Ribera Salud Group, of which the CMVCaridad Group forms part, is committed with the privacy of users and the protection and security of their personal data. It is for this reason that, in compliance with current legislation on data protection (Regulation (EU) 2016/679 of the Parliament and of the Council of 27 April 2016, Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights), Ribera Salud Group informs in this data protection policy, how collects and processes the personal data of users and patients on the website https://cmvcaridad.com/ (hereinafter referred to as the «Website»).
1. IDENTIFICATION OF THE DATA CONTROLLER.
The data controller of your personal data is the health center of Grupo CMVCaridad that provides you with health care, you may access the information in the following link: https://www.riberasalud.com/sociedades-del-grupo-ribera/
For matters regarding this Privacy Policy, the user may contact the Data Protection Officer by sending an email to: dpo@riberasalud.es
2. PROCESING PURPOSES AND LEGAL BASIS.
CMVCaridad Group will carry out the following data processing operations, using for each of them an appropriate legitimating basis, respecting the rights of the interested parties:
2.1 Contact requests management
- Purpose: To deal with contact requests sent through the channels made available on the Website.
- Legal basis: Execution of the pre-contractual relationship.
- Data processed: Identification and contact data.
2.2 Patient care management
- Purpose: The provision of healthcare services, diagnosis and medical treatment, preparation and preservation of clinical and social history, and the general management of healthcare services and other activities organised by the healthcare centre.
- Legal basis: Fulfilment of a legal obligation and execution of the contractual relationship.
- Data processed: Identification data, personal characteristics data, services transactions, financial data and health data. The collection of personal data may be carried out at the healthcare centre or will be provided, where appropriate, by insurance companies, mutual accident insurance companies, prevention services or by the competent public administrations.
2.3 Quality Service Surveys
- Purpose: To carry out surveys to find out how patients rate the quality of the service.
- Legal basis: legitimate interest.
- Data processed: identification and contact data.
2.4 Teaching, research or statistical activities
- Purpose: to carry out teaching, research or statistical activities for scientific or teaching purposes in order to improve healthcare, in compliance with the specific regulations in this regard.
- Legal basis: legitimate interest and consent of the data subject.
- Data processed: Identification data, contact data, personal characteristics data and health data.
2.5 Video Surveillance
- Purpose: Video Surveillance in some centers, to ensure the safety of people, goods and facilities.
- Legal basis: legitimate interest and compliance with a legal obligation applicable to the controller.
- Data processed: Identification data.
2.6 Patient Portal registration
- Purpose: To manage the registration of users in the patient portal by generating an account for their access, as well as to enable password recovery and access to medical reports.
- Legal basis: Execution of the contractual relationship and fulfilment of a mission carried out in the public interest or in the exercise of public powers conferred on the data controller.
- Data processed: identification data and contact data.
2.7 Commercial Communications
This data processing will be carried out by the entity RIBERA SALUD, S.A.U, with Tax Identification Code A-03681186 and registered office at Avenida Cortes Valencianas, number 58, Edificio Sorolla Center, 46015 Valencia (Spain).
- Purpose: Management of user subscriptions to the newsletter commercial communications about services, activities and news.
- Legal basis: User consent.
- Data processed: identification and contact data.
3. RECIPIENTS.
3.1.Comunicación de los datos a terceros.
Your data may be transferred in accordance with the following assumptions:
- Patient data may be accessed by other CMVCaridad Group or Ribera Group centres (https://www.riberasalud.com/sociedades-del-grupo-ribera/) in order to guarantee you adequate continuity of care and provision of services under the terms described above.
- In compliance with the legislation, your data may be communicated to the health authority and other public bodies with competences in health.
- In the event of being clients of private insurers and attending CMVCaridad Group, the data will be communicated by CMVCaridad Group to the private insurer for the purpose of payment of services.
- At the request of the Tax Agency, Courts or Tribunals or other competent Public Administrations.
3.2. Data processors.
The processing of personal data may be carried out by suitable service providers contracted by the CMVCaridad Group. These service providers will only process the data for the purposes established by CMVCaridad Group.
4. INTERNATIONAL DATA TRANSFERS
CMVCaridad Group will process the user’s data entirely within the territory of the European Union, it is not planned to carry out any international transfer of data and in the event that it is carried out, it will be done in compliance with the regulations.
5. STORAGE PERIODS.
CMVCaridad Group will keep the personal data of users for the time necessary to carry out the purpose for which they are processed, or until the interested party requests the deletion, and in any case, for the time necessary to comply with the corresponding legal obligations.
Likewise, the data related with the commercial communications will be kept until the user requests to unsubscribe from receiving them, following the instructions at the bottom of each e-mail.
6. USER RIGHTS.
The user has the right of access, rectification, deletion, objection, restriction and data portability; users may exercise these rights by sending a signed petition, together with a photocopy of their ID, directly to the Group’s Data Protection Officer, or by sending an email to the following address: dpo@riberasalud.es, or a letter to the following postal address: Cortes Valencianas, number 58, Edificio Sorolla Center, 46015, Valencia (Spain), with subject line: “Data Protection”
Furthermore, users are informed that, if their requests to exercise their rights are not answered, they may file a complaint with the Spanish Data Protection Agency (AEPD). More information available at: www.aepd.es.
7.UPDATES
The organisation reserves the right to modify the contents of this Website at any time, and may add new functionalities, as well as modify the current conditions. In this case, the corresponding update will be published on the Website so that the user is aware of any changes.
Last updated on: June 2024