In compliance with the provisions of the General Data Protection Regulation 2016/679 (GDPR) and Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD) of December 5, 2018, we inform you of the following:
DATA CONTROLLER
Identity: PINNACLE BIOPARTNERS SL, Tax ID (NIF) B22539464, hereinafter “the Controller”
Postal address: C/ Caleruega, Nº 85; 28035 – Madrid
Telephone: 696092028
Email contact: info@pinnaclebp.com
PURPOSE OF DATA PROCESSING
We inform you that the data you provide will be processed for the purpose of handling and responding to contact requests, information inquiries, or questions submitted through the contact channels available on the website, as well as to facilitate, expedite, and fulfill the commitments established between the Controller and the User and to maintain the resulting relationship.
In accordance with the GDPR, a record of processing activities is maintained, specifying, according to their purposes, the processing activities carried out and the remaining circumstances required under the GDPR.
Personal information will not be used for purposes other than those related to the contracted services or purchased products. No automated decision-making based on profiling will take place.
LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing carried out is:
• The consent provided by marking the corresponding checkbox(es).
• The execution of a contract and/or service in which the User is a party and has therefore provided their personal data within the framework of a contractual or pre-contractual relationship, where the processing is necessary to manage such relationship and fulfill the request and/or inquiry.
• Legal obligations applicable to the Controller that require the processing of personal data in accordance with the services provided or obligations related to tax, commercial, financial, or anti–money laundering legislation.
PERSONAL DATA PROCESSED AND SOURCE
Depending on how the User interacts with the website, the personal data processed may include: identification data, contact details, and browsing data.
The data collected are provided by the User when contacting the Controller through forms or other functionalities available on the website.
Using the contact sections, completing forms, or using the functionalities offered on the website is voluntary. However, completing certain fields or providing information through other functionalities is necessary to properly manage the User’s request; refusal to provide the required information will prevent the Controller from processing and handling the request correctly.
The User guarantees that the data provided are truthful, accurate, and complete. Data will be deleted, erased, or blocked when they are inaccurate, incomplete, or no longer necessary or relevant for their purpose under applicable law. If the personal data provided belong to a third party, the User guarantees that they have informed said third party of this Privacy Policy and obtained their authorization to submit the data for the aforementioned purposes. The User also guarantees that such data are accurate and up to date and will be responsible for any direct or indirect damages resulting from failure to comply with these obligations. The User undertakes responsibility for the truthfulness and accuracy of the data provided and agrees to keep them duly updated.
DATA PROTECTION FOR MINORS
In accordance with applicable data protection regulations, only individuals aged 14 or older may lawfully give consent for the processing of their personal data. For minors under 14, the consent of parents or legal guardians is required for the processing of their personal data.
LINK POLICY AND SOCIAL MEDIA
The website may include links to third-party sites such as social networks in which the Controller is present. These third-party websites have not been reviewed nor are they monitored by the website or its owner. The Controller is not responsible for the content freely published by the User. Users should be aware that their posts may be visible to other users and that they are primarily responsible for their own privacy.
RETENTION PERIOD OF PERSONAL DATA
Personal data provided by the User will be retained for as long as the User remains subscribed to the service, the business relationship continues, the User does not request deletion, or for the period legally required. Data may also be retained when necessary to comply with a legal obligation or for the formulation, exercise, or defense of claims.
If the User withdraws consent or exercises the rights of objection or deletion, their data will be blocked and retained at the disposal of the Courts during the legally established periods to address possible liabilities arising from the processing. Under no circumstances will withdrawal of consent affect the provision of services or execution of contracts with the Controller.
Withdrawal of consent will not affect the lawfulness of processing carried out prior to its withdrawal.
CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
The Controller undertakes to adopt the necessary technical and organizational measures, appropriate to the level of risk associated with the collected data, in order to ensure the security of personal data and prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Personal data will be treated as confidential by the Controller, who undertakes to ensure, through legal or contractual obligations, that such confidentiality is preserved by employees, partners, and any person who may have access to the information.
DISCLOSURE AND RECIPIENTS OF PERSONAL DATA
Your personal data may be disclosed to third parties in cases expressly required by applicable law, as well as when disclosure is necessary to comply with legal obligations applicable to the Controller.
Additionally, your data may be communicated to service providers acting as data processors, such as hosting providers, with whom the Controller has signed the corresponding data processing agreements in accordance with Article 28 of the GDPR, ensuring the security and confidentiality of the information at all times.
Data are stored on servers located in the European Union, and no international data transfers outside the European Economic Area are foreseen.
USER RIGHTS
What are your rights when you provide your data?
The User has the right to obtain confirmation as to whether we are processing personal data concerning them. The User has the right to access their personal data, request the correction of inaccurate data, or request deletion when the data are no longer necessary for the purposes for which they were collected. In certain circumstances, the User may request the restriction of processing, in which case the data will only be retained for the exercise or defense of legal claims.
In certain circumstances and for reasons related to their particular situation, the User may object to the processing of their data, in which case the Controller shall cease processing unless there are compelling legitimate grounds, or for the exercise or defense of potential claims.
In legally applicable cases, the User also has the right to data portability, meaning the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format and to transmit them to another controller.
The User may exercise their rights of access, rectification, objection, deletion, restriction, portability, and objection to automated individual decision-making by sending a written communication, accompanied by a copy of their ID document for identification purposes, with the reference “GDPR Rights” to the email address: info@pinnaclebp.com
We also inform you that you may lodge a complaint with the Spanish Data Protection Agency (AEPD), the Supervisory Authority in Spain: www.agpd.es