Information on the processing of personal data

POLICLÍNICA NTRA. SRA. DEL ROSARIO, S.L.U. is Responsible for the processing of the personal data of the interested party and informs them that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679, of 27 April (GDPR), and Organic Law 3/2018, of 5 December (LOPDGDD), for which the following information on the processing is provided:

PATIENTS HEALTH CENTRE: management of healthcare for patients

Purposes of the processing: health management and control, medical history, other purposes: provision of health care including the management of health services and administration of the centre that involve it: maintenance of clinical records, appointments, issuance of supporting documents, attention to consultations, attention to incidents, opinion surveys, etc.

Legitimacy of the processing: for the execution of a contract or pre-contract with the data subject (article 6.1.b GDPR) as it is necessary for the purposes of preventive medicine, medical diagnosis, provision of health care or treatment as well as the management of healthcare systems and services (article 9.2.h GDPR)

• Exception for special categories of data: Unlawful processing without any of the exceptions of Article 9.2 GDPR

Data retention criteria: kept as long as there are legal requirements that dictate custody

Communication of data: With the explicit consent of the interested party, data will be transferred to other companies of the Group and not for internal administrative purposes and to other health professionals and other companies to ensure an adequate provision of the service. With the third parties to whom data may be provided, the Data Controller has, where necessary, signed the corresponding data processor contracts.

In order to facilitate the insurer’s payment for the care services provided to the patient, an international transfer of data may be necessary, which would also be carried out with the explicit consent of the patient and with all the guarantees provided for in current regulations.

Source of origin: the data subject or his/her legal representative, private entity

Categories of data:

• Identification data: DNI/NIF/NIE/PASSPORT, name and surname, postal or email address, image, number. SS or Mutual Society, Health Card, Physical Brands
• Special Categories: Health Other typified data:
• Personal characteristics (personality or behavior), personal characteristics

RADIOLOGICAL HISTORY: digitization of patient radiographs for diagnosis and treatment

Purposes of treatment: health management and control, medical history

Legitimacy of the processing: for the execution of a contract or pre-contract with the data subject (article 6.1.b GDPR) as it is necessary for the purposes of preventive medicine, medical diagnosis, provision of health care or treatment as well as the management of healthcare systems and services (article 9.2.h GDPR)

• Exception for special categories of data: Unlawful processing without any of the exceptions of Article 9.2 GDPR.

Data retention criteria: kept for no longer than necessary to maintain the purpose of the processing or as long as there are legal requirements that dictate their custody

Communication of data: With the explicit consent of the interested party, data will be transferred to other companies of the Group and not for internal administrative purposes and to other health professionals and other companies to ensure an adequate provision of the service. With the third parties to whom data may be provided, the Data Controller has, where necessary, signed the corresponding data processor contracts.

In order to facilitate the insurer’s payment for the care services provided to the patient, an international transfer of data may be necessary, which would also be carried out with the explicit consent of the patient and with all the guarantees provided for in current regulations.

Source of the data: the interested party or his/her legal representative, a private entity.

Categories of data:

• Identification data: Image
• Special Categories: Health
• Other typified data: Personal characteristics

MEDICAL CHECK-UPS: management of medical check-ups

Purposes of treatment: health management and control, medical history Legitimacy of processing: GDPR arts:

6.1.b)processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures at the request of the data subject.

9.2(h)treatment necessary for the purposes of preventive medicine, medical diagnosis, provision of health care or treatment as well as the management of healthcare systems and services.

• Exception for special categories of data: Unlawful processing without any of the exceptions of Article 9.2 GDPR

Data retention criteria: kept as long as there are legal requirements that dictate custody

Communication of data: With the explicit consent of the interested party, data will be transferred to other companies of the Group and not for internal administrative purposes and to other health professionals and other companies to ensure an adequate provision of the service. With the third parties to whom data may be provided, the Data Controller has, where necessary, signed the corresponding data processor contracts.

In order to facilitate the insurer’s payment for the care services provided to the patient, an international transfer of data may be necessary, which would also be carried out with the explicit consent of the patient and with all the guarantees provided for in current regulations.

DRIVING LICENCE PSYCHOTECHNICAL TESTS: management of the personal data of the interested party in order to process and manage their registration and completion of the psychotechnical tests necessary to obtain the driving license and their subsequent evaluation.

Purposes of processing: health management and control

Legitimacy of the processing: for the execution of a contract or pre-contract with the data subject (article 6.1.b GDPR) for the purposes of medical diagnosis, in this case evaluation of the applicant’s capacity (9.2.h GDPR).

• Exception for special categories of data: Unlawful processing without any of the exceptions of Article 9.2 GDPR

Data retention criteria: kept for no longer than necessary to maintain the purpose of the processing or as long as there are legal requirements that dictate their custody

Communication of data: With the explicit consent of the interested party, data will be transferred to other companies of the Group and not for internal administrative purposes and to other health professionals and other companies to ensure an adequate provision of the service. With the third parties to whom data may be provided, the Data Controller has, where necessary, signed the corresponding data processor contracts.

In order to facilitate the insurer’s payment for the care services provided to the patient, an international transfer of data may be necessary, which would also be carried out with the explicit consent of the patient and with all the guarantees provided for in current regulations.

MEDICAL HISTORY: health data management and administration

Purposes of treatment: epidemiological investigation and similar activities, health management and control, clinical history

Legitimacy of the processing: for the execution of a contract or pre-contract with the data subject (article 6.1.b GDPR)

• Exception for special categories of data: Unlawful processing without any of the exceptions of Article 9.2 GDPR

Data retention criteria: kept for no longer than necessary to achieve the purposes, kept for no longer than necessary to maintain the purpose of the processing or as long as there are legal requirements that dictate their custody

Communication of data: With the explicit consent of the interested party, data will be transferred to other companies of the Group and not for internal administrative purposes and to other health professionals and other companies to ensure an adequate provision of the service. With the third parties to whom data may be provided, the Data Controller has, where necessary, signed the corresponding data processor contracts.

In order to facilitate the insurer’s payment for the care services provided to the patient, an international transfer of data may be necessary, which would also be carried out with the explicit consent of the patient and with all the guarantees provided for in current regulations.

PSYCHOLOGICAL HISTORY: management and administration of psychological data

Purposes of treatment: epidemiological investigation and similar activities, health management and control, clinical history

Legitimacy of the processing: for the execution of a contract or pre-contract with the data subject (article 6.1.b GDPR)

• Exception for special categories of data: Unlawful processing without any of the exceptions of Article 9.2 GDPR

Data retention criteria: kept for no longer than necessary to achieve the purposes, kept for no longer than necessary to maintain the purpose of the processing or as long as there are legal requirements that dictate their custody

Communication of data: With the explicit consent of the interested party, data will be transferred to other companies of the Group and not for internal administrative purposes and to other health professionals and other companies to ensure an adequate provision of the service. With the third parties to whom data may be provided, the Data Controller has, where necessary, signed the corresponding data processor contracts.

In order to facilitate the insurer’s payment for the care services provided to the patient, an international transfer of data may be necessary, which would also be carried out with the explicit consent of the patient and with all the guarantees provided for in current regulations.

CONTACTS (HEALTH): communication, information and management about products and services. Includes web and social media contacts with sensitive information (health data)

Purposes of processing: advertising and commercial prospecting

Legitimacy of the processing: explicit consent for specific purposes (Article 6.1.a GDPR)

• Exception for special categories of data: Unlawful processing without any of the exceptions of Article 9.2 GDPR

Data retention criteria: kept for no longer than necessary to maintain the purpose of the processing or as long as there are legal requirements that dictate their custody

Communication of data: With the explicit consent of the interested party, data will be transferred to other companies of the Group and not for internal administrative purposes and to other health professionals and other companies to ensure an adequate provision of the service. With the third parties to whom data may be provided, the Data Controller has, where necessary, signed the corresponding data processor contracts.

In order to facilitate the insurer’s payment for the care services provided to the patient, an international transfer of data may be necessary, which would also be carried out with the explicit consent of the patient and with all the guarantees provided for in current regulations.

RIGHTS AND CONTACT DETAILS

Rights of the data subject:

The right to withdraw consent at any time, where the processing is based on the consent of the data subject.

Right of access, rectification, portability and deletion of your data and of limitation or opposition to its processing.

The right to lodge a complaint with the Supervisory Authority (www.aepd.es) if you consider that the processing does not comply with the regulations in force.

Contact details to exercise your rights: POLICLÍNICA NTRA. SRA. DEL ROSARIO, S.L.U. VÍA ROMANA, s/n – 07800 Eivissa (Balearic Islands). E-mail: dpo@tecnolawyer.com

• Contact details of the Data Protection Officer: dpo@tecnolawyer.com