Clínica Vitalium in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as with Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, in its capacity as Data Controller of the personal data provided, provides you with the following information:
1. Data Controller
- Responsible: Clínica Vitalium
- Address: Pº Bonanova 88 CP08017, Barcelona
- E-mail: firstname.lastname@example.org
2. Appointment Request Form
On our website there is a form that Users can fill out for the purpose of making an appointment. available that can be used to contact us electronically. If a user uses this option, we will receive and store the data entered in the data entry screen:
- Name and surname
- E-mail address
Purpose of treatment
- Management of the appointment request.
- To keep Users informed of Clínica Vitalium's products and/or services, via e-mail or equivalent electronic means of communication, provided that the User has given his/her consent by checking the corresponding box.
- You may also request an appointment through WhatsApp, with registered office and servers located in the USA. It is also reported that WhatsApp Inc, has the standard contractual clauses that allow international transfers with the guarantees established in the RGPD.
- The basis that legitimizes the processing of personal data is the consent given by the person concerned through the acceptance box provided for this purpose, under Article 6.1.a) of the RGPD.
- If the purpose of the e-mail contact is to formalize a contractual relationship, then the legal basis for the processing is for the performance of contractual obligations, pursuant to Article 6(1)(b) of the GDPR.
- The legal basis for the processing of data for the sending of communications is the prior and express consent given by the User by ticking the corresponding box, in accordance with the provisions of art. 21 of the LSSI-CE.
The data will not be kept longer than necessary for the purpose for which they have been collected, unless there is a legal obligation.
3. Rights of the interested party
When your personal data is processed by the Usurio, you are a data subject within the meaning of the GDPR and, as such, you have the following rights vis-à-vis the data controller:
6.1 Right of access
You can ask the controller to confirm whether your personal data is processed by him/her.
If your data is being processed you can request information from the data controller about:
- the purpose of the processing of personal data;
- the categories of personal data that will be processed;
- the recipients or categories of recipients to whom your personal data has been or will be disclosed;
- the period for which the personal data will be kept or, when this is not possible, the criteria used to determine this period;
- the existence of the right to rectification or erasure of personal data concerning him/her, of the right to limit the processing by the controller or of the right to object to such processing;
- the existence of the right to file a complaint with a supervisory authority;
- all available information on the origin of the data when the personal data have not been obtained from the data subject;
- the existence of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) of the GDPR and, at least in such cases, meaningful information on the logic applied, as well as the significance and expected effects of such processing on the data subject.
You have the right to request information on whether your personal data has been transferred to a third country or to an international organization. In this context, you can request to be informed under Article 46 of the GDPR concerning the transfer of data.
6.2 Right of rectification
If the personal data concerning you is inaccurate or incomplete, you have the right to rectify or complete it with the data controller. The data controller will rectify it without delay.
Right to limitation of processing
The User may request the limitation of the processing of his/her personal data when any of the following conditions are met:
- If you contest the accuracy of your personal data within a period of time that allows the data controller to verify the accuracy of the data;
- That the processing is unlawful and the User opposes the deletion of the personal data and requests instead the limitation of its use;
- The controller no longer needs the personal data for the purposes of the processing, but the User needs them to formulate, exercise or defend claims;
- If the User has objected to the processing pursuant to art. 21, para. 1 of the RGPD, while it is being verified whether the legitimate reasons of the data controller prevail over its own.
Where the processing of personal data has been restricted, with the exception of their retention, such data may only be processed with your consent or for the purpose of making, exercising or defending claims or protecting the rights of another natural or legal person or for reasons of substantial public interest of the European Union or a Member State.
If the processing has been limited in accordance with the above conditions, you will be informed by the data controller before the limitation is terminated.
6.3 Right to suppression
You may request the controller to immediately delete your personal data and the controller is obliged to delete this data without delay in any of the following circumstances:
- That the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- If the User revokes his or her consent, on which the data processing was based pursuant to Art. 6 para. 1 sentence 1 letter a) or Art. 9 para. 2 letter a) GDPR, and there is no other legal basis for the processing.
- If the User objects pursuant to Art. 21, para. 1 GDPR to the processing and there are no compelling legitimate grounds for the processing or objects to the processing pursuant to Art. 21, para. 2 GDPR.
- That your personal data has been unlawfully processed.
- Personal data must be deleted in order to comply with a legal obligation under European Union law or the law of the Member States to which the controller is subject.
- That your personal data have been obtained in connection with the provision of information society services offered in accordance with art. 8, para. 1 of the GDPR.
If the Data Controller has made its personal data public and is obliged to delete such personal data pursuant to Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account available technology and implementation costs to inform the data controllers of the personal data that the User, as a data subject, has requested the deletion of all links to this personal data or copies or replicas of this personal data.
6.4 The right of erasure shall not exist insofar as the processing is necessary
- To exercise freedom of expression and information;
- to comply with a legal obligation requiring the processing of data required by European Union or Member State law to which the controller is subject or in order to carry out a task carried out in the public interest or in order to exercise a public authority vested in the controller;
- for reasons of public interest in the field of public health, in accordance with Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR.
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89, para. 1 of the GDPR, insofar as the law referred to in section a) may make it impossible or seriously undermine the achievement of the purposes of this processing, or
- to formulate, exercise or defend claims.
6.5 Right to information
If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom your personal data have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
The User has the right to be informed by the person in charge about who these recipients are.
6.6 Right to data portability
You have the right to receive personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without being prevented from doing so by the controller to whom you have provided it, when
- the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 letter a) GDPR or Art. 9 para. 2 letter a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 letter b) GDPR and
- the processing is carried out by automated means.
In exercising this right, the User shall also have the right to have personal data transmitted directly from one data controller to another insofar as this is technically possible. The freedoms and rights of other persons may not be adversely affected by this.
This right to data portability shall not apply to any processing of personal data that is necessary for the performance of a task carried out in the public interest or for the exercise of public authority vested in the controller.
6.7 Right to object
The User has the right to object at any time, for reasons arising from his or her particular situation, to personal data concerning him or her being processed pursuant to art. 6, para. 1, sentence 1, letters e) or f) of the GDPR; this shall also apply to profiling based on these provisions.
The controller shall cease processing your personal data unless it can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or the processing is intended for the purpose of making, exercising or defending claims.
If the processing of your personal data takes place for the purpose of carrying out actions of marketing The User shall have the right to object at any time to the processing of data for the purpose of such advertising; this shall also apply to profiling insofar as it is associated with such advertising. marketing direct.
If you object to the processing for the purpose of marketing If you provide us with direct access to your personal data, your personal data will no longer be processed for these purposes.
The User has the option of exercising his right to object by means of automated procedures using technical specifications in connection with the use of information society services, regardless of the provisions of Directive 2002/58/EC.
6.8 Right to revoke the declaration of consent regarding data protection
The User has the right to revoke his or her declaration of consent regarding data protection at any time. The revocation of consent shall not affect the lawfulness of the processing that took place on the basis of the consent given prior to its revocation.
Automated individual decisions, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on the User or similarly significantly affects the User. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between the User and the data controller;
- is authorized by the legislation of the European Union or of the Member States to which the controller is subject and where such legislation contains reasonable measures to safeguard his or her rights and freedoms and legitimate interests, or
- if it is based on your explicit consent.
However, these decisions shall not be based on the special categories of personal data specified in Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (b) of the GDPR applies and appropriate measures have been taken to safeguard your rights and freedoms and your legitimate interests.
With respect to the cases referred to in points 1 and 3, the data controller shall take appropriate measures to safeguard their rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on behalf of the controller, to express their point of view and to challenge the decision.
6.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, the User shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his residence, place of work or place of alleged infringement, if he considers that the processing of personal data concerning him is in breach of the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of lodging a judicial remedy in accordance with Art. 78 of the GDPR.
4. Where can the User exercise his/her rights?
The User may exercise his/her rights by sending a letter to , or by sending an e-mail to email@example.com.
Likewise, the interested party is informed that he/she may revoke consent to receive commercial communications by sending an e-mail to firstname.lastname@example.org.
5. Is it mandatory to provide all the information requested in the contact section?
Regarding the forms on the Website, the User must complete those marked as "required". Failure to complete the required personal data or doing so partially may mean that the Holder will not be able to meet their requests and, consequently, the Holder will be exonerated from any liability for the non-provision or incomplete provision of the requested services.
The personal data that the User provides to the Holder must be current so that the information in the records is up to date and error-free. The User is responsible for the accuracy of the data provided.
6. What security measures does the company have in place?
The Data Controller informs that its processing of personal data is carried out at all times in accordance with the applicable regulations on data protection and information society services.
The Holder has implemented the necessary technical and organizational security measures to ensure the security of the User's personal data and prevent its alteration, loss, treatment and/or unauthorized access in accordance with the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or the physical or natural environment, in accordance with the provisions of current regulations.