PRIVACY AND DATA PROTECTION POLICY

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data, which repeals directive 95 / 46/CE (henceforth, RGPD), of Law 34/2002, of July 11, on services of the information society and electronic commerce (henceforth, LSSI-CE) and of the Organic Law 3/ 2018, Protection of Personal Data and guarantee of digital rights, VIL.LA PILATES SLU (henceforth, The Holder) guarantees the protection and confidentiality of personal data, of any type provided by our customers , in accordance with what has been provided in the General Regulation for the Protection of Personal Data.

What personal data do we process and where does it come from?

On the occasion of your relationship with us, the following categories of personal data may be processed:
• Identification, customer contact data.
• Data relating to the client’s health
• Personal characteristics, social or socio-health circumstances
• Transactional data (payments, income, transfers, charges)
•In the case of the contact questionnaire from our website those described in this form exclusively.

Data controller: Who are we?

Name: VIL.LA PILATES SLU
CIF: B09783010
Address: C. Osi, 14 Local 3, 08034, Barcelona Telephone: 627915129
Email: info@lavilapilates.com /info@lavilapilates.com

Purpose of treatment: What will we use your data for?

1. Provision of services: Your personal data is processed in order to provide you with the services you need, as well as to properly manage the services provided and the administration of the center necessary for this, for example:

  • Remind him of appointments;

  • Attend to any communication with health centers or professionals reported by the patient;

  • Manage any incident or claim filed by the user and/or patient;

  • Carry out surveys with the aim of knowing your opinion on the care received and which will be used solely to improve and develop our services and management;

2. Attention to requests for information of any kind, even commercial, complaint, suggestion, claim, exercise of data protection rights, etc.: in these cases the data will be treated with the purpose of managing and processing the request
3. Compliance with legal obligations: it may be necessary to process personal data in order to comply with the corresponding legal requirements. Specifically, to comply with data protection, tax, health, etc. legislation.
4. Formalization and execution of the contract: the patient’s personal data are processed in order to manage the contractual relationship with the client.
5. Video surveillance: Certain establishments have a video surveillance system through which images are collected in real time of the center’s users. The processing of this data has an exclusive purpose of security and access control to the facilities.
6. Sending commercial communications.
7. The receipt of your Curriculum Vitae by sending an email, as well as the personal data that may be generated as a result of participation in selection processes, in order to analyze your professional profile and to enable him to participate in the personnel selection processes organized in view of the vacant or newly created positions that arise periodically, as well as to process their eventual incorporation into the workforce.

The data collected will be treated for the specified purposes and in no case incompatible with these purposes. We remind you that treatment for scientific or statistical research purposes is not considered incompatible with the initial purpose.

In any case, we process your data to always serve you with the same level of quality, regardless of the channel you use to communicate with us (health center, website of the center, whether in person, by telephone or electronically ).

Legitimacy of treatment: Why do we need your data?

• Provision of services: Treatment necessary for the execution of a contract to which the interested person is a party; consent of the person concerned; legitimate interests of the Controller; protect the person’s interests

• Handling of requests: Consent of the interested person and/or legitimate interests of the Responsible
• Fulfillment of legal obligations: Processing necessary to fulfill a legal obligation applicable to the Controller
• Formalization and execution of the contract: Execution of a contract where the interested person is a party
•Video surveillance: Legitimate interests
• Sending commercial communications: Consent of the person concerned

Recipients: Who do we share your data with?

To guarantee an adequate provision of the service, it is necessary for certain service providers and/or entities to process data on behalf of the person in charge and as processors of their personal data. These entities can be, for example, providers of medical services, diagnostics, clinical analyses, auditing, physical security, archiving or digitization of information, destruction of documentation, legal advice, management, IT services, etc.

Retention: How long will we keep your data?

In general, the data will only be kept for the time strictly necessary for the purpose for which it was collected. The personal data provided, as well as those derived from the services provided, will be kept for the appropriate time in each case (following medical and legal criteria), and at least ten years counted from the date of registration of each care process, unless regional and/or specific regulations establish a minimum retention period other than that indicated, in which case the provisions of the applicable regulations will be followed. After the minimum period mentioned, and having ended the assistance and contractual relationship, the person in charge will keep their data properly blocked, for the period of the periods corresponding to the legal prescription.

The personal data provided in order to manage any request for information, complaint, suggestion, claim, exercise of data protection rights, etc., will be kept for the time necessary to process the request, and in all case during the legally established time, as well as during the period necessary for the formulation, exercise or defense of claims.

The data processed for the fulfillment of legal obligations will be kept for the time established in the applicable legislation.

The data requested for the formalization and execution of the contract will be kept for the duration of the contractual relationship, as well as for the period necessary for the formulation, exercise or defense of claims, at least five years.

The images captured through the video surveillance systems will be kept for a maximum period of 30 days, unless the data controller is aware of any fact that could be relevant for a subsequent judicial action.