- 1.
- 2.
- 3.
- 4.
- 4.1.
- 4.2.
- 4.3.
- 4.4.
- 4.5.
- 4.6.
- 4.7.
- 4.8.
- 4.9.
- 5.
- 5.1.
- 5.2.
- 5.3.
- 5.4.
- 5.5.
- 5.6.
- 5.7.
- 5.8.
- 5.9.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 12.1.
- 12.2.
- 12.3.
- 12.4.
- 12.5.
- 12.6.
- 12.7.
- 12.8.
- 13.
- 13.1.
- 13.2.
- 13.3.
- 13.4.
- 13.5.
- 13.6.
- 13.7.
- 13.8.
- 13.9.
Object
The purpose of this Privacy Policy is to inform people (hereinafter, users or interested parties) who visit our website (hereinafter, web page, website or the web), how we collect, process and protect the personal data you decide to provide us by any means (forms, emails, telephone, contracts, etc.) and after reading it, decide freely if you want us to treat them. Additionally, it will serve to expand the information that we have previously provided to the interested parties, in the informative clauses provided in the processes of collecting their personal data.
Furthermore, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter RGPD) and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter LOPDGDD).
Who is responsible for the processing of your personal data?
- Identity-Entity: EUREKA FERTILITY S.L.
- CIF: B16978264
- Postal address: Safor 12, pt 106 46015, Valencia (Spain)
- Phone: +34 963 498 949
- E-mail: [email protected]
- Company object: Media specialized in reproductive medicine
- Web Site: https://www.invitra.com/en/
- Registration data: Registered in the Mercantile Registry of Valencia, T 11064, L 8342, F 7, S 8, H V 200845
How can you contact the Data Protection Officer?
Our entity has appointed a Data Protection Officer registered with the General Registry of the Spanish Data Protection Agency, to whom individuals can direct their complaints or questions regarding how our entity is processing their personal data. You can contact them in writing, indicating the name of our entity or trade name, followed by your complaint or inquiry to:
- BUSINESS ADAPTER, S.L.
- Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia), Spain.
- Email: [email protected] (Ref. Eureka) or via this Data Subject Inquiry Form.
What personal data will we process and how do we obtain it?
For the development of our business activities, it is essential to process personal data which can be collected through digital means (e.g., email, web forms or questionnaires), by completing paper documents (e.g., contracts or forms), or through in-person or telephone conversations. In all cases, data will be processed fairly, lawfully, and transparently.
The categories of data that our entity will process about individuals are:
- Identification data: full name, image.
- Contact data: phone number, email, postal address.
- Access data: remote access identifiers to our website, such as registered user (username or Nick and password).
- Curriculum data: academic background, professional experience.
- Browsing data: analysis of time spent on our website, pages visited, demographic data (e.g., age, gender).
- Banking data: bank accounts in case of donations.
- Accounting data: income and expense tracking, billing data.
- Special category data: data related to health, own sex, and that of the partner.
- Commercial data: subscription conditions, payment management and history, results of contacts (phone, email, messaging, and other communication channels).
- Goods and services transactions: card payments.
Given the scope of our media, if you request information about specific processing, we will request special category data (e.g., health data, your sex and your partner's sex) necessary to adequately respond to your information request. In such cases, we will inform you appropriately, and you will decide whether to give your explicit consent for this type of data processing.
In this regard, we inform you that the requested data will be adequate, relevant, limited to what is strictly necessary, and processed only by authorized personnel and/or collaborators who have signed a confidentiality agreement and are committed to complying with the necessary security standards to ensure the confidentiality, integrity, and availability of the processed data, as well as other requirements legally established in the GDPR. Therefore, data will be processed legally.
The data we process will always be provided by the data subject, and if incomplete or incorrect, it will not be possible to respond to your information request or maintain the relationship.
The categories of data we may process about a person depend on the relationship they maintain with our entity, as shown below:
Website Users
Simply visiting our website makes you a user, and only if you expressly authorize it can analytical data be collected (e.g., visit duration, pages visited), including demographic data (e.g., gender, age, country, or language). For more information, visit our Cookies Policy.
If the user also interacts on our website, they may assume the following roles:
Information Requesters
Whether the requested information is by phone or in writing (e.g., email or web forms), we will request and process your identification, contact, and special category data. More information is available in the Information Requesters Policy.
Financial Donors
Since the information on our websites is free, we provide a section to make donations for interested parties. In these cases, we will process identification, banking, and accounting data.
Forum Participants
If the user has voluntarily registered to participate in our forums, we will process their access data (username or Nick and password).
Collaborators
Identification, contact, curriculum, accounting, and banking data will be processed. This data may be processed throughout all stages of the relationship.
Social Media Users
We are present on various social media platforms and may process identification, contact, commercial data, and other data that users allow to be displayed or shared with other social media users, including curriculum data (e.g., LinkedIn). For more information, see our Social Media Policy .
Complainants
Identification, contact, and personal information about themselves or third parties relevant to the complaint will be processed.
Subscribers
In the subscription forms for our professional or clinic directory, identification, contact, access, curriculum, banking, commercial, and goods and services transaction data provided by the subscriber will be processed.
More information for data subjects
Legally established information will be made available in the relevant privacy clauses included in different data collection media, so that you can freely and expressly decide whether the requested personal data will be processed by our entity.
All categories and types of processed personal data will be duly identified in the respective processing activities owned by our entity.
For what purposes will your data be processed?
In general, personal data processing by our entity aims to maintain the relationship with individuals who proactively contact us via web forms, phone, email, or postal mail, such as information requesters, website/blog or social media users, and interested parties in general.
Depending on this relationship, data processing serves different purposes, which are detailed below, illustratively and not exhaustively:
Information Requesters
We will process your personal data to respond to your information requests, identify you, provide advice, and communicate with you to provide the requested information. More information is available in the Information Requesters Policy.
Financial Donors
Your data will be processed for accounting and billing management, handling complaints and exercising rights, as well as other purposes required to fulfill this relationship, applicable laws, and to protect our legitimate interests.
Forum Participants
If registered on our website, data processing allows you to participate in open forums, interact with other registered users, delete your data upon request, and exercise your rights.
Collaborators
Your data will be processed to identify you, verify user credentials, demonstrate academic and professional expertise, allow you to respond to user inquiries, maintain the business relationship, carry out goods and services transactions, manage accounting, contact you, and for other purposes necessary to fulfill this relationship, our legal obligations, and legitimate interests.
Social Media Users
We will process your personal data to maintain the relationship as users of the same social media, identify you, contact you, and share news and other personal data that you allow to be shared with other social media users. For more information, see our Social Media Policy.
Complainants
Personal data will be processed to identify you, manage your complaint, and contact you regarding its status, as well as to comply with legal obligations and legitimate interests.
Website Users
By accepting cookies when visiting our website, any type of user data may also be processed for additional purposes (e.g., visit analysis). For more information, see our Cookies Policy.
Subscribers
Your data will be processed to create a profile to manage your registration in our professional/clinic directory, unsubscribe you, identify you, fulfill and maintain pre-contractual and contractual relationships including sending commercial communications, respond to inquiries, carry out quality controls and commercial statistics, conduct goods and services transactions, manage accounting and billing, handle incidents, complaints, and rights exercises, as well as for other purposes required to comply with this relationship, applicable laws, or our legitimate interests.
More information for data subjects
Legally established information will be provided in the respective privacy clauses included in various data collection media (e.g., forms, recordings, contracts) and others we provide (e.g., badges, invoices, legal notices), so that you can freely and expressly decide whether the requested personal data will be processed by our entity.
If you do not provide the requested data or provide incomplete or incorrect data, it will not be possible to respond to your information request or establish a relationship.
Data will not be processed further or for purposes other than those accepted by the data subject.
The purposes motivating personal data processing will be duly identified in the respective processing activities owned by our entity.
Why do we process your data (legal basis)?
The processing of your personal data by our entity is carried out based on one or more of the following legal bases:
- a. When you provide your explicit, free, informed, and unequivocal consent after being informed at the time of data collection and more extensively through this privacy policy. After reading this policy and agreeing, you can voluntarily authorize us to process your data for one or more purposes by checking the boxes provided in our web forms or by signing the information clauses provided at the time of data collection.
- For the execution of a contract in which you are a party or for pre-contractual measures you have requested.
- When processing is necessary to comply with a legal obligation applicable to our entity.
- When processing is necessary for the legitimate interests pursued by our entity or a third party, provided these interests do not override the rights and fundamental freedoms of the data subject. In this regard, our entity has conducted an analysis weighing our legitimate interests against the rights and freedoms of the data subject, always respecting fundamental rights.
In the case that the user is under 14 years old, parental or legal guardian consent is required to process their data. The user is solely responsible for the accuracy of the data provided.
Data Retention
Personal data provided will be retained while we maintain a relationship with you and for the time necessary to fulfill the purpose for which the data was collected.
Once the relationship ends, data will be blocked where necessary to comply with legal obligations, for claims or legal actions, for example:
| Data Subjects | Sectoral Scope | Legal Basis | Retention Period |
|---|---|---|---|
| Financial Donors, Collaborators | Accounting | Art. 30.1 Commercial Code | 6 years from the last entry |
| Financial Donors, Collaborators | Tax | Art. 66 General Tax Law 58/2003 | General period: 4 years In case of losses during the fiscal year: 10 years Invoices: 5 years |
| Website Users | Use of cookies | Guidelines on cookie use by the AEPD | Maximum 24 months |
| Information Requesters | Art. 6.3.b) GDPR 679/2016 | Retained only for the time strictly necessary to handle inquiries and lead accounting |
Profiling
In some cases, complex information requests require us to create a profile of the requester to tailor the information to their personal situation, sex, etc. This profile allows us to provide the exact information requested.
In such cases, we will inform you appropriately and request your prior explicit consent.
Similarly, you have the right to object to this type of processing at any time by contacting us in writing at: [email protected]
Data Sharing
As a general rule, our entity does not share personal data with third parties, although this may be necessary in certain cases, for example:
If you are an information requester, depending on the type of information requested, your data, including special category data (e.g., health data or the sex of the requester and their partner), may be shared with medical providers responsible for informing you about the specific service related to your request. Such sharing will only occur with your prior explicit consent.
According to the laws of each country, providers compatible with the selected processing may be located outside Spain. In such cases, the list of countries will be clearly indicated in the form before providing your data and in the personalized report sent via email. Therefore, your data may be shared with these medical providers located in these countries, but only with your prior explicit consent. More information in the Information Requesters Policy.
If you have made a financial donation or are a subscriber to our professional or clinic directory, your personal data may be shared with third-party entities due to legal obligations (e.g., Tax Agency), or with certain providers to whom we delegate some responsibilities (e.g., accounting advisors). In such cases, they are bound by a data processing agreement to comply with the same security measures implemented by our entity and to maintain confidentiality.
International Data Transfer
In case of transfers to third-party entities located outside the European Economic Area, we will inform you and request your prior explicit consent.
Security Measures
Our entity has implemented all necessary technical and organizational measures to protect personal data from loss, theft, or unauthorized use.
These measures are created according to the type of data processed and the purposes of the processing. They are periodically verified through internal compliance checks and external audits.
Your Rights
As a data subject, you or your legal representative (e.g., individuals under 14 years old) may contact our entity at any time to exercise your rights regarding personal data protection.
We explain these rights below:
Right of Access
You have the right to know and request at any time the following information:
- Whether we are processing your personal data.
- The purposes of processing and the categories of personal data processed.
- The origin of your data if you did not provide it.
- Recipients or categories of recipients to whom your personal data has been or will be disclosed, including recipients in third countries or international organizations.
- Information on adequate safeguards regarding transfers of your data to a third country or international organization, if applicable.
- The expected retention period or, if not possible, the criteria for determining that period.
- Whether automated decisions, including profiling, exist, significant information about the logic applied, and the importance and expected consequences of such processing.
- A copy of your personal data that is being processed.
Right to Rectification
You have the right to request the rectification of your personal data when it is inaccurate, as well as to complete it when it is incomplete.
Right to Object
You may object to the processing of your data when it is incorrect or no longer necessary for processing.
If you act as a defendant or are affected by a complaint under Law 2/2023, you may not exercise your right to object, as it is presumed (unless proven otherwise) that there are legitimate reasons justifying the processing of your personal data, in accordance with Article 31.4 of the Law.
Right to Erasure
You can request the deletion of your data for any of the following reasons:
- Your data is no longer necessary for the purposes for which it was collected or processed.
- You have not given consent for the processing of your data.
- You have exercised your right to object.
- Your data has been processed unlawfully.
- Your data must be deleted to comply with a legal obligation.
Right to Restriction of Processing
You may request the exercise of this right in the following cases:
- When you contest the accuracy of your data, for a period allowing the controller to verify its accuracy.
- When processing is unlawful and you object to erasure, requesting restriction instead.
- When data is no longer needed for processing purposes, but you need it to exercise, defend, or formulate claims.
- When you have objected to processing under Article 21.1, while it is verified whether the controller’s legitimate interests override yours.
Right to Data Portability
This is the right to obtain your data in a structured, commonly used, and machine-readable format, and to transmit it to another controller for further processing.
Right Not to Be Subject to Automated Decisions
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you in a similar way.
How to Exercise Your Rights
To exercise any of your rights, you must contact EUREKA FERTILITY SL in writing, either by postal mail to: Calle La Safor 12, pt 106 46015, Valencia (Spain) or by email at [email protected], specifying the rights you wish to exercise. If you act on behalf of another person, you must prove your representation.
For suggestions or inquiries regarding the processing of your personal data, you can contact the Data Protection Officer:
- BUSINESS ADAPTER, S.L.
- Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia), Spain.
- Data Subject Inquiry Form
You also have the right to file a complaint with the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
Commitment to Personal Data Protection
Purpose and Scope
This commitment aims to comply with European and Spanish data protection regulations and digital rights guarantees (GDPR and LOPDGDD) and applies to all departments and employees of our entity, as well as third parties acting on our behalf.
Principles Governing Personal Data Processing
We will process personal data lawfully, fairly, and transparently, ensuring data minimization, accuracy, limited retention, integrity, confidentiality, and accountability. The processing of special category data is prohibited unless otherwise specified in Article 9 of the GDPR and LOPDGDD.
Record of Processing Activities
Our entity will maintain a record of processing activities to evaluate processing risks and implement necessary security measures to ensure confidentiality, integrity, availability, and retention periods.
Impact Assessment
For each processing activity, we assess whether a Data Protection Impact Assessment is necessary to determine risks to the rights and freedoms of data subjects and whether additional technical or organizational measures are required to protect fundamental rights.
Security Measures and Breach Management
All necessary technical and organizational measures will be applied to protect personal data. In case of a security breach, the Security Breach Response Protocol will be implemented.
Data Protection Rights
Our entity will respond promptly and diligently to requests to exercise data protection rights or provide information on rights violations.
Guarantee of Digital Rights in the Workplace
Policies will be implemented to guarantee the digital rights of employees, informing them accordingly. This includes promoting work-life balance, the right to information, and privacy. Our entity may monitor job performance within the limits established by Article 20.3 of the Workers’ Statute.
Training
All relevant employees will receive training in both data protection and their digital rights in the workplace.
Control
We work with external consultants who provide advice and audits to ensure compliance with GDPR and LOPDGDD.
