DATA PROTECTION POLICY

  1. Who is the data controller?

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of data and on the free movement of such data (General Data Protection Regulation) and Organic Act 3/2018 of 5 December on Protection of Data and Guarantee of Digital Rights (LOPDGDD), we hereby inform you of the following:

  • The controller of the data provided in the contact forms of the website is LUDA CREATE, S.L. (LUDA), with corporate address at Calle San Germán N.º 6 Bis, 28020, Madrid.
  • LUDA has designated a Data Protection Officer (DPO), in accordance with what is provided in Articles 37 to 39 of the RGPD and Article 34.2 of the LOPDGDD, that you may contact via email (privacidad@ludapartners.ie).
  1. For which purpose do we process your data?

LUDA is worried about our users’ privacy, as well as about securely protecting their information. In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of data and on the free movement of such data (GDPR) and Organic Act 3/2018 of 5 December on Protection of Data and Guarantee of Digital Rights (LOPDGDD), we hereby inform users about how their data shall be processed:

  • Management of the requests for information about our services made through the website’s contact forms.
  • Management of their subscription to our newsletter, if applicable.
  • Pharmacy owners’ management of their membership and our service for connecting pharmacies through the platform, Internal Inquirer Manage (IIM).

We inform you that no automated decisions shall be adopted based on your profile.

  1. What is the legal standing for data processing?

Consent is the legal basis of data processing for the management of the requests users make through the contact website’s contact forms, as well as the subscription to our newsletter, in accordance with what is provided in Article 6.1.a) of the RGPD.

The performance of the contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract is the legal basis of data processing for pharmacy owners’ management of the membership and our service for connecting pharmacies through the platform, Internal Inquirer Manage (IIM), in accordance with Article 6.1.b) of the RPGD.

  1. How long shall we keep your data?

Regarding the data collected through our forms, they shall be kept as long as the data subject does not request their erasure or cancellation and as long as they are adequate, relevant, and limited to what is necessary for the purposes for which they are processed.

The data provided for the management of our service for connecting pharmacies through the platform, Internal Inquirer Manage (IIM), shall be kept as long as there is a contractual relation or for the period necessary to comply with our legal obligations.

A lawful, fair, and transparent data processing is guaranteed in both cases.

In any case, you may state in each communication we send you that you refuse to receive them, in a clear, easy and free manner.

  1. Which recipients shall receive their data?

LUDA shall not provide data to third parties nor internationally transfer them, except for the legally provided hypothetical cases.

We also inform you that LUDA hires entities to provide services that require access to data, thus, these entities are responsible for the data processing necessary for the provision of the corresponding services.

  1. What are your rights after you provide us with your data?

The data subject may exercise the rights detailed below, by attaching a copy of an irrefutable identification document (ID, Foreigners’ Identification Number, etc.) to the request and by addressing our Data Protection Officer via email (protecciondedatos@LUDA.es).

  • Right to access: The data subject shall have the right to obtain from LUDA confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data.
  • Right to rectification: The data subject has the right to request the rectification of inaccurate data concerning him or her. Likewise, the data subject also shall have the right to have incomplete data completed, including by means of providing a supplementary statement.
  • Right to erasure: The data subject shall have the right to obtain the erasure of personal data erased, where one of the grounds provided in Article 17 of the General Data Protection Regulation applies.
  • Right to restriction of processing: The data subject shall have the right to obtain restriction of data processing, where one of the grounds provided in Article 18 of the General Data Protection Regulation applies. In this case, such data shall, except for storage, only be processed with the data subject’s consent or for the establishment, exercise, or defence of legal claims.
  • Right to object: It is the right of the data subject to object, in certain circumstances and on grounds relating to his or her particular situation, to processing of data concerning him or her, in accordance with what is provided in Article 21 of the General Data Protection Regulation.
  • Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where one of the grounds provided in Article 20 of the General Data Protection Regulation is complied with.

To exercise any of these rights, you may make use of any of the models provided by the Spanish Data Protection Agency.