Privacy Policy

For www.britishsurgeryoflanzarote.com, any of its subdomains, and any interactions with the company (NENE-LOOCKED SL).
Updated on October 26, 2024.

If you haven't done so already, please review our Terms and Conditions

I. PRIVACY POLICY AND DATA PROTECTION

Following the regulations included in the current legislation, British Surgery Of Lanzarote (the “Site”) agrees to adopt all requirements, either technical or organisational, to comply with the necessary level of confidentiality and security based on the type of information collected.

This privacy policy is adapted to Spanish and European legislation in terms of the protection of personal data on the internet. More specifically, this policy follows all the regulations shown below:

Identity of the Data Controller for the processing of Personal Data

The Data Controller for the use of Personal Data collected in https://britishsurgeryoflanzarote.com is:

E-mail: surgery@britishsurgeryoflanzarote.com

Telephone: +34928514274

Mail: Avenida de Las Playas, 67, Puerto del Carmen, 35510, Lanzarote, Spain.

Data Protection Officer (DPO)

The data protection officer is in charge of ensuring compliance with the data protection regulations to which the Company is subject to. The User can contact the DPO, which is the Representative, using any of the methods listed on ways to contact the Company, which is listed above.

Collection of Personal Data

In compliance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by the Site through the use of forms will be incorporated and processed into our files in order to be able to facilitate, expedite, and fulfil the commitments established between the Company and the User or to maintain the relationship that is established through the completion of the forms, or to attend to a request or consultation from the User. Likewise, following the provisions of the GDPR and the LOPD-GDD, unless the exception provided in Article 30.5 of the GDPR applies, a record of treatment activities is maintained that specifies, according to their purposes, the treatment activities carried out and the other circumstances established in the GDPR.

Applicable Principles to the Processing of Personal Data

The processing of the User’s Personal Data shall be subject to the following principles contained in Article 5 of the GDPR and Article 4 et seq. of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights:

Categories of Personal Data

The categories of data processed in the Site are both identifying data and special categories of Article 9 of the GDPR and Article 9 of the Organic Law 3/2018 of December 5 on the protection of personal data and the guarantee of digital rights.

Special categories of personal data are those that reveal ethnic or racial origin, political opinions, religious or philosophical convictions, or union membership, and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, health data, or data relating to a natural person’s sex life or sexual orientation.

For the processing of special categories of personal data, explicit consent of the User for one or more specific purposes will be necessary in any case.

Legal basis for the processing of Personal Data

The legal basis for the processing of personal data is consent. The Company agrees to seek express and verifiable consent from the User for the processing of their Personal Data for one or more specific purposes.

The User will have the right to withdraw his consent at any time. It will be as easy to withdraw consent as to give it. As a general rule, the withdrawal of consent will not condition the use of the Site.

On occasions where the User must or may provide his data through forms to consult, access medical services, request information, or for reasons related to the content of the Website, they will be informed if the completion of any of them is mandatory because they are essential to the proper development of the operation carried out.

Purposes of the processing for which Personal Data is destined to

Personal data are collected and managed by the Company in order to be able to facilitate, expedite, and fulfil the commitments established between the Company or Site and the User or the maintenance of the relationship established on the forms that the User fills out or to meet a request or consultation.

Likewise, the data may be used for a commercial purpose of customisation, operation and statistics, and activities typical of the Company’s social object, as well as for the extraction, storage of data and marketing studies to adapt the content offered to the User, as well as to improve the quality, operation, and navigation of the Site.

At the time that the Personal Data is obtained, the User will be informed about the specific purpose or purposes of the processing for which the personal data will be used; that is, the use or uses that will be given to the information collected.

Periods of retention of Personal Data

Personal Data will only be retained for the minimum time necessary for the purposes of their processing and, in any case, only for the following period: 10 years from the last medical visit or until the User requests its deletion.

At the time that the Personal Data is obtained, the User will be informed about the period during which the Personal Data will be kept or, when that is not possible, the criteria used to determine this period.

Recipients of Personal Data

The User’s Personal Data will be shared with the following recipients or categories of recipients:

 

You can review Google Analytics’ privacy policy by going to:

https://marketingplatform.google.com/about/analytics/terms/us/

You can review Zoho Group’s privacy policy by going to:

https://www.zoho.com/privacy.html

If the Data Controller intends to transfer personal data to a third country or international organisation, at the time the personal data are obtained, the User will be informed about the third country or international organisation to which it is intended to transfer the data, as well as the existence or absence of an adequacy decision by the European Commission.

Personal Data of Minors

Following the provisions of Article 8 of the GDPR and Article 7 of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, only those over the age of 14 may grant their consent to the processing of their Personal Data lawfully by the Company. In the case of a child under the age of 14, parents or guardians’ consent for the processing of Personal Data will be necessary, and this will only be considered lawful to the extent that they have authorised it.

Confidentiality and Security of Personal Data

The Company agrees to take the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, in such a way as to guarantee the security of Personal Data and to prevent the accidental or unlawful destruction, loss or alteration of Personal Data transmitted, stored or otherwise processed, or unauthorised communication or access to such data.

The Site has an SSL (Secure Socket Layer) certificate, which ensures that Personal Data is transmitted securely and confidentially, being the transmission of the data between the server and the User, and in feedback, fully encrypted.

However, because the Company cannot guarantee the impregnability of the internet or the total absence of hackers or others who fraudulently access Personal Data, the Data Controller undertakes to communicate to the User without undue delay when a violation of the security of Personal Data that is likely to pose a high risk to the rights and freedoms of natural persons occurs. Following the provisions of Article 4 of the GDPR, a violation of the security of Personal Data means any breach of security that causes the accidental or unlawful destruction, loss or alteration of Personal Data transmitted, stored or otherwise processed, or unauthorised communication or access to such data.

Personal Data will be treated as confidential by the Data Controller, who undertakes to report and guarantee through a legal or contractual obligation that such confidentiality is respected by his employees, associates, and anyone to whom the information is accessible.

Rights derived from the processing of Personal Data

The User has over the Company and may, therefore, exercise against the Data Controller the following rights recognised in the GDPR and the Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights:

The User will be able to exercise their rights by means of written communication addressed to the Data Controller with the reference “GDPR–BRITISHSURGERYOFLANZAROTE” specifying:

This request and any attached documents may be sent to the following address and/or e-mail address:

Links to third-party websites

The Site may include hyperlinks or links that allow access to third parties’ websites other than the Company. The owners of such websites will have their own Data Protection policies, being themselves, in each case, responsible for their own files and their own privacy practices.

Claims to the Supervisory Authority

If the User considers that there is a problem or violation of the regulations in force in the way in which their Personal Data are processed, they will have the right to effective judicial protection and to file a complaint with a supervisory authority, in particular in the State in which they have their habitual residence, workplace, or place of the alleged offence.

II. COOKIE POLICY

Access to this Website may, unless denied, involve the use of cookies. Cookies are small amounts of information stored in the browser used by each User – on the different devices, you can use to navigate the internet – so that the server remembers certain information that will later and only the server that implemented it will read. Cookies make browsing easier, make it more friendly, and don’t damage the browsing device.

Cookies are automatic procedures for collecting information regarding the preferences determined by the User during their visit to the Website in order to recognise them as a User and to personalise their experience and use of the Site, and can also, for example, help identify and resolve errors.

The information collected through cookies may include the date and time of visits of the Site, the pages viewed, the time you have been on the Site, and the sites visited just before and after it. However, no cookie allows it to be contacted with the User’s phone number or any other means of personal contact. No cookie can extract information from the User’s hard drive or steal personal information. The only way for the User’s private information to be part of the Cookie file is for the User to personally give that information to the server.

Cookies that allow a person to be identified are considered Personal Data. Therefore, the Privacy Policy described above will apply to them. In this sense, the use of them will require the consent of the User. This consent will be communicated, based on an authentic choice, offered by an affirmative and positive decision, before the initial, removable and documented treatment.

First-Party Cookies

These are cookies that are sent to the User’s computer or device and are managed exclusively by the Company for the best functioning of the Site. The information collected is used to improve the quality of the Site and its content, and its experience as a User. These cookies allow us to recognise the User as a recurring visitor to the Site and adapt the content to offer you content that conforms to your preferences.

Third-Party Cookies

These are cookies used and managed by external entities that provide the Company with services requested by the Company to improve the Site and the User’s experience when browsing the Site. The main objectives for which third-party cookies are used are to obtain and analyse browsing information, that is, how the User interacts with the Site; additionally, it is also used to offer services such as a chatbot.

The information obtained refers, for example, to the number of pages visited, the language, the place from which the IP address from which the User accesses the Site, the number of Users who access the Site, the frequency and recidivism of visits, the visit time, the browser they use, the operating system or type of device from which the visit is made. This information is used to improve the Site and detect new needs to offer Users optimal quality, content, and/or service. In any case, the data is collected anonymously, and trend reports on the Site are prepared without identifying individual users.

You can learn more about cookies, privacy information, or consult the description of the type of cookies used, their main characteristics, expiration period, etcetera, at the following links:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

https://www.zoho.com/privacy.html

https://webflow.com/legal/privacy

The entities in charge of providing cookies may transfer this information to third parties, provided that it is required by law or by a third party that processes this information for those entities.

Disable, Reject, and Delete Cookies

The User can disable, reject, and delete cookies – in whole or in part – installed on their device by configuring their browser (E.g., Chrome, Microsoft Edge, Safari, etcetera). In this sense, procedures for rejecting and eliminating cookies may differ from one internet browser to another. Consequently, the User must go to the instructions provided by the internet browser they are using themselves. If you reject the use of cookies – you may continue to use the Site, although you may have limited the use of some of the Site’s features.

III. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary that the User has read and accepts the conditions on the protection of Personal Data contained in this Privacy and Cookies Policy, as well as to accept the processing of their Personal Data so that the Data Controller can access it in the established manner, during the allowed period, and for the purposes indicated. The use of the Site and acceptance of the cookie banner will imply acceptance of the Site’s Privacy and Cookies Policy.

The Company reserves the right to modify its Privacy and Cookies Policy, at its own discretion, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. Changes or updates to this Privacy and Cookies Policy will be explicitly notified to the User.

This Privacy and Cookies Policy was updated on February 22, 2021, to adapt to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Data and the free movement of such data (GDPR) and the Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights.