Privacy Policy

3

Introduction

In accordance with Regulation (EU) 2016/679 of the Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of their personal data and the free movement of such data, Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights and its implementing regulations and, where applicable, Law 41/2002, of November 14, 2002, Basic Regulatory Law on Patient Autonomy and Rights and Obligations regarding Clinical Information and Documentation as intermediaries of medical services, patients, users and the general public are informed of the following aspects:

This document constitutes the Privacy Policy of TIARA HEALTH SPAIN, S.L. (hereinafter, “THS”) and provides all information on the processing of personal data of users of this website (hereinafter, the “Website”), as well as, where appropriate, patients and/or their representatives in the private area to which you have access through the Website.
To consult the information regarding the Legal Notice and General Conditions of Use and/or the Cookies Policy, please access through the link located at the bottom of this Web Site.

Para consultar la información respecto del Aviso Legal y Condiciones Generales de Uso y/o sobre la Política de Cookies acceda a través del enlace situado en el pie de este Sitio Web.

Responsible for the treatment

The Responsible for the treatment of your data is THS, with registered office at carretera nacional 340, KM 176, Oasis Business Center, C.P. 29602, Marbella (Málaga) and with NIF number B-44.997.419, with e-mail info@tiarahealth.com, being the owner and responsible for the Web.

Purpose of processing, legitimizing basis and category of data

  • Regarding users who request that THS contact them through the form on the Website or, where applicable, request through the channel enabled on the Website that THS provide them with an appointment, the purpose will be to respond to the request. contact and manage it, as well as, where appropriate, provide the requested appointment or remind them, the legitimizing basis will be the user’s consent at the time they send the form enabled on the Website and the category of data will be: identification data; contact information (telephone, email address, location…); any other information that you provide through the free text fields in the enabled forms.
  • Regarding users who authorize the sending of a Newsletter or commercial communications, the purpose will be to keep the user informed, the legitimizing basis will be the user’s consent at the time they provide their email in the form enabled on the Website and the category of the data will be: contact details (email address).
  • Regarding the use of Cookies on the Website, the purpose will be to analyze the user’s behavior on the Website (see the Cookies Policy), the legitimizing basis will be the consent that the User gives through the banner that appears when accessing the Site. Web and the category of data will be: data related to your browsing (IP, advertising ID, your behavior on the Web…)
  • Regarding the private area of the patient or his representative in which both contact and identification data of the patient or his representative, as well as data related to health, included in his medical history, the purpose will be to provide the necessary healthcare. as well as properly manage the health service (including, where appropriate, but not limited to, attending to any communication with the health professional reported by the user, managing any incident or claim filed by the user, or, where applicable, by the patient, conduct opinion surveys, enable access to the Private Area in which certain tests or analyzes will be accessed, the sending of information), the legitimizing basis is that the treatment is necessary for the purposes of preventive medicine, medical diagnosis, provision for healthcare assistance or treatment, as well as the management of healthcare systems and services, as well as for the execution of a contract to which the interested party is a party; and/or legitimate interests of the person responsible for the treatment and the category of data will be: health data, Clinical History, certain medical tests.
  • Regarding the attention to requests for information, complaints, suggestions, claims and exercise of data protection rights, the purpose will be to manage and process the request, by any means, including telephone and/or electronic communications, the legitimizing basis will be consent. of the interested party at the time of sending the request and the category of the data will be: identifying data; contact information (telephone, email address, location…); any other information that you provide through the free text fields in the enabled forms.
  • With respect to compliance with legal obligations, the purpose will be to comply with the corresponding legal requirements (in terms of data protection, tax, health, etc.), the legitimate basis will be compliance with a legal obligation applicable to the data controller and the category of data will be: those data that THS has and is required as long as the legislation allows it.

Conservation period

In general, your data will only be kept for the time strictly necessary for the purpose for which they were collected.

Personal data provided by users through the communication channels to send requests for information, suggestions, etc., as well as to be contacted or kept informed through the Newsletter or commercial communications from THS, will be treated for the time necessary to manage such request or communication or until the user indicates that he/she does not wish to receive information and communications from THS by unsubscribing from the newsletter and/or exercising his/her rights of opposition and/or deletion.

Personal data provided in the request to make an appointment will be processed for the time strictly necessary to make the appointment or until the user indicates a loss of interest in finally making the appointment. However, once the appointment has been made, the data will be processed for the provision of the health care requested, in accordance with the information provided to the client prior to the provision of such care.

The personal data provided, as well as those derived from the health care provided will be kept for the time appropriate to each case (according to medical and legal criteria), and at least fifteen years from the date of discharge from each care process, unless the autonomous and/or specific regulations establish a minimum retention period longer than indicated, in which case the provisions of the applicable regulations shall be observed.

Once the aforementioned minimum period has elapsed, and the healthcare and contractual relationship has ended, the data controller shall keep the data duly blocked for the term of the periods corresponding to the legal prescription.

Personal data provided for the purpose of managing any request for information, complaint, suggestion, claim and exercise of data protection rights will be kept for the time necessary to process the request, and in any case for the time legally established, as well as for the period necessary for the formulation, exercise or defense of claims.

The data processed for the fulfillment of legal obligations will be kept for the time established in the applicable legislation.

Addressees

To ensure the proper provision of the service, it is necessary that certain service providers and / or, where appropriate, the administrative management of THS process data on behalf of the controller and as processors of personal data. These entities may be, for example, providers of medical services, diagnostic services, clinical analysis, auditing, physical security, archiving, storage or digitization of information, destruction of documentation, legal services, IT services, etc.

Your personal data will not be disclosed to third parties except in case of legal obligation, vital interest, legitimate interest, the cases referred to in the previous paragraph or with the prior consent of the interested party, as well as in the cases and to the recipients detailed below:

  • When necessary, on the basis of legitimate interest in the internal administrative management of THS.
  • Competent administrative and judicial authorities, when it is necessary to communicate personal data in order to comply with a legal obligation or to formulate, exercise or defend against claims, based on THS’s legitimate interest in exercising its fundamental right to effective judicial protection.
  • Since the patient may have an insurance contract under which a third party (e.g. insurance companies, mutual insurance companies, public administrations, even those of a third party in the case of civil liability insurance) is obliged to pay for the health care services provided by the health care facility, we may communicate the patient’s data to these entities in order to manage, validate, verify and control the payment of the health care services provided on the legitimization of the management of the systems and systems used to manage the systems and systems used for the management of the health care services, provided that the patient so informs us, we may communicate his or her data to these entities for the purpose of managing, validating, verifying and controlling the payment of the health care services provided on the legitimacy of the management of health care systems and services and of Law 50/1980 on Insurance Contracts.

In the event that the patient has taken out an insurance policy with an entity located outside the European Economic Area (hereinafter “E.E.E.”) whose legislation does not offer a level of data protection equivalent to that of the European Union, it may be necessary to carry out an international transfer of data, subject to the patient’s explicit consent after having been informed of the possible risks. We inform you that these transfers only take place for the purpose of collaborating with the patient and facilitating the payment of the assistance services rendered; in short, these transfers only take place in order to manage and verify as quickly as possible with the insurance company the payment of the services in cases in which the patient has contracted an insurance policy with an entity located outside the E.E.E.

If you object to the communication of your data, these entities may refuse to pay for the health care services received, and you will be responsible for the payment thereof, since these entities are unable to verify, check, validate or control the correct billing by the health care center for each of your health care processes.

  • Notwithstanding the foregoing, personal data provided to us by users may be accessed by THS service providers in the areas of technology and information systems, administrative management, marketing and legal advice and consulting. These providers will only access such personal data under the instructions and supervision of THS, and for the sole purpose of performing the service THS has contracted them to provide.

All information provided to us will be treated confidentially and in strict compliance with the security obligations necessary to prevent access by unauthorized third parties.

Data origin

Normally, we obtain the data directly from the data subject who provides it to us through the relevant form.

However, when the user, or if applicable the patient or his/her representative, makes use of the forms and buttons established by THS on the Website, we may obtain basic information about your profile.

Protection of rights

You can exercise your rights of access, rectification, deletion, portability, opposition and limitation of our processing of your personal data, as well as withdraw at any time the consents you have given.

To exercise your rights, you can contact us by mail to the address carretera nacional 340, KM 176, Oasis Business Center, C.P. 29602, Marbella (Málaga), or by email to the address info@tiarahealth.com, proving your identity.

Also, in case you understand that your rights have been disregarded by our entity, you can file a complaint with the Spanish Data Protection Agency, through any of the following means:

  • E-mail address: https://www.aepd.es/es/
  • Address: Agencia Española de Protección de Datos, Calle Jorge Juan, number 6, C.P. 28001, Madrid
  • Telephone: 900 293 183

Updates

THS reserves the right to modify this policy to adapt it to new legislation or jurisprudence that may affect its compliance with this policy.