PRIVACY POLICY

Introduction

At I+MED, S.COOP. we are committed to the protection of privacy and the correct use of the personal data that we process and that you provide to us, both online on this website and, where applicable, any of its sub-domains and microsites, and off-line.

Please read this policy carefully and make sure that you understand and agree with it before you provide us with your personal data. If you do not agree to this policy, please do not use this website or its services or provide us with your information.

By accessing this site, using any of its services or providing us with your data, whether online or offline, we will take this as a clear affirmative action by which you give us your consent (where consent is required) to process your data for the purposes set out below.

 

Who is responsible for the processing of your data?

I+MED, S.COOP.

Postal address: C/Albert Einstein, 15 Nave 15 01510 Miñano Mayor (Álava /Araba)

E-mail: imasmed@imasmed.com

Telephone: 945 56 11 34

 

How did we obtain your data?

1. Obtained from the person concerned.

If you are a customer (current or potential), or user of our website, you have provided them yourself, either off-line or on-line, when requesting our products or services, or contacting us for information. Also, you have been able to provide us in person, if you have come to our facilities.

By providing us with your details, you warrant that you are authorised to do so, and that the information is accurate, up to date, and does not infringe any contractual restrictions or third party rights. You are responsible for keeping your data and your profile correct and up to date, and I+MED, S.COOP. declines all responsibility in the event of failure to do so. You undertake not to impersonate other Users by using their registration details for the different services and/or contents of the Website.

2. Obtained automatically when visiting our website:

When you visit our website or any other of our platforms (social networks, mobile applications…), we collect information through cookies and other tracking and web analytics technologies.  This means that data is sent from your browser to our servers to optimise our services and improve your user experience. This data may be automatically collected and stored by us or by third parties on our behalf.  You can consult our cookie policy.

Location services:

In connection with the above, we use location services to help you find the nearest I+MED, S.COOP. shop through mobile applications, such as Google Maps and Bing Maps.  To facilitate this process, we load an image into the application, and store the map image and route data on our server. If you use these mobile applications, they may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate your location. Generally, you can enable or disable their location services in your device or browser settings. For more information about Google Maps and Bing Maps please see their privacy policies.

3. Communication by a third party of the data subject’s data.

Your data may not have been provided to us directly by you, but may have been provided to us by a third party with whom we work, to whom you have previously provided that data. For example:

– Publicly owned registries: such as the civil registry, commercial registry, land registry, and other public administration registries.
– Our commercial network or distributors, after providing your data to some of our sales representatives.
– Public or private prescribing entities with which we reach collaboration agreements.
– Companies directly related to I+MED, S.COOP.

In addition, by accepting this privacy policy and, where applicable, by the express consent you have given, you authorise I+MED, S.COOP. to request from third parties the data necessary for the provision of its services.

Communication of third party data:

With regard to other people’s data, you must respect their privacy, taking special care when communicating or publishing their personal data. Only the owner can authorise the processing of their personal data.  The publication of third parties’ data without their consent may infringe, in addition to data protection regulations, those relating to the right to honour, privacy or the image of such third parties.

If you provide us with third-party data, it is your responsibility to obtain their prior and express consent to use it, and it is your duty to inform them of how we will process their data. By accepting this privacy policy, you expressly guarantee that you have authorization to provide such data, exempting us from any liability in the event of any claim by the data subject.

What types of data do we process?

The categories of data we process may include:

– Obtained from the data subject: identification data (name and surname, tax identification number), contact details (telephone number, postal address, email address, billing or delivery address), commercial and financial data (information about the products requested, customer history, and those necessary for payment: bank, credit card, etc.), online profile data (information, preferences, and interests).
– Obtained automatically when visiting our website: user’s IP address, date and time of visit, URL of the site from which the user comes, pages visited on our website, information about the browser used (browser type and version, operating system, etc.).
– Communicated by a third party: identifying data; personal characteristics data; social, academic, and professional circumstances data; economic, financial, and insurance data; goods and services transaction data; employment details.
– Regarding specially protected data: We may process special categories of data if you report adverse effects of a product to us using the form provided for this purpose.

 

Why do we process your data?

We may process the data you provide us, as well as all data generated during the course of our relationship with you, for various purposes:

– If you are a current or potential customer: to maintain contact and communication with you, and to manage the contractual and/or commercial relationship.

– If you are a user of our website, or the sender or recipient of an email: to manage the requests you make to us online, and to contact you.

– If you access our facilities as a visitor: to manage access and control visits.

– If you provide us with your resume: to contact you and manage the selection processes we carry out. In this case, you must accept the privacy policy by checking the box provided for this purpose. If you do not give your consent, we will not be able to consider your resume.

– To send you, via electronic communications, information about our activities, products, and/or services similar to those requested, including advertising and/or commercial communications for the purposes of Article 21 of Law 34/2002 on Information Society Services and Electronic Commerce (LSSICE). If we already have a prior contractual relationship, we will send such communications on the basis of our legitimate interest. If we do not have a prior contractual relationship, we will only send you such communications if you authorize us to do so by checking the option expressly included for this purpose in the corresponding forms. The electronic communications we send you will include, in the communication itself, the option to stop receiving them. If you choose to do so, we will stop sending you such communications in the future.

– To transfer your data to other companies or entities directly related to I+MED, S.COOP., for the purpose of providing you with the service or product you have requested, and for the administrative and accounting management required for such provision. Specifically, we may communicate your data to the recipients listed in the specific section below in this policy.

 How long will we keep your data?
We will keep the personal data you provide us with for as long as the contractual, pre-contractual, or commercial relationship remains in place and, once these have ended, for as long as the data subject does not request its deletion. Even if deletion is requested, we may keep it for as long as necessary and limit its processing solely for the following purposes:

– To comply with the legal/contractual obligations to which we are subject,
– and/or during the legal periods provided for the limitation of any liability on our part,
– and/or the exercise or defense of claims arising from the relationship with the data subject.

In coordination with the above criteria, the deletion of personal data, whether in computer records or on paper, may be carried out, at the discretion of the organization, depending on logistical and/or storage space requirements that make it advisable to delete information or documentation.

What is the legal basis for the processing of your data?
The legal basis that legitimizes us to process your data may vary:

 – Compliance with the existing contractual or commercial legal relationship if you are already a customer, supplier, or participant in our activities. If you are a potential customer or supplier, it is the pre-contractual relationship that binds us.
The provision of the requested data is mandatory as it is essential for formalizing and/or maintaining the contractual or pre-contractual relationship and complying with the legal obligations arising from it; if you do not provide it, we will not be able to provide the service derived from that relationship.

– Consent: your consent may also be required if you have made a request or application yourself, or if you have given us your consent for a specific purpose, for example, if you have visited our website, sent us your resume, given your consent to receive commercial communications, etc.

> You give us this consent unequivocally by providing us with your data online or offline, and this contribution is considered a clear affirmative act that expresses such consent.
> The provision of the requested data is mandatory as it is essential to respond to your request; if you do not provide it, we will not be able to carry it out.
> You may withdraw this consent at any time by sending us an email to that effect to imasmed@imasmed.com. Such withdrawal does not affect the processing of your data for the other purposes described, but it may mean that we are unable to respond to your request. 

 – Compliance with regulations or legal obligations: such as those established in tax, social security, occupational risk prevention, consumer and user protection, money laundering prevention, criminal code (Art. 31 bis: establishment of a reporting channel), etc.

– Our legitimate interest as an organization also constitutes a legal basis for processing your data. In accordance with recital 47 of the GDPR, we have an interest in informing you about our activities, products, and/or services, including through electronic communications.

> If we already have a prior contractual relationship, we will send you such communications on the basis of our legitimate interest. Otherwise, we will only send you such communications if you give us your consent by checking the option expressly included for this purpose in the corresponding forms.
> In any case, we consider the indicated processing of your data to be proportionate and to have a minimal impact on your privacy, but your interests, rights, or freedoms will always prevail over our legitimate interest. Therefore, if you do not want us to process your data for these purposes, please send us an email to that effect at imasmed@imasmed.com, and we will comply.

 

To whom may we disclose your data?

We inform you that the data you provide us may be disclosed to third parties for purposes directly related to the legitimate functions of the transferor and transferee, such as:

To banking institutions: for the management of collections and payments.
Our labor, accounting, and tax advisors: for the management of our accounting and billing, personnel management, and other legal obligations of the organization.
Our legal advisors: for the provision of legal advice and consulting.
Entities or agencies to which there is a legal obligation to communicate data: for example, the Tax Administration.
To insurance companies: for the management and insurance of commercial risks.
To transport companies: responsible for the logistics of shipping and delivery of our services and products.
To any of the companies directly related to I+Med, when necessary for the execution of the contractual or commercial relationship, such as Unikare Bioscience S.L.

 

International Data Transfers
At I+MED, S.COOP, we may use service providers located outside the European Union, who may have access to personal data, for the provision of services ancillary to our activity (hosting, housing, SaaS, remote backups, IT support or maintenance services, email managers, email delivery and email marketing, file transfers, etc.).

In any case, we will base the legitimacy of such transfers on some of the cases set out in the regulations, either because it is necessary for the execution of the contractual relationship, or by means of standard contractual clauses. In any case, by accepting this data protection policy, you expressly and unequivocally authorize the communication of data to these companies, knowing that this involves an international transfer of data to a country outside the European Economic Area and giving your unequivocal consent to such transfer.

 

What are your rights when you provide us with your data?
Where applicable, you may exercise your rights of access, rectification, erasure, restriction, and objection to the processing of your data, as well as other rights, by writing to the postal or email address indicated at the beginning of this privacy policy. In both cases, you must submit a written and signed request, attaching a copy of your ID card, passport, or other valid identification document. In the event of a change in your data, you must notify us at the same address, and this entity declines all responsibility if you fail to do so.

– Right of access: You can ask us what personal data we are processing and even request a copy of it.

– Right of rectification: You can ask us to rectify inaccurate personal data or to complete incomplete data, including by means of an additional statement.

– Right of erasure (right to be forgotten): You can request the erasure of your personal data when: it is no longer necessary for the purposes for which it was collected, you withdraw your consent, it has been processed unlawfully, or to comply with a legal obligation.

– Right to restriction of processing: You may request that we restrict the processing of your data, in which case we will only retain it for the exercise or defense of claims.

– Right to object: You may object to the processing of your data if such processing is based on the legitimate interest of the data controller or is for advertising purposes.

Once we have received any of the above requests, we will respond within the legally established time limits. You can lodge a complaint with the Spanish Data Protection Agency. For more information about the rights you can exercise and to request forms for exercising your rights, please visit the website of the Spanish Data Protection Agency, www.aepd.es