In compliance with the provisions of the Regulation (EU) 2016/679, of April 27th on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with the provisions of its adaptation to the Spanish law by the Organic Law 3/2018, of December 5th, of Data Protection and Guarantee of Digital Rights (by its Spanish acronym, LOPD), we hereby wish to inform you about the processing of the personal data in the context of your visit to and use of this website (hereinafter, the “Website”) and in the course of our business.
Unless expressly stated otherwise in a specific section of the Website or in a specific information clause provided to the interested parties, the provisions of this Privacy Policy shall apply.
We are allowed to use your personal data if we have your consent or another lawful basis applies. Therefore, we inform you that in some cases we are legally required to obtain your prior consent to be able to process your data for a purpose (please review section “Purposes” below) and in other cases we may not need to obtain your consent.
You guarantee and are responsible for the accuracy, validity and authenticity of the provided personal data.
1. DATA CONTROLLER
Your personal data will be collected and processed by Fundació Privada Institut de Recerca sobre Immunopatologies-Caixa IrsiCaixa (hereinafter, the “Data Controller” or “IrsiCaixa”), holder of ID number G-60813227.
2. CONTACT INFORMATION
If you wish to make any enquiry or request concerning the processing of your data, please contact our data protection officer (“DPO”) by sending an email or post to any of the following addresses:
dpo@irsicaixa.com | |
Postal address | Hospital Germans Trias i Pujol Ctra. del Canyet s/n 08916 Badalona (Barcelona) Spain |
Please identify your message with the reference “Data Protection” by any sending method.
3. PROCESSING ACTIVITIES
Contact | We process your name and email to answer your communications sent through the contact section. your name and email through the “Contact” section. We also may process additional data you may freely provide through this section. |
Cookies | We also collect data about the use of our web using cookies to better understand the impact of our project, please check the Cookies Policy for more information about the processing of data obtained from the installation of cookies. |
4. LEGAL BASIS
We rely at least on one of the following legal basis to lawfully process your data:
Contact | Legitimate interest | Processing is necessary for the purposes of the legitimate interests pursued by the controller to answer any communication received in relation with our project. |
Cookies | Legitimate interest | We use technical cookies to gather technical data we need to facilitate your use our website on the basis of our legitimate interest as editor of the website. |
Consent | We use cookies also to better understand the impact of our project by collecting information about the use of the website. This personal data is collected on the basis of you consent. |
5. PURPOSES OF THE PROCESSING
This website only collects data for the following intended purposes:
Contact | Responding to the messages received through the contact section. |
Cookies | We use technical cookies to gather technical data we need to facilitate your use our website and also to better understand the impact of our project by collecting information about the use of the website. For more information on the data we process through de cookies, please visit our Cookie Policy available on the footer of the Website. |
6. DATA RETENTION PERIOD
Contact |
The data collected will be processed during the period required to attend your communication, unless you are interested in remaining in contact for a longer period. |
Cookies | Please, visit our Cookie Policy available on the footer of the Website. |
Please note that we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising or defending our legal rights or meeting our legal and regulatory obligations, in which cases the access to the personal data shall be restricted for the legally required period and deleted upon its expiration.
7. DATA PROTECTON RIGHTS
The applicable laws provide the following rights for data subjects:
Right to access | You have the right to access your data we process. |
Right of rectification | You have the right to request us to correct any information you believe to be inaccurate and to complete information you believe to be incomplete. |
Right to erasure | You have the right to request us to restrict the processing of your personal data, under certain conditions. |
Right to object to processing | You have the right to object to the processing of your personal data, under certain conditions. |
Right to restrict data processing | You have the right to request us to restrict the processing of your personal data, under certain conditions. |
Right to data portability | You have the right to request us to transfer the collected data to another organization or directly to you, under certain conditions. |
You may exercise any of your rights, withdraw your consent or update your data by writing an email or a letter to the corresponding addresses in section “Contact Information” above, attaching a copy of your ID and indicating the right you wish to exercise. You are not required to pay any charge for exercising your rights.
In the event that you are not satisfied with the attention received after exercising any of the aforementioned rights and wish to file a claim, you may contact the independent body set up to uphold information rights in Spain, called Spanish Data Protection Agency, through their website www.aepd.es.
8. CONFIDENDIALTY AND SECURE DATA PROCESSING
The collected data will be treated with the utmost reserve and confidentiality. We have established all the technical and organizational means at our disposal to avoid the loss, misuse, alteration, unauthorized access or copy of the collected data.
9. DATA COMMUNICATION
We do not share your personal data with any third party, unless required by an administrative or judicial authority or unless you have previously authorized us to do so. However, we may provide access to your data to our IT service providers, which are bound by confidentiality agreements and are entitled to access your data only for authorized purposes to provide us the corresponding services.
You can obtain an updated list of our data processors by writing an email or letter to the addresses set forth in section “Contact information” above.
10. INTERNATIONAL DATA TRANSFER
We do not transfer your personal data to any country outside the European Economic Area (“EEA”). However, should any of our IT service providers process your personal data outside the EEA, we shall implement all measures and controls within our reach to protect your personal data. The main measures we adopt for securing international data transfers may include the following:
- Require our processors to sign the standard contractual clauses (“SCC”), which are clauses authorized by the European Commission that offer sufficient safeguards on data protection for the data to be transferred internationally.
- Request for third-party certification and/or approved and recognized codes of conduct.