Privacy Policy
- Identification of the data controller
The person responsible for the processing of personal data is Orthodontic Research and Development, S.L., with address for contact purposes at Escoles Pies, 109, 08017, Barcelona (the “Company”).Company“).
- Purposes, legitimacy of the treatment and categories and recipients of personal data
|
Purpose |
Categories of personal data and recipients |
Legal basis |
|
Analyze and, if applicable, respond to requests for information, suggestions and/or inquiries made through the means provided for this purpose. |
Categories of personal data:
Target audience:
|
Legitimate interest Consent: for the processing of health data. |
|
Interact (i.e. respond to messages or comments, generate reactions, share content, etc.) with users of the Company’s social media profiles. |
Categories of personal data:
Target audience:
|
Legitimate interest |
|
Perform website maintenance tasks to provide a secure environment for your users. |
Categories of personal data:
|
|
|
Customize certain features of the website (for example, the language in which the content is displayed) according to the browsing preferences expressed by users and analyze their browsing behavior (for example, sections that attract more or fewer visits) in order to improve the services offered through the website. Detailed information can be found in the Cookie Policy.
|
Categories of personal data:
Target audience:
|
Consent |
|
1 For example, name and surname, image and user name in social networks. 2 For example, personal telephone number, personal e-mail address and home address. 3 For example, IP address, device or user ID, browser type and version, sections visited and country from which the connection is made. |
||
The table above shows the legal basis for the processing of personal data by purpose. Additional information on the legitimacy of the processing can be found below:
- – Consent (Article 6.1(a) of the GDPR): data subjects can give their consent through the data collection forms, by clicking on the acceptance buttons or by performing any other affirmative action. Data subjects may revoke their consent at any time, as detailed in Section 5.
- – Legitimate interest (of the Company and/or third parties) (Article 6.1(f) of the GDPR): users of the Company’s websites and social media profiles have a reasonable expectation that the personal data they provide or are generated when using these services will be used to contact them and ensure the security of the service in order to prevent unlawful and malicious activities that could compromise personal data. In any case, the interested parties may request further information regarding the legitimate interest or exercise their right of opposition, by sending such request to privacy@carriere.es.
The processing of special categories of personal data is covered by the explicit consent of the data subject (Article 9.2(a) of the GDPR).
The Company will endeavor to ensure that the transfer of personal data is made only to countries that offer an adequate level of data protection. If personal data are processed from countries that do not offer such level of protection, the Company and/or the suppliers (as the case may be) will, if necessary, adopt appropriate safeguards (e.g. standard contractual clauses included in Commission Implementing Decision (EU) 2021/914 of 4 June 2021) to carry out such international data transfers in accordance with the applicable data protection legislation. You can request specific information from the Company about the safeguards applied for each international transfer of personal data at privacy@carriere.es.
The Company does not share personal data with any other third party, unless authorized by the individual concerned or required by applicable law.
- Conservation period
Once the purposes for which the personal data are processed have been fulfilled, the Company will keep them until the expiry of the statute of limitations for any liabilities that may arise and for the periods necessary to comply with any applicable legal obligation.
- Origin and categories of personal data
The Company only processes personal data that are relevant for the purposes mentioned in Section 2.1. Section 2.
In addition to the personal data that data subjects provide directly to the Company, the Company may obtain personal data through, among others, cookies and similar technologies installed on their devices.
- Data protection rights
|
Rights |
Content |
|
Access |
You may request confirmation as to whether your personal data is being processed and, if so, access your data included in the Company’s files. |
|
Correction |
You may request the rectification of your personal data when it is inaccurate. |
|
Suppression |
You can request the deletion of your personal data. |
|
Opposition |
You may request that your personal data not be processed in certain circumstances. |
|
Portability |
You may request to receive, in an electronic file, the personal data you have provided to the Company, as well as the right to transmit them to other third parties. |
|
Treatment limitation |
You may request the limitation of the processing of your personal data when:
|
|
Revocation of consent |
You may withdraw your consent without affecting the lawfulness of the processing based on the consent prior to its withdrawal. |
You can exercise, where applicable, your data protection rights by sending a written communication to the Company at clinica@carriere.es[e]indicating “Data Protection” in the subject line of the communication. For this purpose, the Company may request any information and documentation necessary to identify you.
You may also exercise your right to complain to a data protection authority, including those at your place of residence, place of work or at the place where the alleged breach has taken place.
Date of creationJuly 2024
