1. Processing manager
This website is the responsibility of Blue Healthcare, S.L.U., with its head office at Avenida de Alberto Alcocer, 7, ground floor - 28036 Madrid and registered in the Mercantile Registry of Madrid, in volume 38,102, folio 90, page number M-678177, initial registration (hereinafter, Blue Healthcare).
Data Protection Office contact information : firstname.lastname@example.org
Blue Healthcare respects the privacy rights of its Users and recognises how important it is to protect the personal data that Blue Healthcare collects about its Users.
The purpose of this document is to inform website Users how personal data is processed on this website.
3. Data collected
In general, Blue Healthcare collects data from website Users in 2 ways:
- IP address: The IP address is a code that identifies the user's Internet connection at a specific time. Only the User's internet access provider can identify the subscriber who was assigned an IP address at a specific time. Due to the nature of the server that supports this website, the User's IP address is automatically registered together with the date and time of access
However, it is not possible identify the User with this data, unless additional information is provided through other means. These could be linked to your IP address or the cookies you have downloaded.
On this website you can find some personal data collection forms. On each of these forms you will find specific information about processing the data you provide on them.
4. Processing purpose
This data is used only to manage normal website use and statistically analyse website use.
5. Information recipients
Blue Healthcare does not give this information to third parties, unless obliged to do so by current legislation (for example, an official request from a police investigation) or in the case of providers that provide services to Blue Healthcare for website maintenance and management.
6. Data processing outside the European Union
The information obtained by cookies is stored on Google's servers in the United States, whose legislation does not guarantee an adequate level of data protection under the criteria of the European data protection authorities.
However, Google provides adequate data protection guarantees, by adhering to the “Privacy Shield” (more information at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) and the authorisation from the Spanish Agency for Data Protection (AEPD) to transfer personal data to the United States (TI/00153/2017).
7. Lawful processing
IP address processing is technically necessary to enable the website connection over the Internet.
Therefore, these processes are lawful.
8. Storage period
IP addresses will be stored for a period of 1 month.
The information gathered by the cookies will be kept for a maximum period of 2 years.
Data protection regulations guarantee users the following rights:
- Access: Allows the User to find about what information is held, where it has been obtained, to whom it has been provided and how it has been processed
- Rectification: Allows the User to rectify any erroneous or outdated data
- Erasure Allows the User to have their data erased
- Opposition Allows the User to object to their data being used for a specific purpose
- Limitation: Allows the User to restrict the processing of their data, but in such a way that the data is kept for some later purpose
- Portability: Allows the User to obtain an electronic copy of their data and, in certain circumstances, request that the data be sent to another service provider. It is only applicable for computerised processing carried out with the consent of the User or for the fulfillment of a contract
- Revocation of consent: Allows the User to withdraw the consent that, where appropriate, has been given to process their data
However, to exercise these rights, it is necessary to be able to link the data processed by Blue Healthcare with the identity of the User requesting it.
In principle, Blue Healthcare cannot establish this link with any of the data it processes unless the User can provide certain documentation enabling them to be identified (for example, a certificate from their Internet access provider showing the IP address that the User was assigned on a specific date and time). You may exercise your rights by sending a letter to the address indicated or an email to [email@example.com], providing all the information needed to identify you.
If you would like more information, or if you think your right to personal data protection has been violated, contact the Spanish Data Protection Agency (www.aepd.es) or our Data Protection Officer (firstname.lastname@example.org).