In compliance with the provisions of the Regulation (EU) 2016/679, of April 27th on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with the provisions of its adaptation to the Spanish law by the Organic Law 3/2018, of December 5th, of Data Protection and Guarantee of Digital Rights (by its Spanish acronym, LOPD), we hereby wish to inform you about the processing of the personal data in the context of your visit to and use of this website (hereinafter, the “Website”) and in the course of our business.

Unless expressly stated otherwise in a specific section of the Website or in a specific information clause provided to the interested parties, the provisions of this Privacy Policy shall apply.  

We are allowed to use your personal data if we have your consent or another lawful basis applies. Therefore, we inform you that in some cases we are legally required to obtain your prior consent to be able to process your data for a purpose (please review section “Purposes” below) and in other cases we may not need to obtain your consent.

You guarantee and are responsible for the accuracy, validity and authenticity of the provided personal data.

 

1. DATA CONTROLLER

Your personal data will be collected and processed by Fundació Privada Institut de Recerca sobre Immunopatologies-Caixa IrsiCaixa (hereinafter, the “Data Controller” or “IrsiCaixa”), holder of ID number G-60813227.

 

2. CONTACT INFORMATION

If you wish to make any enquiry or request concerning the processing of your data, please contact our data protection officer (“DPO”) by sending an email or post to any of the following addresses:

Email

dpo@irsicaixa.com

Postal address

Hospital Germans Trias i Pujol
Ctra. del Canyet s/n
08916 Badalona (Barcelona)
Spain

Please identify your message with the reference “Data Protection” by any sending method.

 

3. PROCESSING ACTIVITIES

Contact

We process your name and email to answer your communications sent through the contact section. your name and email through the “Contact” section. We also may process additional data you may freely provide through this section.

Cookies

We also collect data about the use of our web using cookies to better understand the impact of our project, please check the Cookies Policy for more information about the processing of data obtained from the installation of cookies.

 

4. LEGAL BASIS

We rely at least on one of the following legal basis to lawfully process your data:  

Contact

Legitimate interest

Processing is necessary for the purposes of the legitimate interests pursued by the controller to answer any communication received in relation with our project.

Cookies

Legitimate interest

We use technical cookies to gather technical data we need to facilitate your use our website on the basis of our legitimate interest as editor of the website.

Consent

We use cookies also to better understand the impact of our project by collecting information about the use of the website. This personal data is collected on the basis of you consent.

 

5. PURPOSES OF THE PROCESSING

This website only collects data for the following intended purposes:

Contact

Responding to the messages received through the contact section.

Cookies

We use technical cookies to gather technical data we need to facilitate your use our website and also to better understand the impact of our project by collecting information about the use of the website. For more information on the data we process through de cookies, please visit our Cookie Policy available on the footer of the Website.

 

6.DATA RETENTION PERIOD

 

Contact

The data collected will be processed during the period required to attend your communication, unless you are interested in remaining in contact for a longer period.

Cookies

Please, visit our Cookie Policy available on the footer of the Website.

Please note that we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising or defending our legal rights or meeting our legal and regulatory obligations, in which cases the access to the personal data shall be restricted for the legally required period and deleted upon its expiration.

 

7. DATA PROTECTON RIGHTS

The applicable laws provide the following rights for data subjects:

Right to access

You have the right to access your data we process.

Right of rectification

You have the right to request us to correct any information you believe to be inaccurate and to complete information you believe to be incomplete.

Right to erasure

You have the right to request us to restrict the processing of your personal data, under certain conditions.

Right to object to processing

You have the right to object to the processing of your personal data, under certain conditions.  

Right to restrict data processing

You have the right to request us to restrict the processing of your personal data, under certain conditions.

Right to data portability

You have the right to request us to transfer the collected data to another organization or directly to you, under certain conditions.

You may exercise any of your rights, withdraw your consent or update your data by writing an email or a letter to the corresponding addresses in section “Contact Information” above, attaching a copy of your ID and indicating the right you wish to exercise. You are not required to pay any charge for exercising your rights.

In the event that you are not satisfied with the attention received after exercising any of the aforementioned rights and wish to file a claim, you may contact the independent body set up to uphold information rights in Spain, called Spanish Data Protection Agency, through their website www.aepd.es.

 

8. CONFIDENDIALTY AND SECURE DATA PROCESSING

The collected data will be treated with the utmost reserve and confidentiality. We have established all the technical and organizational means at our disposal to avoid the loss, misuse, alteration, unauthorized access or copy of the collected data.

 

9.DATA COMMUNICATION

We do not share your personal data with any third party, unless required by an administrative or judicial authority or unless you have previously authorized us to do so. However, we may provide access to your data to our IT service providers, which are bound by confidentiality agreements and are entitled to access your data only for authorized purposes to provide us the corresponding services.

You can obtain an updated list of our data processors by writing an email or letter to the addresses set forth in section “Contact information” above.

 

10. INTERNATIONAL DATA TRANSFER

We do not transfer your personal data to any country outside the European Economic Area (“EEA”). However, should any of our IT service providers process your personal data outside the EEA, we shall implement all measures and controls within our reach to protect your personal data. The main measures we adopt for securing international data transfers may include the following:

  • Require our processors to sign the standard contractual clauses (“SCC”), which are clauses authorized by the European Commission that offer sufficient safeguards on data protection for the data to be transferred internationally.
  • Request for third-party certification and/or approved and recognized codes of conduct.

Last updated: April 30th, 2024