In compliance with the provisions of the Regulation (EU) 2016/679, of April 27th on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with the provisions of its adaptation to the Spanish law by the Organic Law 3/2018, of December 5th, of Data Protection and Guarantee of Digital Rights (by its Spanish acronym, LOPD), we hereby wish to inform you about the processing of the personal data in the context of your visit to and use of this website (hereinafter, the “Website”) and in the course of our business.
We are allowed to use your personal data if we have your consent or another lawful basis applies. Therefore, we inform you that in some cases we are legally required to obtain your prior consent to be able to process your data for a purpose (please review section “Purposes” below) and in other cases we may not need to obtain your consent.
You guarantee and are responsible for the accuracy, validity and authenticity of the provided personal data.
Your personal data will be collected and processed by Fundació Privada Institut de Recerca de la Sida-Caixa (hereinafter, the “Data Controller” or “IrsiCaixa”), holder of ID number G-60813227.
If you wish to make any enquiry or request concerning the processing of your data, please contact our data protection officer (“DPO”) by sending an email or post to any of the following addresses:
|Postal address||Hospital Germans Trias i Pujol
Ctra. del Canyet s/n
08916 Badalona (Barcelona)
Please identify your message with the reference “Data Protection” by any sending method.
We rely at least on one of the following legal basis to lawfully process your data:
|Consent||The interested person gives consent to the processing of his or her personal data for one or more specific purposes.
The interested person may revoke its consent at any time.
|Performance of a contract||The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.|
|Legal obligation||Processing is necessary for compliance with a legal obligation to which the controller is subject.|
|Legitimate interest||Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.|
|Public interest or exercise of official authority||Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.|
|Vital interests||Processing is necessary in order to protect the vital interests of the data subject or of another natural person.|
COLLECTED PERSONAL DATA
The personal data we collect is the data you provided through any address or means of contact made available on the Website. If you provide information to us about another person, you shall ensure that you comply with any legal obligations that may apply to your provision of the information to us and to allow us, where necessary, to share that information with our service providers.
PURPOSES OF THE PROCESSING
This website only collects data for the following intended purposes:
|Contact||In case you contact us through the contact email announced on the website, we will use your data solely to answer your questions and requests, on the basis of our legitimate interest.|
You shall be informed in advance in case we wish to use your personal data for any different purpose.
DATA RETENTION PERIOD
We keep your personal data in accordance with the periods established by law and/or regulation and for no longer than is necessary to fulfil the purposes for which the personal data are processed. In case we no longer need your personal data to fulfil the informed purposes, please note that we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising or defending our legal rights or meeting our legal and regulatory obligations, in which cases the access to the personal data shall be restricted for the legally required period and deleted upon its expiration.
DATA PROTECTON RIGHTS
The applicable laws provide the following rights for data subjects:
|Right to access||You have the right to access your data we process.|
|Right of rectification||You have the right to request us to correct any information you believe to be inaccurate and to complete information you believe to be incomplete.|
|Right to erasure||You have the right to request us to restrict the processing of your personal data, under certain conditions.|
|Right to object to processing||You have the right to object to the processing of your personal data, under certain conditions.|
|Right to restrict data processing||You have the right to request us to restrict the processing of your personal data, under certain conditions.|
|Right to data portability||You have the right to request us to transfer the collected data to another organization or directly to you, under certain conditions.|
You may exercise any of your rights, withdraw your consent or update your data by writing an email or a letter to the corresponding addresses in section “Contact Information” above, attaching a copy of your ID and indicating the right you wish to exercise. You are not required to pay any charge for exercising your rights.
In the event that you are not satisfied with the attention received after exercising any of the aforementioned rights and wish to file a claim, you may contact the independent body set up to uphold information rights in Spain, called Spanish Data Protection Agency, through their website www.aepd.es.
CONFIDENDIALTY AND SECURE DATA PROCESSING
The collected data will be treated with the utmost reserve and confidentiality. We have established all the technical and organizational means at our disposal to avoid the loss, misuse, alteration, unauthorized access or copy of the collected data.
We do not share your personal data with any third party, unless required by an administrative or judicial authority or unless you have previously authorized us to do so. However, we may provide access to your data to our IT service providers, which are bound by confidentiality agreements and are entitled to access your data only for authorized purposes to provide us the corresponding services.
You can obtain an updated list of our data processors by writing an email or letter to the addresses set forth in section “Contact information” above.
INTERNATIONAL DATA TRANSFER
We do not transfer your personal data to any country outside the European Economic Area (“EEA”). However, should any of our IT service providers process your personal data outside the EEA, we shall implement all measures and controls within our reach to protect your personal data. The main measures we adopt for securing international data transfers may include the following:
Require our processors to sign the standard contractual clauses (“SCC”), which are clauses authorized by the European Commission that offer sufficient safeguards on data protection for the data to be transferred internationally.
Request for third-party certification and/or approved and recognized codes of conduct.