1. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?
The data controller is:
Controller identity: EPIDISEASE, S.L.
Trade name: EPIDISEASE, S.L.
Tax ID: B98650781
Address: C/Catedrático Agustín Escardino nº 9, Paterna (Valencia).
Registered: Registered in the Commercial Registry of Valencia, Volume 9826, Book 7108.
To contact us, we provide the following means of communication:
Phone: +34 960 420 157
Email: info@epidisease.com
For greater assurance in complying with data protection, a Data Protection Officer has been appointed. Contact: dpd@aequus.es
2. PURPOSES
For what purpose do we process your personal data? In compliance with the European Regulation 2016/679 General Data Protection Regulation, we inform you that we process the data you provide for the following purposes:
- To receive and respond to inquiries or, where applicable, subscription to newsletters or bulletins.
- To manage your relationship with the user and offer products and services in line with their interests, enhance the user experience, and handle requests, inquiries, or orders.
- To provide services you may contract with us, including diagnostic services, their administrative management, and billing.
- To conduct customer surveys to improve product and service quality; manage and optimize customer relationships; anticipate their needs and satisfaction; and develop or improve new features or services based on the information obtained. The legal basis is the company’s legitimate interest in evaluating product and/or service quality. Also includes sending promotional information about related products/services.
We remind you that processing for the above purposes is necessary to satisfy the legitimate interests pursued by the company.
3. TYPES OF DATA PROCESSED
In the context of the Company’s activity and subject to the consented purposes, we process the following categories of data:
- Identification and contact data such as, but not limited to: name, surname, phone number, email, IP address.
- Bank account data, if provided during the contractual relationship.
- For the diagnostic service, health-related data and genetic data.
4. DATA RETENTION PERIOD
How long will we retain your data?
Your data will be retained as long as necessary to provide the services or maintain the relationship, and in any case, until you request their deletion. Additionally, data will be retained for the legally required time according to each data category. Samples, surplus genetic material, and data will be stored confidentially and in coded form for the duration required for analysis and in accordance with applicable legislation.
5. LEGAL BASIS
What is the legal basis for processing your data?
The processing of personal data related to maintaining your relationship with the Company is legally based on fulfilling the contractual/mercantile obligations of that relationship. This processing is strictly necessary for legal compliance.
Processing your data to send promotional information about the Company’s activities, campaigns, or initiatives is based on our legitimate interest and is authorized by current law. However, you can withdraw your consent by emailing info@epidisease.com. Some processing may be based on your express consent, where applicable.
Furthermore, the legal basis for collecting this data arises from the express consent the user gives when checking the privacy policy acceptance box. This box appears unchecked and must be checked actively by the user before submitting contact forms, subscribing to newsletters, etc.
6. RECIPIENTS
Who will your data be shared with?
Generally, data will not be shared with third parties unless required by law.
However, your data may be shared with the following recipients for purposes arising from the relationship between the parties:
Public Administrations: To comply with legal obligations, your identity and diagnostic result may be shared with your autonomous community under RDL 21/2020.
Service providers that need access to your data to perform contracted services, under confidentiality and data processing agreements required by applicable law.
We remind you that the Company does not carry out international data transfers.
However, during data processing, we may use software with origins or servers located outside the European Economic Area, especially in countries with adequate protection or in the USA. In such cases, we ensure compliance with European data protection standards, particularly GDPR (EU Regulation 679/2016). Transfers to the USA will be covered by the EU–US Privacy Shield. More info: www.privacyshield.org.
7. RIGHTS
You have the right to confirm whether we are processing your personal data.
You also have the right to access your personal data and request the correction of inaccurate data or, where applicable, request its deletion when the data is no longer necessary for the purposes collected.
In certain circumstances, you may request the limitation of data processing, in which case we will only keep them for legal claims or defense.
In certain circumstances and for reasons related to your situation, you may object to the processing of your data.
You also have the right to data portability and to withdraw your consent at any time, without affecting the legality of the processing carried out before withdrawal.
You may exercise these rights by sending a written request to info@epidisease.com, attaching a copy of your ID or another document proving your identity, and clearly indicating the right you wish to exercise.
Finally, you may file a complaint with the Spanish Data Protection Agency or other competent public authorities regarding the processing of your personal data.
8. SOURCE
How did we obtain your data? Personal data is obtained through the website, directly from the user, or via cookies or other means such as order forms used by the company to properly provide services.
For more information about personal data protection, visit the Spanish Data Protection Agency’s website: https://www.agpd.es/