Data protection

Personal data protection policy

In agreement to Regulation (EU) 2016/679 of the Parliament and the Council of 27th of April 2016 related to natural person protection related to personal data processing and free circulation of those, and Law 41/2002, of the 14th of November, Basic that regulates Patient’s Autonomy and Rights and users and people concerned, of these:

Who is the holder of data processing?

Identity GESTIÓN Y EXPLOTACIÓN HOSPISEIS, SLU (IMED Hospitals) CIF: B98851454.
Address Avda. San Pedro, 15. 03581 Alfaz del Pi (Alicante).
Telephone: (+34) 963 00 30 01.
Data Protection Deputy: delegadoprotecciondatos@imedhospitales.com.

In case you are IMED Hospitals patient in any of the centres, data processing holder is the owner society of the hospital centre that provide health assistance:

Processing responsible (holder society of the healthcare centre that offers assistance)	Healthcare Centre
HOSPIMAR 2000 S.L. Avd. San Pedro, 15. 03581 Alfaz del Pi CIF:B96827050	Administrative and services centre. Hospital IMED Levante
Management Hospidos, S.L. C/ Max Planck, 3. - Elche Parque Empresarial, 03203 Elche CIF: B98059314	IMED Elche Hospital
Hospivalencia 2008, S.L. Avenida de la Ilustración, 1. Next to Albán Park 46100 Burjassot, Valencia CIF: B98178742	IMED Valencia Hospital
HOSPIMAR 2000 S.L. Avd. San Pedro, 15. 03581 Alfaz del Pi CIF:B96827050	IMED Teulada Polyclinic
Gestión Hospidos, S.L. Avda. De Rosa Mazón Valero, no number - Ozone Shopping Centre 03184 Torrevieja (Alicante) CIF: B98059314	IMED Torrevieja Polyclinic
San Jorge Sanatorium , S.L. C/ Oliver, 55. 03802 Alcoy CIF: B03002250	San Jorge Sanatorium
La Safor Medical Centre, S.L. C/Daimuz, 26. 46701 Gandía CIF: B96821574	Gandía Medical Centre

In case we have your details because you requested information about services and/or products that we offer through IMED Hospitals websites, data processing holder is the society GESTIÓN Y EXPLOTACIÓN HOSPISEIS, SLU, address Avda. de San Pedro, 15 in Alfaz del Pi, 03581 Alicante.

Which aim does this processing data have?

In IMED Hospitals we can process personal details collected for these aims:

1. Contact: Manage user data that contact IMED Hospitals through contact forms that IMED Hospitals offer to the user. Likewise, Data will be processed with the aim to manage queries that can be sent by enabled channels on the website.
2. Access to Patient's Portal: Manage registration, as well as later data that can be generated through the channel mentioned, with the aim of general administration of the account, management, commitment, development, control and management for the queries registered through the portal, as well as your relationship with us.
3. Online appointment service: Manage user details that access the service by the Patient's Portal.
4. Advertisement of products ad own services: Send information by postal, phone or electronic means related to IMED Hospitals. These information will be about Projects, activities or research studies that entities develop, products advances and novelties, services and techniques in healthcare area, as well as in assistance and research Everything, exclusively in case it is consent.
5. Medical Portal: Management of professional area.
6. Job Portal: Manage registration of candidates for IMED Hospital jobs. Personal details of the candidates will be processed with the aim to cover a job offer in different specialties, areas and consent express information processing in any of the MED Hospitals societies.

Which is thelegal legitimacy for your data processing?

1. Your data processing related to registration in "Patient's Portal" and other communication channels, are based in your request management and in your case,to provide services purchased.
   Product advertisement sending can be based in legitimate interest of IMED Hospitals, when you register "Patient's Portal" in other cases, as well as when advertisement is from third parties, processing will be based in consent that will be required.
   For sure, legal base for data processing is needed fr the commitment of a legal obligation applicable for IMED Hospitals, related to Law 41/2002, of the 14th of November, basic that regulated patient's autonomy and rights and obligations in information and clinical documents.
2. Data processing related to "Medical Portal" is based in contractual relationship.
3. Data processing related to "Job Portal", is based in legitimate interest of the candidates to receive information about jobs.

Who is data communicated to?

Personal details processed by IMED Hospitals to reach some objectives exposed earlier can be communicated to the following consignees depending on legitimate base of the communication.

1. Organisms, Public Administration and third parties in cases provided by the Law. Entities for purchase and payment management. Insurances for health and economic relationship management.
2. Personal Data Transfer to the group enterprises for design, improvement, development and counselling about the system or assistance model in the Agreement. In this sense scientific research, related to their own rules. IMED Hospitals can elaborate personalised health plans and proactive follow-up programs.
   Personal data transfer too the group enterprises with the aim of profile elaboration. IMED Hospitals manage in a central way personal data of patients so their experience is oriented to them so it keeps personalising it during service assistance of the agreement. For that, IMEd Hospitals will analyse interests and needs of the patient so they can offer information adapted to specific characteristics of the patient, as: offering commercial information, assistance services, prevention services, healthcare plans etc. Automated procedures can be used to know interests and needs of the patient based in interaction type with the group enterprises and provide personalised information with indications and advice.
3. In case it is needed diagnosis tests performance, it will be tranferred to the clinical laboratory or external medical service.
4. In case you have medical insurance, it will be transferred to your insurance.
5. To Assistance Centres public and/private that you decide and public administration according to legal obligations.

For how long we will keep your data?

Personal data will be kept as long it is needed for theservice assistance or while its consent is not removed. Personal data provided, as well as those derived from assistance, legal and /or contractual relationship will be kept during the time accorded to each case (under medical and legal criteria), and minimum 5 years since the registration of the assistance process, just f the autonomic rules and /or specific one establish a minimum delay over the indicated, in this case it will be according to applicable regulation. Later, data will be removed according to data protection regulation with its blocking, just available in Courts and tribunals,Prosecution Service or Public administration request, during a period of prescription of the actions that can derive , and ended this delay, its final removal.

Which are your rights?

All concerned people have the right to obtain information about IMED Hospitals processing personal data that concerns them or not.

As well, according to Data Protection General Regulation, you have these rights:

• Access your data.
• Request modification or suppression of your data: in some circumstances, you have the right to modify personal details not exact and that concern you, and that are processed by IEMD Hospitals or even, to ask for suppression when, among other cause, data is already not necessary for the objective it was collected for.
• Ask for data processing restriction, in this case we just keep them for claiming defense or exercise.
• Your data portability: You can receive, electronically, personal details that yo provided, as well as transfer them wherever you want.
• Data processing opposition.

If the patient access his account in "Patient's Portal", right execise that we mentioned earlier ca be exercised personally with no need of request, as it is recognised in the nº 63 REGULATION (EU) 2016/679 OF THE EUROPEN PARLIAMENT AND THE COUNCIL of the 27th of April 2016 according to natural people protection regarding personal data processing and free circulation of details and Regulation 95/46/CE is repealed.

In case you don't have account in "Patient's Portal", earlier rights exercise request, can be performed through this form or any other means that enables to prove its sending and collection,attached ID copy or valid personal ID (or in your case, legal representative documents of the concerned person)

Likewise, you have the right, any time, to object to notifications sending by electronically means and remove any of your consent, and that won't affect legality of processing based in previous consent to the removal.

Finally, you can make a claim on the Spanish Agency of Data Protection, specially when you are not satisfied with your rights exercise. You can contact through the website: www.agpd.es.

Which data we process and from which source is obtained?

Data provided is from:

• Data that you provided, through forms fulfillment for a certain aim and of the relationship you have with IMED Hospitals.
• Derived data of service: in an indirect way, when is derived from the service assistance and this activity management.
• The management and development of the contractual relationship.
• Data obtained from marketing studiesthat you were part of and you consent to use.

Depending on the service, data processed can be:

• Identification details (for example, name, surname, ID, address, email, phone).
• Socio-economic details (for example economic, financial and insurance).
• Goods and services transaction details (for example services payment performed). Preferences details (for example product or services interest).
• Health, genetics and biometric details integrated in Patient's clinical history.

Underage patients

Patients under 14 years old or an age that is legally fixed to these effects can provide, by their own means,personal data to IMED Hospitals. IMED Hospitals can adopt all measures convenient to check underage age.

In case of underage patient that need medical services offered by IMED Hospitals, we will use means needed so the Guardian or Parents of the patient give when it is needed applicable regulation, their consent in behalf of the underage patient and this consent is properly certified.

Privacy Policy Modification

IMED Hospitals can modify its Privacy Policy according to applicable regulation at that moment. In any case, all modifications of the Privacy Policy will be notified to the Patent and/or Guardian or Parents to be informed of changes performed in personal data processing and, in case applicable regulation ask for it, the Patient, Guardian and/or Parents can provide its consent.