1. USER INFORMATION
In accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and Organic Law 3/2018 of December 5 on the Protection of Personal Data and guarantee of digital rights, you are informed of the identity of the Data Controller, the purpose of the processing, the legitimacy for the processing of your data, the categories of recipients of transfers of your data (if any), the origin of your processed data if this is different from its voluntary delivery and the rights that assist you as an interested party.
2. INFORMATION REGARDING THE DATA CONTROLLER
Name of the Controller: SUSANA RANEA ARROYO
Tax ID: 43516535Y
Full address: Illes Balears, 180 – 07014 Palma (Balearic Islands)
Contact email: sranea@hotmail.com.
3. INFORMATION REGARDING THE PURPOSE AND LEGITIMACY OF THE PROCESSING
The operations planned to carry out the treatment are:
For legitimate interests of the Controller:
· Economic and accounting management, tax management, administrative management, billing management, customer and supplier management, payment collection and related services management, history of commercial relationships.
By express, unequivocal, and informed consent of the interested party:
· Medical consultations of any specialty. Analyses and diagnostic tests of any kind regarding the health status of the interested party, including diagnostic imaging.
· Sending commercial advertising communications by email, fax, SMS, MMS, social communities, or any other electronic or physical means, present or future, that enables commercial communications. These communications will be made by the CONTROLLER and related to its products and services, or those of its collaborators or suppliers with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data.
· Conduct statistical studies.
· Process orders, requests, or any type of request made by the user through any of the contact forms made available.
· Send the website newsletter.
Data retention criteria:
The data will be retained for the duration of the business relationship between the parties. Once this business relationship has ended, the data will be blocked to prevent further access. It will only be unblocked if the Data Controller is required to do so by a legal authority (tax, commercial, labor, or judicial), and then only until the expiration date or statutory limitation period. It will then be appropriately destroyed with appropriate safeguards to prevent its recovery.
4. INFORMATION RELATED TO THE TRANSFER OR COMMUNICATION OF DATA
Personal data may be transferred to tax, accounting, and commercial consultancies, banks, savings banks, and financial institutions, tax authorities, and other competent public bodies to maintain the business relationship and/or execute transactions. Data will not be disclosed to other third parties except under legal obligation. Data is not transferred to third countries outside the European Economic Area or to international organizations.
5. INFORMATION REGARDING THE RIGHTS OF THE INTERESTED PARTY AND HOW TO EXERCISE THEM
Rights that assist the User and how to exercise them:
The data subject has the right to: access their data, have their data corrected, have their data deleted, have their data portability, have their data restricted, object to the processing of their data, withdraw their consent, lodge a complaint with the Supervisory Authority, and file a judicial appeal.
They may exercise these rights by means of a reasoned written request addressed to the Data Controller or their representative, specifying the right they wish to exercise, accompanied by a photocopy of their identification document. They may also request a standard form from the Data Controller for the right they wish to exercise.
The exercise of these rights will not incur any administrative costs for the data subject, except for postage costs if they choose to send it by post.
They may exercise their rights:
· In person at the Data Controller’s premises, identifying yourself with your ID or equivalent document.
· By email addressed to the address indicated in the Data Controller’s identification section and enclosing a photocopy of your ID or equivalent document.
· By postal mail (preferably certified) addressed to the address indicated in the Data Controller’s identification section, enclosing a photocopy of your ID or equivalent document.
Contact details to exercise your rights:
Camí de la Vileta s/n – 07011 Palma (Balearic Islands), sranea@hotmail.com
6. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER
Users, by checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, expressly, freely, and unequivocally accept that their data is necessary for the provider to fulfill their request, and the inclusion of data in the remaining fields is voluntary. The User guarantees that the personal data provided to the CONTROLLER is true and is responsible for communicating any changes thereto.
The CONTROLLER expressly informs and guarantees users that their personal data will not be transferred to third parties under any circumstances, and that whenever any type of transfer of personal data is made, the express, informed, and unequivocal consent of the Users will be requested beforehand. All data requested through the website is mandatory, as it is necessary to provide an optimal service to the User. If not all data is provided, there is no guarantee that the information and services provided will be fully tailored to the User’s needs.
7. SECURITY MEASURES
In accordance with the provisions of current regulations on personal data protection, the CONTROLLER is complying with all provisions of the GDPR regulations for the processing of personal data under its responsibility, and manifestly with the principles described in Article 5 of the GDPR, by which they are processed lawfully, fairly, and transparently in relation to the data subject, and are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. The CONTROLLER guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR to protect the rights and freedoms of Users and has provided them with the appropriate information so they can exercise them.
