تعاضديات
الاتصال
كيفية الوصول الفنادق القريبة طلب زيارة طبية اتصل الآن
+34 608 493 788 24/7 حالات الطوارئ موعد على الانترنت
إيكوفتالمولوخيا VERTE > سياسة الخصوصية

PATIENTS PRIVACY POLICY

We hereby inform you that your personal data will be processed in accordance with the principles of transparency, legitimate interest in the purpose, data minimisation, exactness, integrity and confidentiality, while also respecting the guarantees stipulated in Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and in accordance with the information listed below:


1. WHO IS THE CONTROLLER?


  1. Joint Controllers. The controllers for processing your personal data are:

    • INSTITUTO CONDAL DE OFTALMOLOGIA, S.L. (ICO)

      • Identity Data: Tax ID Code (NIF): B59054163, address: 08006 Barcelona, Via Augusta 48-54, 2°, recorded in the Companies Register of Barcelona, in volume 30.760, folio 157, sheet number B-41566.

    • GESTIÓ I MICROCIRURGIA OCULAR, S.A. (GMO)

      • Identity Data: Tax ID Code (NIF): A63096861, address: 08036 Barcelona, Carrer Balmes 253, baixos, recorded in the Companies Register of Barcelona, in volume 35289, folio 207, sheet number B-262432.

    • Website:https://www.verte.es/ar(hereinafter referred to as the ‘Website’).

    (Hereinafter referred to jointly as the ‘Companies’ or the ‘Joint Controllers’).

    As such, the Joint Controllers shall be jointly responsible for processing and protecting your personal data. Moreover, there is an agreement between the companies that states their responsibilities.

  2. Data Protection Officer. You can contact the Data Protection Officer using the following email address: dpo@verte.es.

  3. Hospital Centres. The Joint Controllers are the joint owners of the following hospital centres:

    • Name: ICO·1. Address: Vía Augusta, 61 (08006) Barcelona

    • Name: ICO·2. Address: Vía Augusta, 48 2° (08006) Barcelona

    • Name: Clínica CEM. Address: c/ Balmes, 253 (08006) Barcelona


2. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?


We may process your data for the following purposes:

PURPOSE

MORE INFO

1. Providing ophthalmological medical care

Your personal data is processed in order to provide ophthalmological medical care and to properly manages these healthcare services, which may include:

  • Medical care from our professionals.

  • Handling your medical records.

  • Answering your queries.

  • Managing appointments and medical check-ups.

  • Issuing doctor’s notes that prove that you have been to the healthcare centre.

2. Administrative procedures related to the provision of healthcare services, managing the contractual relationship with the patient and invoicing

  • Contacting you about any matters regarding the performance of the agreement.

  • Managing payments for our services.

3. Compliance with legal obligations

It may be necessary to process your personal data in order to comply with any relevant legal obligations. Specifically, to comply with legislation on data protection, tax, healthcare, etc.

4. CCTV for security purposes

The healthcare centres have a CCTV system which captures images of users of the centre in real time. The processing of this data is for the purpose of security and access control for the centre.

5. Sending commercial communications (Newsletter)

  • If you are already a patient, we may send you information about our services in newsletters.

  • The joint controllers’ legitimate interest in the cases stipulated in Article 21.2 of Act 34/2002. However, you can unsubscribe or cancel your subscription to the newsletter at any given time.

6. Conducting quality surveys

We may conduct actions and quality surveys to find out the level of satisfaction among our patients in order to improve our services.

7. Managing the website (https://www.verte.es/ar)

  • Browsing the website owned by the joint controllers.

  • Providing the ‘Online Appointment’ service throughout website if the patient signs up.

  • Contacting us on the website.

8. Social media management

Managing LinkedIn, Facebook, Instagram and YouTube and contacting you on there.

9. Digital communications

  • Communication and reminders via digital communications, phone calls, WhatsApp and SMS.

  • Managing queries over phone or email that you send us through the forms on our website.

  • Postal or email communication of an informative and/or professional nature regarding medical care services.

10. Responding to information requests, complaints, suggestions, claims and incidents.

Managing and processing your requests of any kind, by any means, including phone calls and/or digital communications.

11. Clinical trials

Your data will be processed in order to conduct clinical trials for the following purposes:

  • Research activities.

  • Reliability and security (health protection). 

  • Scientific research.

Also, to properly manage the following services, including:

  • Check-ups, monitoring and observation of patients by the research team.

  • Handling your medical records.

  • Medical intervention by the research team.

  • Appointment management.

  • Issuing doctor’s notes that prove that you have been to the healthcare centre.

12. Managing requests to exercise the rights of the data subject

Your data will be processed to manage and process your request to exercise your rights to access, rectification, erasure, processing limitation, data portability and objection, as well as to respond to your request. Also, to comply with data protection obligations and regulations.

13. Managing data breaches

Managing and communicating with you if there is a data breach and complying with data protection obligations and regulations.

14. CV management

Your data will be processed for the following purposes:

  • Managing the recruitment process.

  • Managing your CV and keeping your up-to-date on different job vacancies that become available with the joint controllers.

3. WHAT IS THE LEGITIMATION FOR PROCESSING YOUR DATA?


The legal basis that allows us to process your personal data depends on the purpose for which we process it, as listed below:

PURPOSE

LEGITIMATION

1. Providing ophthalmological medical care

  • Performing an agreement to which the data subject is party.

  • Express consent granted when providing us with your personal data in paper when accessing one of our hospital centres or signing up on our website on the ‘Online Appointment’ services in the ‘Do You Need Help?’ section.

  • Processing is necessary for the purpose of preventative medicine, medical diagnoses, care provision and healthcare treatment, as well as the management of systems and healthcare services.

2. Administrative procedures related to the provision of healthcare services, managing the contractual relationship with the patient and invoicing

  • Processing based on performing an agreement to which the data subject is party.

3. Compliance with legal obligations

Processing is necessary for compliance with a legal obligation applicable to the joint data controllers.

4. CCTV for security purposes

  • The joint controllers acting in the public interest in accordance with the Private Security 5/2014.

5. Sending commercial communications (Newsletter)

  • Through express consent granted by check the corresponding box on the informed consent form for registering as a patient.

  • The joint controllers’ legitimate interest in the cases stipulated in Article 21.2 of Act 34/2002. If you are already patient, we may send you information about our services. However, you can unsubscribe or cancel your subscription to the newsletter at any given time.

6. Conducting quality surveys

  • We deem that we have a legitimate interest in analysing the level of satisfaction among patients since we believe that processing that data is beneficial for them due the purpose of offering a high-quality service that is suited to their needs.

7. Managing the website (https://www.verte.es/ar)

  • Express consent when you accept the cookies stipulated in the banner and when you fill out a web form by checking the box that accepts the privacy policy so that we can process your data.

  • Legitimate basis is the legitimate interest in allowing you to browse our website.

8. Social media management

  • We will not process any images on any profile of the joint controllers without your express consent.

  • If you contact us via any social media profile we have, follow our profile on any social network or conduct any activity on it, you must accept our privacy policy.

  • We can also reply to your or follow your profile based on legitimate interest.

  • We hereby inform you that if you interact with any profile on social media, you will be accepting their own privacy policy. As such, we cannot be held liable for how you use social media.

9. Digital communications

  • We may contact you over phone call, email and SMS to provide our service or to respond to any queries you have made based on your express consent granted by checking the box on our website.

  • The joint controllers for processing your data will only use WhatsApp if you have previously contacted us on that service; this is based on legitimate interest.

  • We will also contact you via any digital means based on legitimate interest if you are the one to get in contact with us.

10. Responding to information requests, complaints, suggestions, claims and incidents.

  • When you make any information requests, complaints, suggestions or claims, processing will be based on compliance with a legal obligation.

  • The joint controllers have a legitimate interest in processing your data when you make any of the aforementioned requests.

  • We will process your data if you report any incident to us so that we can manage it, based on your express consent granted when filling out the incident sheet.

11. Clinical trials

  • The legitimate basis for processing your data will be the express consent that your grant to take place in a clinical trial being conducted at one of our centres.

  • It will be necessary to process your data when a clinical trial is conducted in the public interest.

  • It will be necessary to process your data for us to conduct a clinical trial, it will be necessary for us or a third party to meet legitimate interests, as long as there are no interests or fundamental rights and freedoms for the data subject taking part in the clinical trial that prevail over the interests and require personal data protection.

12. Managing requests to exercise the rights of the data subject

  • When your request is related exercising your rights, the processing will be based on compliance with a legal obligation applicable to the joint controllers.

  • The processing will be based on the joint controllers’ legitimate interest in responding to your requests or queries that you send to us via different forms of contact available.

13. Managing data breaches

  • When there is a data breach that affect the processing of your data, the processing will be based on compliance with a legal obligation applicable to the joint controllers.

  • The joint controllers have a legitimate interest in processing your data when there is a data breach.

14. CV management

  • The legitimate interest for processing your CV will be pre-contractual measures or the intention to hire when a recruitment process is open.

  • The legitimate basis for processing your data will be the express consent of data subject who submits their CV, to process their CV and keep them up-to-date on any vacant positions at one of our Companies.

4. WHAT CATEGORIES OF DATA DO WE PROCESS AND WHERE DO WE GET THE DATA FROM?


The data we will process will include the following categories:

  • Identity data and contact details of patients or their representatives: name and surname(s), email, National ID Card (DNI) or other legally valid ID document, address, phone number, signature, health card, social security or mutual insurance number, insurance provider. 

  • Personal characteristics: marital status, date and place of birth, age, gender, nationality, language.

  • Health-related data: data contained in the patient’s medical records, medical records number, physiological and pathological family and person background, emergency medical report, description of the diseases, reasons for appointment, medical tests and the results thereof, nursing care, informed consent, revocation of consent document, where applicable, diagnosis information, surgical report, aesthetical report, indication of sources if sent from another healthcare centre, service or unit in which care is provided, doctor responsible for the patient, healthcare professionals’ comments.

  • Bank details: credit/debit card details, bank account number if there are payments, transfers or direct debits.

  • Browsing and connection data: when the website is accessed (cookies, IP address, connection time, etc.).

  • Academic and professional data: the data requested is mandatory (unless stated otherwise) in order to fulfil the purpose. As such, if this data is not provided or not correctly provided, such purposes cannot be fulfilled.

When we request your data through forms on the website and/or paper-based forms, we will state that some fields are mandatory to fulfil the stipulated purposes. As such, if this data is not provided or not correctly provided, such purposes cannot be fulfilled.

Data may be provided by:

  • The data subject (patient) on the website when filling out an ‘Online Appointment’ form or in the ‘Do You Need Help?’ section, or on the paper-based information form at any of our centres, or via other means, for example queries or messages they send us digitally and/or on paper.

  • Their legal representative or guardian via the means listed.

  • The healthcare professional.

  • The patient’s insurance company, where applicable.

  • The company that manages online appointments on the website.

  • If there is a foreign patient, there may be institutions or embassies that provide us with their contact details to provide them with our services.

  • The data subject for a job.

  • Private institutions.

  • INNOVA OCULAR


5. WHO ARE THE RECIPIENTS OF YOUR DATA AND HOW DO WE STORE IT?


5.1Recipients. To fulfil the purposes stipulated in this Privacy Policy, your data may be processed by third parties who act as data processors, who are contractually required to comply with the legal obligations for a data processors, to keep the information secret and confidential, such as providers of medical services, clinical analyses or trials, security firms, document destruction services and providers of technological and IT services.

Moreover, the data that you provide us with could be sent to third parties in order to correctly perform the contractual and/or care relationship between the patient and the joint controllers, based on a legal obligation, the data subject’s vital interest or the data subject’s prior consent, only in cases and to the recipients listed below:

  • Supplier firms that act as data processors located within the European Economic Area with which there is an agreement, that support us in providing our services as providers of medical services, clinical analyses or trials, security firms and document destruction services.

  • IT service providers

  • Financial institutions, if the service or action requested by the patient is subject to payment for the correct performance of the contractual relationship and managing collections and payments.

  • Insurance and mutual insurance firms for the correct performance of the contractual and/or care relationship with the patient and invoicing for the services provided.

  • Suppliers of medical devices, prostheses and implants, in order correctly manage the contractual and/or care relationship with the patient or based on the data subject’s vital interest.

  • Healthcare centres for leasing operating theatres, in order correctly manage the contractual and/or care relationship with the patient based on the data subject’s vital interest.

  • Businesses that form part of clinical trials.

  • Institutions that put patients in contact with healthcare centres and/or embassies that provide us with the contact details of international patients that wish to request our services to manage the contractual and/or care relationship with the patient.

  • Public Authorities, Judges, Courts and Law Enforcement Bodies if there is a legal obligation.

5.2International Transfers. We hereby inform you that, in order to provide some services, we work with service providers that may conduct international data transfers to third countries outside of the European Economic Area with the right level of security recognised by the European Commission or that have standard clauses.


However, express consent will be necessary if the patient in question lives outside the EEA or if they hold an insurance policy with an insurance firm located outside the EEA, their data may be transferred and processed in regions outside of the EEA that the European Commission has deemed not to be suitable, not to have suitable guarantees or not to have a similar data protection of data protection to that of the European Union in its legislation. For example, if you wish to contract our services, there may be dedicated institutions for putting you in contact with healthcare centres and/or embassies in the country where you reside that provide us with your personal data, as well as insurance firm for managing the payment for the services provided if you hold an insurance company located outside the EEA.

In any case, we hereby inform you that such disclosure will only take place in order to manage the contractual relationship with the patient and facilitate payment for the care services provided; as such, if you object to this disclosure, the agreement will not be valid and the insurance firms will not be able to process the payment for the services received since they will not be able to validate the provision of the service by the health care centre.


6. HOW LONG DO WE STORE YOUR DATA?


In general, your data will only be stored for as long as strictly necessary for the purpose for which it was collated as stipulated below:

  • Providing ophthalmological medical care: a minimum of 15 years counted from when the patient is register for the process. Moreover, the medical records shall be kept when there are epidemiological reasons, reasons of research or the organisation and operation of the National Health System.

  • Administrative procedures related to the provision of healthcare services, managing the contractual relationship with the patient and invoicing: for the term that the contractual relationship lasts.

  • Compliance with legal obligations: for the time stipulated in the applicable legislation in each case.

  • CCTV for security purposes: for a maximum term of 30 days, unless the joint controllers are aware of any action that could be relevant for subsequent legal proceedings.

  • Sending commercial communications (Newsletter): the data will be stored until the user revokes their consent, unsubscribes and/or exercises their rights to objection and/or erasure.

  • Conducting quality surveys: for the time we take to carry out the survey.

  • Website management: the data will be stored for the time necessary to fulfil for which the data was collated, as long as the data subject does not request erasure, and for the time necessary to determine any possible liabilities that may be derived therefrom.

  • Social media management: for as long as the consent granted by the data subject lasts.

  • Digital communications: data will be stored for the time necessary to fulfil the purpose.

  • Requests, complaints, suggestions, claims and incidents: for the time necessary to respond to your request.

  • Clinical trials: at least 25 years after the end of the trial or for a longer term if necessary.

  • Managing requests to exercise the rights of the data subject: the data will be stored for the time necessary to respond to your request and to determine any liabilities that may be derived from such purpose.

  • Managing data breaches: the data will be stored for the time necessary to fulfil the purpose and to determine any liabilities that may be derived therefrom.

  • CV management: the data will be stored for as long as the recruitment process lasts or for 24 months to keep the data subject up-to-date on various job vacancies at the company.

After the aforementioned terms have elapsed, your personal data will be locked and remain available only for requests from judges and courts, the public prosecution service and the competent Public Authorities for the number of years necessary to comply with legal obligations; once such term has elapsed, it will be fully deleted.


7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?


7.1.ights. Our data protection regulations grant you a series of rights related to data processing that involve our services that can be summarised as follows:

  1. Right to access: knowing what kind of data we process about you.

  2. Right to rectification: being able to request a modification to your data if it is inexact or untrue.

  3. Right to erasure: requesting the erasure of your data when processing is no longer necessary for the purpose for which we needed it.

  4. Right to limitation of processing: marking personal data stored in order to limit processing in the future.

  5. Right to objection: requesting an end to commercial communications.

  6. Right to data portability: this allows the data subject to receive their personal data in a structured, widely-used and machine-readable format to forward, copy or sent it to a different controller.

7.2.Right to withdraw consent. You can revoke your consent granted by notifying us by email dpo@verte.esor sending a letter to the joint processors: to ICO, Via Augusta, 48 2° (08006) Barcelona or to GMO, c/ Balmes, 253 (08006) Barcelona.

7.3Right to not be subject to decision-making based solely on automated data processing: You also have the right to request that your personal data not be processed in a way that involves the joint controllers making decisions that significantly affect them and do this automatically with no human intervention.

7.4Exercising right. The Companies guarantees that the necessary measures will be adopted to ensure that these rights can be exercise free of charge. To exercise your rights, you will need to send a written communication to the email addressdpo@verte.esspecifying the right you wish to exercise, or by sending a letter to either of the Joint Controllers, to ICO, Via Augusta, 48 2° (08006) Barcelona or to GMO, c/ Balmes, 253 (08006) Barcelona. Moreover, we wish to inform you that you can seek protection of your rights with the Spanish Data Protection Agency with headquarters on Calle de Jorge Juan, 6, 28001 Madrid, or on their website. You can request the relevant standard for to make your request from either of the Joint Controllers.

7.5Right to lodge a complaint with a supervisory authority. Moreover, we wish to inform you that you can seek protection of your rights with the Spanish Data Protection Agency with headquarters on Calle de Jorge Juan, 6, 28001 Madrid, or on their website, www.aepd.es


8. CHANGES TO THE PRIVACY POLICY.


Our Privacy Policy is subject to periodic changes. You can find the latest version of our Privacy Policy on our website.