Skip to content

Privacy Policy

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (hereinafter, GDPR), with Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (hereinafter, LSSI-CE), and with Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

TITO RODRÍGUEZ BOUZA guarantees the protection and confidentiality of personal data provided to us in accordance with the provisions of the General Data Protection Regulation (hereinafter, GDPR) and Organic Law 3/2018. We inform you that the purpose of your personal data is to manage communications and business relationships. 

In compliance with the provisions of the GDPR, you may exercise the rights set forth in Articles 15 to 22 of the GDPR under the terms established therein, by writing to Calle Hermosilla nº48 – 1ºI, 28001, Madrid, or by sending an email to patients@drtitorodriguezbouza.com 

The Data Protection Policy of TITO RODRÍGUEZ BOUZA rests on the principle of proactive responsibility, according to which the Data Controller is responsible for compliance with the regulatory and jurisprudential framework and is able to demonstrate it to the corresponding supervisory authorities.

The data provided will be treated in the terms established in the GDPR; in this sense, TITO RODRÍGUEZ BOUZA has adopted the levels of protection legally required and has installed all technical measures within its reach to prevent loss, misuse, alteration, or unauthorized access by third parties, as set out below. However, the user must be aware that Internet security measures are not impregnable.

1. DETAILS OF THE DATA CONTROLLER

Trade Name: TITO RODRÍGUEZ BOUZA (hereinafter, the “Company” or the “Controller”).
VAT ID (CIF): 50873193E
Registered Office: Calle Hermosilla 48 1D – 28001 – MADRID – SPAIN
Phone: +34 636577506
Email for Data Protection communications: drtitorodriguezbouza@gmail.com
By providing us with your data, You declare that you have read and are aware of this Privacy Policy, giving your unequivocal and express consent to the processing of your personal data according to the purposes and terms expressed herein.
The Company may modify this Privacy Policy to adapt it to new legislation, jurisprudence, or interpretations by the Spanish Data Protection Agency. These privacy conditions are complemented by the Legal Notice and Cookies Policy.

1.1 Data Protection Officer

TITO RODRÍGUEZ BOUZA is not obliged to appoint a Data Protection Officer as it does not fall within the cases covered by Article 34 of the LOPDGDD.

2. PURPOSE OF THE PROCESSING OF PERSONAL DATA

  1. Provision of healthcare assistance and clinic management
    • Providing the requested healthcare attention and adequately managing the center’s assistance and administrative services.
    • Reminding of appointments and check-ups.
    • Issuing certificates of attendance in favor of relatives or persons linked to the patient, when permitted by regulations.
    • Managing incidents, complaints, and claims.
    • Conducting satisfaction surveys aimed at improving and developing assistance and management services.
  2. Patient Space / Patient Portal
    • Managing the registration, access, and use of the digital tool by registered users.
  3. Handling of requests
    • Attending to and processing requests for information of any kind (including commercial information), as well as suggestions, complaints, and the exercise of data protection rights.
  4. Compliance with legal obligations
    • Complying with applicable legal obligations (health, data protection, tax, and any others that may apply).
  5. Formalization and execution of the contractual relationship
    • Managing the relationship derived from the contracting of services (including the acceptance of quotes/orders and, where appropriate, the signing of contracts).
  6. Information on products and services
    • Providing information related to the products and services offered by the Controller detailed on this website, as well as catalog updates.
  7. Informative communications and news
    • Sending, by electronic and/or postal means, news and updates about the entity and its services.
  8. Commercial communications
    • Sending commercial communications related to the services offered, provided that the interested party has given their prior and express consent.

Explanatory notes

  • Processing for scientific research or statistical purposes is not considered incompatible with the above purposes.
  • The Controller will provide the same level of quality of care, regardless of the communication channel used by the patient/user.

Care Channel: WhatsApp/WhatsApp Business will be the preferred channel for video calls and clinical messaging if the patient chooses so, with security measures (encrypted devices, two-step verification, notification control) and without default recording. The patient may choose an alternative channel (Teams/Zoom/encrypted email) without penalty.

2.1. Retention Period of your data

We will keep your personal data from the time you give us your consent until you revoke it, or request the limitation of processing, complying with the legally established periods in the applicable regulations. In such cases, we will keep your data blocked during the legally required periods.

In general, your data will only be kept for the time strictly necessary for the purpose for which they were collected. 

Personal data provided, as well as those derived from the healthcare assistance provided, will be kept for the appropriate time for each case (based on medical and legal criteria), and for a minimum of ten years from the discharge date of each care process, unless regional and/or specific regulations establish a different minimum retention period, in which case the applicable regulations will be followed. 

Once the aforementioned minimum period has passed, and the care and contractual relationship has ended, the controller will keep your data duly blocked during the term of the periods corresponding to legal prescription. 

Personal data provided for the purpose of managing any request for information, complaint, suggestion, claim, exercise of data protection rights, etc., will be kept for the time necessary to process the request, and in any case during the time established legally, as well as during the period necessary for the formulation, exercise, or defense of claims. 

Data processed for compliance with legal obligations will be kept for the time established in the applicable legislation. 

Data collected for the formalization and execution of the contract will be kept for the duration of the contractual relationship, as well as during the period necessary for the formulation, exercise, or defense of claims, for a minimum of five years. 

3. LEGITIMATION AND COLLECTED DATA

The legitimation for the processing of your data is the express consent granted through an express and affirmative act (filling out the corresponding form and checking the box accepting this policy) at the time of providing us with your personal data.

3.1. Consent to process your data

By filling out the forms, checking the “I accept the Privacy Policy” box and clicking to send the data, or by sending emails to the Company through the accounts enabled for this purpose, the User states that they have read and expressly accepted this privacy policy, and grants their unequivocal and express consent to the processing of their personal data according to the indicated purposes.

3.2. Categories of data

The data collected refers to the category of identification data, such as:
Name and Surname, Telephone, Postal Address, Company, Email, insurance card, Personal characteristics, social or socio-sanitary circumstances, Identification data, contact details of patients or their representatives (including signature, image, health card, social security or mutual society number) and any other administrative data, Transactional data (payments, income, transfers, debits), as well as the IP address from which the data collection form is accessed.


Once the Consultation has begun, the category of data qualified as sensitive will be “Health,” consisting of medical history, medical tests, medical reports, and the information contained in these documents.

The data may come from the interested party (patient) themselves or, where appropriate, from their legal or voluntary representative and/or healthcare personnel. In the case of a contact questionnaire from this website, exclusively those described in said form. 

4. SECURITY MEASURES

Within our commitment to guarantee the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to guarantee the security of personal data and avoid its alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the stored data, and the risks to which they are exposed, according to Art. 32 of GDPR EU 679/2016.

5. DATA DISCLOSURE AND INTERNATIONAL TRANSFERS

Your personal data will be treated with maximum confidentiality and will not be communicated to third parties except for legal obligation, vital interest, or prior consent of the interested party. However, for the correct provision of the medical and administrative service, it is necessary to carry out the following data communications and international transfers under strict security guarantees:

5.1. Medical Collaborators and Health Centers Data may be transferred to Clínica NorSalud SLP (VAT ID B82907627), to CENTRO MÉDICO VALDEBERNARDO S.L.P (VAT ID B85372472), or to Dr. Tania Ramos (ID 50859135V), whose exclusive purpose will be the provision of health services in medical-health centers necessary for treatment management, interconsultation, and performance of medical tests.

We also inform you that your personal data may be communicated to providers of medical material, prostheses, and implants due to legal obligation, or to ambulance services based on a vital interest of the patient themselves.

5.2. Technology Providers and International Transfers (WhatsApp / Meta) For the realization of video consultations and agile appointment management, the User may voluntarily opt for the use of the WhatsApp platform. In accordance with the principle of transparency of the GDPR, detailed information is provided on the identity of the provider and the data flow:

  • Service Provider Entity (EEA): The services are provided by WhatsApp Ireland Limited, with registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  • Parent Company and Data Subprocessor: The technical infrastructure depends on Meta Platforms, Inc., with headquarters at 1601 Willow Road, Menlo Park, California 94025, United States.

The use of this platform implies an International Data Transfer to the United States (mainly technical metadata, IP, phone number, and connection data). The User is informed and consents to this transfer necessary for the execution of the communication service. Said transfer is carried out with adequate guarantees, under the EU-U.S. Data Privacy Framework to which Meta Platforms, Inc. adheres (guaranteeing an adequate level of protection in accordance with European regulations), and subsidiarily through Standard Contractual Clauses (SCC). The patient can always opt for alternative channels within the EEA (such as encrypted email) if they do not wish to use this route.

5.3. Insurers and Payment Management Given that the patient may have an insurance contract by virtue of which a third party (e.g., insurance companies, mutuals, public administrations) is obliged to pay for the health services, we will communicate their data to said entities solely for the purpose of managing, validating, and invoicing the healthcare services provided.

  • Authorization: You expressly and unequivocally authorize this transfer of data for collection management.
  • Insurers outside the EEA: In the event that the patient has arranged insurance with an entity located outside the European Economic Area (E.E.A.) whose legislation does not offer a level of data protection equivalent to that of the EU, it may be necessary to carry out an international data transfer. Said transfer will be carried out with the prior explicit consent of the patient and only for the purpose of facilitating payment for services.
  • Consequences of opposition: If you oppose the communication of your data to your insurer, these entities may refuse payment for the healthcare services, with you being responsible for the full payment thereof as billing cannot be verified.

5.4. Other Service Providers To guarantee an adequate provision of the service, it is necessary for certain external service providers (data processors), such as consultancies, payment platforms (including cryptocurrency or card processing), or web analytics services, to process data on behalf of the controller. In case any of these providers (e.g., Google or international payment gateways) transfer data outside the EEA, adherence to the Data Privacy Framework or the signing of Standard Contractual Clauses will be required.

6. USER RIGHTS

We inform you that you may exercise the following rights: 

  1. a) Right of access to your personal data, to know which are being processed and the processing operations carried out with them; 
  2. b) Right of rectification of any inaccurate personal data; 
  3. c) Right of erasure (deletion) of your personal data, when this is possible (for example, by legal imperative); 
  4. d) Right to restriction of the processing of your personal data when the accuracy, legality, or necessity of the data processing is in doubt, in which case, we may keep them for the exercise or defense of claims. 
  5. e) Right to object to the processing of your personal data, when the legal basis enabling us to process them is our legitimate interest. TITO RODRÍGUEZ BOUZA will stop processing your data unless there is a legitimate interest or it is necessary for the defense of claims, when this right applies. 
  6. f) Right to portability of your data, when the legal basis enabling us to process them is the existence of a contractual relationship or your consent. 
  7. g) Right to revoke the consent granted to TITO RODRÍGUEZ BOUZA. 

To exercise your rights, you can do so free of charge and at any time, by contacting us at Calle Hermosilla nº48 – 1ºI, 28001, Madrid, or by writing an email to patients@drtitorodriguezbouza.com. 

6.1. How to exercise my rights?

To exercise your rights, you must address the controller, requesting the corresponding form for the exercise of the chosen right. Optionally, you can go to the competent Supervisory Authority to obtain additional information about your rights. The contact details for the exercise of your rights are the telephone +34 636577506 and the email: pacientes@drtitorodriguezbouza.com. Remember to accompany a copy of a document that allows us to identify you.

In case you understand that your rights have been disregarded by our entity, you can file a claim with the Spanish Data Protection Agency (Agencia Española de Protección de Datos), through any of the following means: 

.- Electronic Office: https://www.aepd.es 

.- Postal Mail: Agencia Española de Protección de Datos, C/ Jorge Juan, 6, 28001, Madrid 

.- Telephone: +34 901.100.099 and +34 912.663.517 

Filing a claim with the Spanish Data Protection Agency does not entail any cost and the assistance of a lawyer or solicitor is not necessary. 

7. CONSENT FOR SENDING ELECTRONIC COMMUNICATIONS

Likewise, and in accordance with the provisions of Law 34/2002 of 11 July on Information Society Services and Electronic Commerce, by completing the data collection form and checking the corresponding box “I accept the sending of Electronic Communications”, you are granting express consent to send information about the Company to your email address, telephone, fax, or other electronic means.

8. Authorization for the use of the Electronic Medical Prescription service (REMPe)

By accepting these privacy conditions, I expressly authorize the communication of my personal data to DPS for the use of the Electronic Medical Prescription service (REMPe).

The acceptance of this authorization entails that your data be incorporated into the personal data processing system for which DIGITAL PRESCRIPTION SERVICE S.A. (hereinafter “DPS”) is the DATA CONTROLLER, with registered office at Calle Velázquez, n.º 27, 1ª planta, C.P. 28001, Madrid (Spain), with the PURPOSE of correctly managing the operation of the REMPe system regarding the medical treatment and electronic prescription of the interested parties.  The LEGITIMATION to carry out this processing is based on the public interest of DPS to guarantee the correct functioning of the REMPe system and comply with the provisions of Royal Decree 1718/2010. The data provided to us MAY BE COMMUNICATED to prescribing professionals and pharmacists for the prescription and dispensing of medicines, as well as to other professionals who need to consult or modify the medical treatment, upon explicit authorization by you. You may exercise your RIGHTS of access, rectification, deletion (“right to be forgotten”), limitation, portability, and opposition by addressing the address dpd@rxdps.com, in accordance with the provisions of Arts. 15 and following of the GDPR, and Arts. 12 and following of the LOPDGDD. The data will be kept in their supports while the contractual relationship is in force or during the period established by current legislation, as well as the time necessary to fulfill this purpose and to determine the possible responsibilities that could derive from the processing. For more information you can go to the address https://rempe.es/#/privacidad

9. Updates: What changes can there be in this Privacy Policy? 

The Owner reserves the right to modify this policy to adapt it to legislative or jurisprudential developments that may affect its compliance. 

📞 Call 📅 Book Appt.
WhatsApp