Privacy Policy

DOCTORS BARCELONA, owned by MEDVISIT, S.L. (hereinafter, “DOCTORS BARCELONA”) has established this Privacy Policy in order to inform users (hereinafter User singular and Users plural) of treatment and protection that apply to their personal data when they visit and use our website www.doctorsbarelona.com (hereinafter the “Web/Platform”), and demonstrate our ongoing commitment to privacy protection.

Introduction

 

This Privacy Policy has been developed taking into account what is established in the Organic Law of Personal Data Protection in effect, as well as Regulation 2016/679 of the European Parliament and the Council of April 27, 2016 regarding the protection of natural persons related to the processing of personal data and the circulation of these data, hereinafter called the GDPR.

 

This Privacy Policy is intended to inform the owners of personal data, in respect of which information is being collected, the specific aspects related to the processing of their data, among other things, the purposes of the treatments, contact details to exercise the rights that correspond, the periods of conservation of information and security measures among other things.

 

Liable of the treatment

 

In terms of data protection MedVisit, S.L.U., should be considered Liable of the Treatment, in relation to the files / treatments identified in this policy, specifically in the section Data processing.

 

The identification details of the owner of this website are indicated below: 

 

Liable of the treatment:

MedVisit, S.L.U.

C/ Esteve Terrades, 37,  Bajos – 1ª

08023 Barcelona 

Email: privacy@medivisit.io

 

Data Protection Officer

DPD contact information: dataprivacy@ingbar.eu

 

Data treatments

 

The personal data requested, where appropriate, will consist only of those strictly essential to identify and respond to the request made by the owner, hereinafter called the interested party. Such information will be treated in a fair, lawful and transparent manner in relation to the interested party. On the other hand, personal data will be collected for certain explicit and legitimate purposes, not being further processed in a manner incompatible with those purposes.

 

The data collected from each interested party will be adequate, relevant and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.

The owner of the data will be informed, prior to the collection of his data, of the general points regulated on this policy so that he can give the express, precise and unequivocal consent for the processing of his data, in accordance with the following aspects.

Purposes of the treatment.

The explicit purposes for which each of the treatments are carried out are included in the informative clauses incorporated in each of the data collection channels (web forms, paper forms, locutions or posters and informative notes).

 

However, the personal data of the interested party will be treated with the sole purpose of providing an effective response and addressing the requests made by the user, specified together with the option, service, form or data collection system that the owner uses.

 

Legitimation

As a general rule, prior to the processing of personal data, MedVisit, S.L.U. obtains express and unequivocal consent from the holder thereof, by incorporating informed consent clauses in the different information collection systems.

 

However, in case the consent of the interested party is not required, the legitimizing basis of the treatment on which MedVisit, S.L.U. is the existence of a specific law or rule that authorizes or requires the processing of the data of the interested party.

 

Recipients

As a general rule, MedVisit, S.L.U. does not proceed to the transfer or communication of data to third parties, except those legally required, however, if necessary, such transfers or communications of data are informed to the interested party through the informed consent clauses contained in the different ways of collecting personal data.

 

Provenance

As a general rule, personal data is always collected directly from the interested party, however, in certain exceptions, the data may be collected through third parties, entities or services other than the interested party. In this sense, this extreme will be transferred to the interested party through the informed consent clauses contained in the different ways of collecting information and within a reasonable period of time, once the data is obtained, and at the latest within a month.

 

Conservation Terms

The information collected from the interested party will be kept as long as it is necessary to fulfill the purpose for which the personal data was collected, so that, once the purpose has been fulfilled, the data will be canceled. Said cancellation will result in the blocking of the data being kept only available to the AAPP, Judges and Courts, to meet the possible responsibilities born of the treatment, during the period of prescription of these, once the aforementioned deadline has elapsed, the information will be destroyed .

For information purposes, the following are the legal deadlines for the conservation of information in relation to different matters:

 

Document DEADLINE LEGAL REFERENCE
Documentation of a labor nature or related to social security 4 years Article 21 of Royal Legislative Decree 5/2000, of August 4, which approves the consolidated text of the Law on Infractions and Sanctions in the Social Order
Accounting and tax documentation for commercial purposes 6  years Art. 30 Commercial Code
Accounting and tax documentation for tax purposes 4 years Articles 66 to 70 General Tax Law
Building access control 1 month Guide on the use of camcorders for security and other purposes of the AEPD
Video surveillance 1 month Guide on the use of camcorders for security and other purposes of the AEPD
Organic Law 4/1997, of August 4, which regulates the use of camcorders by security forces and bodies in public places

Organic Law 4/2015, of March 30, on the protection of public safety

Medical Record 5 years Law 41/2002, of November 14, basic regulator of the autonomy of the patient and of rights and obligations regarding information and clinical documentation

 

 

Navigation Data

In relation to the navigation data that can be processed through the website, in case data is collected subject to the regulations, it is recommended to consult the Cookies Policy published on our website.

 

Rights of the interested parties.

The data protection regulations grant a series of rights to the interested parties or owners of the data, users of the website or users of the profiles of the social networks of MedVisit, S.L.U ..

 

These rights that assist interested persons are the followings:

 

  • Right of access: right to obtain information on whether your own data is being processed, the purpose of the treatment being carried out, the categories of data in question, the recipients or categories of recipients, the term of conservation and origin of such data.

 

  • Right of rectification: right to obtain the rectification of inaccurate or incomplete personal data.

 

  • Right of deletion: right to obtain the deletion of the data in the following cases:
  • When the data is no longer necessary for the purpose for which they were collected
  • When the holder of the same withdraws the consent
  • When the interested party opposes the treatment
  • When they must be abolished in compliance with a legal obligation
  • When the data has been obtained by virtue of an information society service based on the provisions of art. 8 sec. 1 of the European Regulation on Data Protection.

 

  • Right to object: right to object to a specific treatment based on the consent of the interested party.

 

  • Right of limitation: right to obtain the limitation of data processing when any of the following assumptions are made:
  • When the interested party challenges the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
  • When the treatment is illegal and the interested party opposes the deletion of the data.
  • When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defense of claims.
  • When the interested party has opposed the treatment while verifying if the legitimate motives of the company prevail over those of the interested party.
  • Right to portability: the right to obtain the data in a structured, commonly used and mechanical reading format, and to transmit it to another data controller when:
  • The treatment is based on consent
  • The treatment is carried out by automated means
  • Right to submit a complaint to the competent control authority. 

Those interested may exercise the indicated rights, by contacting MedVisit, S.L.U., by letter, sent to the following address: help@medvisit.io indicating in the Subject line the right that you wish to exercise.

In this sense MedVisit, S.L.U. will respond to your request as soon as possible and taking into account the deadlines established in the data protection regulations.

Security

The security measures adopted by MedVisit, S.L.U. are those required, in accordance with the provisions of article 32 of the GDPR. In this sense, MedVisit, SLU, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks of variable probability and severity for rights and freedoms of natural persons, has established the appropriate technical and organizational measures to ensure the level of security according to the existing risk.

In any case, MedVisit, S.L.U. has enough mechanisms in place to:

  1. Ensure the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
  2. Restore availability and access to personal data quickly, in case of physical or technical incident.
  3. Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the safety of the treatment.
  4. Pseudonymize and encrypt personal data, if applicable.