Basic information on Data Protection
Data controller: ARRHYTHMIA ALGORITHM, S.L.
Purposes of processing:
Legitimation of the processing
Retention of data
Rights of the interested parties
ADDITIONAL INFORMATION ON DATA PROTECTION
In accordance with the provisions of arts. 13 and 14 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), and articles 6 and 11 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter, “LOPDGDD”), which regulates the right to information in the collection of data, we inform you of the following.
Who is responsible for the processing of your personal data?
The personal data that you have provided us with through the website and in any other communications with you will be subject to the Register of Processing Activities under the responsibility of ARRHYTHMIA ALGORITHM, S.L., with postal address at Ronda Mijares, núm. 11, 12001, Castellón (Spain) and e-mail address email@example.com.
What is your presence on social networks?
ARRHYTHMIA ALGORITHM, S.L. has the following profiles on the main social networks on the Internet: Twitter, LinkedIn, Facebook, Instagram and Youtube.
ARRHYTHMIA ALGORITHM, S.L. recognises that it is responsible for processing the data of its users, followers, or people who make comments through them. Likewise, in accordance with the Law of Information Society Services and Electronic Commerce, ARRHYTHMIA ALGORITHM, S.L. is exempt from any type of responsibility derived from comments made by users and followers on its social networks.
ARRHYTHMIA ALGORITHM, S.L. may use the profiles described above to inform its users of topics it considers to be of interest to them.
In the event that registration for certain services is carried out by means of personal data associated with a user account, we inform you that we will share certain information contained in your account. ARRHYTHMIA ALGORITHM, S.L. reminds you that you should be aware of the privacy policies of the media or social networks in which you are registered in order to avoid sharing unwanted information. You have the privacy and account management settings on social networks to manage privacy preferences, identity, advertising and other related issues.
Once the user has joined the ARRHYTHMIA ALGORITHM, S.L. website, he/she will be able to publish comments, links, images or photographs or any other type of multimedia content supported by the Social Network. The user, in all cases, must be the owner of the same, hold the copyright and intellectual property rights or have the consent of the third parties affected. Any publication on the site, whether texts, graphics, photographs, videos, etc. that violate or are likely to violate morals, ethics, good taste or decorum, and/or that infringe, violate or violate intellectual or industrial property rights, the right to image or the law, is expressly prohibited. In these cases, ARRHYTHMIA ALGORITHM, S.L. reserves the right to immediately remove the content, and may request the permanent blocking of the user.
The images that may be published on the page will not be stored in any file by ARRHYTHMIA ALGORITHM, S.L but they will remain on the Social Network.
Competitions and promotions
ARRHYTHMIA ALGORITHM, S.L reserves the right to carry out competitions and promotions, in which the user can participate. The terms and conditions of each of them, when the Social Network platform is used for this purpose, will be published on the Social Network. The Social Network does not sponsor, endorse or administer, in any way, any of our promotions, nor is it associated with any of them.
ARRHYTHMIA ALGORITHM, S.L will use the Social Network to advertise its products and services. In any case, if it decides to use your contact details to carry out direct commercial prospecting actions, it will always be in compliance with the legal requirements of the LOPD and the LSSI-CE.
Recommending the ARRHYTHMIA ALGORITHM, S.L. website to other users so that they can also enjoy the promotions or be informed of its activity shall not be considered as advertising:
- On Facebook, when a user becomes a fan of the official Fan Page via the “Like” button, they authorise their personal data to be used solely on this Facebook platform for the management of the “Fan Page” and the communications that are maintained in a bidirectional manner with said followers via chat, publications, comments, messages or other means of communication that the social network allows now and in the future. This treatment will be subject to the privacy policies of this social network and that the user can consult in the following link: https://es-es.facebook.com/privacy/explanation
By becoming a fan you will have access to the list of members or followers who have joined the Fan Page. It is also informed that when a user becomes a fan, the news published will also appear on their home page and that, if the fan user makes comments on these publications, both their comment and the name of their profile and, where appropriate, the photograph they have on it or according to their privacy settings, or biography and tagging, will be accessible by the other fans. In any case, it is the user’s responsibility how they use the social network.
- Similarly, in relation to YouTube, we will have access to the information of the people who subscribe to our channel, specifically, the user name, photograph (in the event that the user has put a photograph in their profile), and comments made to the channel’s videos, subscriber videos, playlists and other channels to which they have subscribed. https://policies.google.com/privacy?hl=es&gl=es
In accordance with article 7.5 of Organic Law 1/1982, of 5 May, on the civil protection of the right to honour, personal and family privacy and one’s own image, it states the following: “The following shall be considered illegitimate intromissions: The capture, reproduction or publication by photography, film or any other procedure of the image of a person in places or moments of their private life or outside of them”.
It is for this reason that ARRHYTHMIA ALGORITHM, S.L. informs you that it may process images that may be published on the social networks with which the Company has created an account or on the WEBSITE, subject to the consent of the Interested Party.
If the data subject does not consent to such processing and/or publication, ARRHYTHMIA ALGORITHM, S.L. will proceed to pixelate the image, always taking into account and prioritising the legitimate interest and the will of the data subject at all times.
The treatment of the images is carried out with serious respect for the person, in accordance with Organic Law 1/1982, of 5 May, on the civil protection of the right to honour, to personal and family privacy, and to one’s own image, eliminating any capture or filming that could violate these fundamental rights, and the images will not be used for purposes other than those expressed.
In relation to the above, ARRHYTHMIA ALGORITHM, S.L. will process the images for the purpose described above, including them in the Company’s own processing systems and complying with the technical and organisational security measures, in accordance with the New General Data Protection Regulation (EU) 2016/679 and with the provisions of Organic Law 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDDD).
In any case, the data subject may revoke consent or object to the processing of the image.
What personal data do we collect?
The personal data that the user may provide:
- Contact details: Telephone number and email address or company.
- Identification data: Age, sex, etc.
- Health data: Medical data, height, weight, etc.
- Digital data: Cookies, IP address, date and time of access to Rithmi’s services, etc.
- Academic or employment data: CV.
- Any other information or data you choose to share with us.
In some cases, it is compulsory to fill in a form to access certain services, such as access to the Rithmi Application. Likewise, failure to provide the personal data requested or not accepting this data protection policy means the impossibility of contracting with us through the website.
Our services are not intended for minors. In the event that any of them are under fourteen years of age, in accordance with Article 8 of the RGPD and Article 7 of Law 3/2018 of 5 December LOPDGDD ARRHYTHMIA ALGORITHM, S.L will require the valid, free, unequivocal, specific and informed consent of their legal guardians to process the personal data of minors. In this case, the DNI or other form of identification of the person giving consent will be required.
In the case of persons over fourteen years of age, the data may be processed with the consent of the user, except in those cases in which the law requires the assistance of the holders of parental authority or guardianship.
Why and for what purpose do we process your data?
Depending on the purposes for which we need to process certain data, which in general will be, depending on the case, the following:
- The website is completely informative about the services offered by ARRHYTHMIA ALGORITHM, S.L. The data may be processed to respond to requests for information about these services.
- The collection and automated processing of data that is carried out through forms is collected in order to study the possibility of contacting us as well as to process your registration in the Application and to carry out administrative tasks derived from the provision of our services.
- Similarly, personal data is collected and processed through forms to enable the download and purchase of our products, services and Application.
- Likewise, personal data is collected through forms to attend to and manage your suggestions, complaints and/or other queries.
- The website incorporates a link that facilitates access to the Private Area.
- The website collects statistical data to analyse trends in order to improve the user experience.
The personal data obtained through any of the channels of the website will form part of the Register of Processing Activities and Operations (RAT) owned by ARRHYTHMIA ALGORITHM, S.L. This will be updated periodically in accordance with the provisions of the RGPD; ARRHYTHMIA ALGORITHM, S.L. has adopted all the relevant security measures in this regard.
Users are informed of the possibility of withdrawing their consent in the event that it has been granted for a specific purpose, without this affecting the lawfulness of the previous processing based on consent prior to its withdrawal.
What is the legal basis for the processing of your data?
The processing of your data may be based on the following legal bases:
- Express consent by users.
- Application of pre-contractual measures for the execution of sales contracts and the provision of services.
- Legitimate interest in relation to the following purposes:
Profiling by means of browsing on the website by a user.
The legitimate interest of ARRHYTHMIA ALGORITHM, S.L. is to ensure that our website remains secure, as well as to help us understand the needs, expectations and level of satisfaction of users and, therefore, improve our services and products. All actions are taken in order to improve the level of user satisfaction and to ensure a unique browsing and eventual contracting experience.
- Compliance with legal obligations for fraud prevention, collaboration with Public Authorities and/or eventual third party claims.
How long do we keep your data?
The processing of data for the purposes described will be kept for the time necessary to comply with the purpose of its collection, as well as to comply with the legal obligations arising from the processing of the data. Without prejudice to the fact that the conservation is necessary for the formulation, exercise or defence of potential claims, provided that this is permitted by the applicable legislation. In general, the data will be kept:
- Employment data for 4 years, in accordance with Article 21 of Royal Legislative Decree 5/2000, of 4 August.
- Accounting and tax data for commercial purposes, which will be 6 years, as established by the Commercial Code, and the period for tax purposes, established as 4 years by the General Tax Law.
- Academic and employment data (cv) there is no time limit established by law, they will be kept for as long as the job application is open and for a maximum of 1 year afterwards.
- As a general rule, health data may be stored for 5 years.
ARRHYTHMIA ALGORITHM, S.L., undertakes to cease the processing of personal data when the storage period has expired, as well as to duly block them in our databases.
To which recipients is your data communicated?
In general, ARRHYTHMIA ALGORITHM, S.L. will not pass on personal data to third parties, except in those situations in which the data may be passed on to collaborators who provide services to ARRHYTHMIA ALGORITHM, S.L., in order to manage the provision of services, the contractual and/or pre-contractual relationship with the interested parties or to process requests made by them. In these cases, we ensure that the recipients respect confidentiality and have the appropriate measures in place to protect personal data. These recipients may be:
- External service providers (web hosting, data storage, support services)
- Public administrations with competences in the field
- External professionals (freelancers with a specific job who may have access to data) such as arrhythmia doctors and cardiologists
- Universities, Medical and Technological Institutions and investors.
ARRHYTHMIA ALGORITHM, S.L., endeavours to guarantee the security of personal data when they are sent outside the company. The third parties with whom ARRHYTHMIA ALGORITHM, S.L. contracts have the obligation to guarantee that the information is processed in accordance with the data protection regulations in force.
In those cases where the law may require disclosure of personal data to public bodies or other parties, only that which is strictly necessary for compliance with such legal obligations will be disclosed.
Where is your data stored?
In general, data is stored within the European Union (EU). In order to guarantee a sufficient level of protection for data sent to third countries outside the EU, ARRHYTHMIA ALGORITHM, S.L. will take sufficient technical and organisational measures either under Binding Corporate Rules (BCR) or by ensuring that it is transferred to third parties that have signed up to the Privacy Shield.
What rights do you have and how can you exercise them?
You may address your communications and exercise your rights by sending a written communication to the following e-mail address: firstname.lastname@example.org.
Pursuant to the provisions of the data protection regulations, you may request:
- Right of access: you may request information about the personal data we hold about you.
- Right of rectification: you can communicate any change in your personal data.
- Right to erasure and the right to be forgotten: you can request the deletion of your personal data after it has been blocked.
- Right to limit processing: this means restricting the processing of personal data.
- Right to object: you can withdraw your consent to the processing of your data, opposing further processing.
- Right to portability: in some cases, you may request a copy of the personal data in a structured, commonly used and machine-readable format for transmission to another controller.
- Right not to be subject to individualised decisions: you can ask not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect the data subject.
In some cases, your request may be refused if you request the deletion of data necessary for compliance with legal obligations. In addition, if you have a complaint about the processing of your data, you can lodge a complaint with the competent data protection authority.
Who is responsible for the accuracy and veracity of the data provided?
The user is solely responsible for the veracity and correctness of the data included in the website, exonerating ARRHYTHMIA ALGORITHM, S.L. from any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the contact or subscription form.
ARRHYTHMIA ALGORITHM, S.L. is not responsible for the veracity of the information that is not of its own elaboration and of which another source is indicated, so it does not assume any responsibility for hypothetical damages that may arise from the use of such information.
ARRHYTHMIA ALGORITHM, S.L. reserves the right to update, modify or delete the information contained in its web pages and may even limit or deny access to such information. ARRHYTHMIA ALGORITHM, S.L. is exonerated from liability for any damage that the user may suffer as a result of errors, defects or omissions in the information provided by ARRHYTHMIA ALGORITHM, S.L., provided that this information comes from outside sources.
Mobile Applications ¨App¨
Users who wish to do so may download and install our ¨Rhitmi¨ application software for ARRHYTHMIA ALGORITHM, S.L. mobile phones. The same conditions apply to the use of this application as for the rest of the services in which personal data are collected through access and browsing from this application.
The application may collect personal data from the download and use of the same: IP connection, location, geolocation, as well as data collected through the camera or forms that are within the application, some of which are considered sensitive data as specified in article 9 and recitals 51 to 56 of the European Data Protection Regulation.
For communication with the Application, the system known as Push (instant message that you receive on your device) will be used.
ARRHYTHMIA ALGORITHM, S.L. is not responsible for the personal information collected by third parties: device manufacturers, developers, download service providers… Etc
The information that is transferred and shared through the application could be intercepted, collected, used and disclosed by third parties. We are not responsible for any interception, collection, use and disclosure of your information by a third party.
ARRHYTHMIA ALGORITHM, S.L works with third party service providers and we may receive information about you from them. These service providers may collect usage data in accordance with their own Privacy Policies.
Currently the application we have active is ¨Rhitmi¨ whose purpose is to enable a link or contact from the Company to the user, for the monitoring of your heart rhythm, detection of atrial fibrillation and arrhythmias (stroke prevention). As well as providing access to the user area from the application itself.
What security measures do we apply to protect your personal data?
ARRHYTHMIA ALGORITHM, S.L. has adopted the legally required levels of security for the protection of personal data, and endeavours to install those additional technical means or measures within its reach to avoid the loss, misuse, alteration, unauthorised access and theft of personal data provided to ARRHYTHMIA ALGORITHM, S.L. However, the user must be aware that security measures on the Internet are not impregnable.
Therefore, ARRHYTHMIA ALGORITHM, S.L. is not responsible for hypothetical damages that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused by reasons beyond ARRHYTHMIA ALGORITHM, S.L.’s control; for delays or blockages in the operation of this electronic system, caused by causes beyond ARRHYTHMIA ALGORITHM, S.L.’s control. ; delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other electronic systems, as well as damage that may be caused by third parties through illegitimate intromissions beyond the control of ARRHYTHMIA ALGORITHM, S.L.
Internal security policy
Security breaches can be caused by employees, third parties or computer errors. We are therefore legally obliged to notify data subjects if their personal data has been seriously compromised within 72 hours. In addition, users will be notified as soon as the security breach has been resolved.