Cookies Policy

DATA CONTROLLER

In compliance with the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), and Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (hereinafter “LOPDGDD”), we provide you with basic information on the processing of personal data we carry out of our patients in the Hospital, as well as on the personal data of the users we collect on this website:

Data Controller: HOSPITAL POLICLÍNICO LA PALOMA, S.A., (hereinafter the “Hospital” or the “Controller” interchangeably) Tax ID: A35005842, Address: C/ Maestro Valle, 20, 35005, Las Palmas de G.C., Las Palmas, Spain. Phone: 928 234 466. The Hospital has appointed a Data Protection Officer: Lilliam Valenzuela – UMBRA LAWYERS. Any inquiries regarding your privacy can be sent to the email: rgpd@hospitallapaloma.com.

At the Hospital, we commit to maintaining the information you provide us in the strictest confidentiality, avoiding unauthorized access, manipulation of information, and the loss, destruction, or theft of information. To this end, we will apply the security measures established by the regulations and all those that our resources and modern technology allow us. Please note that, in many cases, it is indispensable that you provide the information we request in order to receive the Hospital’s services, and/or enjoy the benefits of our website.

PURPOSE

This Privacy Policy aims to inform Patients, Users, and Candidates for job positions, about how we process their personal data in the Hospital and during the use of this website.

APPLICATION OF THE PRIVACY POLICY

This Policy applies to all patients who use the Hospital’s services, as well as to Users who use the services of our website, and to candidates for job positions, regardless of the place and time they operate.

PROCESSED DATA

Patients: We will process your identifying and contact data, as well as data related to your health and the medical treatments or services provided by the Hospital. In certain cases, banking data will also be processed to proceed with the correct billing of the contracted services, or data related to health coverages you have contracted with insurers.

Website users: We will process your identifying and contact data and the data you provide through your inquiry or comment. We will process personal data for the use of cookies to the extent that the user authorizes it.

Candidates or applicants for job positions: we will process the curricular data you send us including identifying, contact, and professional data.

Please note that on occasions we request data that is mandatory to provide you with the services you require. On web forms, the data that must be provided will be marked with the symbol *

PURPOSE, LEGAL BASIS, AND PERIOD OF DATA PROCESSING

The purposes for which we request or automatically collect information, depending on the different channels through which users have provided their personal data, are as follows:

PURPOSE	LEGAL BASIS	RETENTION PERIOD
To provide you with proper healthcare and maintain your medical history, provide you with information about your clinical analysis results, as well as any other medical test, and identify you during your stay at the Hospital. During hospitalization, we may ask you to wear a bracelet with your personal data so that professionals can identify you and provide personalized care. Before performing any diagnostic or therapeutic procedure, the professional will verify your identity. Manage the Hospital’s accounting and tax	Article 6.1 c) GDPR – Processing is necessary for compliance with a legal obligation to which the controller is subject. Article 6.1 d) GDPR. Processing is necessary to protect the vital interests of the data subject or another natural person;	As long as necessary for the purposes for which they were collected and for the applicable legal terms, as well as for the terms necessary for the defense of claims.
Prepare budgets upon request and bill the services you request from the Hospital.	Article 6.1 b) GDPR – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract	As long as necessary for the purposes for which they were collected and for the applicable legal terms, as well as for the terms necessary for the defense of claims.
Manage the curriculums received from candidates or applicants for job positions, in accordance with selection processes or vacancies.	Article 6.1 b) GDPR – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.	As long as necessary for the purposes for which they were collected. Data will be deleted when the selection process for which the application was submitted ends, when the interested party withdraws their consent, or, in any case, after two years from the last interaction.
Manage the Hospital’s appointment schedule.	Article 6.1 a) GDPR – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.	As long as necessary for the purposes for which they were collected and for the applicable legal terms, as well as for the terms necessary for the defense of claims.
Send information about health topics, events, or promotions on medical products or services.	Article 6.1 a) GDPR – The data subject has given consent to the processing of his or her personal data. For people who have previously contracted services from the Hospital, the legal basis could be Article 6.1 f) GDPR – Processing is necessary for the purposes of the legitimate interests pursued by the controller.	As long as necessary for the purposes for which they were collected and for the applicable legal terms, as well as for the terms necessary for the defense of claims.
Respond to inquiries made by users through the website.	Article 6.1 a) GDPR – The data subject has given consent to the processing of his or her personal data.	As long as necessary for the purposes for which they were collected and for the applicable legal terms, as well as for the terms necessary for the defense of claims.

DATA COMMUNICATION

Patients’ data may be communicated to Public Bodies when necessary for compliance with current legislation, or under agreements with Social Security; to banking entities when necessary to invoice the services provided; to the insurance company with which you have contracted your health insurance so that billing can proceed accordingly. In the event of traffic accidents, your data may be communicated to the insurance company with which the opposing party has contracted civil liability insurance for the coverage of the health care provided. If health care requires services from laboratories or the use of specific sanitary material, your data may be transferred to external laboratories or suppliers for the correct development of the service.

The data of Users and Candidates or applicants for job positions will not be transferred to third parties except with express authorization or for the fulfillment of legally enforceable obligations.

We also inform you that, through the use of Google cookies, and the use of Microsoft tools that we use for administrative work in the Hospital, international transfers of personal data to the United States may be carried out. Such transfers are based on an adequacy decision provided for in Art. 45 of the General Data Protection Regulation. You can check the company’s adherence to the Data Privacy Framework at the following link: https://www.dataprivacyframework.gov/s/participant-search.

Other international data transfers are not planned, however, should such transfers occur, the Controller will use the tools provided in Articles 46 and 49 of the GDPR as guarantees for the transfers made to countries that do not have an adequacy decision from the European Commission.

USER RIGHTS

The LOPDGDD and the GDPR provide a series of rights in favor of individuals whose personal data is processed. All the rights mentioned below may be exercised by sending your request by email to rgpd@hospitallapaloma.com. As these are very personal rights, you must provide documentation proving your identity, and, in the case of representation, this must be accredited either with authorization signed by the interested party, or by providing documents that prove this circumstance. The maximum period to resolve is one month from the receipt of your request. Please note that we may request additional information to verify your identity before proceeding with your request.

a. Right of access:

The right of access allows the User to know and obtain information about their personal data undergoing processing. You can ask us to indicate the information we hold about you.

b. Right to rectification:

This right is characterized by allowing the correction of errors, modification of data that turn out to be inaccurate or incomplete, and guarantee the accuracy of the information undergoing processing. You must inform us of any changes to your data and will be responsible for updating your information.

c. Right to cancellation/deletion/forget:

The right to deletion allows the deletion of data that turns out to be inadequate or excessive without prejudice to the blocking duty, collected in the LOPDGDD.

d. Right to opposition:

The right to opposition is the right of the User not to carry out the processing of their personal data or to cease it for certain purposes. You may oppose the processing of your data by indicating the specific purposes of opposition.

e. Right to Portability:

The right to portability will allow you to request a copy in a structured, commonly used, and machine-readable format of your personal data.

f. Right to Limitation of Processing:

By exercising this right, your data can only be processed, except for its conservation, for the formulation, exercise, or defense of claims.

g. Right to file a complaint with the control authority:

You may file a complaint with the Spanish Data Protection Agency (www.aepd.es) when you consider that the exercise of your rights has not been adequately addressed.

h. Right not to be subject to automated decisions:

Similarly, you will have the right not to be subject to decisions based solely on automated processing of your data, including profiling, that produces legal effects concerning you or significantly affects you in a similar manner. The User will have the right to revoke their consent at any time.

SECURITY MEASURES

In the processing of your personal information, we apply appropriate technical and organizational security measures according to the type of data and technological advancements, our physical and legal means. Our goal is to avoid unauthorized third-party access, theft, loss, or disclosure of your information. However, the Internet is not an entirely secure environment, so, although we apply all possible security measures, the risk of incident regarding the information will never disappear entirely, for this reason, we ask you that if you detect any incident or have indications that your information may be at risk, contact us so we can investigate the fact and offer solutions.

MODIFICATION OF THE PRIVACY POLICY

The Controller may modify this Privacy Policy in the future. Users are recommended to periodically review the Privacy Policy section when they are going to use the website services or the Hospital’s services.

APPLICABLE LAW AND JURISDICTION

This Policy, as well as the use of the Website, will be governed by Spanish legislation. Any controversy will be resolved before the courts corresponding to the domicile of the Controller, except in cases where the regulations establish that it must be the domicile of the user.

In the event that any provision is unenforceable or null and void under applicable legislation or as a result of a judicial or administrative resolution, such unenforceability or nullity will not make this Policy unenforceable or null and void as a whole. In such cases, the Hospital will proceed to modify or replace such provision with another that is valid and enforceable and that, as far as possible, achieves the objective and intention reflected in the original provision.

ASK FOR APPOINTMENT / INFORMATION

Basic information on data protection

In compliance with the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), and Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (hereinafter “LOPDGDD”), we inform you:
Data Controller: HOSPITAL POLICLÍNICO LA PALOMA, S.A., Tax ID: A35005842, Address: C/ Maestro Valle, 20, 35005, Las Palmas de G.C., Las Palmas, Spain. Phone: 928 234 466. Data Protection Officer: Lilliam Valenzuela - UMBRA LAWYERS. Any inquiries regarding your privacy can be sent to the email: rgpd@hospitallapaloma.com

Purpose of processing: Management and resolution of your inquiry. Managing the Hospital's appointment schedule. Sending you information on health topics, events, or promotions on medical products or services. Managing curriculums received in accordance with selection processes or vacancies.
Legal basis: We are authorized to process your data based on your consent, and on the legitimate interest of the Controller, and, in case you submit your curriculum, we will process the data for the application of pre-contractual measures.

Retention: Data will be retained for the necessary time for the purpose with which the information is collected, as long as you do not revoke the consent given or request the deletion of your data, as well as for the necessary terms to address possible claims or comply with judicial requirements.

Recipients: The data of the website users will not be transferred except for the fulfillment of legal obligations or judicial requirements.
Rights: You may exercise your rights of access, rectification, deletion, portability, and opposition or revocation of the consent granted by sending your request to the email rgpd@hospitallapaloma.com, by postal mail to the Hospital's address, or in person at our facilities.

*We recommend you consult the additional information on Data Protection.

I accept the Privacy Policy.

I wish to be kept informed about health topics, events, or promotions on medical products or services.