Privacy policy

At GRUPO ASIS, we are committed to personal data protection. Your privacy and trust are important to us, which is why we provide you with important information below about how GRUPO ASIS processes your personal data.

This Privacy Policy is applicable to the corporate website of GRUPO ASIS and all of its sub-domains, some of which contain legal disclaimers of their own due to their specific activities or development platform. Any other website, application, product, software or service belonging to GRUPO ASIS or any of the companies which are affiliated with GRUPO ASIS shall have a specific Privacy Policy available on their website, establishing the privacy practices specific to the services or activities carried out in processing the data through that specific platform, website, product, software or service.

We recommend that you read the following information carefully and if after doing so you have any questions, you may send them to us at our email address: protecciondatos@grupoasis.com

PRIVACY POLICY

DATA CONTROLLER AND REGULATORY COMPLIANCE STATEMENT

The party responsible for this website is Grupo Asís Biomedía, S.L., (hereinafter referred to as “GRUPO ASIS”). GRUPO ASIS is on record at the Commercial Register of Zaragoza in Tome 2104, Folio 185, S 8, Page Z 20965 and is the holder of Spanish Tax Identification Number (CIF) B-50726595, with registered address at Centro Empresarial El Trovador, planta 8, oficina I, Plaza Antonio Beltrán Martínez 1, 50002, Zaragoza, Spain.

GRUPO ASIS hereby declares that it honours the Spanish and European legislation on Personal Data Protection, and more specifically, European Parliament and Council Regulation 2016/679 of 27th April 2016, and in accordance with the current state of the art, the nature of the data and the risks to which they are exposed, GRUPO ASIS declares that it implements the appropriate technical and organisational measures to ensure the confidentiality and privacy of the personal data collected by way of this website, as well as the integrity, availability and security thereof, by taking all action necessary to prevent any alteration, loss, unauthorised access or fraudulent use of the processed data.

GRUPO ASIS ensures that the User’s personal data are processed in a licit, fair, transparent manner and that they were collected with the User’s consent after providing explicit information on the purpose of processing expressly indicated in this Privacy Policy or any other legal grounds legitimately established in accordance with the Law. Examples of this include receiving the Users’ questions at our postal address or email address pursuant to the legal obligation of offering Users forms of direct, effective communication with GRUPO ASIS.

GRUPO ASIS shall neither handle nor share the Users’ personal data unless it is allowed by the current regulations, at the request of the competent authorities and when given the express consent of the User after having received the proper information.

GRUPO ASIS shall not use the Users’ personal data for purposes other than those stated prior to the time when the User submits the personal data.

PERSONAL DATA

Personal data means any information which is related with a directly or indirectly identified or identifiable private individual (name, ID number, location data or specific factors about physical, psychological, genetic, mental, economic, cultural or social factors, geographic location, financial information and bank account numbers, as well as unique identification elements, such as national identity card numbers, IP address, MAC address, Social Security number, driving licence number, etc.

Specially protected personal data is any related with race or ethnic origin, political opinions, religious beliefs, membership in labour associations, physical or mental health, and additional medical information, which includes biometric and genetic data, as well as sexual preferences, criminal records or court sentences.

HOW DO WE USE THE PERSONAL DATA?

Transparency and information on personal data protection

We would like to make our privacy practices clear so that you can make informed decisions about the use of your personal data by GRUPO ASIS which you wish to allow.

Those operations, arrangements and technical procedures which are performed in an automated or non-automated manner and which make it possible to collect, record, organise, structure, preserve, adapt, modify, retrieve, consult, use, communicate via transmission, dissemination or any other form which enables access or connection, limitation, deletion or destruction of personal data or sets of personal data are all defined as personal data processing.

Through this website, we collect, use, disclose, transfer and store personal data when necessary to provide our service or achieve our operational or business-related objectives, as described in this Privacy Policy.

Legal and Fair Status

We shall always request your prior consent for the processing of your personal data for one or more specific purposes, which will be reported before your data is provided.

Data Minimisation

We only ask Users to provide the data strictly which is necessary for the purposes of the data processing.

Limitation on Data Storage

We store the data for the amount of time necessary based on the purpose of the data processing. We hereby inform you that, in each case of determining the storage period and, in those cases in which the purpose is a periodic service (such as a subscription), we review and update the personal databases to delete those records which are inactive and those in which the User has decided to be removed.

Confidentiality

We apply the adequate technical and organisational security measures to process the personal data while ensuring their confidentiality and minimising the risk of unauthorised access or improper use of the Users’ personal data by third parties.

HOW DO WE OBTAIN YOUR DATA?

Type of personal data we collect

We may collect your personal data by way of:

The contact form and any other forms for registration, sign-up, subscriptions, etc. in each of which cases the User will find essential information on the processing of the personal data before it is collected.
E-mail
The company’s postal address
Internal and third-party cookies If you would like to know more, please click here

Through these channels, we may collect the following information:

Full name;
Company name;
Email address;
Language;
IP address;
Any opinion or remark you freely decide to provide us with;
Any other information and/or file which you freely decide to transfer to us.

We may also collect certain information which we are provided through statistical data:

Web browser;
Type of device from which you are connecting;
Internet service provider;
Data of a demographic nature (geographic location, age, sex);
Link to or origin of your visit to the website.

You ensure: that the data which you provide to us is accurate.

The User hereby declares that the personal data which is provided to GRUPO ASIS at any time during use of this website is true and accurate.

As the User, you must know that you are the sole party responsible for any direct or indirect damage or harm which may be caused to GRUPO ASIS, as the party responsible for this website, or to any third party if you complete any form using false data or data on third parties, leading to deception, damage or prejudice.

In order to keep your data accurate and updated, we ask the User to report any changes which may occur in the data which has been provided.

Consent for minors

It is prohibited by GRUPO ASIS for minors under the age of 14 years to submit personal data through this website. In the event that GRUPO ASIS detects Users that may be under the aforementioned age, it will not process your data and therefore will not answer such requests.

GRUPO ASIS reserves the right to ask for a copy of your National Identity Card or equivalent document that accredits you possess legitimate status to be a User, in the event that it has reasoned suspicions that the User is a minor.

PURPOSE OF PROCESSING BY GRUPO ASIS

GRUPO ASIS hereby informs you that all of the personal data which the User provides through this website will be collected and processed by GRUPO ASIS, as the data controller, with the following purposes:

Handling questions placed by way of the Contact Form on this website and providing the proper response, as well as dealing with any specific requests for registration, subscription, etc. placed using other forms on this website.
Sending electronic communications to you in order for GRUPO ASIS or any third parties for which your give consent to respond to your informational and commercial queries.
Answering the queries received at our postal address or email address. In such instances, the senders will be informed of the processing which we perform at GRUPO ASIS at the time when the queries are answered.
Managing Users’ registration and removals from the databases of GRUPO ASIS for electronic forms of communication.
Handling the Users’ preferences about the language of this website’s contents, after being given consent and receiving acceptance of our Cookie Policy.
Managing our social networks with regard to the data of the persons who become followers. In this respect, the processing of the data is governed by the provisions of this Privacy Policy and by the terms and conditions, privacy policies and access rules specific to each social network.
Creating profiles on the basis of the User’s subscriptions in order to offer customised information that may be of specific interest to the User.
Legal obligations: We may be required to use and retain personal data for legal and compliance-related reasons, including the prevention, detection or investigation of a crime, prevention of losses or fraud, or to comply with internal and external auditing requirements, with our information security goals or crime prevention, which may mean processing as follows: (a) by virtue of the applicable Law, which may include laws outside the User’s country of residence; (b) to respond to requests from courts, security bodies, regulatory bodies or other public and governmental authorities, which may include authorities outside of the User’s country of residence and (c) to protect our rights, privacy, security or property, or those of another party.

Before submitting any request or information through any form on this website, you must expressly accept that you have read this Privacy Policy, which for legal purposes means that you have given your unequivocal, express, free, specific, informed consent to process your personal data for the aforementioned purposes.

The aforementioned express consent means authorising the processing of your data by GRUPO ASIS under the terms established in this Privacy Policy, as well as by the co-controllers and processors of the data with which GRUPO ASIS has an obligatory contractual relationship with required compliance.

Other websites affiliated with GRUPO ASIS and linked to this website may contain subscription forms for news, newsletters or for the use of purchasing services. On these websites affiliated with GRUPO ASIS, the User shall be specifically informed of the processing of personal data performed on those websites, as well as the specific conditions of the services offered therein.

INTERNATIONAL TRANSFERS

In certain cases, GRUPO ASIS uses third-party tools and services to run this website, as well as for sending out email marketing campaigns, surveys, etc. Some of these services may be controlled by third-party non-European Union residents (Google, GroupMail and Mailchimp). GRUPO ASIS attempts to use secure tools whose servers are preferably located in Spain or, when not possible, in some member state of the European Union, or otherwise which comply with the European laws in accordance with the guidelines and recommendations of the Spanish Information Protection Agency, the European Commission and the EU agreements of reference on the subject of international data transfers, which also means having obtained certification on the Privacy Shield list.

Most of these third parties have stated that they comply with EU data protection regulations and even have their servers and/or headquarters in Europe. However, In the event that an international data transfer is required, the acceptance of this Privacy Policy means that you expressly consent to the aforementioned transfer, as the Data Subject.

Security Measures Applicable to Personal Data Processing

In order to protect the website Users’ and subscribers’ personal data, GRUPO ASIS ensures its own its data processors’ implementation of the proper technical and organisational measures in accordance with the start of the art, to protect the personal data, bearing in mind the scope, context and purposes of the processing, as well as the varying risks of likelihood and harm to the rights and freedoms of those concerned, attempting to remain able to ensure the confidentiality, integrity, availability and resilience of the processing systems and services.

In particular, GRUPO ASIS has implemented an encryption and authentication protocol to guarantee that the personal data consulted by us are transmitted to our servers through a “Secure-Socket-Layer” or SSL connection, so as to protect them from access by third parties.

Our data security policies and procedures are regularly revised and updated in order to meet our business needs, technological changes and regulatory requirements.

We implement technical and organisational measures to store and transfer the information in a secure manner, so as to protect it from attacks or accidental loss, as well as respecting unauthorised access, use, destruction or disclosure.
We have a privacy and security risk evaluation strategy, as well as a disaster recovery and business continuity plan designed to safeguard the continuity of our services and protect our personnel and our data.
We apply the proper restrictions to personal data access
We periodically train and raise awareness amongst our personnel about the topic of security and personal data protection, and we require our suppliers responsible for processing data to demonstrate that they use the proper security protocols for the personal data processing which they perform, where appropriate.
We require our employees and contractors to receive constant training on the topic of information security, as well as other pertinent fields, because they have access to personal data and other delicate information.

GRUPO ASIS declares that it is able to act swiftly and effectively to restore the availability of and access to the personal data if it identifies a physical or technical incident’s occurrence, and to do so it keeps an internal record of incidents, a plan to respond to incidents and the necessary activities for management and control of backup copies to ensure the recovery of data in the event of a potential security incident.

GRUPO ASIS declares that it stores the Users’ personal data under encryption on secure servers protected from the most commonplace types of attacks and located in Spain and Europe, or in the event that they are stored outside of Europe, only after verifying compliance with European agreements (Privacy Shield) in advance.

NOTICE OF PERSONAL DATA SECURITY BREECH

In the event that the personal data’s security is breeched, unless it is unlikely that the security breech will constitute a risk to the rights and freedoms of private individuals, GRUPO ASIS shall report it to the Spanish Information Protection Agency within 72 hours of gaining knowledge of the incident, describing the nature of the violation, the potential consequences it may cause and the measures implemented or proposed to remedy the security breech; if possible, it will report the categories and approximate number of parties concerned and data affected.

Likewise, GRUPO ASIS shall notify the parties concerned as soon as possible, when it is likely that the personal data security breech entails high risk to the rights and freedoms of private individuals, describing any potential consequences which may result and the measures implemented or proposed in order to remedy the security breech.

EXERCISING RIGHTS

The User may at any time withdraw his/her consent and/or exercise the rights of access, rectification, deletion, limitation, opposition and portability foreseen in European personal data protection regulations, by sending a message by email to protecciondatos@grupoasis.com or by sending a letter by post to Grupo Asís Biomedia, S.L., at the address: Plaza Antonio Beltrán Martínez, 1; Centro Empresarial El Trovador planta 8, oficina I (50002) Zaragoza, Spain.

In such an instance, the User must indicate the right which is being exercised and attach a copy of his/her national identity card or other valid identification document which enables that person to do so, including one which allows for electronic identification.

What do these rights consist of?

The right of access enables the User to obtain information on what personal data is undergoing processing, the purpose of the processing, the categories of data processed, the time period or criteria of storage, the recipients or categories of recipients; if profiles are created, significant information on the logic applied and the consequences of the processing foreseen; the exercise of the rights of rectification or deletion of the personal data and to the limitation or opposition of processing and the right to file a claim before the data protection authority.

To do so, the User does not need to provide any justification, unless it has exercised the right in the last six months.

In the event that the data subject exercises the right of access, GRUPO ASIS is legally required to reach a decision on the access request within a time period of no more than one month, to be calculated as of receiving the request, providing a copy of the personal data subject to processing, or allowing remote access thereto. GRUPO ASIS shall also provide any additional copies requested by the party concerned, once the fee produced by the administrative costs of issuing the documents has been paid.

GRUPO ASIS may deny access and, where appropriate, invoke the protection of the Data Protection Agency if said access has been performed during the preceding six months, or if provided for or prevented by a national or EU law.

The right of rectification enables the User to demand that GRUPO ASIS rectify the data which it believes are inaccurate or incomplete. To do so, the User must indicate to us what data is involved and the correction that is to be carried out, providing documentation to justify doing so. In such an instance, GRUPO ASIS will be required to carry out the rectification as soon as possible and, in any case, within one month of receiving the request. This time period may be extended by a further two months if necessary, bearing in mind the complexity and number of requests. GRUPO ASIS shall inform the party concerned of the extension within one month of the request.

The right of deletion (or “right to be forgotten”) means that the User is entitled to the deletion of the data when the processing is illicit, the party concerned has withdrawn consent or has exercised the right of opposition and no other legitimate reasons exist for the processing; when the data are no longer necessary for the purposes for which they were collected or processed, or when they must be deleted in order for GRUPO ASIS to fulfil a legal obligation.

The party concerned shall not be entitled to have GRUPO ASIS delete its data when the processing is necessary to exercise freedom of expression and information; for GRUPO ASIS to comply with a legal obligation; for the submission, exercise or defence of claims; in the public interest based on the current laws in force due to reasons of public health or for purposes involving historical, statistical or scientific research.

GRUPO ASIS shall respond to your request as soon as possible and, in any case, within a time period of one month as of receiving your request. This time period may be extended by a further two months if necessary, bearing in mind the complexity and number of requests. GRUPO ASIS shall inform the party concerned of the extension within one month of the request date.

The right of opposition means that the User has the right to the non-processing of his/her personal data or to stopping their processing in those instances in which the processing is based on direct marketing or the creation of profiles; the interests or rights and freedoms of the party concerned hold precedence, especially when involving a child, over GRUPO ASIS or any third parties legitimate interests; historical, statistical or scientific research unless the processing is necessary for reasons of public interest.

GRUPO ASIS shall respond to your request as soon as possible and, in any case, within a time period of one month as of receiving it. This time period may be extended by a further two months if necessary, bearing in mind the complexity and number of requests. GRUPO ASIS shall inform the party concerned of the extension within one month of the request date.

The right to limitation of processing means that the User has the right to decide what personal data he or she does not want to be processed again in the future, with the ability to exercise this right when it has formerly challenged the accuracy thereof; when the processing is illicit and instead of exercising the deletion of the data, it decides to limit them for future processing; or when it believes that GRUPO ASIS no longer needs the personal data for the purposes of the authorised processing, but the User needs them for the submission, exercise or defence of claims.

In the event of a limitation on processing, the restriction may be lifted if the data subject gives consent; when it is possible that the processing may affect the rights of another private individual or body corporate; when legal proceedings justify doing so, or when there is an important public interest reason based on the laws in force.

The right of portability means that the User is entitled to receive the personal data provided to GRUPO ASIS or to have GRUPO ASIS transfer them to another data controller, in a structured format commonly used with mechanised reading, provided that the processing is carried out by automated means and is based on the consent that the User originally gave for one or more specific purposes, or for the execution of a contract to which he or she was a party.

The right to portability shall not be applicable when the transmission is technically impossible, or when it may negatively affect a third party’s rights and freedoms, or when the processing pursues a mission of public interest based on the current laws in force.

HOW DO WE SHARE THE DATA WITH THIRD PARTIES? – DATA PROCESSORS

We share the personal data with third parties in order to provide services or perform commercial transactions under the terms which are provided in this Privacy Policy or when we believe that the Law allows or requires us to do so. Most of the occasions on which we share data with third parties, the data are not personal, but rather anonymous or statistical. When we share personal data, we do so in in accordance with privacy and data security requirements.

GRUPO ASIS hereby informs the User that his or her personal data may be assigned to:

The companies affiliated with GRUPO ASIS when it is necessary to provide services, administer and manage sales and marketing, to provide technical assistance and customer service, and to develop business and products. We require all of our employees to follow our internal data privacy and security rules.
Our business partners and third party service providers, in order to provide services with other companies and/or brands, offer content, software support, systems and platforms, direct marketing services, cloud hosting services, advertising and data analysis, or to hold events. In such instances, the assignment of data to the third party shall only occur when GRUPO ASIS has been given the User’s express consent and maintains a contractual relationship with the data processor which guarantees the data’s confidentiality, the non-use of the personal data of the Users who provide their personal data for purposes other than those indicated above, as well as for compliance with our internal regulations on privacy and information security.
When said assignment of data is performed under the aegis of a legal obligation or is required by the competent authorities to respond to legal requests, the criminal investigation of a possible illegal activity or claims which state that some contents violates the rights of third parties, or to protect the rights, property or safety of third parties, in the event of the merger, sale, restructuring, acquisition, joint venture, assignment, cession or other full or partial availment of our business, assets or shares.

If GRUPO ASIS is required by the competent authorities to respond to legal requests, the criminal investigation of a possible illegal activity or claims which state that some content violates the rights of third parties, or to protect the rights, property or safety of third parties, it may provide the competent authorities with the Users’ personal data.

If the rights to the website are transmitted to another entity, GRUPO ASIS undertakes to agree to the subrogation and commitment of the new data controller entity to process the personal data in continuation of this Privacy Policy, informing the new data controller of the commitment to notify the User in advance if the personal data is to be used in any way contrary to this policy.

COOKIES POLICY

At GRUPO ASIS, we use cookies (small data files which are uploaded onto a User’s device upon accessing a website, in order to store data which may be updated and retrieved by the party responsible for installing them) to carry out certain tasks which are considered essential for the proper running and display of the website and, in certain cases, to store and manage User’s preferences as to the website language, and to collect analytical and usage data.

In order to perform these analyses, this website may store certain data in the server’s records automatically, by using cookies which collect usage and browsing data regarding the User’s use of this website. These records typically include information such as browser type, browser language, date and time of access request, URL, computer or device model, operating system version, unique identifiers (IP addresses) and data about the mobile network used in accessing and browsing on this website.

GRUPO ASIS may use cookies that record IP addresses throughout access and browsing in order to analyse and measure access and time spent on the different pages in this website and draw conclusions about website traffic trends.

It is advisable for the User to know that we use Internet tools and platforms that install cookies which are not run by GRUPO ASIS, and therefore it is possible that the parties who run said tools may use the data for other purposes for which GRUPO ASIS is not responsible.

If you would like further information about the way we use cookies and find out how to prevent their installation, you can read our Cookie Policy.

HOW LONG WILL WE CONTINUE TO HANDLE YOUR DATA?

The personal data provided will be kept as long as the User does not request its deletion, for the purpose of keeping him/her informed of the activities promoted by GRUPO ASIS, and as long as the data remain adequate, pertinent and limited to what is necessary for the purposes for which they are processed in accordance with this Privacy Policy.

REUSE OF THIS POLICY

GRUPO ASIS does not authorise the copy, reproduction or reuse of this privacy policy, which was specifically analysed to provide a response to the obligations inherent to this website.

APPLICABLE LEGAL SYSTEM AND JURISDICTION

The headquarters of GRUPO ASIS is located in Spain, and therefore the contents of this Privacy Policy were drafted in accordance with the laws of Spain and the applicable regulations of the European Union.

The User agrees that any claims or complaints against GRUPO ASIS pursuant to or related with the use of this Website and, more specifically, with the processing of your personal data shall be resolved by the court of the competent jurisdiction located in the city of Zaragoza. If GRUPO ASIS is the party which has to file a claim, it shall do so before the competent court at the User’s address or in Zaragoza, if involving bodies corporate or non-consumer professionals.

If the User accesses this website from outside of Spain, then the User is responsible for complying with all local and international laws that may be applicable.

ENTITLEMENT TO MODIFY THE PRIVACY POLICY

GRUPO ASIS may modify this Privacy Policy at any time, in accordance with changes in this website and the contents it offers, if it deems necessary to do so, either on legal grounds or for technical reasons, or due to changes in the nature of layout of the website, with no obligation to warn or inform the User of these modifications, their publication on this website being considered sufficient notice.

All modifications shall take effect, as regards the Users who use this website, as of said modification. The continued use of this website after the publication of any change shall be considered an acceptance thereof. This is why, at the end of these Conditions of Use, the date when they were last updated is stated, and thus any changes introduced shall take effect as of that date.

If the User does not agree with the updates to our Privacy Policy, he or she may reject them by not entering his/her personal data into the website contact forms or by exercising the right of opposition, cancellation or deletion under the terms established in the section on Exercising Rights in this Privacy Policy.

Last updated on 27^th July 2018