Privacy Policy

1. Data Controller

• Legal name: MARIA VICTORIA LLAMAS GONZALEZ
• Address: C/ URANO, 4. 28850 TORREJON DE ARDOZ
• Email: FISIOTERAPIALOSFRESNOS@GMAIL.COM
• Website: WWW.FISIOFRESNOS.COM

2. Purposes of Data Processing

Fisioterapia Los Fresnos processes your information to:

• Maintaining the commercial relationship and providing the contracted service.
• Preparing a quote tailored to your needs.
• Managing email communications with interested parties.
• Carrying out the company's recruitment processes.
• Managing the company's employees and human resources.
• Sending commercial information related to our sector: PHYSIOTHERAPY.
• Healthcare provision, including the processing of health data for the provision of contracted services.
• Managing training activities.

Data Retention

The personal data you provide will be kept for as long as the commercial relationship remains in force. General retention periods are:

• Generic identification data: for the duration of the commercial relationship or until consent is revoked.
• Affiliation, registration, deregistration, contributions, salary obligations: four (4) years.
• Personal actions without special deadline (Art. 1964 Civil Code): five (5) years.
• Accounting, tax and labour (Art. 30 Commercial Code): six (6) years.
• Occupational risk prevention: five (5) years.
• Anti-money laundering prevention (Art. 25): ten (10) years.
• Recruitment processes: two (2) years from CV submission.
• Healthcare: five (5) years from discharge of each care process.

For the purpose of sending commercial information, even if the relationship between the parties ends, the controller will continue to keep your information for sending newsletters related to our products and services. You may always exercise your rights by contacting us through the most convenient means.

3. Legal Basis

• Commercial relationship: Performance of a contract (Art. 6.1.b GDPR).
• Quotations: Performance of a contract and/or pre-contractual relationship (Art. 6.1.b GDPR).
• Email communications: Consent of the data subject (Art. 6.1.a GDPR) and legitimate interest (Art. 6.1.f GDPR).
• Recruitment: Consent of the data subject (Art. 6.1.a GDPR).
• Employee management: Contractual performance (Art. 6.1.b GDPR).
• Commercial communications: Consent of the data subject (Art. 6.1.a GDPR and Art. 20 LSSICE) and legitimate interest (Art. 6.1.f GDPR and Art. 21.2 LSSICE).
• Healthcare provision: Consent of the data subject (Art. 6.1.a GDPR).
• Training activities: Performance of a contract (Art. 6.1.b GDPR) and consent of the data subject (Art. 6.1.a GDPR).

Fields marked with an asterisk (*) are mandatory. If not provided, the controller will not be able to provide the contracted service. Only persons over 14 years of age may provide personal data on this website. Only persons over 18 years of age may contract our services.

4. Data Subject Rights

In accordance with Articles 15 to 22 GDPR and 12 to 18 LOPDGDD, you may exercise the following rights by writing to C/ URANO, 4. 28850 TORREJON DE ARDOZ or FISIOTERAPIALOSFRESNOS@GMAIL.COM:

• Right of access to your personal data.
• Right to rectification or erasure.
• Right to restriction of processing.
• Right to object to processing.
• Right to data portability.

You may file a complaint with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan, 6. 28001 Madrid. www.aepd.es

5. Recipients

The third parties with whom the Controller works have their servers located within the EU, EEA or Switzerland, with adequate security measures. Outside these cases and except where legally required, your data will not be shared with third parties. Generally, data may be shared with:

• Technology service providers.
• Payment service providers.
• Courier and parcel companies.
• Third parties or intermediaries as service providers (accounting firms, consultants, freelance collaborators).
• Third-party data processors for the sole purpose of providing our services.

6. Data Origin

Personal data comes from the data subject themselves or from group companies or collaborators.

Categories of Data

• Identification data (name, surname, ID number, addresses, phone, email, gender, date and place of birth).
• Commercial information.
• Financial data (bank account number, credit card number).
• CV, academic data, qualifications.
• Health-related data.

7. Additional Information

Security Measures

Technical and organizational security measures have been adopted to prevent the loss, misuse, alteration, unauthorized access and theft of data, guaranteeing the confidentiality, integrity and quality of the information. The website has SSL encryption that allows users to securely send their personal data.

Social Media

The data controller has a profile on some of the main social networks (Facebook, Instagram), being recognized as Data Controller of its followers' data. The purpose of the processing is to inform followers about activities and offers. The legal basis is the consent of the data subject, which can be revoked at any time.

Confidentiality

The information provided by the User shall, in all cases, be considered confidential and may not be used for purposes other than those described herein.

Data Accuracy

The User declares that all data provided is true and correct and undertakes to keep it updated. The User shall be solely responsible for any conflicts that may result from the falsity thereof.

8. Supervisory Authority

If you believe your rights have been infringed, you may file a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6. 28001 Madrid. www.aepd.es