- What is personal data?
- Who is the data subject?
- Who is responsible?
- What types of personal data exist?
- What types of personal data do we process?
- Where is your data collected?
- What is an activity log?
- How and from where do we collect the data we process?
- Conservation period
- For what purpose do we process your data?
- Who do we give your data to?
- Security measures
- What rights do data subjects have?
- Where can data subjects exercise their rights?
- Types of cookies
- Disabling, rejecting and deleting cookies
- List of cookies present
What is personal data?
Any information about an identified or identifiable natural person. In other words, about individuals. It is a fundamental right.
Who is the data subject?
An identifiable natural person whose identity can be established, directly or indirectly, in particular by means of an identifier, such as a name, an identification number such as an ID card or social security number; location data, such as home address, web address (geolocation services), e-mail address or social network profile; other online identifiers or elements of a person’s physical, physiological, genetic, mental, economic, cultural or social identity, e.g. a dental mould, certain genetic or physical tests, etc.
Who is responsible?
The company EUGENOMIC S.L., which provides services at the EUGENOMIC facilities, is responsible for the processing of your data. You can contact the centre’s head office, located at C/ Londres 6, 08029, Barcelona, Tlf: 932 922 963, Email: email@example.com
What types of personal data exist?
- Filiation data (name, surname, date and place of birth, sex and nationality; DNI/NIF, NIE or residence card, SS number or health card if applicable; insurance company and policy number if applicable; address (address, postcode, town, province); e-mail, landline and/or mobile phone, etc.).
- Other personal characteristics data: image (photographs, diagnostic images, casts), voice, physical marks, physical or anthropometric characteristics (height, weight, hair colour, etc.); signature, fingerprint, electronic signature.
- Data relating to social circumstances: marital status, family details (children, parents, siblings); property, possessions; hobbies and lifestyle, membership of clubs and associations; licences, permits or authorisations.
- Academic and professional data: generally in the “Curriculum Vitae”, such as education, qualifications, academic record or training history throughout pre- and post-professional life, professional experience, membership of professional bodies or associations.
- Employment details: profession, job title, non-financial data from the employee’s salary or employment history.
- Data providing commercial information: activities and businesses, commercial licences, subscriptions to publications or media, artistic, literary, scientific or technical creations.
- Economic data: bank details; credit or credit/debit card numbers, details and history; income, revenues, investments, assets; salary and payroll economic data, tax rates and deductions; mortgages, loans, credits, guarantees; investments, pension plans, retirement; insurance, subsidies, other benefits; financial transactions, compensation or indemnities.
- Special category data: data relating to your religion, trade union membership, political party you vote for or belong to, racial origin, health or sex life, genetic and biometric data, criminal or administrative offences.
What types of personal data do we process?
Data of our staff
We consider our staff to be our employees and professional or freelance collaborators, as well as the staff of suppliers who work on our premises.
- Personal details (name, surname, date and place of birth, sex and nationality; DNI/NIF, NIE or residence card, SS number; health insurance if applicable; address (address, postcode, town, province); e-mail, landline and/or mobile phone number, etc.).
- Other personal details: image (photograph); signature, electronic signature if any.
- Data relating to social circumstances: marital status, family details (children, parents); membership of a professional association; licences, permits or authorisations, if applicable
- Academic and professional data: in the curriculum vitae of candidates and in the personnel file of employees and regular external collaborators, such as education, qualifications, academic record or training history throughout pre- and post-professional life, professional experience, membership of professional bodies or associations.
- Employment details: occupation, job title, non-financial data from the employee’s salary or employment history.
- Data providing commercial information: activities and business with external partners, scientific or technical publications.
- Financial data: bank details; salary and payroll financial data, tax rates and deductions; pension plans, if applicable; retirement; insurance if applicable; indemnities.
- Affiliation data: name, surname; DNI or analogous; e-mail and telephone and address.
- Other personal data: video surveillance image; signature.
- Employment details: profession, job title.
- Health data: health, genetic and biometric data, if applicable.
Related party data
We consider other related parties to be people related to customers, suppliers, job applicants, and in general people from other organisations with whom we interact.
- Affiliation data: name, surname; DNI/NIF; e-mail, landline and/or professional mobile phone number.
- Other personal data: image during visits, video surveillance; joint commercial events or in commercial brochures (photographs); signature, electronic signature if applicable.
- Academic and professional data: (Case of job applicants) generally in the “Curriculum Vitae” as appropriate, such as education, qualifications, pre- and post-professional life-long learning history, professional experience, membership of professional bodies or associations.
- Job details: profession, job title.
- Data providing commercial information: scientific or technical publications where appropriate.
- Commercial or business data: position or position and other data necessary for the professional relationship.
Where is your data collected?
The personal data that you provide us with will be incorporated into computerised databases and physical files, which in turn are subject to security measures and are included in a register of activities owned by EUGENOMIC.
What is an activity log?
It is a list and summary information of the data processing we carry out and is available to the Spanish Data Protection Agency.
How and from where do we collect the data we process?
Data provided by the data subject
The holder provides us with his or her data by
- When contracting:
By the actual provision of the data necessary for the relationship (contracts, payments and collections, etc.).
- Electronic inquiries:
Through the existing query form on the web in which it is necessary to provide a
series of data to be able to solve the query.
- Web Registration and G-Nomic Test:
You can register on the website and the data necessary for user and session management will be processed.
- Acceptance of Cookies on the website:
- Curriculum Vitae submission:
Candidates or applicants for job offers or people who deposit their CVs for the future.
Data not provided by the owner of the data
- Derived data:
This type of data is those that can be obtained as a result of the provision of the service and are related to it. EUGENOMIC will inform the affected party in the event that these data appear during the normal course of the contracted treatment. Therefore, these are data not provided consciously and voluntarily by the user that arise from the performance of the contracted treatment.
- Data provided by third parties:
This is data that a third party may provide about another person. For example parents, guardians or legal representatives.
In the event that the data provided by third parties is not consented to by the data subject, it will be deleted.
EUGENOMIC is not responsible for the data entered via the web-based enquiry and registration service. It is the user who enters information who is responsible for requesting consent and authorisation for the processing of the data. Irrespective of this, the data shall be deleted if EUGENOMIC becomes aware that consent has not been given.
The data will be kept for the time necessary to carry out the provision of services or the execution of the professional relationship, and always for the duration of the relationship or service. Once this period has elapsed, they will be destroyed unless they must be kept by law, which in any case will be done for the legal period.
- Data obtained from web queries:
For a period of 1 year, unless they are necessary for the data subject to continue to have access to the consultation service, or until the data subject exercises his or her rights of objection, restriction or deletion.
They will be kept for a maximum of 12 months; after this period, consent will be sought again for efficient and effective navigation.
- Fiscal and tax data:
They will be kept for 4 years in accordance with tax regulations (Ley General Tributaria and complementary or additional national and regional laws).
- Social Security data:
They will be kept for the time determined in each case by the Social Security regulations; in the case of membership data, 4 years.
- Video surveillance data:
They will be kept for 1 month unless they may constitute a criminal or administrative offense.
- Voice recording data:
They shall be kept for 1 month unless they may constitute a criminal or administrative offence.
- Special category data processed by Eugenomic:
These data will be kept for the period of time established by health regulations, as they are mainly genetic and health data.
- Rest of data:
The rest of the personal data collected by EUGENOMIC shall be kept by EUGENOMIC for the time legally provided for in each case or for the time required to provide the service or successfully complete the professional relationship. Likewise, when there may be a legitimate conservation interest.
The data subject may always exercise his or her right of deletion or any other rights recognised by the regulations in force.
It is the condition that gives legal capacity to process the data. There are several reasons:
- Por contrato:
The processing of personal data is necessary for the performance of the contract between the parties and the provision of an adequate service.
- By consent of the data subject:
This basis of legitimacy will be applied when the interested party contacts through the website or for sending CVs. Likewise, for sending advertising, promotions, etc., consent will be requested.
Express consent will also be requested for data processing for legitimate purposes that do not fit into any other legal basis of legitimacy.
- By legal obligation:
When data must be processed that is mandated by current legislation, such as the conservation of data already collected.
- Legitimate interest:
Data will be processed under this legitimisation basis with respect to video surveillance for the protection and control of the facilities, as well as to maintain security at the centre.
In case of further processing of data for legitimate interest, this will be reported and justified.
- For medical reasons:
To provide the requested health and genetic service.
For what purpose do we process your data?
In general in order to carry out our services and the mission of our organization.
In particular, we collect personal data for the following specific purposes:
- Clients and related: To provide the contracted service.
The personal data of clients are necessary for the relationship, the main and complementary services requested and to comply with the legal obligations derived from our activity.
In turn, they are necessary for the invoicing of the service provided.
- Citizens in general: To provide the web consultation service.
We collect the data entered by the user in order to be able to respond to the query. It will not be possible, by this means, to provide special category data, which will be immediately deleted.
The non-acceptance of this purpose entails the impossibility of offering the consultation service we possess.
We may use direct marketing (a form of advertising that uses one or more media to communicate directly with a target audience and elicit a measurable response from them) to create tailored services or report improvements and developments that may be of interest for the benefit of data subjects.
- Workers and job applicants:
Workers’ data are necessary to be able to develop the employment relationship. Without them it would not be possible to execute the employment contract. Only the data necessary for this purpose and for the management of withholdings are collected.
In the case of job applicants, their data will be processed for the purpose of processing the job offer.
Who do we give your data to?
EUGENOMIC does not transfer or communicate data to third parties as a general rule. However, there are exceptions whereby transfers and communications are made, as without them it would not be possible to provide the contracted service or to develop professional and labour relations.
The data will be transferred to labour and tax consultancies in order to carry out the labour and professional relations, their management and development correctly.
- Computer services:
Personal data may also be viewed by companies that provide IT and maintenance services to EUGENOMIC, insofar as it is not possible to avoid the processing of personal data in order to carry out IT and maintenance work.
- Healthcare professionals and laboratories:
For the complete and correct development of the service, the intervention of external healthcare professionals may be necessary to carry out tests or analyse data, etc.
- Public administrations and competent authorities:
Data will be communicated to the competent Public Administrations when legally required to do so. This will mainly be to public labour and tax administrations.
Likewise, the images captured by the video surveillance cameras will be provided to the state or regional security forces and bodies when they could constitute a crime or administrative offence.
- Other third parties:
EUGENOMIC may transfer or communicate data to other third parties provided that there is legitimacy for this, mainly for the provision of the service, and the purposes are lawful. This communication or transfer shall be notified and, where appropriate, consent shall be requested when required.
EUGENOMIC is concerned about data security and privacy and has implemented an information security and privacy system. It has implemented security measures described in its management and quality processes and procedures and measures to protect its information systems, all of which are recorded in the activity registers.
What rights do data subjects have?
The owner of the data has the right to access, rectify, delete, limit, carry and oppose the processing of his/her data.
We recommend the Citizen’s Guide published by the Spanish Data Protection Agency, where the rights are explained in a very intelligible way and which is available at the following link: http://www.agpd.es/portalwebAGPD/canaldocumentacion/publicaciones/common/Guias/GUIA_CIUDADANO.pdf
The rights available to the holder consist of:
The right to obtain confirmation as to whether or not personal data concerning him/her are being processed and, if so, to the following information: the purposes of the processing; the categories of data being processed; the recipients or categories of recipients to whom the data have been or will be disclosed; the expected period for which the personal data will be kept or, if this is not directly possible, the criteria for determining this period.
The data subject may exercise this right every six months; unless there is legitimate cause to request it more than once within this six-month period.
When the data subject exercises this right of access, we will provide him/her with a copy of the personal data undergoing processing in a readable format of the data subject’s choice. In any case, we will always do so in the interests of the data subject and in accordance with the statutory provisions.
If access requests are manifestly unfounded or excessive, especially if they are repetitive, we may charge a fee to compensate for the administrative costs of processing the request, and this fee will correspond to the actual cost of processing the request.
With regard to the processing, we will inform the interested party of the actions arising from the request within one month (and up to two months in the case of particularly complex requests, with notification of the extension within the first month).
If we decide not to process a request, we will inform the data subject of this decision, giving reasons for the refusal, within one month of the request; the data subject may lodge a complaint with the Spanish Data Protection Agency.
This is the right to obtain the rectification of inaccurate personal data or to supplement incomplete personal data by means of an additional statement, always taking into account the purposes of processing.
To this end, the data subject must request it, indicating the data concerned and the desired correction; if necessary, accompanied by documentation justifying the inaccuracy or incompleteness of the data being processed.
The data subject shall have the right to obtain the erasure of his or her personal data in the following circumstances: they are no longer necessary in relation to the purposes for which they were collected or processed; he or she withdraws consent and the processing is not based on another legal ground; he or she objects to the processing and no other legitimate grounds for the processing prevail; they have been processed unlawfully.
Where erasure results from the exercise of the right to object for direct marketing purposes, we may retain identifying data in order to prevent future processing for direct marketing purposes.
Where we have disclosed personal data and are obliged to erase such data, we will take reasonable steps, taking into account available technology and the cost of implementation, including technical measures, to inform the Processors who are processing the personal data with a request for erasure.
The foregoing shall not apply for the fulfilment of a legal obligation requiring the processing of data, or for the performance of a task carried out in the public interest or in the exercise of official authority conferred on them; for the purposes of scientific or historical research or statistical purposes, insofar as the right of erasure would render impossible or seriously impede the achievement of those objectives; for the formulation and exercise or defence of claims.
The data subject has the right to object to the processing of his or her data at any time, except in the aforementioned legal cases.
If the data subject exercises this right, we will no longer process his or her personal data, unless we can demonstrate compelling legitimate grounds for the processing to override his or her interests, rights and freedoms, or for the establishment, exercise or defence of claims, as well as the necessary preservation in accordance with the law or for reasons of public interest where there is one.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time, in which case the personal data shall immediately cease to be processed for such purposes.
The data subject shall have the right to the restriction of the processing of his or her data where any of the following conditions are met:
- where the data subject has declared the inaccuracy of his or her personal data, during the period which allows us to verify the accuracy of the data;
- where the data subject considers that the processing is unlawful and we have objected to the erasure of his or her personal data and instead he or she requests the restriction of their use;
- we no longer need the personal data for the purposes of the processing, but they must be retained for legal reasons or for the formulation, exercise or defence of claims;
- the data subject has objected to the processing, while we check whether our legitimate grounds override your legitimate grounds.
Where the data subject has obtained the restriction of processing pursuant to the exercise of this right, we will inform the data subject prior to the lifting of such restriction.
By the same token, we will communicate any rectification or erasure of personal data or restriction of processing to each of the recipients to whom the personal data have been disclosed or communicated, unless this is impossible or would require a disproportionate effort. If the data subject so requests, we will inform him or her about these recipients.
The data subject may also revoke consent to certain types of processing at any time with effect for the future. However, this revocation does not affect the lawfulness of the processing prior to the revocation of consent or insofar as the processing can be justified on another legal basis.
he data subject shall have the right to receive his or her personal data which he or she has provided to us and which is held by us, in a structured, commonly used and machine-readable format, and to transmit it to another controller without hindrance from us, where the processing is based on consent, and is carried out by automated means.
The data subject shall also have the right to have his or her personal data transmitted directly from controller to controller where this is technically feasible.
The exercise of this right shall be without prejudice to the powers conferred by the right of erasure.
The right to portability does not extend to data that we have inferred from data directly derived from our services.
Withdrawal of consent
The data subject, provided that the processing of his or her data is based on the consent he or she expressly and voluntarily gives, may withdraw this consent at any time. However, this withdrawal does not affect the lawfulness of the processing that has been carried out on the data prior to this request.
Automated individual decisions
In the event that EUGENOMIC carries out this type of processing, the data subject may exercise this right, which consists of ensuring that you are not subject to a decision based solely on the processing of your data, including profiling, which produces legal effects on you or significantly affects you in a similar way, by informing you in advance.
Profiling means any form of processing of your personal data that evaluates personal aspects, in particular analysing or predicting aspects related to your job performance, financial situation, health, personal preferences or interests, reliability or behaviour.
However, this right does not apply where:
It is necessary for the conclusion or performance of a contract between you and the controller.
The processing of your data is based on your prior consent.
However, in these first two cases, the controller must guarantee your right to obtain human intervention, to express your point of view and to challenge the decision.
It is authorised by Union or Member State law and appropriate measures are put in place to safeguard the rights and freedoms and legitimate interests of the data subject.
Where can data subjects exercise their rights?
To exercise their rights, the holder may write to our headquarters, located at C/ Londres 6, 08029, Barcelona or contact us by e-mail (firstname.lastname@example.org).
You may also file a complaint with the Spanish Data Protection Agency.
EUGENOMIC has a Data Protection Delegate available.
What is a cookie?
Cookies are automatic procedures for collecting information relating to the preferences determined by the User during their visit to the Website in order to recognise them as a User, and to personalise their experience and use of the Website, and may also, for example, help to identify and resolve errors. There may also be social media cookies to enable users to interact with social media servers.
Information collected through cookies may include the date and time of visits to the Website, the pages viewed, the time spent on the Website and the sites visited just before and just after the Website. However, no cookie allows this cookie to contact the User’s telephone number or any other means of personal contact. No cookie can extract information from the User’s hard drive or steal personal information. The only way for the User’s private information to be part of the Cookie file is for the User to personally give that information to the server.
Types of cookies
Below is a selection of the types of existing cookies. EUGENOMIC does not have all of these types on its website, but for the user’s knowledge they will be indicated.
Depending on who manages them:
- Own cookies:
These are cookies that are sent to the User’s computer or device and managed exclusively by EUGENOMIC for the better functioning of the Website. The information collected is used to improve the quality of the Website and its content and your experience as a User. These cookies make it possible to recognise the User as a recurring visitor to the Website and to adapt the content in order to offer them content that is tailored to their preferences.
- Third-party cookies:
These are cookies used and managed by external entities that provide services requested by this same to improve the Website and the User’s experience when browsing the Website. The main purposes for which third-party cookies are used are to obtain access statistics and to analyse browsing information, i.e. how the User interacts with the Website.
The information obtained refers, for example, to the number of pages visited, the language, the place where the IP address from which the User accesses, the number of Users who access, the frequency and recurrence of visits, the time of visit, the browser used, the operator or type of device from which the visit is made. This information is used to improve the Website, and to detect new needs in order to offer Users optimum quality Content and/or service. In any case, the information is collected anonymously and reports on Website trends are drawn up without identifying individual users
Depending on the purpose:
- Technical cookies:
This type of cookies allow browsing on the Website. They allow certain information to be stored, such as identifying the user’s session, allowing access to restricted content, etc.
- Analytical cookies:
These cookies allow the collection of information about the user’s browsing. This observation allows us to know browsing preferences, habits, etc., through which the website can be adapted to users in order to provide a better online service.
- Advertising cookies:
These cookies are used for the management and optimisation of the advertising that appears to the user.
- Personalisation cookies:
These cookies make it possible to remember user customisation actions on the website, such as language selection.
- Social network cookies:
These cookies incorporate social network plugins, which allow access to social networks from the Website. These cookies are necessary for external social networks (Facebook, Google, Twitter, Youtube, Instagram, etc…). Their function is to control interaction with social widgets within the site.For this reason, social network cookies may be stored in the User’s browser. These businesses may use them to create a profile of your interests and show you relevant advertisements on other sites. They do not store personal information directly, but are based on the unique identification of your browser and Internet access device.These social network servers also have their own privacy policies which the user can review on the respective websites.
Depending on the time frame:
- Session cookies:
These cookies serve to collect and store data while the user accesses a website.
- Permanent cookies:
These are a type of cookie in which the data continues to be stored in the terminal so that they can be accessed and used in more than one session.
Disabling, rejecting and deleting cookies
The user will be able to show their preferences regarding cookies in a granular and individualised way, being able to choose what kind of cookies they wish to accept and reject. In other words, you can configure cookies according to your preferences.
Some of the cookies on this Website are essential and necessary for the operation of the Website. These cookies cannot be rejected by users, since if they were not there, the website would not be able to function at all.
Users can also disable, reject and delete cookies – either totally or partially – installed on their device by configuring their browser (including, for example, Chrome, Firefox, Safari, Explorer), both on this web portal and on any other. In this regard, the procedures for rejecting and deleting cookies may differ from one Internet browser to another. Consequently, the User must follow the instructions provided by the Internet browser that he/she is using.
The links where the user may delete cookies, as an alternative to the acceptance, configuration and rejection box provided by EUGENOMIC are as follows:
Internet Explorer: http://support.microsoft.com/kb/196955/es
Mozilla FireFox: http://support.mozilla.org/es/kb/cookies-informacion-que-los-sitios-web-guardan-en-?redirectlocale=en-US&redirectslug=Cookies
List of cookies present
These are the cookies that exist on the website:
DESCRIPTION: This is a session cookie. GROUP: eugenomic.com
DESCRIPTION: This cookie stores information about product selection preferences on the website (the cart). It is session based. GROUP: eugenomic.com
COOKIE: oct8ne-first-enter DESCRIPTION: This Cookie stores information about product selection preferences on the website (the cart). It is session based. GROUP: eugenomic.com
COOKIE: PHPSESSID DESCRIPTION: This cookie is used by the PHP encrypted language to allow SESSION variables to be stored on the web server. GROUP: eugenomic.com
COOKIE: wp_woocommerce_session DESCRIPTION: This cookie has a unique code for each user so that it knows where to find the purchase data in the database for each customer. This cookie is a session cookie. GROUP: eugenomic.com
COOKIE: moove_gdpr_popup DESCRIPTION: These cookies are used to store cookie preferences. GROUP: eugenomic.com