- ABOUT THIS POLICY
We are committed to offering quality, professional products and services while protecting the privacy of our customers and users.
This Data Protection Policy (hereinafter, the “Policy“) describes when, why and how we collect, use and handle (jointly, “treat“) data of a personal nature of our clients (including optical data), possible clients, consumers and users of our websites (“Interested Parties”). “Personal Data” means all information regarding the interested parties that may serve to identify them personally, either directly or indirectly.
When the interested party uses our websites, we treat the Personal Data that we collect about him using cookies in accordance with our Cookies Policy. Click here to see our Cookies Policy.
B.WHO IS RESPONSIBLE FOR THE INTERESTED PARTY’S DATA?
TIEDRA informs its users and clients that their personal data that have been collected up to now or that will be collected in the future and those that are provided by clients, will be processed by TIEDRA, whose identification is: TIEDRA FARMACÉUTICA, SL with N.I.F. number B73236952 and address at Calle Pintores, 5, 28923 Alcorcón Madrid. You can consult about the treatment of your data, to the person in charge of data protection at the e-mail address: email@example.com
If TIEDRA shares Personal Data with TIEDRA Group Entities (“Group Entities”, that is, our subsidiaries, our ultimate parent company and its subsidiaries), the Group Entities also are responsible for the treatment in accordance with the provisions of this Data Protection Policy. The details of the Group Entities, including their address, are as follows:
- Tiedra Pharmaceutical, SL CL Pintores, 5 28923 Alcorcón Madrid Spain
- Laboratorios Tiedra, SL CL Painters, 5 28923 Alcorcón Madrid Spain
- Mifarmacia, SL CL Painters, 5 28923 Alcorcón Madrid Spain
- Eurolent Optical and Ophthalmological Services, SL CL Pintores, 5 28923 Alcorcón Madrid Spain
In this Data Protection Policy, the expressions “we”, “us” or “our” refer to TIEDRA and/or the Group Entities, while the expressions “you” and “your” refer to the Interested Parties. .
C. WHAT DATA DO WE PROCESS AND WHY?
The types of information that we can collect from the interested party, depending on how they interact with us (that is, how they use our websites), as well as the purposes of the treatment, are:
|Data Subject Category
|Type of information
|Purposes of the treatment
|Legal basis of the treatment
|Clients (including opticians and optician staff)
|Consumers (including participants in promotional activities)
|Users of our websites
Our commercial purposes. We may also use the Personal Data of the interested party for our internal purposes (our legitimate interests), such as:
- Filing tasks, statistical analysis, preparation of internal reports and carrying out studies.
- Profiling activities.
- Investigate the claims filed by the interested party.
- Provide evidence in litigation, or in anticipation of future litigation, between the interested party and us.
- Detection and prevention of fraud and other crimes, and risk management.
- Enterprise and post-disaster recovery (for example, to create backups).
- Ensure network and information security.
- Host, maintain and support the operation of our websites, including customizing various aspects of our websites to improve the experience of the interested party.
- Conservation and storage of documentation and data.
- Protect the rights, property and/or safety of TIEDRA, of any of the Group Entities and of their personnel and other persons; and
- Guarantee the quality of the services we provide to our clients and other Interested Parties.
We believe that the risk that affects the right to data protection of the interested party, with regard to the Personal Data that we treat based on our legitimate interests, is not excessive or too intrusive. We have also established mechanisms to protect the rights of the interested party that ensure appropriate retention periods and security controls.
We can also use the Personal Data of the interested party for the specific purposes that we consign at the time of collecting the Personal Data.
If the interested party chooses not to provide the Personal Data that we request, we may not be able to offer you the products and/or services that you have requested, or attend to the purposes for which we have requested the Personal Data.
D. HOW AND WHEN DO WE SHARE DATA WITH THIRD PARTIES?
Some products and/or services that we provide require the intervention of third parties. We do not sell, rent, distribute or provide Personal Data to third parties for commercial purposes, with the exception that we may share information with our group of companies and with third parties for the purposes contemplated in this Policy. Likewise, some of our service providers may have access to the personal data of the interested party to provide us with certain services:
- Supply of data in other of the TIEDRA group
TIEDRA may provide the Personal Data of the interested party to the Group Entities:
- If we need to provide them to supply the products and/or services, or the information, that the interested party has requested; or
- If the interested party has given us their consent (for example, if they have given us their consent to receive commercial communications from the Group Entities); or
- Provision of data to other recipients
We can also provide the Personal Data of the interested party to:
- Third parties, if we have the obligation to disclose or provide the Personal Data of the interested party to comply with our legal obligations, or to protect the rights, assets and/or safety of TIEDRA, of any of the Entities of the Group , or its employees or other persons.
- Optics, so that the interested party can manage their visit, and to be able to offer them the products and/or services that they have requested.
- Other third parties, to respond to the requirements of a judicial, regulatory or governmental body; for example, to comply with a court order or to act in accordance with current legislation or regulations; or
- Investors and other persons, in the event of a possible sale or other corporate operation related to TIEDRA and/or any of the Group Entities.
- Access to personal data by service providers
The following third-party service providers, to whom we entrust the provision of various services, may also have access to the personal data of the interested party:
- Provision of professional advisory services (for example, accountants, auditors, lawyers or other similar advisors)
- Deliveries of our products (for example, courier companies).
- Advertising and marketing services (eg, marketing agencies, interactive agencies, email newsletter solution providers).
- Our websites (for example, hosting and maintenance of our websites); and
- IT services and solutions (for example, offering data storage, or helping us with database management).
We have carefully selected these service providers and have adopted measures for the correct protection of the Personal Data of the interested party. All our service providers are obliged, by virtue of a written contract, to treat the Personal Data that we provide them only for the purposes of providing the specific service that they offer us, and to maintain adequate security measures to protect the Data. Personal Character of the interested party.
E. FOR HOW LONG DO WE KEEP PERSONAL DATA?
Our policy is to keep Personal Data for as long as necessary for the specific purpose(s) for which they were collected (for example, to fulfill a contract with the interested party). However, we may be forced to store some Personal Data for a longer period of time, taking into account factors such as:
- The legal obligation, established by current legislation, to keep the data for a certain period of time (for example, compliance with tax and accounting obligations).
- The establishment, exercise, or defense of legal grounds (for example, for purposes of potential litigation).
As long as we continue to treat the Personal Data of the interested party, we will ensure that its treatment is done in accordance with this Data Protection Policy. Otherwise, we will securely delete, or anonymize, the Personal Data of the interested party once they are no longer necessary.
If the interested party wishes to know how long we are going to keep their Personal Data for a specific purpose, they can contact us by writing to: firstname.lastname@example.org. For more information on how long and how cookies are stored, see our Cookies Policy.
F. HOW DO WE PROTECT THE DATA OF THE INTERESTED PARTY?
We recognize that the Personal Data of the interested party may be confidential. We will preserve the confidentiality and protect the Personal Data of the interested party in accordance with our Data Protection Policy and current legislation, including the General Data Protection Regulation 2016/679 (“RGPD“) .
We have implemented operational and technological security measures to protect the Personal Data of the interested party against loss, improper use, or unauthorized alteration or destruction.
These measures include the use of firewalls, encryption, adequate access rights management processes, careful selection of data processors, and other technically and commercially reasonable measures to achieve protection. of the Personal Data of the interested party. In your case, we can also make backup copies and use other means to avoid the accidental destruction or deterioration of the Personal Data of the interested party. These measures guarantee a level of security appropriate to the risks inherent in the processing and the nature of the Personal Data that must be protected.
Please note, however, that when the data subject transmits information to us via the Internet, the security of the transmission can never be fully guaranteed. For the payments that we receive from the interested party through the Internet, we use a secure online payment system of recognized prestige.
In the event of a violation of the Personal Data of the interested party that could expose him to a serious risk, we will notify him without delay.
G. RIGHTS OF THE INTERESTED PARTY
The following section explains the rights of the interested party that they can exercise. The different rights are not absolute, each of them being subject to certain exceptions or requirements in accordance with the RGPD and other provisions of general application of the data protection legislation.
- Right to be informed: the interested party has the right to receive clear, transparent and easy to understand information about the way in which we use the Personal Data of the interested party. This is why we provide you with the information contained in this Data Protection Policy and in the legal notices or conditions that we provide.
- Right of access: the interested party has the right to obtain from us a confirmation of whether or not we are processing their Personal Data and, as regards certain information (similar to that contained in this Policy), to know how it is used. The interested party may also have the right of access to the Personal Data of the interested party, requesting for this purpose a copy of the Personal Data that concerns him. This allows you to know that data, and check if we are using your data in accordance with data protection legislation. We may decline to provide you with this information if, by providing it, we could be revealing personal data of a third party, or negatively affecting the rights of a third party.
- Right of rectification: the interested party can ask us to adopt measures to rectify the Personal Data of the interested party if they are incorrect or incomplete (for example, if we have the wrong name or address of the interested party). strong>
- Right of suppression: Also called “right to be forgotten”, allows the interested party to request the elimination or deletion of their Personal Data when, for example, there is no unavoidable reason to keep them, or when its use is illegal. However, it is not an absolute right to delete the data, with specific exceptions such as, for example, that we need to use the information to defend a legal basis or to be able to comply with a legal obligation.
- Right to limitation of treatment: the interested party has the right to obtain from the controller a limitation of treatment, or the deletion of any further use of the Personal Data of the interested party, while we are assessing the request for rectification or an alternative to cancellation. If the treatment is restricted, we can keep the Personal Data of the interested party, but not use them.
- Right to data portability: the interested party has the right to obtain and reuse certain Personal Data of theirs for their own purposes and in different entities (that is, in data controllers). different). This right only refers to the Personal Data of the interested party that he has provided us and that we are treating with his consent and for the purpose of fulfilling a contract, and that are being treated by automated means. When this is the case, we will provide you with a copy of your data in a structured, commonly used and machine-readable format, or (if feasible) we can transmit the data directly to another data controller.
- Right of opposition: strong> the interested party has the right to oppose certain types of treatment, taking into account their particular situation, at any time, as long as that treatment takes place for the purposes of the legitimate interests or public interest pursued by TIEDRA, by any of the Group Entities or by the recipient of the data. We will be authorized to continue processing the Personal Data if we can prove unavoidable legitimate grounds for the processing that take precedence over the interests, rights and freedoms of the interested party, or that we need to process the data for the establishment, exercise or defense of legal grounds. . If the interested party opposes the processing of their Personal Data for commercial purposes, we will stop processing the Personal Data of the interested party for those purposes.
- Right to withdraw consent: If we treat the Personal Data of the interested party by virtue of the consent given by him, he has the right to withdraw that consent at any time. However, its withdrawal does not affect the legality of the treatment that took place before the consent was withdrawn.
I.HOW TO CONTACT US
If the interested party wishes to request more information or exercise any of the above rights, or if they are not satisfied with how we have treated their Personal Data, they can contact our Director of Data Protection by sending an email to < /strong>email@example.com.
Before assessing the request of the interested party, we may require additional information that identifies him. If the interested party does not provide the requested information and, therefore, we are not able to identify him, we can decline his request.
We will generally respond to your request within one month of receiving it. We can extend that period for an additional period of two months if necessary, taking into account the complexity and the number of requests that the interested party has sent us.
The communications sent to us by the interested party will be free, unless:
- Ask us for additional copies of the Personal Data of the interested party that are being processed, in which case we may charge reasonable administrative expenses; or
- Submit manifestly unfounded or excessive requests, especially due to their repetitive nature, in which case we will apply our reasonable administrative fees, or decline to honor the request.
If the interested party is not satisfied with our response to their claim, or believes that our treatment of the Personal Data of the interested party does not comply with the data protection law, they can file a complaint with the competent body in the matter of data protection. The Spanish Agency for Data Protection, or its successor, is the competent body in Spain in matters of data protection.