Privacy Policy

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data (General Data Protection Regulation (GDPR)), and according to the current national regulations on the subject, we inform you of the following:

Who is the Data Controller?

CLÍNICA SAN ROQUE, S.A.

Tax Identification No.: A35064658

Address: C/ Dolores de La Rocha, 5, A35064658, Las Palmas de Gran Canaria, Las Palmas

Telephone no.: 928 40 40 40

E-mail: atencionalpaciente@hospitalessanroque.com

Email of our Data Protection Officer: protecciondedatos@hospitalessanroque.com

You can contact us through any communication means.

We reserve the right to modify or adapt this Privacy Policy at any time. We recommend that you review this policy from time to time.

If you belong to any of the following groups, please take a look at the dropdown menu:

 

PATIENTS

For which purposes is your personal data processed?

  • To provide health care services.
  • To provide information about the results of the clinical analysis and of any other medical test.
  • To monitor access, visits and stays in our facilities.
  • For administrative management

What is the lawful basis for the processing of your personal data?

The legal basis for the processing of health care data is included in medical and health data is contained in [Spanish] Law 41/2002 on Patient Autonomy of 14 November 2002 “Law on the autonomy of patients and the rights and obligations with regard to clinical information and documentation” [Ley de Autonomía del paciente y Derechos y Obligaciones en materia de información y documentación clínica]. The legal basis is also the execution of a contract for the provision of medical and health services.

 

Compliance with a legal obligation

In the context of Health and Tax inspections, access to health data by the competent authorities is protected by Royal Legislative Decree 8/2015, of 30 October 2015, which approves the consolidated text of the Social Security Act [Ley General de la Seguridad Social], and also by General Law 33/2011, of 4 October 2011, on Public Health [Ley General de la Salud Pública] and General Law 14/1986, of 25 April 1986, on Healthcare [Ley General de Sanidad].

Likewise, the access by duly authorised health staff, and as part of their inspection tasks, is protected by Law 41/2002 on Patient Autonomy.

 

For how long will we store your personal data?

We inform you that pursuant to article 17 of Law 41/2002, any clinical documentation will be stored at least 5 years starting from the start date of each health care process and during the period that a judge or court may require. As per autonomous community law said storage periods may be expanded.

 

To which recipients will your data be communicated?

We inform you that your data will be communicated to the Regional Health Service and the entities collaborating with the [Spanish] Social Security service which have a legal obligation to access the data for the adequate provision of the corresponding medical and health assistance.

If said health assistance is provided on the basis of any agreements with insurance companies or under policies or coverages of which you, as the patient, are the beneficiary, the COMPANY may provide information of the services rendered, including personal data, requested by the insurance companies or the companies covering the assistance provided, as such data is essential for said coverage and its billing.

Additionally, in those cases when, on account of your treatment, the use of a prosthesis or some other specific surgical material is necessary, your personal data may be communicated to the providers, only and exclusively for that purpose.

 

WEB CONTACTS, EMAIL CONTACTS AND APPOINTMENTS

 

What data do we collect through our website?

We can anonymously process your IP address, the operating system or browser you use and even how long your visit lasted.

If you provide data in our contact form, it will be identified so as to contact you, if necessary.

 

For what purposes do we process your personal data?

  • To answer your queries, applications or requests.
  • To manage the service requested, answer your enquiries or process your request.
  • For information by electronic means regarding your request.
  • For business or event information by electronic means, providing that there is express authorisation.
  • To carry out analysis and improvements in our website, about our products and services. To improve our business strategy.

What is the lawful basis for the processing of your data?

The acceptance and consent of the data subject: in those cases where in order to make a request it is necessary to fill out a form and click the send button, filling out such form will necessarily entail that you have been informed and given your express consent to the content of the clause appended to said form or the acceptance of the privacy policy.

All our forms have the * symbol for compulsory data. If information is not provided in those fields, or if you do not tick the checkbox accepting the privacy policy, the submission of the information will not be allowed. Usually, the following formula is used: “□ I have read, and I accept the Privacy Policy.”

 

NEWSLETTER CONTACTS AND BUSINESS COMMUNICATIONS

 

What data do we collect through our newsletter?

In our website, you can subscribe to our Newsletter by providing an email address where the newsletter will be sent.

We will store only your email in our database, and we will then send you emails regularly, until you request to unsubscribe or we stop sending emails.

You will always be given the option to unsubscribe in all communications sent.

 

For what purposes do we process your personal data?

  • To manage the service requested.
    • For information by electronic means regarding your request.
    • For business or event information by electronic means, providing that there is express authorisation
    • To carry out analysis and improvements in mailing distribution, to improve our business strategy.

What is the lawful basis for the processing of your data?

The acceptance and consent of the data subject: in cases where you subscribe, it will be necessary to tick a checkbox and click the send button. This will necessarily entail that you have been informed and have given your express consent to receive the newsletter.

If you do not tick the checkbox accepting the privacy policy, the submission of the information will not be allowed. Usually, the following formula is used: “□ I have read and I accept the Privacy Policy.”

International data transfers

The only International data transfers to entities which will be allowed must be under the authorization of the “USA-EuropeanUnion Privicy Shield agreement” (more information:https://www.privacyshield.gov/welcome), The data transfers must have proved that they comply with the level of protection and guarantees according to the parameters and requirements provided for in the current standards on protection of data,such as the European Regulation or when there is a legal authorization to make the international data transfer.

WI-FI USERS

 

What data do we collect through this service?

We can process your assigned IP address, connection sessions, visited pages, the operating system and browser you use and the duration of the connection.

 

For what purposes do we process your personal data??

  • To offer you the WiFi service requested.

What is the lawful basis for the processing of your data?

The acceptance and consent of the data subject: you must fill out the corresponding form to be able to access the service. All our forms have the * symbol for compulsory data. If information is not provided in those fields, or if you do not tick the checkbox accepting the privacy policy, access to the service will not be allowed. Usually, the following formula is used: “□ I have read and I accept the Privacy Policy.”

 

CLIENTS

 

For what purposes do we process your personal data?

  • To issue a price quote and do a follow-up through communications between both parties.
  • For information by electronic means regarding your request
  • For business or event information by electronic means in accordance with the Law on Information Society Services.
  • To manage administrative, communication and logistics services carried out by the responsible officer.
  • For billing and the appropriate tax returns.
  • To carry out the corresponding transactions.
  • For control and collection management.

What is the lawful basis for the processing of your data?

The legal basis is the execution of a contract.

 

QUALITY SURVEYS

For what purposes do we process your personal data?

  •         To assess the quality level of the service rendered.
  •         To improve the services offered, in virtue of quality compliance.

 

What is the lawful basis for the processing of your data?

The legal basis is the express consent of the respondents.

 

PROVIDERS

For what purposes do we process your personal data s?

  • For information by electronic means regarding your request.
  • For business or event information by electronic means, providing that there is express authorisation.
  • To manage administrative, communication and logistics services carried out by the responsible officer.
  • To carry out the corresponding transactions.
  • For billing and the appropriate tax returns.
  • For control and collection management.

What is the lawful basis for the processing of your data?

The legal basis is the acceptance of a contractual relationship, or, in its absence, your consent when you contact us, or when you offer your products to us in any way.

 

SOCIAL NETWORK CONTACTS

For what purposes do we process your personal data?

  • To answer your queries, applications or requests.
  • To manage the service requested, answer your enquiries or process your request.
  • To build a relationship with you and create a community of followers.

What is the lawful basis for the processing of your data?

The acceptance of a contractual relationship within the corresponding social network environment, and in accordance with their Privacy Policies:

Facebook

Instagram

Twitter   

Linkedin

Pinterest

Vimeo

Google*

*(Google+ and Youtube)

 

For how long will we store your personal data?

We can only access your data or have your data removed to a limited extent as you have a specific profile. We will process them for as long as you allow it, by following us in the respective social networks, by adding us as friends or clicking “like”, “follow” or similar buttons.

Any correction of your data or the limitation of information or posts must be done through the settings of your profile or user within the social network itself.

 

JOB SEEKERS

For what purposes do we process your personal data?

  • For employee selection processes.
  • To schedule a job interview with you and to evaluate your application.
  •   If you have given us your consent, we can transfer your data to collaborating or related entities, with the sole purpose of helping you find a job.

 

For how long will we store your personal data?

Additionally, we inform you that after one year from the receipt of your Curriculum Vitae (CV), we will destroy it in a secure manner.

 

What is the lawful basis for the processing of your data?

The legal basis is your unambiguous consent when you send us your CV.

Do we include personal data from third parties?

No, as a general rule we only process data provided by their holders. If you provide us with data from third parties, you must previously inform and ask for the consent of said parties, otherwise, we shall not be held liable for not complying with this requirement.

 

And what about data concerning minors?

We do not process the personal data of children under the age of 14 without the authorisation of their father, mother or legal guardian. Therefore, please refrain from providing data if you are not that age or, if applicable, from providing third-party data if they are not that age. CLÍNICA SAN ROQUE, S.A. shall not be held liable for not complying with this provision.

 

Will we contact you by electronic means?

Only to manage your request, providing that is one of the means of contact provided by you.

If we send business communications, they will have been previously and expressly authorised by you or it is permitted according to the Law on Information Society Services.

 

What security measures do we apply?

You can rest assured: we have adopted an optimal level of protection for the personal data that we handle, and we have installed all the technical means and measures at our disposal according to the state of technology to prevent the loss, misuse, alteration, unauthorised access and theft of the Personal Data.

 

To which recipients will your data be communicated?

Your data shall not be transferred to third parties, unless there is a legal obligation to do so. In particular, they shall be communicated to the national tax administration agency [Agencia Estatal de la Administración Tributaria] as well as to banks and financial institutions to collect the payment for the service rendered or the product purchased, and to the officers responsible for the processing necessary for the execution of the agreement.

In case a purchase or payment is made, if you choose an application, website, platform, bank card, or any other online service, your data shall be shared with such platforms or it shall be processed in their environment, always with the maximum security.

When we ask them so, our web development and maintenance company or the hosting company shall have access to our website. They will have signed a contract for the provision of services binding them to keep the same level of privacy as we do.

If you are a patient, we may communicate your data to the Regional Health Service and the entities collaborating with the [Spanish] Social Security service when there is legal obligation to do so. Also, to the insurance companies that you have hired. You can find more information under the “Patients” section.

Any international data transfer when using North American applications is protected by the Privacy Shield agreement, guaranteeing that North American software companies comply with European data protection policies regarding privacy.

What rights do you have?

  • To know whether we are processing your data or not.
  • To access your personal data.
  • To request the correction of your data, if it is inaccurate.
  • To request the deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent given.
  • To request the limitation of the processing of your data, in some cases, in that case we shall only store it as established in the current legislation.
  • To the portability of your data. You shall receive it in a structured, commonly used and machine-readable format. If you prefer, we can send it to the new data controller appointed by you. This is only valid in certain cases.
  • To file a claim with the Spanish Data Protection Agency or the competent Supervisory Authority, if you believe we have not provided you with an adequate service.
  • To withdraw your consent for any treatment you consented to, at any time.

If you modify any data, we should be grateful if you would inform us so as to keep the information updated.

 

Do you want a form to exercise your rights?

We have forms for the exercise of your rights. You may request them by sending an email to protecciondedatos@hospitalessanroque.com, or, if you prefer, you can use the ones created by the Spanish Data Protection Agency or by third parties. Said forms must be electronically signed or be accompanied by a photocopy of your National Identification Card.    

If you have a representative, he/she must attach a copy of his/her National Identification Card or sign the document with his/her electronic signature.

Forms may be submitted in person, sent by post or by email, to the address of the Data Controller specified at the beginning of this text.

 

How long do we take to reply to you when you exercise your rights?

It depends on the right you exercise, but within one month at the most after we receive your request, or two months if the issue is very complex. We will notify you if we need more time.

 

Do we handle cookies?

You may check our cookies policy in the corresponding link from our website homepage.

 

For how long will we store your personal data?

Your personal data shall be kept for as long as you are associated with us.

Once you decide to end your relationship with us, the personal data processed for each of the purposes shall be kept for the periods of time legally established, including the period during which a judge or court may require said data according to the statute of limitations.

The data processed shall be stored as long as the legal limitation periods above-mentioned have not passed, if there is legal obligation to store said data, or when no legal limitation period exists, until the data subject requests its deletion or withdraws the consent given.

We shall store all the information and communications regarding the provision of our service while the guarantees of said services last, in order to deal with potential claims.

 

Our Group is made up of the following companies:

  • CLÍNICA SAN ROQUE, S. A., with Tax Identification No. A35064658
  • C.S.R. INVERSIONES SANITARIAS SUR, S.A. with Tax Identification No. A35735083
  • DIAGNÓSTICOS MÉDICOS ESPECIALES, S.A. with Tax Identification No. A35136779
  • C.C. DERMATOLOGIA Y LASER, S.L. with Tax Identification No. B35516244
  • C.S.R. DIAGNOSTICOS, S.L. with Tax Identification No. B35298843