME] implements (and will implement) appropriate technical and organisational measures to ensure appropriate security and protection of personal data in accordance with privacy by design and by default criteria, as well as applying a system approach to concurrent risk which will be reviewed and updated by [SERVICE_PROVIDER_NAME] as necessary. The use of the Hyper Text Transfer Protocol (HTTPS) on our Platform is an enhanced guarantee for the security of personal data.
These measures are regularly reviewed and updated to ensure their effectiveness and adequacy to the changing threat environment, guaranteeing maximum protection of the personal data we manage and always respecting the principles of confidentiality, integrity and availability of information.
Without prejudice to the foregoing, it is the responsibility of the users to duly safeguard the keys and passwords that they provide for their access as registered users of the Platform, preventing their misuse by third parties. [SERVICE_PROVIDER_NAME] shall not be held responsible for any misuse of the access keys and passwords by users.
10.- VALIDITY AND MODIFICATION OF THE PRIVACY POLICY
This policy is effective as of 9 July 2024. It is version 2.0.
[SERVICE_PROVIDER_NAME] reserves the right to modify this policy in order to adapt it to future legislative, doctrinal or jurisprudential developments that may be applicable, or for technical, operational, commercial, corporate and business reasons, giving prior and reasonable notice of the changes that may occur whenever possible. In any case, it is recommended that, each time the user accesses this Platform, he/she should read this policy in detail, as any modification will be published through the same.