PRIVACY POLICY

COMPLETE POLICY ON PERSONAL DATA PROTECTION

Both data privacy and information confidentiality are important aspects for C&B MEDICAL PLUS SLP. This data protection policy establishes how personal data obtained by the center is processed and may change over time due to possible legislative or jurisprudential changes, or changes in the criteria followed by the Spanish Data Protection Agency and/or the competent authority at any given time. Therefore, C&B MEDICAL PLUS SLP reserves the right to modify this policy to adapt it to new legislation or jurisprudence in force at the time of access to the website.

Last updated: 25/10/2025

1. RESPONSIBLE
Who is responsible for the processing of your data?:
C&B MEDICAL PLUS SLP
Canigo Round, 10. c 4
08950 Esplugues de Llobregat
CIF:B65773566
Mail: consultas@ginecologiaavanzada.es

2. PURPOSES
For what purposes do we process your data?

As a patient:
We process our patients’ personal data for the following purposes:
1. To manage visits, diagnoses, and any medical treatments or other health-related services and dermatological services provided at any time by this center, including billing and any communications necessary for the provision of the aforementioned services.
2. To send informational communications about the promotion of products and services offered by the medical practice, provided you have given us prior authorization.
3. To address any complaints or requests you submit through the forms available on the website or any other contact method.
4. To manage online appointments.

We inform you that the processing of health data involves the processing of special categories of data. This processing is necessary for the management of healthcare services and will be carried out by professionals bound by professional secrecy.
The personal data collected is strictly necessary for providing the service and managing the established relationship, and is adequate, relevant, and not excessive, limited to what is necessary in relation to the purposes for which it is processed.

To keep your data current, accurate and up-to-date, please inform us of any changes or modifications that may occur.

As a supplier and/or collaborator
We process the personal data of our suppliers and collaborators for the purpose of managing the established professional relationship.

As a candidate for an employee position
We process the curricular data of the candidates for an employee position in order to manage the selection processes that the center keeps open.

3. LEGITIMACY AND TERMS OF CONSERVATION
What is the legal basis for the processing of your data and for how long do we keep them
?

As a patient
The legal basis for processing your personal data is the contracting of the requested medical services and the legitimate interest of the center in addressing your inquiries and requests.
In some cases, the legal basis for processing will be the protection of the vital interests of the data subject or other natural persons.
For processing for promotional purposes of the center’s services and products, the legal basis will be your consent.
Retention period:
The personal data provided and your medical record will be kept in all cases for the duration of the established healthcare relationship and, once this relationship has ended, for the statutory limitation periods established in Law 21/2000, of December 29, on the rights of information concerning health and patient autonomy, and clinical documentation. The medical record, along with the identification data of each patient, will be kept for at least fifteen years from the date of discharge from each episode of care. The remaining documentation will be destroyed five years after the date of discharge from each episode of care.
Contact information for sending informational communications will be kept until the user requests its deletion.

As a supplier and/or collaborator
The legal basis for processing is the existence of a contractual relationship.
The retention period:
The data will be retained in all cases for the duration of the contractual relationship and subsequently for the legal periods established in civil law for the statute of limitations on contractual obligations and in accounting and tax legislation.

As a candidate for an employment position
The legal basis for processing your data is the adoption of pre-contractual measures in the selection processes that the company maintains open, and your consent to the retention of your CV for future selection processes.
Retention period:
The data will be kept for a maximum period of 2 years. After that time, it will be deleted.

4. DATA RECIPIENTS
Who will we share your personal data with?
Patient data may be disclosed to third parties in the following cases:
• To duly accredited healthcare administration personnel performing inspection functions, in order to verify the quality of care, compliance with patient rights, or any other obligation of the medical practice in relation to patients.
• To the healthcare administration for epidemiological, research, or teaching purposes, always keeping the patient’s personal identification data separate from clinical and healthcare data.
• To judges and courts in the context of a legal request
• To healthcare professionals involved in diagnosis or medical treatment; to administrative staff only when necessary for the performance of their duties.
 To the health mutuals for the management of the requested medical-health services and their corresponding payment.
 To medical entities, companies and/or professionals for the purpose of billing the service provided.
 To medical laboratories for the performance of medical tests.
All personnel who access any type of medical record data in the course of their duties are subject to the duty of confidentiality.
Patient data, medical records and online appointments are hosted on a medical management program located on an external server and whose provider complies with the guarantees and security measures established by the GDPR and with whom the data processing agreement has been signed.
International transfer of your data is not planned.

5. DATA SUBJECT RIGHTS
What are your data protection rights?
Everyone has the right to obtain information about what data C&B MEDICAL PLUS is processing.
Below, we outline your rights:
1. Right to access your personal data and obtain a copy of it.
2. Right to request the rectification of inaccurate data or, where appropriate, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
3. In certain circumstances, you may request the restriction of the processing of your data, in which case it will only be retained for the exercise or defense of legal claims.
4. In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. The center will cease processing the data, except for compelling legitimate grounds, or for the exercise or defense of possible legal claims.
5. Portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the company, in a structured, commonly used and machine-readable format when:
a) el tratamiento esté basado en el consentimiento o en un contrato, y b) el tratamiento se efectúe por medios automatizados.
6.- Le informamos de su derecho a presentar una reclamación ante la autoridad de control (AEPD.- www.agpd.es) en el caso que no haya visto satisfechos el ejercicio de sus derechos aquí indicados.

To exercise these rights, you can contact us via email at consultas@ginecologiaavanzada.es, providing the following information:
First and last name
Contact email address
Right you wish to exercise
Details of your request
We will respond to your request within one month and notify you at the email address you provided.

6. SAFETY IN TREATMENT.
What security measures do we implement in our information systems?
Teniendo en cuenta el estado de la técnica, los costes de aplicación, y la naturaleza, el alcance, el contexto y los fines del tratamiento, así como riesgos de probabilidad y gravedad variables para los derechos y libertades de las personas físicas, C&B MEDICAL PLUS aplicará medidas técnicas y organizativas apropiadas para garantizar un nivel de seguridad adecuado al riesgo, que eviten la destrucción, pérdida o alteración accidental o ilícita de datos personales transmitidos, conservados o tratados de otra forma, o la comunicación o acceso no autorizados a dichos datos.