Foundation for Biomedical Research of La Paz University Hospital (hereinafter “FIBHULP “), will process personal data in accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter “GDPR”), Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter “LOPDGDD”) and Law 34/2002, of 11 July, on information society services and electronic commerce (LSSI), with regard to the maintenance of confidentiality and the processing of personal data voluntarily provided by users of https://jardin-ern.eu hereby informs you of the aspects related to such data processing as follows.

Definitions

The following terms used in this Privacy Policy shall have the meanings set forth below:

Personal data: Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject: Identified or identifiable natural person to whom the personal data belong.

Processing of personal data: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data controller (or controller): The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor (or processor): The natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller.

Recipient of personal data: Natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not.

Consent of the data subject: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Protection Officer (DPO): it is a relevant professional in the personal data protection compliance model for which must be expert knowledge of data protection law and practices. Articles 38 and 39 GDPR and articles 36 and 37 LOPDGDD detail the position and tasks of the data protection officer, including the task of informing and advising the controller or the processor their obligations pursuant to GDPR and to monitor compliance with GDPR, to operate independently, and act as the contact point for the supervisory authority (the Spanish Data Protection Agency) on issues relating to processing.

Who is the data controller for the processing of user data in this website?

The identity of data controller is:

• Company Name: Foundation for Biomedical Research of La Paz University Hospital (hereinafter “FIBHULP “).
• NIF: G83727057
• Address/registered office: Paseo de la Castellana 261, 2804, Madrid (Spain)
• Contact privacy issues: protecciondedatos@idipaz.es

We hereby inform you that FIBHULP has designated a Data protection officer (DPO). The name and contact details of the Data Protection Officer is provided below:

• Alaro Avant, S.L.
• dpo.fiblapaz@alaroavant.com

Why and for what purpose do we use your data?

The purposes for which your personal data collected through the website will be processed are as follows:

• Manage your query or request transferred through any of the contact channels enabled on the website.

In the event that you have provided us with your consent, we will send commercial communications relating to the services that make up the activity of the FIBHULP and / or news about “JARDIN. Joint Action on integration of ERNs into national healthcare systems”.

Who do we process data about?

Below, we indicate the categories of data subjects who may be users and from whom we will process personal data for the purposes indicated above:

• Web users

What personal data do we process?

Below, we indicate the categories of personal data that we will process for the purposes indicated above:

• Identification data: name and surname, e-mail- as well as any other information you provide us when contacting us.

How do we collect and where does the user data come from?

The personal data we process is provided to us by you.

Lawfulness of processing

The legal basis that legitimizes the processing of your personal data is:

• The consent you have given us for the sending of commercial communications.
• Legitimate interest in fulfilling the request and/or consultation.

Who has access to the data?

Your personal data may be provided in case they are required by law or by the competent authorities, as well as, where appropriate, to:

• Tax Administration
• Public Administration with competence in the matter.
• State Security Forces and Corps.
• Auditors and inspectors;
• When required by law or by the competent authorities.

Transfers of personal data to third countries or international organisations

International data transfers involve a process of personal data from the European territory to recipients located in countries outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland and Norway). In the event of international transfers of your personal data, we will protect your personal data as set out in this Privacy Policy and will comply with applicable legal requirements that may be in force from time to time.

We inform you that no international transfers of personal data provided through the website are made.

How long will we store personal data?

We inform you that the personal data provided will be kept for as long as is necessary for the purpose of the processing for which the data were collected (as indicated in point 4) and for the periods established by the applicable law (relating to research projects), for the periods established to deal with possible claims arising from the processing, as well as for as long as the consent given is not withdrawn. All of the above is in accordance with the principles of data minimisation and storage limitation established in the applicable law.

What are the data subject’s data protection rights?

In accordance with the current legislation on the protection of personal data (GDPR and LOPDGDD), the data subject has the following rights over their personal data:

• Any person has the right to obtain confirmation as to whether or not FIBHULP is processing personal data concerning them;
• Data subject has the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request the erasure when, among other reasons, the personal data are no longer necessary in relation to the purposes for which they were collected;
• In certain circumstances, the data subject may request the restriction of processing of their data, in which case we will only storage them for the exercise or defence of claims;
• In certain circumstances and for reasons related to their particular situation, data subjects may withdraw the consent given or object to the processing of their data. FIBHULP will stop processing the data, except for compelling legitimate grounds, or the exercise or defence of possible legal claims;
• Data subjects may request portability of their data, in which case the data will be sent to the data subject or, if indicated, to another data controller, in a structured, commonly used and machine-readable format.

The data subject may exercise these rights of access, rectification, erasure, objection and the right not to be subject to automated individual decisions (including profiling), portability and to restrict the processing of his or her personal data (at any time and free of charge) by contacting FIBHULP, by written communication:

• to the FIBHULP ‘s postal address: Paseo de la Castellana 261, 28046, Madrid (Spain);
• email: protecciondedatos@idipaz.es

In this regard, documentation proving your identity may be requested if this is necessary for the proper exercise of your rights.

We remind you that you have the right to lodge a complaint with the competent supervisory authority if you consider your rights have been infringed. If you are a resident of the European Economic Area and you wish to request the supervision of the Supervisory Authority on our use of your personal data, you may contact the Spanish Data Protection Agency (https://www.aepd.es/es). Alternatively, you may contact your local Supervisory Authority.

How do we protect user data?

We are committed to protecting the information you provide to us. Therefore, in response to the trust placed in the entity and taking into account the importance in terms of protection and confidentiality that your personal data requires, we inform you that we have implemented appropriate technical and organisational measures to ensure the confidentiality, availability, integrity and resilience of our processing systems and services.

To this end, we employ security measures designed to provide a level of security appropriate to the risk of processing the personal data provided. However, you should be aware that security measures on the Internet are not impregnable and, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or data breaches will never occur.

Privacy Policy Update

This Privacy Policy has been updated in July 2024. FIBHULP, reserves the right to modify its data protection policy in the event that there is a change in current legislation, jurisprudential doctrine or business criteria. If any changes are made to this policy, the new text will be published at this same address.