1. WHO IS RESPONSIBLE FOR THE HANDLING OF DATA?
Data will be handled and treated by:
Company: EPIDISEASE, S.L.
Commercial registration: EPIDISEASE, S.L.
Fiscal identification number: B98650781
Address: C/Catedrático Agustín Escardino nº 9 de Paterna (Valencia)
Registration: Mercantile Registry of Valencia, Tome 9826, Book 7108
You may contact us in the following ways:
Telephone: +34 960 420 157
In order to guarantee compliance with the protection of data regulations, a delegate has been designated with the following contact information: email@example.com
To what end do we handle your personal data? In compliance with European Regulation 2016/679 on the Protection of Data, we inform you that the data you provide may be used in the following manner:
- To receive and reply to questions, and to provide subscription access to our newsletter and bulletins.
- To maintain contact with users and to offer products and services in line with their interests, improving their experience as users in the handling of requests and orders.
- To offer services that may be contracted with our company, including diagnostic services, their administration, and their accounting.
- To carry out client surveys on the quality of our products and services, to manage and improve relations with clients, to anticipate their needs and their satisfaction and develop new functions and services based on the information received. The legal basis of data handling is a legitimate interest of the company in assessing the quality of contracted products and services, as is the distribution of promotional material on products and services that may be of interest to those contracted.
We would like to remind you that the handling of data with the ends we have outlined here is an integral part of the satisfaction of the legitimate interests pursued by the company.
3. TYPES OF DATA HANDLED
Within the framework of the company’s activity, and governed by the agreed upon ends, we handle the following categories of data:
- Identifying and contact data, such as, but not limited to, name, telephone number, and email address.
- Data on bank accounts when provided in the context of a contractual relation.
- Genetic and health data, in relation to providing diagnostic services.
4. TIME PERIODS AND CRITERIA FOR THE MAINTENANCE OF DATA
How long will we keep your data?
Your data will be maintained for as long as needed to provide you the contracted service for the duration of the relationship between the two parties, as long as you do not request us to discontinue holding it. It will also be maintained for as long as required by laws governing each type of data. Samples, surplus genetic material, and data are all maintained in a confidential manner, properly coded, during the time required to carry out the analytical processes, in accordance with the applicable legislation.
What is the justification for handling your data?
The handling of personal data concerning your relationship with the company may be justified by contractual and commercial obligations. The handling of personal data linked to the ends mentioned above is necessary to meet the legal requirements that obtain in the relationship.
The handling of your personal data in order to provide promotional information about activities, campaigns, and initiatives of the company represents a legitimate interest of our enterprise and is authorized by the prevailing guidelines. Nevertheless, you may withdraw your consent to this at any time by indicating your wish to do so at firstname.lastname@example.org. It may be the case that the handling in question is based on consent which you will have granted.
Who will see your data?
In general data are not shared with third parties except under legal obligation to do so.
Nevertheless, your data may be shared with the following recipients. If this is the case this will be fully explained and consistent with the purposes described in the present document.
Public administration: In fulfillment of legal obligations, users’ identity and diagnostic results may be shared with the regional autonomous community as established in RDL 21/2020.
Suppliers required to have access to users’ data in providing of services that the company has contracted from them, and with whom the company has contracts guaranteeing confidentiality and handling of personal data as required by the law, in order to protect users’ privacy.
No international transfers of data are made by the company.
In the handling of users’ data, software may be used that originates in or uses servers located outside the space of the European Economic Area, concretely in countries that offer an appropriate level of protection, or in the United States. In this event, we make certain that we are working with suppliers that guarantee compliance with European norms and standards concerning the protection of data, in particular the RDPG (General Data Protection Regulation UE 679/2016). Transfer of data to the United States EEUU is always governed by the EU-USA Privacy Shield. Details may be found at www.privacyshield.org.
What are your rights when you provide us with your data?
You have the right to obtain confirmation of whether or not we are handling the data in question.
You also have the right to see your personal data, to request rectification of inaccuracies or errors in the data, and to request that we discontinue handling the data if, for among other reasons, the data are no longer needed for the purpose for which they were provided.
In certain circumstances you may request the limitation of data handling, in which event we will only hold the data for the settlement of the claim.
In certain circumstances you may challenge the handling of your data for reasons of an individual nature.
In addition, you may exercise your right to portability of your data, withdrawing the consent that you gave earlier, without its affecting the legitimacy of the handling based on the consent given prior to its withdrawal.
You make exercise these rights by making a written request to that effect sent to the email address email@example.com with an attached copy of your national identity card and a second document attesting to your identity, and stating clearly the right that you wish to exercise.
Finally, you may appeal to the Spanish Agency for the Protection of Data (AEPD) and other public bodies with any claim that you may have regarding the handling of your personal data ante.
How did we obtain your data?
The data are gathered at the website, directly from the users, through cookies or from order forms completed by the users. The data serve to guarantee that we are able to offer the best possible service to our clients.
For further information on the protection of personal data we invite you to consult the webpage of the Spanish Agency for the Protection of Data: https://www.agpd.es/