Privacy Policy
PRIVACY POLICY
MEDICHE ROOMS S.L. is an organization that collects personal data through various means at its disposal, which entails a significant responsibility to design and organize procedures in a manner that ensures compliance with data protection laws. Therefore, MEDICHE ROOMS S.L. will implement all necessary security measures to ensure the protection of the data collected.
In carrying out these responsibilities, and in order to establish the general principles governing the processing of personal data within the Organization, MEDICHE ROOMS S.L. hereby adopts this Personal Data Protection Policy, which it communicates to and makes available to all its stakeholders, while also complying with the following regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
- Law 34/2002 of July 11 on Information Society Services and Electronic Commerce (LSSI-CE).
I. SCOPE OF APPLICATION
This Personal Data Protection Policy applies to MEDICHE ROOMS S.L., its governing bodies, management, and staff, as well as to all individuals associated with the Organization, expressly including service providers with access to data (“Data Processors”).
The data controller for the personal data collected by the Organization is: MEDICHE ROOMS S.L., Tax ID No.: B88646757, represented by: CLARA RODRIGUEZ FLORES (hereinafter, the Data Controller). Their contact information is as follows:
Address: 12 Barbara de Braganza Street, Ground Floor, Madrid, Madrid, 28004
Phone number: 917100127
Contact email: info@medicherooms.com
II. INFORMATION ABOUT THE DATA CONTROLLER AND THE PROCESSING OF PERSONAL DATA AT MEDICHE ROOMS S.L.
Additional information on data processing refers to a set of more specific and detailed explanations that organizations must provide to data subjects regarding how their personal data is processed. This concept stems from the principle of transparency under the General Data Protection Regulation (GDPR) and supplements the basic information initially provided, offering a greater level of detail regarding the processing activities.
Below, MEDICHE ROOMS S.L. provides additional information regarding its data processing activities:
Additional Information on Data Protection | ||
INFORMATION ABOUT THE DATA CONTROLLER | ||
Identity | MEDICHE ROOMS, LLC | |
Address | 12 Barbara de Braganza Street, Ground Floor, Madrid, Madrid, 28004 | |
Contact phone number | 917100127 | |
clara.rodriguez@medicherooms.com | ||
PURPOSES OF THE PROCESSING OF PERSONAL DATA | ||
Data Processing | Purpose of the processing | Retention period |
Customers | Client management, accounting, tax, and administrative services. | – Client Management: 5 years. |
Suppliers | Client management, accounting, tax, and administrative services. | – Customer management: for the duration of the contractual relationship and for 5 years thereafter. |
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA | ||
Data Processing | Standing | |
Customers | Express consent of the data subject | |
Suppliers | Express consent of the data subject | |
RECIPIENTS OF YOUR PERSONAL DATA | ||
Data Processing | Forecast of transfers | International transfers |
Customers | Public authorities with jurisdiction over the matter, banks or financial institutions, organizations, or individuals directly related to the data controller. | No |
Suppliers | Public authorities with jurisdiction over the matter, banks or financial institutions, organizations, or individuals directly related to the data controller. | No |
YOUR RIGHTS AND THE RESOURCES AVAILABLE TO YOU | ||
Any individual has the right to obtain confirmation as to whether MEDICHE ROOMS S.L. is processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request the correction of inaccurate data or, where appropriate, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected. Under certain circumstances, data subjects may request that the processing of their data be restricted; in such cases, we will retain their data solely for the purpose of asserting or defending legal claims, as well as to comply with legally established retention periods. In addition, data subjects may object to the processing of their personal data. In such cases, MEDICHE ROOMS S.L. will cease processing their data, except where there are legitimate and compelling grounds for doing so, or in connection with the handling of potential claims. Similarly, when certain conditions are met and it is technically feasible, data subjects have the right to have their personal data transmitted directly to another data controller or processor, upon request. To exercise the rights listed above, please contact us by sending a written request to: ● MEDICHE ROOMS S.L., C/ BARBARA DE BRAGANZA No. 12, Ground Floor, MADRID, MADRID, 28004, or by email to clara.rodriguez@medicherooms.com. We recommend that you include a copy of your ID with your request. | ||
III. PRINCIPLES GOVERNING THE PROCESSING OF PERSONAL DATA
The Personal Data Protection Policy is a proactive measure designed to ensure compliance with applicable laws in this area and , in connection therewith, to respect the right to honor and privacy in the processing of personal data belonging to all individuals associated with MEDICHE ROOMS S.L.
In accordance with the provisions of this Policy, this document sets forth the principles governing data processing within the organization and, consequently, the procedures and organizational and security measures that the individuals covered by this Policy undertake to implement within their respective areas of responsibility.
In light of the foregoing, MEDICHE ROOMS S.L. will ensure compliance with the following principles:
- Lawfulness, fairness, transparency, and purpose limitation.
The data subject must always be informed of the data processing through established clauses and procedures; such processing will only be considered lawful if consent has been obtained (with special attention given to consent provided by minors), or if there is another valid legal basis, and the purpose of the processing complies with applicable regulations.
- Data minimization.
The data processed must be adequate, relevant, and limited to what is necessary in relation to the various purposes of the processing.
- Accuracy.
The data must be accurate and, if necessary, up to date. In this regard, the necessary measures shall be taken to ensure that personal data that is inaccurate in relation to the purposes of the processing is erased or rectified without delay.
- Limitation on the retention period.
The data will be retained in a form that allows for the identification of the data subjects for no longer than is necessary for the purpose of the processing in question.
- Integrity and Confidentiality.
Personal data will be processed in such a way as to ensure appropriate security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, through the implementation of appropriate technical and organizational measures.
- Data transfers.
It is prohibited to purchase or obtain personal data that originates from unlawful sources, or in cases where such data has been collected or transferred in violation of the law or where its lawful origin cannot be sufficiently guaranteed.
- Hiring suppliers with access to data.
Only suppliers who provide sufficient assurances that they will implement appropriate technical and security measures for data processing will be selected for engagement. A contract setting forth these terms will be executed with such suppliers.
- International data transfers.
Any processing of personal data subject to European Union regulations that involves the transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements set forth in applicable law.
- Rights of affected individuals.
The Organization will facilitate the exercise by data subjects of their rights of access, rectification, erasure, restriction of processing, objection, and data portability, establishing internal procedures for this purpose, and in particular, the forms necessary and appropriate for the exercise of these rights, which must meet, at a minimum, the applicable legal requirements in each case.
MEDICHE ROOMS S.L. will ensure that the principles set forth in this Personal Data Protection Policy are taken into account:
- In the design and implementation of all work procedures
- In the products and services offered
- In all contracts and obligations they enter into or assume, and
- When implementing any systems or platforms that allow employees or third parties to access them and/or that involve the collection or processing of personal data.
IV. PERSONAL DATA OF MINORS
In accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights, only individuals aged 14 or older may lawfully consent to the processing of their personal data by MEDICHE ROOMS S.L.. In the case of a child under 14 years of age, the consent of the parents or guardians is required for the processing, and such processing will only be considered lawful to the extent that they have authorized it.
V. CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
MEDICHE ROOMS S.L. undertakes to notify the user without undue delay in the event of a personal data breach that is likely to result in a high risk to their rights and freedoms. In accordance with Article 4 of the GDPR, a personal data breach is defined as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Personal data will be treated as confidential by the Data Controller, who undertakes to ensure, through a legal or contractual obligation, that such confidentiality is respected by its employees, partners, and any person to whom the information is disclosed.
VI. COMMITMENT OF THE STAFF OF MEDICHE ROOMS S.L.
Accordingly, we hereby confirm that the employees of MEDICHE ROOMS S.L. have been informed of this Policy and acknowledge that personal information is an asset of MEDICHE ROOMS S.L. In this regard, they agree to comply with the Policy and commit to the following:
- Complete the data protection awareness training provided by MEDICHE ROOMS S.L.
- Implement the user-level security measures applicable to your position, without prejudice to any responsibilities for their design and implementation that may be assigned to you based on your role within MEDICHE ROOMS S.L.
- Use the established forms for affected users to exercise their rights, and notify MEDICHE ROOMS S.L. immediately so that a response can be provided.
- Notify MEDICHE ROOMS S.L. as soon as you become aware of any deviations from the provisions of this Policy, particularly “Personal Data Security Breaches,” using the form provided for this purpose.
VII. MONITORING AND EVALUATION
MEDICHE ROOMS S.L. will conduct an annual review, assessment, and evaluation—as well as whenever there are significant changes to data processing activities—of the effectiveness of the technical and organizational measures in place to ensure the security of the processing.
MEDICHE ROOMS, LLC