Home

Privacy Policy

PRIVACY POLICY
 

BASIC INFORMATION ABOUT DATA PROTECTION

Data controller:

Fundació Institut de Recerca de l’Hospital de la Santa Creu i Sant Pau (FIRHSCSP)

Processing purposes:

  • Informative web page.
  • Management of inquiries via email.
  • Management of selection processes.
  • Access to the private INTRANET area.
  • Management of donations received.

Legitimation of the processing:

  • Express consent of the interested party.
  • Execution of a contract.
  • Legitimate interest for data processing.
  • Compliance with legal obligations.

Data storing:

  • The data will be stored for the time strictly necessary to fulfill the purposes collected; provided that the interested party does not revoke its consent, as well as for the fulfillment of legal obligations.

Recipients:

  • Personal data collected through the website will not be transferred to third parties. Without prejudice to those third parties that provide services to the IR in order to process requests made by the interested parties.

Rights of the interested parties:

  • Access, rectification, opposition, deletion (‘right to be forgotten’), restriction of processing, portability and of not being object of individualised decisions.

Sitios web:

Additional information:

  • You can consult the additional and detailed information on Data Protection in the annexed clauses that are found below.

ADDITIONAL INFORMATION ON PROTECTION OF DATA

In compliance with articles 13 and 14 of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT and OF THE COUNCIL of April 27, 2016, relative to the protection of the physical persons regarding the treatment of personal data and at the free circulation of these data (onwards, “GPDR”), and articles 6 and 11 of the Organic Law 3/2018, of 5 of December, of Protection of Data of Personal Nature and guarantee of the digital rights (onwards, “LOPDGDD”), which regulate the law of information at the collection of data, we inform you of the following terms.

Who is the controller of your personal data?

The personal data that has been supplied to us through the website and or by any other communications maintained with you will be object of the Registry of Activities of Treatment titularity of Fundació Institut de Recerca de l’Hospital de la Santa Creu i Sant Pau with domicile at street Sant Quintí, n. 77-79, Barcelona 08041, Spain and e-mail dpo_ir@santpau.cat

FIRHSCSP has profiles on the principal social networks of the Internet.

The users, by joining the page of FIRHSCSP do consent the treatment of those personal data published on their profile. FIRHSCSP will have access to the public information of the user profile, will be able to realise publications at the user’s profile regarding already published information at his profile as well as realising updates of the state of the page that will be published at the user’s profile. In the same way, FIRHSCSP will be able to use these profiles to inform its users of subjects about information that it considers of their interest, even through personal and individual communications by means of the canals established by the referred social networks.

FIRHSCSP recognises itself as data controller of his users’ data, followers, or persons that realise comments through his social networks. Nonetheless, in accordance with the Law of Society of the Information Services and of Electronic Trade, FIRHSCSP is exonerated of any kind of derivative responsibility regarding any kind of content published by the users and followers at its social networks.

Which personal data do we collect?

The personal data that the user may provide:

  • Identifying Data: Name and surnames.
  • Contact Data: Phone number and e-mail address.
  • Internet Data: INTRANET User name and password.
  • CV Data: academic and/or professional Data.
  • Financial Data: Bank account number.
  • Any other information or data included in your CV.

Why and for what do we treat your data?

Depending of the purposes we will need to process some data or other, that in general will be, according to the case, the following:

  • The website is totally informative on the activities of the FIRHSCSP. The data can be processed to respond at the requests of information on these activities.
  • The collection and the automated process of data that is realised through the access to the INTRANET of FIRHSCSP, that collects so as to verify his identity.
  • The collection and processing of data that is realised through the section ‘Job Openings’ is collected so as to study the possibility to work with us.

The personal data obtained through any of the website canals will form part of the Registry of Activities and operations of Treatment (RAT) titularity of FIRHSCSP. This will update periodically in accordance with what is established at the RGPD; FIRHSCSP has adopted all the pertinent security measures at this sense.

We inform the user of the possibility to remove his consent in case that is has been awarded for some specific purpose, without this affecting the precedent legality of the treatment based on the previous consent at his withdrawal.

Which is the legitimacy for the processing of your data?

The treatment of your data can be based on the following legal bases:

  • Express consent by the users at the sending of communications to any one of the electronic addresses of command: @santpau.cat exposed at the website and/or telephone numbers. Likewise, for the sending of curriculums for those that are interested to work for FIRHSCSP.
  • Application of contractual measures for the access to the INTRANET of the FIRHSCSP.
  • Application of precontractual and/or eventually contractual measures at the frame of a possible labour account with the users that present their candidatures to future selection processes of
  • Legitimate interest related to the following purposes: Profiles elaboration by means of the user’s navigation at the website.

The legitimate interest of FIRHSCSP consists at being able to guarantee that our website remains secure, as well as helping us at comprising the necessities, expectations and the level of indulgence of the users and, therefore, improve our services.

All the actions are realised with the purpose to improve the level of indulgence of the users and assure a unique experience of navigation.

  • Fulfilment of legal obligations for fraud prevention, collaboration the with Public Authorities and/or eventual claims of third parties.

For how long do we store your data?

The processing of the data with the purposes previously described will be maintained during the necessary time to comply with the purpose of its collection, as well as for the fulfilment of the legal obligations that derive from the data treatment. Notwithstanding that the storing becomes necessary for the formulation, the exercise or the defence of potential claims; always when it is permitted by the applicable legislation.

FIRHSCSP undertakes to cease the processing of the personal data when the term of storing has finalised, as well as blocking them duly at our databases.

The curriculums vitae will be stored at most during a year since the onset of the selection process. In case the interested party wishes to exercise any right to data protection, they must contact us by e-mail: dpo_ir@santpau.cat

At which addressees do we communicate your data?

In general, FIRHSCSP will not transfer personal data to third parties, except in those situations in which this information can be transferred to collaborators that provide services to FIRHSCSP, with the purpose to transact requests formulated by these. In these cases, we make sure that the addressees respect the confidentiality and have the suitable measures to protect the personal data.

FIRHSCSP guarantees the security of the personal data when it is sent out of the entity. The third party that FIRHSCSP hires, has the obligation to guarantee that the information is processed in accordance with current data protection regulations

In those cases in which the law may require that personal data be disclosed to public bodies or other parties, only what is strictly necessary for the fulfilment of said legal obligations will be disclosed.

The FIRHSCSP communicates data to external providers, such as data processors, to carry out certain services:

  • Donations made to the entity are managed through the banking entity CAIXABANK.

Where is your data stored?

In general, the data is stored in Spain (Barcelona), within the European Union (EU). In order to guarantee a sufficient level of protection for those sent to third countries that do not belong to the EU, the FIRHSCSP will take sufficient technical and organizational measures.

What rights do you have and how can you exercise them?

You can direct your communications and exercise your rights by means of a written communication to the following email: dpo_ir@santpau.cat. Please, attached the ID Card.

For more information, please visit the website of the Catalan Data Protection Authority, https://apdcat.gencat.cat/ca/inici/index.html and/or the Spanish Data Protection Agency, https://www.aepd.es/es.

By virtue of what is established by the regulations on data protection, you can request:

  • Right of access: you can request information about the personal data that we have about you.
  • Right of rectification: you can communicate any change in your personal data.
  • Right to delete and be forgotten: you can request the deletion after blocking personal data.
  • Right to limitation of processing: involves the restriction of the processing of personal data.
  • Right of opposition: you can withdraw your consent to the processing of the data, opposing their further processing.
  • Right to portability: in some cases, you can request a copy of the personal data in a structured, commonly used and machine-readable format for transmission to another person in charge.
  • Right not to be the subject of individualized decisions: you can request that decisions not to be made based solely on automated processing, including profiling, that produce legal effects or significantly affect the interested party.

In some cases, the request may be denied if you request that data necessary to comply with legal obligations be deleted. Likewise, if you have any complaint about the processing of data, you can file a claim with the competent data protection authority.

Who is responsible for the accuracy and veracity of the data provided?

The user is solely responsible for the veracity and correctness of the data provided through any means of communication, exonerating the FIRHSCSP from any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the forms they fill out.

The FIRHSCSP is not responsible for the veracity of the information that is not of its own and for which another source is indicated, and therefore does not assume any responsibility for hypothetical damages that may arise from the use of such information.

The FIRHSCSP is exonerated from liability for any damage or harm that the user may suffer as a result of errors, defects or omissions, in the information provided by FIRHSCSP, provided that it comes from sources other than it.

What security measures do we apply to protect your personal data?

FIRHSCSP has adopted the security levels for the protection of personal data legally required, and endeavours to install those means and additional technical measures within its reach to prevent loss, misuse, alteration, unauthorized access and theft of personal data provided to the FIRHSCSP. However, the user must be aware that Internet security measures are not impregnable.

For this reason, FIRHSCSP is not responsible for hypothetical damages that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operational functioning of this electronic system, due to reasons beyond the control of the FIRHSCSP; of delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Center, in the Internet system or in other electronic systems, as well as damages that may be caused by third parties through illegitimate interference beyond the control of the FIRHSCSP.

How do we use cookies?

The website and social networks of the FIRHSCSP use cookies for the purpose of optimizing and personalizing your browsing through them. Cookies are physical files of information that are housed in the user’s own terminal, the information collected through cookies serves to facilitate the user’s navigation through the portal and optimize the browsing experience. The data collected through cookies can be shared with their creators, but in no case will the information obtained by them be associated with personal data or data that can identify the user. However, if the user does not want cookies to be installed on his hard drive, he has the possibility of configuring the browser in such a way that it prevents the installation of these files.

Recommendation of sites / web pages:

FIRHSCSP, when recommending or linking to a website/page, considers that they are of interest to the user.

However, FIRHSCSP has no obligation to supervise the sites/web pages that it links to or recommends. They have been created by legal entities, individuals or entities without legal personality outside the H FIRHSCSP. It does not intervene in their management, finances them, decides regarding the incorporated content, nor manages or participates in the services that the linked or recommended websites/web pages provide.

The FIRHSCSP will cancel any link, refraining from recommending the site/web page when it has reliable evidence that it and/or the services it provides are illegal or damage property or rights of third parties. eligible for compensation.

Internal security policy:

Security breaches can be caused by workers, third parties, or computer errors. Therefore, we are legally obliged to notify the interested parties if their personal data has been seriously affected within a maximum period of 72 hours. Additionally, users will be notified as soon as the security breach is resolved.

Modification of the privacy policy:

This privacy policy can be modified. We recommend you to review the privacy policy from time to time.