Privacy Policy
Privacy Policy and General Conditions
Previous recommendation.
Welcome to the Vascular Lipedema website, please read our Privacy Policy.
In this privacy statement we explain what personal data we collect from users and how it is used. We encourage you to read these terms carefully before providing personal data on this website. Those over thirteen years of age may register on lipedemasvascular.com as users without the prior consent of their parents or guardians.
In the case of minors under thirteen years of age, the consent of their parents or guardians is required for the processing of their personal data.
Our website is protected by an SSL security certificate, your data is not visible over the internet.
Under no circumstances will data relating to the professional or economic situation or the privacy of other family members be collected from minors without their consent.
If you are under thirteen years of age and have accessed this website without notifying your parents, you should not register as a user.
On this website, the personal data of users is respected and taken care of. As a user you should know that your rights are guaranteed.
Principles regarding your privacy:
- We never request personal information unless it is truly necessary to provide you with the services you require.
- We never share my users’ personal information with anyone, except to comply with the law or with your express authorization.
- I never use your personal data for a purpose other than that expressed in this privacy policy.
- It is necessary to warn that this Privacy Policy could vary depending on legislative or self-regulation requirements, so users are advised to visit it periodically.
- It will be applicable if users decide to fill out a form on any of their contact forms where personal data is collected.
Vascular Lipedema (lipedemasvascular.com) has adapted this website to the requirements of Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD), and Royal Decree 1720/2007, of December 21 , known as the Regulations for the development of the LOPD. It also complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons (RGPD), as well as Law 34/2002, of July 11, Information Society Services and Electronic Commerce (LSSICE or LSSI).
Responsible for the processing of your personal data.
Identity of the Controller: Doctor Andrés Reyes Valdivia
Commercial name: Lipedema Vascular
NIF/CIF:
Address: Menendez Pidal, 39 – Madrid
Email: consulta@lipedemasvascular.com
Activity: Health Services
For the purposes of the provisions of the aforementioned General Data Protection Regulation, the personal data you send through the forms on the website will be treated as “Website users and subscribers”.
Principles that apply to personal information.
When processing your personal data, we will apply the following principles that comply with the requirements of the new European data protection regulation:
- Principle of legality, loyalty and transparency: We will always require your consent for the processing of your personal data for one or more specific purposes that we will inform you in advance with absolute transparency.
- Data minimization principle: We will only request data that is strictly necessary in relation to the purposes for which I require it. The minimum possible.
- Principle of limitation of the conservation period: the data will be kept for no longer than necessary for the purposes of the treatment, depending on the purpose, we will inform the corresponding conservation period.
- Principle of integrity and confidentiality: your data will be treated in such a way that adequate security of personal data is guaranteed and confidentiality is guaranteed.
How is your data obtained?
The personal data that I process at lipedemasvascular.com comes from:
- Contact Form.
- Service request form.
- Newsletter registration form.
What are your rights when you provide your data?
Anyone has the right to obtain confirmation as to whether lipedemasvascular.com is processing their personal data.
Interested persons have the right to:
- Request access to personal data relating to the interested party.
- Request its rectification or deletion.
- Request the limitation of your treatment.
- Oppose treatment.
- Request data portability.
The interested parties may access their personal data, as well as request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data.
Lipedema Vascular will stop processing the data, except for legitimate reasons when:
- The treatment is based on consent.
- The data has been provided by the interested person.
- The treatment is carried out by automated means.
By exercising your right to data portability, you have the right to have personal data transmitted directly from controller to controller where technically possible.
For what purpose do we process your personal data?
When a user connects to this website, they are providing personal information for which Lipedema Vascular is responsible. This information may include personal data such as your IP address, name, physical address, email address, telephone number, and other information. By providing this information, the user gives their consent for their information to be collected, used, managed and stored by www.lipedemasvascular.com, only as described in the Legal Notice and in this Privacy Policy.
In Vascular Lipedema there are different systems for capturing personal information based on forms:
Contact form: I request the following personal information: Name, Email, telephone number to respond to the requirements of users of https://www.lipedemasvascular.com.
Newsletter subscription form: In this case, we request the following personal data: Name, Email, to manage the subscription list, send newsletters, promotions and special offers, provided by the user when subscribing. The data will be located on MailChimp servers outside the EU in the US. MailChimp is covered by the EU-US Privacy Shield agreement, whose information is available here, approved by the European Data Protection Committee.
Service request form: We request the following personal data: Name, Email, telephone number to request any of the services that www.lipedemasvascular.com.com makes available to its users. The information collected will allow you to request the corresponding service for possible offline processing. Requests will be responded to by email.
Other purposes of processing personal data:
To ensure compliance with the conditions of use and applicable law. This may include the development of tools and algorithms that help this website guarantee the confidentiality of the personal data it collects.
To support and improve the services offered by this website.
Other non-identifying data is also collected, obtained through some cookies that are downloaded to the user’s computer when browsing this website, which is detailed in the cookie policy.
To manage social networks. Vascular Lipedema may have a presence on social networks.
The processing of data carried out on people who become followers of the official pages of lipedemasvascular.com on social networks will be governed by this section. As well as those conditions of use, privacy policies and access regulations that belong to the social network that applies in each case and previously accepted by the Lipedema Vascular user.
It will process your data for the purposes of correctly managing your presence on the social network, informing about Lipedema Vascular activities, products or services. As well as for any other purpose that the regulations of social networks allow.
In no case will I use the profiles of followers on social networks to send advertising individually.
In accordance with the provisions of the European general data protection regulation (GDPR) 2016/679, Lipedema Vascular (Lipedema Vascular) will be responsible for the processing of data corresponding to users of the website and subscribers.
Lipedema Vascular does not sell, rent or transfer personal data that may identify the user, nor will it do so in the future, to third parties without prior consent. However, in some cases collaborations can be carried out with other professionals, in those cases, consent will be required from users informing them of the identity of the collaborator and the purpose of the collaboration. It will always be carried out with the strictest safety standards.
Legitimation for the processing of your data.
The legal basis for the processing of your data is: consent.
To contact or make comments on this website, consent with this privacy policy is required.
The prospective or commercial offer of products and services is based on the consent requested, without in any case the withdrawal of this consent conditioning the execution of the subscription contract.
Category of data collected.
The categories of data processed are identifying data.
In no case are specially protected or sensitive categories of data processed.
How long do we keep your data?
The personal data provided are kept until the purpose for which they are processed ends or as long as there is a legal obligation to keep them.
To which recipients will your data be communicated?
To provide services strictly necessary for the development of the activity, www.lipedemasvascular.com, shares data with the following providers under their corresponding privacy conditions:
Google Analytics: a web analytics service provided by Google, Inc., a Delaware company whose main office is at 1600 Amphitheater Parkway, Mountain View (California), CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files located on your computer, to help www.lipedemasvascular.com analyze how users use the website. The information generated by the cookie about your use of www.lipedemasvascular.com (including your IP address) will be directly transmitted to and stored by Google on servers in the United States.
Hosting: Strato, domiciled in Germany, processes the data for the purpose of performing its hosting services and backup copies where the files of our Lipedema Vascular applications and hard drives are stored.
The security protocols applied are the following:
Appendix 2 to the Data Processing Agreement: technical and organizational security measures according to art. 32 GDPR
version 1.0
1. Confidentiality (Article 32 (1) (b) GDPR)
1.1 Entry control
Unauthorized persons must be denied access to rooms containing data processing equipment.
Definition of security areas.
• Realization of effective access protection.
• Access log.
• Determination of people with access authorization.
• Management of personal access authorizations.
• Accompaniment of external personnel.
• Room monitoring.
1.2 Login control
The use of data processing systems by unauthorized persons must be avoided.
• Determination of the protection requirement.
• Login protection
• Implementation of secure login procedures, strong authentication
• Implementation of simple authentication using username password
• Login registration
• Monitoring of critical IT systems.
• Secure (encrypted) transmission of authentication secrets
• Lock in case of failed attempts/inactivity and process to reset locked login IDs
• Prohibit memory function for passwords and/or form entry (server/clients)
• Determination of authorized persons.
• Management and documentation of means of personal authentication and login permissions.
• Automatic login lock and manual login lock
1.3 Access Control
Only data for which access is authorized can be accessed. The data may not be read, copied, altered or deleted without authorization during processing, use and after storage.
• Create an authorization concept
• Implement access restrictions.
• Assignment of minimum authorizations.
• Administration and documentation of personal access rights.
• Avoid concentration of roles.
1.4 Usage control
It must be ensured that data collected for different purposes can be processed separately.
• Data economy in the management of personal data.
• Separate processing of different data sets.
• Verification and elimination of the purpose of regular use
• Separation of test and development environment.
1.5 Privacy Friendly Presets
• If data is not required to achieve the intended purpose, the default technical settings will be set in such a way that data will only be collected, processed, transmitted or published by an action of the data subject.
2. Integrity (Article 32 (1) (b) GDPR)
2.1 Transfer control
The objective of transfer control is to ensure that personal data cannot be read, copied, altered or deleted during electronic transmission or during its transport or storage on data carriers, and that it is possible to verify and determine where the personal data is provided. through data transmission.
• Determination of recipient/transferred entities/persons
• Examination of the legality of the transfer abroad.
• Registration of transmissions according to the registration concept.
• Secure data transfer between server and client.
• Transmission backup on the backend
• Secure transmission to external systems.
• Minimization of risks through network separation.
• Implementation of security gateways at network transfer points.
• Hardening of backend systems.
• Description of the interfaces.
• Implementation of machine-machine authentication
• Secure data storage, including backups.
• Secure storage on mobile data carriers.
• Introduction of a disk management process.
• Collection and disposal process.
• Privacy-compliant disposal and destruction procedures.
• Disposal record management.
2.2 Input control
The purpose of input control is to ensure that it can be verified and subsequently verified whether personal data has been entered, modified or deleted in data processing systems.
• Registration of entries.
• Documentation of entry permits.
3. Availability, resilience, disaster recovery.
3.1 Availability and resilience (Article 32 (1) (b) GDPR)
• fire protection
• Primary technology redundancy.
• Power supply redundancy.
• Redundancy of communication connections.
• Supervision
• Planning and deployment of resources.
• Defense against systemic abuse.
• Concepts and implementation of data backup
• Periodic control of emergency facilities.
3.2 Disaster recovery: rapid recovery after incident (article 32 (1) (c) GDPR)
• Emergency plan
• Data backup concepts and implementation
4. Data protection organization.
• Definition of responsibilities.
• Implementation and control of adequate processes.
• Notification and approval process.
• Implementation of training measures.
• Confidentiality commitment.
• Regulations for the internal distribution of tasks.
• Consideration of separation of roles and assignment
• Introduction of an appropriate representative scheme.
5. Order control
The purpose of order control is to ensure that personal data processed as part of the order can only be processed in accordance with the customer’s instructions.
• Selection of other processors for adequate guarantees.
• Entering into a data processing agreement with other processors.
• Conclusion of a data processing agreement with STRATO
6. Procedure for periodic review, evaluation and evaluation (Article 32 (1) (d) of the GDPR, Article 25 (1) of the GDPR)
• Information security management according to ISO 27001.
• Process of evaluation of technical measures and organizational.
• Security incident management process.
• Carrying out technical reviews.
MailChimp / email marketing: MailChimp, based in the USA. More information at: https://mailchimp.com/ processes the data for the purpose of providing email marketing services to Lipedema Vascular.
Navigation.
When browsing www.lipedemasvascular.com, non-identifiable data may be collected, which may include IP addresses, geographic location (approximately), a record of how the services and sites are used, and other data that cannot be used to identify the user. user. Non-identifying data also includes data related to your browsing habits through third-party services. This website uses the following third-party analysis services:
Google analytics.
We use this information to analyze trends, administer the site, track users’ movements around the site, and to gather demographic information about my user base as a whole.
Secrecy and data security.
www.lipedemasvascular.com is committed to the use and processing of data, including personal data of users, respecting their confidentiality and using them in accordance with their purpose, as well as complying with their obligation to store them and adapt all measures to avoid alteration, loss, unauthorized treatment or access, in accordance with the provisions of current data protection regulations.
This website includes an SSL certificate. It is a security protocol that ensures that your data travels completely and safely, that is, the transmission of data between a server and a web user, and in feedback, is fully encrypted or encrypted.
www.lipedemasvascular.com cannot guarantee the absolute impregnability of the Internet network and therefore the violation of data through fraudulent access to it by third parties.
With respect to the confidentiality of processing, Lipedema Vascular will ensure that any person who is authorized by Lipedema Vascular to process customer data (including its staff, collaborators and providers), will be under the appropriate obligation of confidentiality and compliance with the GDPR ( whether a contractual or legal duty).
When a security incident occurs that puts the rights of the clients at risk, upon becoming aware of Lipedema Vascular, it will notify the Client and the AEPD in less than 72 hours without undue delay and must provide timely information related to the Security Incident such as is known or when the Client reasonably requests it.
Risk Analysis Report for data processing.
This risk report is updated every time we have to process our clients’ data, establishing the appropriate corrective measures:
- Our data processing does not include profiling.
- The automated processing of data that we carry out does not entail the risk of loss of rights, legal consequences or discrimination of the user.
- We do not monitor those who provide us with their data.
- We do not process especially sensitive data or data of vulnerable people.
- We do not apply any type of technology to the data that carries the risk of loss of rights or prevents access to a contracted service.
Identified Risks and control measures we take
- Unintentional modification or alteration of personal data: There is no access to data by third parties locally, the computer where the data is stored is protected by an antivirus system and Firewall to prevent unwanted attacks.
- Loss or unintentional deletion of personal data: A backup copy of the data is stored at Strato AG, our Hosting company.
- Unauthorized access to personal data: No one in the company has access to personal data except the person in charge of processing who is the administrator of the company.
- Absence of procedures for the exercise of rights: We publish in our online media the way in which the user can exercise their rights regarding the data.
- Absence of legitimacy for the processing of personal data: We include the informative clauses of the purpose and ask for express consent.
Accuracy and truthfulness of the data.
As a user, you are solely responsible for the veracity and correctness of the data you send to https://www.lipedemasvascular.com, exonerating Lipedema Vascular (Lipedema Vascular) from any responsibility in this regard.
Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep it duly updated. The user agrees to provide complete and correct information in the contact or subscription form.
Acceptance and consent.
The user declares to have been informed of the conditions on the protection of personal data, accepting and consenting to the processing thereof by Lipedema Vascular (Lipedema Vascular) in the manner and for the purposes indicated in this privacy policy.
Revocability.
The consent given, both for the treatment and for the transfer of the data of the interested parties, is revocable at any time by communicating it to Lipedema Vascular (Lipedema Vascular) in the terms established in this Policy for the exercise of rights. This revocation will in no case be retroactive.
Changes to the privacy policy.
Vascular Lipedema reserves the right to modify this policy to adapt it to legislative or jurisprudential developments, as well as industry practices. In such cases, Lipedema Vascular will announce the changes introduced on this page with reasonable advance notice of their implementation.
Emails
In accordance with the LSSICE, https://www.lipedemasvascular.com does not practice SPAM, so it does not send commercial emails electronically that have not been previously requested or authorized by the user. Consequently, in each of the forms on the website, the user has the possibility of giving their express consent to receive the newsletter, regardless of the commercial information specifically requested.
The email servers used by Lipedema Vascular use SSL security protocols and their contents always travel encrypted over the network.
In accordance with the provisions of Law 34/2002 on Information Society Services and electronic commerce, www.lipedemasvascular.com undertakes not to send commercial communications without properly identifying them.
Document reviewed on 04-10-2024