Privacy policy
General information of the Data Controller
DEVICARE, SL.
CIF (VAT Number) ES B-65663122
Av. Generalitat, 163-167
Sant Cugat Green Building.
08174 Sant Cugat del Vallès
Tel: +34 664 264 374
Email: info@devicare.com
DPO contact details (Data Protection Officer): dpo@devicare.com
Protection of personal data
In accordance with art. 13 of the European Regulation 679/2016, on the Protection of Personal Data (hereinafter RGPD), we inform you that the personal data obtained through the website dev.devicare.com, will be processed by its owner Devicare SL, as data controller.
Data collected through the website
What data will we request from you?
Data collected from user registration:
• Identifying data such as name and surname.
• Contact data such as address, email and telephone, to send confirmation of user status, inform you of any changes and mishaps occur in relation to Devicare, and shipping and management of product purchases.
• Data relating to date of birth and gender, for statistical purposes.
• Data relating to the health professional or pharmacy that has recommended Devicare products, so that they can make a more personalized follow-up.
Data collected from the acquisition of products:
• Identification data such as name, surname, NIF, and address. The purpose of data collection is the shipment of the purchased product.
• Contact data such as email and telephone, for sending communications related to the shipment, as well as commercial communications of products and services of Devicare that may be of interest.
• Economic data, for the invoicing of the sale.
Data collected in the newsletter sending request:
• Contact information such as email, to send communications from Devicare that may be of interest to the applicant.
Data collected when downloading advertising elements (guides, books, recommendations, coupons, etc.):
• Contact information such as name and email, for downloading items and for sending communications from Devicare that may be of interest to the applicant.
Data collected from information request forms “Contact” or through the different means of contact on the web:
• Name, e-mail and those derived from your request, in order to be able to respond to it correctly.
• E-mail for sending commercial communications that may be of interest to you when so authorized.
Data collected from the professional access registry:
• Identification data such as name and surname.
• Professional data related to medical specialty, Hospital, Hospital location and year of clinical residence.
• Contact data such as email and telephone, to send confirmation of user status, inform you of any changes and mishaps that occur in relation to Devicare, and send information about Devicare products and services.
In the completion of any of the forms, the fields of personal data that are mandatory will be indicated as such with (*), the remaining fields being voluntary, so that if you do not provide them, the processing of the request cannot be carried out. The need is determined by each of the purposes described.
You will be the only responsible for the truthfulness of the data provided, and for the damages caused by the lack of truthfulness, as well as for keeping them updated.
Purposes and Lawfulness
Your personal data may be processed for the following purposes:
Users requesting registration:
• Access by the user to your private area where you can view product orders placed, subscriptions and personal data provided.
The processing of your data for this purpose is legitimate because it is necessary for the execution of the provision of services (art 6 b) RGPD).
• Sending of information on Devicare products and services
The processing of your data is legitimized by your consent (art.6 a) RGPD).
Users who purchase products or services:
• Management derived from the acquisition of the product or service and its shipment.
• Collection of services
• Sending of information related to the purchased product
The processing of your data for these purposes is legitimate because it is necessary for the performance of a contract to which the user is a party (art. 6 b) GDPR).
• Sending of advertising communications through telematic means related to Devicare about products or services similar to those contracted.
The sending of such communications is based on the legitimate interest of Devicare, covered by art. 21.2 of the Law of Services of the Information Society and Electronic Commerce (LSSICE).
The processing of your data will not involve automated decision-making. In any case, the User may oppose the processing of their data for this purpose, without affecting their rights on the above purposes.
Users who have requested information:
To respond to as many requests for information from the User as we may receive. The legitimate basis for the processing of your data will be established by your consent and your own interest (art. 6 a) RGPD).
Users who have registered for the Newsletter:
Sending information about Devicare products and services as well as news or information from the sector that may be of interest to the User. The legitimate basis is the purpose of the User's request (art. 6 b) RGPD).
Data collected when downloading advertising elements (guides, books, recommendations, coupons, etc.):
• Sending or downloading information requested by the User. The legitimate basis is the purpose of the User's request (art. 6 b) RGPD).
• Sending of advertising communications about Devicare products and services as well as news or sector information that may be of interest to the User. The legitimate basis is the consent of the User (art. 6 a) RGPD).
Data collected from the professional access registry:
• Management of the professional's registration
The processing of data for this purpose is legitimate because it is necessary for the performance of the services provided (art. 6 b) RGPD).
• Participation in competitions and activities promoted by Devicare.
The processing of data for this purpose is legitimized by consent (art. 6 a) RGPD).
Minors
The Services offered by Devicare are designed for an adult audience and are not directed to children under the age of 18. Devicare does not knowingly collect or solicit personal information from children under the age of 18. If we discover that we have collected personal information from a child under the age of 18, we will promptly delete that information from our records. However, Devicare is not responsible for any consequences resulting from the viewing, registration and/or purchase of products by minors, and guardians are solely responsible for their supervision.
Assignments
The information provided by the User will not be disclosed to third parties without your prior consent, except for those communications necessary for the management of the purposes described, such as:
Banking entities in charge of the collection of services, collaborating management entities in charge of accounting and taxation, entities in charge of sending authorized advertising information, collaborating professionals in the provision of some services and carriers in case of shipment of products.
As well as those administrations, organisms and public or private entities that by legal reason must have access to them.
International data transfers
Your data may be processed by Microsoft Services platforms, the processing of which involves the possible international transfer of data, which has the necessary authorization from the Spanish Data Protection Agency and the European Data Protection Commission. Microsoft has long applied the standard contractual clauses provided by the European Commission (also known as model clauses) as a basis for transferring data outside the European Economic Area in an appropriate manner.
The data collected in the online sale of products will be processed through the Sendcloud management platform, based in the Netherlands (EU). However, when the shipment takes place outside the European Economic Area, there may be international transfers of data to third parties located in countries that do not have data protection policies. Such international transfer is necessary for the timely performance of the contract and for the product to reach the recipient (arts. 41 and 49.1 RGPD).
As for the data collected for advertising purposes for sending communications about Devicare products and services, these will be made through the Brevo platform, with servers in the EU, so in this case, there will be no international data transfers, being treated according to the requirements of the RGPD.
Devicare has strict security procedures related to the storage and disclosure of data in order to prevent any unauthorized access to them.
In any other case, Devicare informs you that your data will not be transferred to third countries outside the States of the European Union or that are not part of the protection shield, without your prior consent or without such transmission is legitimized for the fulfillment of the purpose, such as the international shipment of purchased products.
Data retention
Your data will be processed for the necessary time and will be deleted at the end of the retention periods:
Data derived from the business relationship between both parties: Your data will be kept for the time necessary in the execution of the purpose and, in any case, as long as legal liabilities may arise.
Data derived from economic transactions: During the periods of mandatory custody established by the current Spanish tax regulations.
Contact data for electronic communications: Your contact data such as e-mail will be kept indefinitely for the purpose of communications of goods and services as long as you do not object or revoke consent.
Data provided through the completion of the form “Contact” or any means of requesting information: Your data will be retained only to process your request for information.
At the end of each retention period, your data will be conveniently deleted.
Information Security. Security Breaches
Where a breach is likely to pose a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. This information can be provided at different stages to facilitate prompt and efficient reporting.
In cases where an infringement may pose a high risk to the rights and freedoms of Users, we will notify those concerned directly.
Marketing communications of Devicare products and services. Consent
Users are informed that, provided they give their consent by checking the appropriate box, their data may be processed for advertising purposes and consequently receive communications about Devicare products and services.
The specific consent for such purpose will be free and voluntary, not affecting the possibility of sending the corresponding form.
This communication may be made through the channels provided by the User, being the User the sole responsible for the fact that they are personal and do not correspond to third parties.
In the event that a User is a client of Devicare, because he/she has acquired products and services from it, he/she may receive electronic advertising communications about similar products and services that may be of interest to him/her, without the need for prior consent, in accordance with art. 21.2 of Law 34/2002, of July 11, of services of the information society and electronic commerce. The exemption of consent shall not prevent the User from opposing the reception of communications by Devicare.Los Usuarios podrán revocar total o parcialmente y en cualquier momento, el consentimiento prestado, cuando éste hubiera sido preceptivo, u oponerse a la recepción de comunicaciones publicitarias, sin efectos retroactivos, dirigiéndose al correo electrónico dpo@devicare.com, indicando “baja” o a través de los enlaces que Devicare ponga a su disposición en cada comunicación.
User Rights
As the owner of the information provided, you may exercise your rights of access, rectification and cancellation of your data, oppose the processing of your data for the sending of commercial communications or the publication of images when this is mandatory for the specific purpose, limit the processing of your data, or request its portability in those cases provided for, and not to be subject to automated decisions through the following means:
dpo@devicare.com
The exercise of rights must be made by the owner of the information or legal representative, by means of a reasoned letter indicating those data that allow their identification in our records.
In the event that your rights are not satisfied, you may file a complaint with the supervisory authority corresponding to your country of residence or with the AEPD - Spanish Data Protection Agency, Calle Jorge Juan, 6, 28001 Madrid-Spain.
For more information about the processing of your personal data you can contact us through the means of communication provided.
Use of passwords to access certain services
In order to use certain services through the website, the User must register by means of a login identification (“USER”) and a password identification (“PASSWORD”). Both the USER and the PASSWORD constitute the User's online identity. The User is responsible for the security and proper use of his or her login and password, and shall take all necessary steps to ensure that they are strictly confidential and not known to any other person. If at any time the User has reason to believe that his or her access code or password is or may be known by any unauthorized person, he or she must immediately notify Devicare and assign a new identification.
The User shall be responsible for assigning a secure password that is at least 8 digits alphanumeric.
The User, accessing through his/her access key and password, will be able to manage through his/her User Account all the operations available in his/her profile.
For any questions or additional information, you can contact us via email at info@devicare.com.