Cori Health & Care SLU is concerned about the personal data it processes and the exact compliance with the current regulations on personal data protection, among others, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights.
Accordingly, the following issues relating to the processing of personal data carried out by Cori Health & Care SLU are reported:
Who is responsible for the processing of your personal data?
Identity: Cori Health & Care SLU
TAX ID: B01740364
Postal address: Diputación Foral de Álava 4, 3rd floor, 01001 Vitoria (Álava)
The principles required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as GDPR) are respected in the processing of personal data:
- Principle of lawfulness, fairness and transparency: the data we collect are processed lawfully, fairly and transparently, with the prior consent of the data subjects where necessary or, where appropriate, for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures, or if the processing is necessary for compliance with an applicable legal obligation.
- Purpose limitation principle: the personal data we process are used for the purposes indicated in the section «For what purposes do we use your personal data?».
- Principle of data minimization: in accordance with this principle, the only personal data we collect from users are those strictly necessary to manage and deal with the queries or requests they make to us, the subscription to the newsletter and the sending of the newsletter.
- Principle of accuracy: the personal data we collect will be kept accurate and, if necessary, updated. To this end, in the event of any change in personal data, the user must communicate it so that the appropriate update can be made.
- Principle of limitation of the storage period: the personal data we process will be kept for the periods indicated in the section «How long will we keep your personal data».
- Principle of integrity and confidentiality: in order to respect this principle, personal data will be processed in a way that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures.
What categories of personal data do we process?
The categories of data we process through this website are:
- Subscription to newsletter: identifying data (e-mail address).
- Data obtained through the contact form: identifying data (name and e-mail address).
We inform you that we do not process data that the General Data Protection Regulation qualifies as «special categories of data» (health data, biometric data, trade union membership, etc.) or personal data relating to criminal convictions or offenses.
The personal data we collect through these forms are those necessary to answer the query or request, or to manage the request for subscription to our newsletter, therefore, it is mandatory to provide them in such a way that, otherwise, we will not be able to answer it.
How did we obtain your personal information?
All personal data that we process are provided by the interested parties themselves or their legal representatives.
The personal data we collect through this website have been obtained through the existing forms and the e-mail address provided to contact us.
For what purposes do we use your personal data?
Data collected through the newsletter subscription form: we use your personal data to manage the subscription and sending of newsletters or newsletters about the company, our products, services, news, articles, news, offers or promotions.
In this sense, we inform you that in order to manage in a more efficient, dynamic and operative way and to be able to keep a better control of the commercial communications that we send by e-mail we use MailChimp, a platform developed by The Rocket Science Group Llc., whose use implies the installation by the provider of the mentioned service in these mailings of tracking devices of the activity of the recipients, in order to control the opening of the e-mails and the clicking of the links contained in the e-mails, and to be able to elaborate with the information collected reports of follow-up of the campaigns.
Data collected through the contact form: we use your personal data to manage and respond to queries and requests made by users of our website.
What is the legitimacy for the processing of your personal data?
Data collected through the newsletter form: the legal basis that legitimizes the processing of personal data of subscribers is the consent they provide when subscribing to the newsletter and, therefore, the need for such treatment to meet their subscription. In this sense it is reported that they have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
Data collected through the contact form: the legal basis that legitimizes the processing of personal data provided by users through such means is the consent given when contacting us and, therefore, the need for such treatment to address and respond to inquiries or requests made to us.
To which recipients will your personal data be communicated?
The personal data provided to us by users of this website will not be communicated to third parties unless it is necessary to manage the requests made to us or to comply with legal obligations.
However, for some issues we use third-party services, we act as responsible for the treatment, with whom we have signed the corresponding data treatment contract agreement agreement with the arranged by Article 28.3 of the RGPD.
International data transfers
In order to manage in a more efficient, dynamic and operative way and to be able to keep a better control of the commercial communications that we send by email, we use MailChimp, a platform developed by The Rocket Science Group Llc., a company that also acts as a data processor and that, despite being outside the European Union and the European Economic Area, the international transfer of data that its use implies also has the appropriate guarantees contemplated in article 46.2 c) of the General Data Protection Regulation (standard contractual clauses adopted by the European Commission).
MailChimp’s standard contractual clauses: https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses
How long will we keep your personal data?
Data collected through the newsletter form: we will keep your personal data as long as you do not revoke your consent by unsubscribing.
Data collected through the contact form: the personal data provided to us will be kept only during the management of queries or requests made to us in such a way that, once the processing is completed, we will proceed to its deletion.
What are your rights when you provide us with your personal data?
- Right to request access to their personal data: in order to know and verify the lawfulness of the processing, users may at any time request confirmation of whether CORI HEALTH & CARE S.L.U. is processing their personal data and, if so, will be informed, among other things, about what data is being processed, its purpose, its origin, expected period of conservation and, where appropriate, recipients or categories of recipients.
- Right to request rectification: users may request the rectification of personal data that are inaccurate or that we complete those that are incomplete, including by means of an additional statement. In such a case, they must indicate in their request which data is concerned and the correction to be made, accompanied, where appropriate, by documentation supporting the inaccuracy or incompleteness of the data being processed.
- Right to request deletion («right to be forgotten»): users may request that their personal data be deleted and no longer be processed if they are no longer necessary for the purposes for which they were collected or otherwise processed, withdraw their consent, have been processed unlawfully or must be deleted in order to comply with a legal obligation.
- Right to request the limitation of the processing of their personal data: in this case, we will only retain personal data for the formulation, exercise or defense of claims, or for the protection of the rights of another natural or legal person or for reasons of substantial public interest.
- Right to portability of their personal data: users may ask us to provide their personal data to them or to another controller they specify, in a structured, commonly used and machine-readable format.
- Right to object to processing: we will stop processing their personal data in the manner they indicate to us, unless we have to continue processing them for compelling legitimate reasons or for the formulation, exercise or defense of possible claims.
How to exercise your data protection rights: to exercise such rights it is necessary to send a written request addressed to CORI HEALTH & CARE S.LU. , at Diputación Foral de Álava 4, 3rd floor, C.P. 01001 de Vitoria (Álava), or by sending an email to email@example.com, accompanying in any case a photocopy of your ID card.
CORI HEALTH & CARE S.LU. will respond to all requests within the terms and conditions required by current legislation on personal data protection.
How to file a complaint with the Spanish Data Protection Agency: if any user considers that CORI HEALTH & CARE S.LU. has not properly handled their personal data or that it has not properly attended to the exercise of their data protection rights, they can file a complaint with the Spanish Data Protection Agency, either through its electronic headquarters or at its address, at Calle Jorge Juan, nº 6, C.P. 28001, Madrid.
More information about data protection rights and complaints to the Supervisory Authority at www.aepd.es.
In accordance with the provisions of Article 32 of the GDPR, CORI HEALTH & CARE S.LU. has adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
In order to assess the adequacy of the level of security, particular account has been taken of the risks presented by the processing of data, in particular as a result of accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data.
Duty of secrecy
CORI HEALTH & CARE S.LU. has adopted measures to guarantee that any person acting under their respective authority and having access to the personal data provided by the users, can only process them following their instructions, and must also keep the corresponding professional secrecy about them, which will have an indefinite duration.
Use of the web site by minors
We kindly ask users to read the policies on web use by minors that we have published in the «Legal Notice» of our website.
Cookies are small text files that are stored on the hard disk or in the memory of the computer that accesses or visits the pages of certain websites, so that the user’s preferences can be known when reconnecting. Cookies stored on the user’s hard drive cannot read the data contained therein, access personal information or read cookies created by other providers.
See information on the cookies used on this website in the «Cookies Policy» section.
Date Text: August 22, 2023