Skip to content
Youtube Facebook Instagram Linkedin
Search
Search
Oftalis | Institut d'Oftalmologia de la Clínica Girona
Patient area
Online dating
Search
Home / Privacy Policy

Privacy Policy

Through this notice, “INSTITUT D’OFTALMOLOGIA S.L.P.” (hereinafter “OFTALIS”) informs the users of the website https://www.oftalis.com, in compliance with Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 (General Data Protection Regulation) and other applicable laws, about its personal data protection policy. The purpose is for users to express, freely and voluntarily, their consent to provide “OFTALIS” with the personal data requested due to information requests or the contracting of various services offered within the scope of medical and ophthalmological assistance and related services.

Unless explicitly stated otherwise, it is required to complete all requested data in the form or similar document truthfully, accurately, completely, and updated. If not, “OFTALIS” may, depending on the case, either not proceed with the user registration or deny the specific requested service. All data provided by the user/subject will be processed in accordance with the details outlined below.

 

Information regarding the processing of personal data:
Identification of the data controller: “INSTITUT D’OFTALMOLOGIA S.L.P.”, with address at C. Barcelona 204-206, 2nd floor, 17005 Gironaand VAT number: B17356932. Contact email: info@oftalis.com

Identification of the Data Protection Officer:

For any issues related to personal data, such as inquiries, requests, suggestions, etc., you can contact the Data Protection Officer appointed by “OFTALIS” via the following email address: info@oftalis.com, by phone at 972 41 24 13, or in person at our office located at C/ Barcelona 204-206, 2nd floor, 17005 Girona.

Purpose of data processing:

All data provided will be processed for the following purposes:

  • To respond to requests made by the data subject.
  • To maintain any relationship that may be established.
  • To manage, administer, inform, provide, and improve the services the user chooses to contract.
  • To send commercial communications related to our products and services.

Personal data provided will be retained as long as the commercial relationship is maintained, unless the data subject requests their deletion or they are necessary for the purposes of processing. The destruction of data will not occur if there is a legal requirement for its retention, in which case the data will be blocked and only available for public authorities, courts, and tribunals for potential legal responsibilities during the statute of limitations period.

Currently, no automated decisions, including profiling, are made based on your personal data. If such automated decisions are implemented in the future, prior consent will be obtained.

Legitimization of processing:

All processing of your personal data has been previously and expressly consented to by you. Before providing consent, you are informed of all the necessary aspects required by law to ensure informed consent.

You may withdraw this consent at any time as detailed later in this document.

Recipients, transfers, and data transfers:

Your data will not be transferred unless strictly necessary for the purposes mentioned above or required by law.

Additionally, your data will not be transferred outside of the European Union unless necessary for the purposes and you provide prior and express authorization.

Rights of the data subjects:

You may exercise your rights at any time by postal mail to “OFTALIS,” C/ Barcelona 204-206, 2nd floor, 17005 Girona, or via email at info@oftalis.com. The request should include your full name, surname, proof of identity or legal representation, details of the request , contact address for notifications, date, and signature of the requester, along with any supporting documents. If the request does not meet the specified requirements, a correction will be requested.

The rights of the data subjects include: access, rectification, limitation, portability, opposition, and deletion. The definitions of these rights are as follows:

Right of access:

The data subject has the right to obtain confirmation from the data controller regarding whether or not personal data concerning them is being processed, and if so, to access that personal data and the following information:

  •  The purposes of the processing.
  • The categories of personal data being processed.
  • The recipients or categories of recipients to whom personal data has been or will be communicated, particularly recipients in third countries or international organizations.
  • Where possible, the expected retention period for personal data or the criteria used to determine that period.
  • The existence of the right to request rectification or deletion of personal data, the restriction of processing, or to object to such processing.
  • The right to lodge a complaint with a supervisory authority.
  • When the personal data has not been obtained from the data subject, any available information about its origin.
  • The existence of automated decisions, including profiling, as referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, meaningful information about the logic involved, as well as the significance and consequences of such processing for the data subject.
  • When personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards under Article 46 related to the transfer. The data controller will provide a copy of the personal data being processed. A reasonable fee based on administrative costs may be charged for any additional copies requested by the data subject. If the data subject requests the information electronically, and unless they request an alternative format, the information will be provided in a commonly used electronic format.

Right to rectification:

The data subject has the right to obtain without undue delay the rectification of inaccurate personal data concerning them. Considering the purposes of the processing, the data subject has the right to complete incomplete personal data, including by means of an additional statement.

Right to deletion:

The data subject has the right to obtain the deletion of personal data concerning them without undue delay, and the data controller is obliged to delete personal data without undue delay when any of the following circumstances apply:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or processed.
  2. The data subject withdraws consent on which the processing is based and there is no other legal basis for the processing.
  3. The data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to processing based on the legitimate grounds.
  4. The personal data have been processed unlawfully.
  5. The personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the data controller.
  6. The personal data have been obtained in connection with the offering of information society services referred to in Article 8(1).

When the data controller has made public the personal data that the data subject has exercised their right to deletion on, the controller must, taking into account available technology and the cost of its implementation, take reasonable steps to inform third parties processing such data of the deletion request, as well as any links or copies of such data.

This right will be limited by other rights such as the right to freedom of expression and information, compliance with a legal obligation, or when public interest reasons exist.

Right to restriction of processing:

The data subject has the right to obtain a restriction of processing when any of the following conditions are met:

  • The data subject contests the accuracy of the personal data during a period that allows the controller to verify the accuracy of the data.
  • The processing is unlawful, and the data subject objects to the deletion of the personal data and instead requests a restriction of its use.
  • The controller no longer needs the personal data for processing purposes, but the data subject needs it for the formulation, exercise, or defense of claims.
  • The data subject has objected to processing under Article 21(1) while verifying whether the legitimate grounds of the controller override those of the data subject.

When the processing of personal data has been restricted under paragraph 1, the data may only be processed, except for storage, with the consent of the data subject or for the formulation, exercise, or defense of claims, or for the protection of the rights of another person or for important public interest reasons in the EU or a Member State.

Any data subject who has obtained a restriction of processing under paragraph 1 will be informed by the controller before the lifting of that restriction.

Right to object:

The data subject has the right to object at any time, on grounds related to their particular situation, to processing of personal data concerning them based on Article 6(1)(e) or (f), including profiling based on these provisions.

The data controller will stop processing the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the formulation, exercise, or defense of legal claims.

When personal data processing is for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them, including profiling, to the extent that it is related to such marketing.

When the data subject objects to processing for direct marketing purposes, their personal data will no longer be processed for these purposes.

When personal data is processed for scientific or historical research or statistical purposes in accordance with Article 89, paragraph 1, the data subject has the right, for reasons related to their particular situation, to object to the processing of personal data concerning them, unless it is necessary for the performance of a task carried out for public interest reasons.

Right to Data Portability:

The data subject has the right to receive their personal data, which they have provided to a data controller, in a structured, commonly used, and machine-readable format, and to transmit it to another data controller without hindrance from the controller to whom the data was provided when:

  • The processing is based on consent in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), or on a contract in accordance with Article 6, paragraph 1, letter b).
  • The processing is carried out by automated means.

In exercising their right to data portability under paragraph 1, the data subject has the right to have their personal data transmitted directly from one controller to another, where technically feasible.

Exercising the right referred to in paragraph 1 of this article will be without prejudice to Article 17. This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The data controller will communicate any rectification or deletion of personal data or restriction of processing made in accordance with Article 16, Article 17, paragraph 1, and Article 18 to each recipient to whom the personal data has been disclosed, unless it is impossible or would involve disproportionate effort. The controller will inform the data subject about these recipients if they so request.

Revocation of Consent: The data subject, who has previously given consent for the processing of their personal data, may withdraw it with the same ease. The withdrawal of consent will not affect the lawfulness of processing carried out prior to its withdrawal.

The data subject has the right to lodge a complaint with the competent supervisory authority.

When personal data is to be processed for different purposes, the controller will inform the data subject of this.

Security Measures:

The data controller states that they have adopted the necessary technical and organizational measures to ensure the security of the data and prevent its alteration, loss, unauthorized processing, or access, considering the state of technology, the nature of the stored data, and the risks to which it may be exposed, whether arising from human action or from the physical or natural environment.

The website https://www.oftalis.com/ contains links to other websites that may be of interest to the data subject. “OFTALIS” assumes no responsibility for these links and cannot guarantee the compliance with appropriate privacy policies, so the data subject accesses the content of these websites under the conditions of use set forth therein and at their own risk.

If you have any questions, issues, or suggestions regarding our Privacy Policy, you can contact us via email at the following address: info@oftalis.com

All rights reserved INSTITUT D’OFTALMOLOGIA S.L.P.

×ATENCIÓ: Cookies no configurades en l'idioma actual. Revisa la teva configuració al plugin, gràcies!