At BIODATA DEVICES, S.L., we understand that it is essential to maintain a transparent relationship with you. Therefore, we present our Privacy Policy below, so that you are duly informed at all times about how we collect and safely process any data you provide us.

Your data will be processed in accordance with current legislation and, specifically, in accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data. Also, with regard to Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.

A careful reading of our Privacy Policy will provide you with the necessary information to know what destination we will give to the data you provide us.

1 WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

If you, or an authorized person, have provided us with your data, we inform you that BIODATA DEVICES, S.L., with CIF: B47728456 is responsible for the processing of the same. This data will be processed in accordance with the provisions of current regulations on the protection of personal data.

It is possible that there are other parties responsible for the processing we carry out, in which case we will always inform you of who is responsible for the processing, as well as their identification data.

The Website may include hyperlinks or links that allow access to web pages of third parties other than www.biodatadevices.com and www.biodatadevices.es, and that therefore are not operated by BIODATA DEVICES, S.L.. The owners of said websites will have their own data protection policies, being themselves, in each case, responsible for their own treatments and their own privacy practices.

At BIODATA DEVICES, S.L. we are committed to fulfilling the obligation of secrecy of personal data and the duty to protect them. For this, we adopt the necessary measures to avoid its alteration, loss, treatment or unauthorized access in accordance with the provisions of the Regulation.

2 WHERE DO WE INFORM?

At BIODATA DEVICES, S.L. we inform through the website www.biodatadevices.com and www.biodatadevices.es in the section corresponding to the privacy policy. More information in “Legal Notice”.

3 WHAT PERSONAL DATA DO WE PROCESS?

The personal data we process is:

• Those that you decide to provide us voluntarily
• The data derived from the communications you maintain with us.
• The information corresponding to your own navigation in the case of Online Services, (IP address or information derived from cookies or similar devices (you can see our Cookies Policy on the web).
• That information that is available in sources accessible to the public, to which we can legitimately access.
• The data that derives from the contractual or pre-contractual relationship that you maintain with us, including your image, always informing you in this case of the possibility of capturing your image.
• Those that third parties provide us about you, there being a legitimate basis for it or having obtained your consent for it.
• The data of third parties that you provide us, with the prior consent of the third party in question.

You can consult more information in the section on registration of activities of this privacy policy.

4 HOW DO WE PROCESS THE DATA?

At BIODATA DEVICES, S.L. we process your personal data always in strict compliance with current legislation. In addition, we inform you that we have adequate technical and organizational measures to guarantee an optimal level of security, thereby guaranteeing that only those people who have authorization will access it, that we will keep it complete, avoiding any intentional or accidental loss and that we have reinforced the systems and data processing services.

However, because BIODATA DEVICES, S.L. cannot guarantee the impregnability of the internet or the total absence of hackers or others who fraudulently access personal data, it therefore undertakes to notify you without undue delay when a breach of the security of personal data occurs that is likely to entail a high risk for the rights and freedoms of natural persons. Following the provisions of article 4 of the GDPR, a breach of the security of personal data is understood to be any breach of security that causes the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorized communication or access to said data.

The operations, management and technical procedures that we carry out in an automated or non-automated way and that enable the collection, storage, modification, transfer and other actions on personal data, are considered personal data processing.

5 WHAT IS THE LEGITIMATION OF THE TREATMENT?

The basis of the legitimation of the processing of Personal Data will be that which results from the contractual or pre-contractual relationship, the employment relationship or any other that is required for the processing of data, such as express consent.

6 HOW DO WE MANAGE ELECTRONIC COMMUNICATIONS?

In accordance with the provisions of Law 34/2002 of July 11, on Services of the Information Society and Electronic Commerce, and Directive 2002/58/EC, we inform you that you may receive communications and information of a commercial nature through this electronic communication system (emails, automated response messages from forms and other communication systems) when you have given us your consent or if they are commercial communications referring to products or services similar to those previously provided by the controller of your data.

In the event that you do not wish to receive communications and information of this nature, you can notify us by this same means indicating in the subject “UNSUBSCRIBE COMMERCIAL COMMUNICATIONS” so that your personal data is unsubscribed from our database. Your request will be actioned within 1 month of sending it. In the event that we do not receive an express response from you, we will understand that you accept and authorize our entity to continue carrying out the aforementioned communications.

In the case of receiving such communications by these means, we inform you that the messages are directed exclusively to their recipient and may contain privileged or confidential information. If you are not the indicated recipient, we notify you that the use, disclosure and/or unauthorized copying is prohibited under current legislation.

7 HOW LONG DO WE KEEP YOUR DATA?

The personal data relating to natural persons that we collect from BIODATA DEVICES, S.L. by any means, will be kept as long as the interested party does not request its deletion. Likewise, they will be kept as long as the relationship that originated the processing of the data is maintained, respecting in any case the legal conservation periods. Once this period has concluded, the personal data will be eliminated from all BIODATA DEVICES, S.L. systems.

8 WILL YOUR DATA BE COMMUNICATED TO THIRD PARTIES?

There will be no transfer, transmission or transfer of personal data, except those already reported, that are not as a result of a legal obligation. If your data is requested by requirement of the Public Administration or of the Autonomous Institutions in the scope of the functions that the law expressly attributes to them, these will be transmitted.

If there is a transfer, transmission or transfer of personal data outside of the cases previously provided, you will be previously informed so that, if applicable, you give us your consent.

But in order to organize ourselves correctly, have good operations and procedures that guarantee good management, from BIOD ATA DEVICES, S.L. it may be necessary to contract the services of advisors, professionals, or other service companies to process data under our instructions.

This treatment on behalf of third parties is regulated in a contract that is in writing or in some other legally admitted form and that allows to prove its celebration and content, expressly specifying that the data processor will process the data in accordance with our instructions and will not apply or use them for a purpose other than that which appears in said contract, nor will it communicate them, not even for their conservation, to other people.

9 WHAT ARE YOUR RIGHTS?

The data protection regulations confer the following rights:

• Right of access: It is the right of the User to obtain confirmation of whether or not BIODATA DEVICES, S.L. is processing their personal data and, if so, to obtain information about their specific personal data and the processing that BIODATA DEVICES, S.L. has carried out or carries out, as well as, among others, the information available on the origin of said data and the recipients of the communications made or planned of the same.
• Right of rectification: It is the right of the User to have their personal data that is inaccurate modified or, taking into account the purposes of the processing, incomplete.
• Right of deletion (“the right to be forgotten”): It is the right of the User, provided that current legislation does not establish otherwise, to obtain the deletion of their personal data when these are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn their consent to the processing and this does not have another legal basis; the User opposes the processing and there is no other legitimate reason to continue with it; personal data has been processed unlawfully; personal data must be deleted in compliance with a legal obligation; or personal data has been obtained as a result of a direct offer of information society services to a minor under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its application, must take reasonable measures to inform those responsible for processing personal data of the interested party’s request to delete any link to those personal data.
• Right to limitation of processing: It is the right of the User to limit the processing of their personal data. The User has the right to obtain the limitation of the processing when they challenge the accuracy of their personal data; the processing is illegal; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User has opposed the processing.
• Right to data portability: In the event that the processing is carried out by automated means, the User will have the right to receive from the Data Controller their personal data in a structured format, of common use and mechanical reading, and to transmit them to another data controller. Whenever technically possible, the Data Controller will directly transmit the data to that other controller.
• Right of opposition: It is the right of the User to not have the processing of their personal data carried out or to cease the processing of the same by BIODATA DEVICES, S.L.
• Right not to be subject to a decision based solely on automated processing, including profiling: It is the right of the User not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, existing unless current legislation establishes otherwise.

If you want more information regarding the processing of your data, rectify those that are inaccurate, oppose and/or limit any treatment that you consider unnecessary, or request the cancellation of the treatment when the data is no longer necessary, you can write to BIODATA DEVICES, S.L. at Calle Páramo leonés, 56, 47008 – Valladolid (Valladolid) or by email to info@biodatadevices.com.

• Said communication must reflect the following information: Name and surname of the user, the request for application, the address and the supporting data.
• The exercise of rights must be carried out by the user themselves. However, they may be executed by an authorized person as legal representative of the authorized. In such case, the documentation that proves this representation of the interested party must be provided.

Likewise, we want to inform you that you can withdraw the consent given without affecting the legality of the treatment already carried out, sending your request to the same address indicated in the previous paragraph. In this case, you must accompany your request with a copy of your DNI or document proving your identity.

In the event that you consider that there is a problem or infringement of current regulations in the way in which your personal data is being processed, you will have the right to effective judicial protection and to file a claim with a control authority, in particular, in the State in which you have your habitual residence, place of work or place of the alleged infringement. In the case of Spain, the control authority is the Spanish Agency for Data Protection (https://www.aepd.es/) – C/ Jorge Juan, 6 28001-Madrid – FAX: 914483680- TELF: 901 100 099- E-mail: ciudadano@agpd.es.

10 WHAT IS THE PURPOSE AND BASIS OF LEGITIMATION FOR THE PROCESSING OF DATA AND HOW LONG WILL THE DATA BE KEPT?

We detail below the purposes of the data processing carried out by some, or all, of the Data Controllers listed above.

TREATMENT ACTIVITY	PURPOSE OF THE TREATMENT	LEGITIMATION BASIS	CONSERVATION PERIOD
Advertising sending	Sending commercial information, notifications about events and events of interest, offers, information about products and services, to clients and/or potential clients.	Express consent of the interested party	Until cancellation and/or opposition by the owner Until the relevant loss of its use
Electronic commerce	Preparation and management of orders and purchases made through web platforms.	Contractual relationship Commercial relationship	5 years from the end of the contract The term legally established by the specific regulations
Web management	Manage queries, contacts and claims received through the website	Express consent of the interested party	Until cancellation and/or opposition by the owner Until the relevant loss of its use

11 ACCEPTANCE AND CHANGES IN THIS PRIVACY POLICY

It is necessary that the User has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as that they accept the processing of their personal data so that the Data Controller can proceed to it in the form, during the terms and for the indicated purposes. The use of the Website will imply acceptance of the Privacy Policy of the same.

BIODATA DEVICES, S.L. reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Agency for Data Protection. Changes or updates to this Privacy Policy will not be explicitly notified to the User. The User is recommended to consult this page periodically to be aware of the latest changes or updates.

This Privacy Policy was updated to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.

This Privacy Policy document has been reviewed as of: 06/17/24