Privacy policy

DERMALASER MEDIKAL & ESTETIC, SL, is committed to protecting the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by DERMALASER MEDIKAL & ESTETIC, SL, implies acceptance by the user of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated therein. Please note that although there may be links from our website to other websites or social networks, this Privacy Policy does not apply to the websites of other companies or organizations to which the website is redirected. DERMALASER MEDIKAL & ESTETIC, SL, does not control the content of third-party websites, nor does it accept any responsibility for the content or privacy policies of these websites.

 

Basic information on data processing (Regulation (EU) 2016/679 and LO 3/2018) 

Data Controller

DERMALASER MEDIKAL & ESTETIC, SL

NIF: B42762047

C/ Migdia 43 17003 Girona

Email: info@dermika.es

Purpose of the processing

To offer and manage our aesthetic and medical aesthetic services.

Legitimation

Consent obtained from the interested party when they request information from us.

Execution of the service contract when you contract with us.

Recipients

The data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the processing.

Rights of individuals

Interested parties have the right to exercise the rights of access, rectification, limitation of processing, deletion, portability and opposition, by sending their request to our address.

Data retention period

As long as the commercial relationship is maintained or during the years necessary to comply with legal obligations.

Complaint

Interested parties can contact the AEPD to file a complaint they deem appropriate.

Additional information

You can consult the additional and detailed information below in the "Privacy Questions".

 

 

Privacy Questions

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, (GDPR), and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) we offer you the following information about the processing of your personal data:

 Who is responsible for processing your data?

Identity: DERMALASER MEDIKAL & ESTETIC, SL

NIF: B42762047

Address: C/ Migdia 43 17003 Girona

Tel.: 972202300

Email: info@dermika.es

For what purpose do we process your personal data?

  • We process the information provided to us to manage our aesthetic and medical aesthetic services.
  • In the event that you contact us through the contact form on our website, we will process it to manage your query.
  • We may also use your data to inform you about our activities, products or services when you are already a customer of ours or, if you are not, when you have given us your consent to do so.
  • When accessing our facilities your image may be recorded by video surveillance cameras for security control purposes.
  • If you send us a resume, we will process the data in order to manage the CV database for the selection of personnel.

 

How long will we keep your data?

The personal data provided will be kept as long as you are a user of our services or want to receive information, since you can object to the processing of your data for promotional purposes at any time by notifying us at info@dermika.es, and then, during the periods established to comply with our legal obligations, which in the case of accounting and tax documentation for commercial purposes will be 6 years, in accordance with Art. 30 of the Commercial Code, and for tax purposes will be 4 years, according to articles 66 to 70 of the General Tax Law.

  • The images captured by the video surveillance system will be kept for one month.
  • In the case of resumes, the data will be kept for one year.

 

What is the legitimacy for the processing of your data?

For the management of the contractual relationship with the interested party, we will base the processing of the data on the execution of the contract or within the framework of the pre-contractual relationship.

For the sending of commercial information we will base the processing on your consent, although if you are already a customer of ours, we may send you information about our products and services, always providing a simple and free means to unsubscribe, in accordance with the provisions of article 21.2 of Law 34/2002, of July 11, on services of the information society and electronic commerce.

Regarding the information that is sent by minors under 14 years of age, it will be an essential requirement that it be done with the parental consent, guardian or legal representative of the minor so that the personal data can be processed. If this is not the case, the legal representative of the minor will notify us as soon as they become aware.

Regarding the capture of images by the video surveillance system, the legitimacy is given by the legitimate interest in preserving the safety of people and property.

To which recipients will your data be communicated?

The data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the processing.

What are your rights when you provide us with your data?

  • Anyone has the right to obtain confirmation as to whether or not we are processing their personal data.
  • Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
  • Also, in certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. In this case, we will stop processing the data, except for compelling legitimate reasons or for the exercise or defense of possible claims.
  • Interested parties also have the right to the portability of their data.
  • All interested parties will have the right not to be the subject of a decision based solely on automated processing, including profiling, that produces legal effects on them or significantly affects them in a similar way.
  • Finally, interested parties have the right to file a claim with the competent Control Authority.

 

 How can you exercise your rights?

By sending a letter attaching a copy of a document that identifies you, to our physical or electronic address.

 How have we obtained your data?

The personal data that we process comes from the interested party. The interested party guarantees that the personal data provided is true and is responsible for communicating any modification thereof. The data that is marked with an asterisk will be mandatory to be able to provide the requested service.

 What data do we process?

The categories of data that we can process in the provision of our services are:

  • Identifying data
  • Postal or electronic addresses

In the case of the video surveillance system:

  • Image

In the case of resumes, also:

  • Personal characteristics
  • Academics and professionals

 

The data is limited, since we only process the data necessary for the provision of our services and the management of our activity.

Do we carry out international data transfers?

For the reception and sending of commercial communications we use the WhatsApp application, owned by META, located in the United States. The international data transfer is based on the Standard Contractual Clauses for processors approved by the European Commission, and on the Commission Implementing Decision of 10.7.2023 in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, on the adequate level of protection of personal data under the EU-US Data Privacy Framework agreement.

Do we use cookies?

We use cookies while browsing our website with the consent of the user.

The user can configure their browser to be notified of the use of cookies and to prevent their use. Please visit our cookie policy.

 What security measures do we apply?

We apply the security measures established in article 32 of the GDPR, therefore, we have adopted the necessary security measures to guarantee a level of security appropriate to the risk of data processing that we carry out, with mechanisms that allow us to guarantee confidentiality, integrity, availability and permanent resilience of treatment systems and services.

Some of these measures are:

  • Information on data processing policies to staff.
  • Performing periodic backups.
  • Control of access to data.