Data Protection Policy
INFORMATION ON PERSONAL DATA PROTECTION FOR THE EYE SCREENING TREATMENT
Who is the data controller?
EDRYX HEALTHCARE, S.L., with registered address at Calle dels Arbres nº1, 4ª planta, 08912 Badalona (Barcelona), and Spanish Tax Code (CIF) B67357632, will be responsible for processing the personal data collected. If you have any questions about the processing of your personal data, you may contact the data controller by sending an e-mail to firstname.lastname@example.org or writing to the postal address indicated above.
For what purpose are your personal data processed? For how long?
The personal data subject to processing will be processed for the following purposes:
- To facilitate communication with those users of the Eye Screening platform who have requested the option to contact healthcare professionals, whether via the telemedicine system or in order to arrange face-to-face visits to medical centres. That being the case, users of the platform will be able to know: the name of the professional, speciality, language, medical centre where they work, available clinic hours. In turn, the healthcare professionals will only have access to the information of those users who have so expressly requested and consented.
- To send communications of an informative nature from the data controller regarding the operation or activity of the Eye Screening platform.
- To respond to any query resulting from participation in the Eye Screening project.
EDRYX HEALTHCARE, S.L. will keep your personal data for as long as necessary to preserve the legal value thereof and for the indicated period in which any liability may arise with regard to the processing of personal data; i.e. for the term of the legal limitation period.
What personal data do we collect and process?
Below is a list of the personal data categories subject to processing and the type thereof:
Data on healthcare professionals
- Identification data: Register code, name, surname, e-mail address.
- Personal characteristics: language.
- Employment data: Main place of work, ophthalmological sub-speciality, province, municipality, post code, telephone number.
- Other: available clinic hours.
What are the legal grounds for processing your data?
The legal grounds for processing the personal data of the data subject for the above purpose are:
- Pursuant to Article 6.1. b) of the GDPR, the processing of personal data for registration on the Eye Screening platform, including the sharing of contact details for healthcare professionals with the users, is necessary for the performance of a contract to which the data subject is party following acceptance of the Terms and Conditions of Use of the Eye Screening project.
- The communications of an informative nature regarding the operation or activity of the Eye Screening platform will be undertaken in the legitimate interest of the data controller in accordance with Article 6.1. f) of the GDPR.
- The consent of the data subject under Article 6.1. a) of the GDPR for responding to queries submitted by the data subject.
What security measures have been put in place to protect your personal data?
Your personal data will be treated in absolute confidence. Furthermore, suitable technical and organisational measures have been put in place to guarantee the security thereof and prevent the destruction, loss, unlawful access or unlawful alteration thereof. Such criteria as the scope, treatment context and purposes, state of the art and existing risks were considered when defining these measures.
Are your data shared with third parties?
In accordance with the list defined in previous sections, your professional contact details will be made available to users of the Eye Screening platform so that they may contact healthcare professionals, whether via the telemedicine system or in order to arrange face-to-face visits to medical centres.
What are your rights?
Below is a list of rights to which the data subjects are entitled:
- Right to access: To consult which personal data we hold about you.
- Right to rectification: To change the personal data we hold about you when the same are inaccurate or incomplete.
- Right to oppose processing: To request that we do not process your personal data for any specific purpose.
- Right to erasure: To request that we delete your personal data.
- Right to restrict processing: To request that we restrict the processing of your personal data.
- Right to data portability: To request that we provide the information we hold about you in an electronic format.
Furthermore, you may lodge a complaint with the competent authority to defend your rights via the website at www.aepd.es
To exercise these rights, you simply need to contact EDRYX HEALTHCARE, S.L. either by sending an e-mail to email@example.com or a letter to Calle dels Arbres nº1, 4ª planta, 08912 Badalona (Barcelona), using “Data Protection” as reference.
The request should include copy of your DNI/NIE or other equivalent identity document, as well as the minimum content provided for in the applicable regulations. If your request does not meet the specified requirements, EDRYX HEALTHCARE, S.L. may require you to remedy this situation. The exercise of your rights is free, although you may be charged a fee if your request is unfounded, excessive or repetitive.