Privacy policy

The controller responsible for the personal data collected through this website is [PLACEHOLDER: legal name or company name], with tax identification number [PLACEHOLDER: tax ID], registered address at [PLACEHOLDER: full address], and privacy contact email [PLACEHOLDER: privacy email].

If there is a data protection officer or another specific privacy contact, it should be stated here: [PLACEHOLDER: DPO contact details or dedicated privacy channel].

This website may collect identifying and contact data when users complete forms, request information, or communicate with the clinic. The actual fields collected should be detailed here: [PLACEHOLDER: name, email, phone number, message, or other data].

If browsing data, analytics, cookies, or online identifiers are collected, this should be stated clearly in this policy and in the corresponding cookie policy: [PLACEHOLDER: details of technologies or tools used].

The data may be processed to respond to requests submitted through the contact form, manage appointments, answer enquiries, and follow up on the relationship with the user or patient. The actual applicable purposes should be described here: [PLACEHOLDER: list of purposes].

If commercial communications, reminders, follow-up campaigns, or any additional purpose are envisaged, they should be stated separately and specifically: [PLACEHOLDER: additional purposes, if any].

The legal basis for processing will depend on the specific purpose. It may rely on the user's consent, pre-contractual steps requested by the user, compliance with legal obligations, or the controller's legitimate interest, as applicable. It should be specified here which basis applies to each purpose: [PLACEHOLDER: legal bases by processing activity].

Personal data should be kept for as long as necessary to fulfil the purpose for which it was collected and, thereafter, for the periods required under applicable law. The actual retention period or criterion should be detailed here: [PLACEHOLDER: retention periods].

The data may be processed by service providers acting on behalf of the controller, such as web hosting, email, form processing, anti-spam systems, or management tools. The real categories of providers and, where applicable, international transfers should be identified here: [PLACEHOLDER: recipient categories and location].

If international data transfers take place, the legal basis and safeguards adopted should be stated: [PLACEHOLDER: standard contractual clauses, adequacy decisions, or other safeguards].

The data subject may exercise their rights of access, rectification, erasure, objection, restriction of processing, and portability, as well as withdraw consent where consent is the legal basis for processing. The actual channel for exercising these rights should be stated here: [PLACEHOLDER: rights request email or postal address].

The data subject may also lodge a complaint with the Spanish Data Protection Agency or another competent supervisory authority if they believe the processing is not compliant with applicable law.

The controller adopts reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. This statement should be reviewed to ensure it matches the project's actual operational reality before the final version is published.

This privacy policy may be updated whenever there are legal, operational, or processing changes affecting the website. Users are encouraged to review it periodically.