Both data privacy and information confidentiality are important aspects for DERMA ASSOCIATS, S.C.P. This data protection policy sets out how personal data obtained by the center is processed and may change over time due to possible legislative, jurisprudential, or criteria changes followed by the Spanish Data Protection Agency and/or the competent authority at any given time. Therefore, DERMA ASSOCIATS, S.C.P. reserves the right to modify this policy to adapt it to legislative or jurisprudential novelties that are in force at the precise moment when the website is accessed.

Last update: 09/05/2023

1.- CONTROLLER: Who is the Data Controller for your data?:

The data controller responsible for your personal data is:


CIF: J-60655552

Address: Vilana 12, consultation 124

Contact Email:

2.- PURPOSES: For what purpose do we process your data?

As a patient:
We process personal data of our patients for the following purposes:

1.- For the management of appointments, diagnoses, and possible medical treatments or other health-related services and dermatological services carried out at any time by this center, as well as their billing and the necessary communications for the provision of the indicated services.

2.- For sending informative communications about the promotion of products and services of the medical consultation, provided that you have previously authorized it.

3.- To address any complaints or requests that you send us through the forms available on the website or any other contact method provided.

4.- For the management of online appointments when the patient registers through the web form provided for this purpose.

We inform you that the processing of health data involves the processing of special categories of data. Such processing is necessary for the management of healthcare services and will be provided by professionals subject to the obligation of professional secrecy. The personal data collected is strictly necessary for the provision of the service and the management of the established relationship, being adequate, relevant, and not excessive, limited to what is necessary in relation to the purposes for which they are processed. We kindly ask you to inform us of any changes or modifications that may occur to keep the data current, accurate, and up-to-date.

As a supplier and/or collaborator
We process personal data of our suppliers and collaborators for the purpose of managing the established professional relationship.

As a candidate for an employee position
We process the curriculum vitae data of candidates for employee positions in order to manage the selection processes that the center keeps open.

3.- LEGITIMACY AND RETENTION PERIOD: What is the legal basis for processing your data and how long do we retain it?

As a patient:
The legal basis for the processing of your personal data is the contracting of the requested medical services and the legitimate interest of the center in addressing your complaints and requests. In some cases, the legal basis for the processing will be the protection of the vital interests of the data subject or other natural persons. For promotional purposes of center services and products, the legal basis will be your consent.

Retention period: Personal data provided and your medical history will be kept in any case during the validity of the established healthcare relationship and, once it ends, during the legal periods of prescription established in Law 21/2000, of December 29, on the rights of information concerning health and patient autonomy, and clinical documentation. The medical history, along with the identification data of each patient, will be kept for at least fifteen years from the date of discharge of each care process. The rest of the documentation will be destroyed once five years have passed since the date of discharge of each care process.

Contact data for sending informative communications will be kept until the user requests their deletion.

As a supplier and/or collaborator
The legal basis for the processing is the existence of a contractual relationship.

Retention period: The data will be kept in any case for the duration of the contractual relationship and subsequently during the legal periods established in civil legislation for the prescription of contractual obligations and in accounting and tax legislation.

As a candidate for an employee position
The legal basis for the processing is the adoption of pre-contractual measures in open selection processes and consent in the case of spontaneous applications.

Retention period: The data will be kept for a maximum period of 2 years. After that, they will be deleted.

4.- DATA RECIPIENTS: To whom will we communicate your personal data? Patient data may be communicated to third parties in the following cases:

  • To healthcare administration personnel who perform inspection functions, duly accredited, in order to verify the quality of care, compliance with patient rights, or any other obligation of the medical practice in relation to patients.
  • To the healthcare administration for epidemiological, research, or teaching purposes, always preserving the personal identification data of the patient, separate from clinical and healthcare data.
  • To judges and courts within the framework of a judicial request.
  • To healthcare professionals involved in diagnosis or medical treatment; administrative personnel only when necessary for the performance of their functions.
  • To healthcare mutual insurance companies for the management of requested medical-health services and their corresponding payment.
  • To medical entities, companies, and/or professionals for billing the service provided.

International transfer of your data is not foreseen.

5.- DATA SUBJECT RIGHTS: What are your data protection rights? Anyone has the right to obtain information about what data DERMA ASSOCIATS is processing. Below, we indicate your rights:

  1. Right of access to your personal data and obtain a copy of them.
  2. Right to request the rectification of inaccurate data or, where appropriate, request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  3. Under certain circumstances, you may request the limitation of the processing of your data, in which case they will only be kept for the exercise or defense of claims.
  4. In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. The center will stop processing the data, except for compelling legitimate reasons or the exercise or defense of possible claims.
  5. Portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the company, in a structured, commonly used, and machine-readable format when: a) the processing is based on consent or on a contract, and b) the processing is carried out by automated means.
  6. We inform you of your right to file a complaint with the supervisory authority (AEPD.- if your rights are not satisfied.

To exercise these rights, you can contact us via email at, providing the following information:

  • Full name
  • ID number (when applicable)
  • Contact email
  • Right you wish to exercise.
  • Data on which you make your request

We will respond to your request within a maximum period of one month and notify you at the email address you provided.

6.- Rights of the Owners of the Data

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as variable probability and severity risks to the rights and freedoms of natural persons, DERMA ASSOCIATS will apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk, preventing the destruction, loss, or accidental or unlawful alteration of transmitted personal data, retained, or otherwise processed, or unauthorized access to such data.**

Please note that while this translation is accurate, it’s always a good practice to have a legal expert review important documents like privacy policies for compliance with specific laws and regulations.