In accordance with current regulations on personal data protection, we provide you with the following information:
Information for the data subject and/or user
Clinica Monarka SL makes this privacy policy available to you to inform you, in detail, about how the personal data that you, as the data subject and/or user, provide or have provided, is or will be processed through any means (website, email, telephone, in person, online or paper forms, etc.).
Clinica Monarka SL has adopted all necessary technical and organizational measures to guarantee the confidentiality, integrity, availability, and resilience of the personal data it stores.
Responsibility of the data subject and/or user
By providing your data, you, as the data subject, are or will be treated. and/or user (hereinafter the Interested Party), guarantees that he/she is over 18 years of age and that the data provided to Clinica Monarka SL are true, exact, complete and up-to-date. For these purposes, the Data Subject confirms that they are responsible for the veracity of the data provided and that they will keep said information appropriately updated so that it reflects their actual situation. They are not responsible for any false or inaccurate data they may provide, as well as for any direct or indirect damages that may arise from it.
Data Controller
Identity: Clinica Monarka SL
CIF B75252858
Postal address: Paseo de Gracia, 130 (08008). Barcelona
Email: info@monarkaclinic.comTelephone: 930 490 300
Purposes, retention periods and legitimacy of processing
Clinica Monarka SL, as the Data Controller of the personal data of the Interested Party, as well as any that may be provided in the future, informs you that these data will be processed in accordance with the provisions of current regulations on the protection of personal data, and therefore the following information is provided. about each of the treatments performed by Clinica Monarka SL:
| CONTACT / QUERIES |
| Purpose of processing: To respond to and follow up on inquiries, requests for information, suggestions, and complaints, as well as to maintain contact with those who have expressed interest in the company, its products, or services. |
| Data retention criteria: Data will be retained for the time necessary to process and respond to the inquiry. |
| Legitimacy for data processing: GDPR: 6.1.f) the legal basis for data processing is based on the legitimate interest of the Data Controller to process and respond to communications or requests received. |
| PROFORMA INVOICES / BUDGETS |
| Purpose of processing: the preparation and delivery of pro forma invoices and/or budgets requested by the Interested Parties, as well as the ability to follow up on them by phone, online, or in person. |
| Data retention criteria: Data will be retained as long as there is a mutual interest in doing so, or the interested party requests its deletion. |
| Legitimation for data processing: GDPR: 6.1.f) the legal basis for data processing is based on the Legitimate Interest of the Data Controller to handle and respond to communications or requests. received. |
| CLIENTS |
| Purpose of processing: customer management, maintaining contractual and/or commercial relationships with them, managing the contracting of products and/or services, as well as for the administrative (billing, collections, etc.), accounting, and tax management of the company and for compliance with the legal obligations that all this entails. Also to be able to establish contact with people who provide services to a legal entity (company, organization, etc.), as well as with individual entrepreneurs and independent professionals, in order to establish or maintain business-to-business (B2B) relationships with them. |
| Data retention criteria: Data will be retained as long as contractual and/or commercial relationships are maintained between both parties and its deletion is not requested, and if it is, for the period provided for by current regulations (tax, commercial, etc.) regarding the statute of limitations on liabilities. |
| Legitimacy for data processing: GDPR: 6.1.b) the legal basis for data processing is the execution and maintenance of contractual and/or commercial relationships between both parties, as well as compliance with legal obligations (tax, commercial, etc.) etc.) that all this entails. The processing of professional contact data for business relationships is legitimized by the Controller’s Legitimate Interest to be able to contact, establish, and/or maintain business relationships with the legal entity for which the Data Subject provides services, as well as with individual entrepreneurs and independent professionals (GDPR: 6.1.f and LOPDGDD: 19). |
| SUPPLIERS |
| Purpose of processing: supplier management, maintaining contractual and/or commercial relationships with them, as well as administrative (billing, collections, etc.), accounting, and tax management of the company, and for compliance with the legal obligations that all this entails. Also to be able to establish contact with people who provide services to a legal entity (company, organization, etc.), as well as with individual entrepreneurs and independent professionals, in order to establish or maintain business-to-business (B2B) relationships with them. |
| Data retention criteria: Data will be retained as long as contractual and/or commercial relationships are maintained between both parties and its deletion is not requested, and if it is, for the period provided for by current regulations (tax, commercial, etc.) regarding the statute of limitations on liabilities. |
| Legitimacy for data processing: GDPR: 6.1.b) the legal basis for data processing is the execution and maintenance of contractual and/or commercial relationships between both parties, as well as compliance with legal obligations (tax, commercial, etc.) etc.) that all this entails. The processing of professional contact data for business relationships is legitimized by the Controller’s Legitimate Interest to be able to contact, establish, and/or maintain business relationships with the legal entity for which the Data Subject provides their services, as well as with individual entrepreneurs and independent professionals (GDPR: 6.1.f and LOPDGDD: 19). |
| SUBCONTRACTED WORKERS |
| Purpose of the processing: management and control of subcontracted workers to verify compliance with the obligations arising from labor regulations, occupational risk prevention, coordination of business activities, etc., as well as for the management, planning, and organization of work. etc. |
| Data retention criteria: Data will be kept for the period established by current regulations regarding the statute of limitations on liability and, when they are no longer necessary for this purpose, they will be deleted. |
| Legitimacy for data processing: The legal basis for data processing is the execution, fulfillment, and development of the contract between Clinica Monarka SL and the company with which you are employed, as well as for compliance with the applicable legal obligations arising therefrom (Workers’ Statute, Occupational Risk Prevention Law, General Social Security Law, etc.). |
| Data origin: The data has been provided by the subcontractor (a company with which you maintain an employment/contractual relationship), hired by the Controller for the provision of services. The categories of data processed are: Identification data: Name and surname, ID number, and Social Security or mutual insurance number; Employment details: Profession and position; Academic and professional details: Training and qualifications. |
| SUBMISSION OF CURRICULUM |
| Purpose of processing: Archiving and recording of documentation and CVs voluntarily provided by interested parties for future selection processes for candidates for a job position in the company. |
| Data retention criteria: Data will be retained for a maximum period of one year or until the interested party exercises their right to erasure. In this regard, after the aforementioned period has elapsed, and if you wish to continue participating in the Data Controller’s selection processes, please send us your resume again. |
| Legitimacy for data processing: GDPR: 6.1.a) The legal basis for data processing is the consent provided by the Data Subject at the time of providing their data to participate in selection processes. By submitting or sending us their resume, the Data Subject authorizes the processing of their data through a clear affirmative action. |
DATA DISCLOSURE
Generally, personal data will not be disclosed to third parties, except in cases where there is a legal obligation or where it is necessary for the provision of services or for the maintenance and development of relationships, such as, but not limited to:
- Public Administrations, Judges and Courts, for compliance with legal obligations, as well as for addressing potential liabilities arising from applicable regulations.
- Financial/banking institutions, for the management of collections and payments.
- Mutual insurance companies and prevention companies, compliance with occupational risk prevention regulations.
- Contractor or principal company, for compliance with applicable regulations.
- Service providers contracted by the Controller, who will have the status of Data Processor.
Although this is not a When transferring data to carry out any of the indicated processing or to provide you with a service, third-party companies acting as Data Processors (our suppliers) may access your information to carry out the aforementioned processing or service. These processors access your data following our instructions and may not use it for any other purpose, maintaining the strictest confidentiality.
International Transfers
Clinica Monarka SL does not plan to make international transfers of your data to
countries outside the European Economic Area (EEA). In those cases where it is necessary, transfers will only be made to recipients located in a country, territory, or one or more specific sectors within that country or international organization that has been declared to have an adequate level of protection by the European Commission; or are covered by the Privacy Shield Agreement; or are covered by any of the appropriate safeguards provided for in Article 46.2 of Regulation (EU) 2016/679.
RIGHTS OF DATA SUBJECTS
Any person has the right to obtain confirmation as to whether or not the Data Controller is processing personal data concerning them, as well as to withdraw, at any time, any consent they may have given for a specific purpose, without affecting the lawfulness of processing based on consent prior to its withdrawal.
Data protection regulations allow you to exercise your rights of access, rectification, erasure, data portability, and objection to and restriction of processing, as well as the right not to be subject to decisions based solely on automated processing of your data, where applicable.
These rights are characterized by the following:
- Their exercise is free of charge, except in the case of manifestly unfounded or excessive requests (e.g., repetitive requests), in which case the Data Controller may charge a fee proportional to the administrative costs incurred or refuse to act.
- You may exercise your rights directly or through your legal or voluntary representative.
- We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline may be extended by an additional two months.
- We are obliged to inform you of the means to exercise these rights, which must be accessible, and we cannot deny you the right solely for the reason that you choose another method. If the request is submitted electronically, the information will be provided through that channel whenever possible, unless you request otherwise.
- If the Data Controller does not process the request, it will inform you, at most within one month, of the reasons for its failure to act and the possibility of filing a complaint with a Supervisory Authority.
How to exercise these rights?
Data Subjects may exercise their rights by sending a written communication to the Data Controller’s postal or email address, indicating “EXERCISE OF LOPD RIGHTS” in the reference. This includes: the request detailing the request, the address for notifications, the date, and the signature. Data Subjects may also exercise their rights through legal representation, in which case, in addition to the data subject’s ID, the data subject’s ID and a document proving the third party’s representation must be provided.
You must prove your identity by submitting a photocopy, or if applicable, a scanned copy, of your ID or equivalent document to verify that we are only responding to the interested party or their legal representative. In this case, you must provide proof of representation.
Upon request, we will provide you with forms to exercise these rights, indicating which right you wish to exercise.
Furthermore, and especially if you feel that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may file a complaint with the National Supervisory Authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.
Social Media
Clinica Monarka SL uses social media, and this is another way to reach you. The information collected through the messages and communications you publish may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies, which explain how they use and share your information. We recommend that you review them before using them to confirm that you agree with how your information is collected, processed, and shared.
The processing of data about individuals who become followers and/or create any links or
connections through the social media platforms of the Data Controller’s official pages will be governed by this privacy policy and the privacy policies of the social media platforms themselves.
The Data Controller will process your data for the purposes of properly managing your presence on the corresponding social media platform, sending personal and individual messages through the social media channels, informing you about activities, products, and/or services of the Data Controller or third parties that may be related to our activity, as well as any other processing permitted by the regulations of the social media platforms.
Cookies
Generally speaking, if you browse the internet, you can accept or reject cookies from your browser’s settings.
This website may use cookies and other similar technologies such as local shared objects, flash cookies, or pixels, which are small files that some platforms, such as websites, can install on the user’s device (computer, tablet, smartphone, etc.).
Their functions can be very varied: storing browsing preferences, collecting statistical information, enabling certain technical features, storing information about the user’s browsing habits or their device, etc.
Cookies are useful for several reasons. From a technical perspective, they allow websites to operate more efficiently and adapt to user preferences, such as storing their language or country’s currency, etc. In addition, they help website data controllers improve their services and make the advertising displayed on them more efficient, thanks to the statistical or user-related information they collect.
Informed consent from users is required for the installation and use of certain cookies. Cookies that require user consent include, among others, analytical, advertising, and affiliate cookies. Exceptions include technical cookies and those necessary for the operation of the website or the provision of services expressly requested by the user.
The user has the option of configuring their browser to be notified of the receipt of cookies and to prevent their installation on their device. Please consult your browser’s instructions for more information. For more information about cookies, please consult our Cookie Policy.
Mandatory or optional nature of the information provided by the data subject
The data subject, by checking the corresponding boxes and entering data in the fields marked as mandatory on the various forms, expressly, freely, and unequivocally accepts that their data is necessary for the Data Controller to process their request. The inclusion of information in the remaining fields is voluntary.
If not all mandatory data is provided, the corresponding processing cannot be carried out, and therefore, the requests, contracts, or applications made by the Data Subject cannot be fulfilled.
The Data Subject guarantees that the personal data provided is accurate and is responsible for communicating any changes to it.
Security Measures
Clinica Monarka SLis committed to protecting your personal information: Using reasonably reliable and effective physical, organizational, and technological measures, controls, and procedures aimed at preserving the integrity and security of your data and ensuring your privacy.
Furthermore, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of your personal data.
In the case of the contracts we sign with suppliers, we include clauses requiring them to maintain a duty of confidentiality regarding the personal data to which they have had access pursuant to the contract, as well as to implement the necessary technical and organizational security measures to guarantee the ongoing confidentiality, integrity, availability, and resilience of the systems and services that process personal data.
All of these security measures are periodically reviewed to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed, and no security system is impenetrable. Therefore, if any information processed and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Supervisory Authority, and, where appropriate, notify any Data Subjects who may have been affected so that they can take appropriate measures.
