Privacy Policy. Patient Area
Clínica Universidad de Navarra

CLÍNICA UNIVERSIDAD DE NAVARRA (hereinafter, CUN or the Entity) has made this Privacy Policy available to users of the website at the URL “https://areapaciente.cun.es” (hereinafter, the Website) so as to provide information about how we process your personal data and keep your information and identity private.

Please take a few minutes to read the Privacy Policy.

Introduction

This Privacy Policy applies to the CUN Patients’ Area, available at the URL “https://areapaciente.cun.es”, and to any interactions between the user and CUN via said website.

CUN may modify this Privacy Policy whenever necessary. If modifications are made, you will be informed via the website or other means, to ensure that you are aware of the new privacy conditions. If you continue to make use of the functionalities made available by CUN after receiving said notifications, it will be understood that you agree with them, with the exception of situations in which your express consent is required.

Who is the data controller of your personal data?

The data controller of the personal data is the entity CLÍNICA UNIVERSIDAD DE NAVARRA, holder of tax ID number R-3168001J, with corporate domicile at Avenida Pío XII, 36, 31008, Pamplona.

To ensure the adequate management of your data, CUN has appointed a Data Protection Officer, who you may contact regarding any issue at the following e-mail address: dpocun@unav.es

What do we process your personal data for?  

The personal data provided by users of this website (CUN Patients’ Area) shall be processed by CUN for the following purposes, depending on the type of data provided by the user, and on the interactions between the user and CUN on the website:

1. User contact and management of the Patients’ Area: The personal data of users who contact the CUN via the registration form in the Patients’ Area or any of the contact channels made available at this Patients’ Area website shall be processed to manage said contact, register users, deal with requests for information and budgets and provide the services provided by the platform in each case.
2. Facilitate the modification and/or updating of data associated with the account: Patients can use the platform to change and/or update the data associated with their profile in the Patients’ Area, such as the telephone number, e-mail address, the insurance policy number or the number of the bank debit order for billing of contracted services, etc. If the user uses said functionalities, the data shall be processed to carry out the management processes in each case.  
3. Arrange and manage appointments at the Clinic: This service enables medical appointments to be made at the Clinic and any forthcoming appointments to be viewed. If the user makes use of said functionalities, the personal data shall be processed to carry out the management processes in each case.
4. Electronically facilitate medical reports: CUN offers patients the option of accessing their medical history and certain reports on a computer. In such cases, the personal data shall be processed with a view to providing the user (patient) access to their own medical or clinical information. CUN has implemented adequate security measures to ensure the integrity and confidentiality of patients’ medical and clinical data.
5. Electronically facilitate billing data: Patients have the option of consulting the invoices for medical services issued by CUN over the last three years. CUN shall process economic data and information about service transactions for this option.
6. Provide an “E-HEALTH” telemedicine service: Some of the Clinic’s services may be provided at long distance via a telemedicine service. To this end, CUN shall process data about the patient’s identity and health, and information about their personal and social situation. CUN has implemented adequate security measures to ensure the integrity and confidentiality of patients’ medical and clinical data.
7. “CUN DIRECT” Support Service: CUN offers a communication service to users to electronically manage admissions, budgets and general information about the services offered by the Clinic, processing users’ personal data to deal with and manage the requests received in each case.
8. “HEALTH ADVICE” Service: CUN offers patients personalised health advice, including any diseases and pathologies that they may suffer from. To this end, CUN shall process data about the patient’s identity and health, and information about their personal and social situation. CUN has implemented adequate security measures to ensure the integrity and confidentiality of patients’ medical and clinical data.

What data is processed by CUN and where does it come from?

The data processed by CUN as a result of user interactions on the website, the contractual relationship with the patient, or their legal representative, and the information provided by the user of the “Patients’ Area”, comes from the following sources:

• Data provided by users in the registration form provided by CUN.  
• Data generated from browsing on and using the CUN websites.  
• Data generated from the development of the contractual relationship regarding medical services between CUN and patients or their legal representative.  
•  Third party data provided by the user.  

CUN may process personal data of the following type, depending on the relationship entered into with the user:

• Identification data (e.g., name and surnames, e-mail address, postal address, telephone number, IP address, etc.)  
• Health data (e.g., the contents of the patient’s previous clinical history or data obtained during the relationship entered into by CUN and the patient, provision of medical services, etc.)   
• Data on personal characteristics and social circumstances (e.g., age, date of birth, tastes, hobbies and lifestyle, etc.).  
• Browsing and localisation data (e.g., use of CUN websites, sections visited, etc.).  
• Economic data and information about service transactions. (e.g., the invoices issued by CUN for healthcare services, etc.)  

What is CUN’s legal standing for processing your data?

The legal basis of CUN for processing personal data provided by users of its websites is the management and processing of the legal relationship (contractual and/or medical) entered into by the user/patient and CUN, for the following purposes:

1. Contact and management of the “Patients’ Area”;  
2. Facilitate the modification and/or updating of the data associated with the account;  
3. Arrange and manage appointments at the Clinic;  
4. Electronically facilitate medical reports;  
5. Electronically facilitate billing data;  
6. Provide an “E-HEALTH” telemedicine service;  
7. “HEALTH ADVICE” service;  
8. CUN DIRECT Support Service.  

Who do we send your data to?

The personal data gathered by CUN for the purposes outlined above shall be sent (only when necessary) to financial institutions for the management of charges and payments (whenever the service or management requested by the user is subject to payment), and, where necessary, to insurance companies for the maintenance of the medical and economic relationship.

The data may also be sent (only when necessary) to Public Bodies and Administrations.

If any of the above situations regarding the communication of data takes place, the legal standing for said process shall be the correct development of the legal, contractual and/or medical relationship entered into by the user and CUN and, where applicable, to comply with CUN’s legal obligations.

How long do we keep your data for?

CUN shall keep your personal data for the period required to provide the service and/or complete the treatment.

Subsequently, and with the proviso that the user has not exercised their right to deletion, their data shall be kept for the legal periods that are applicable in each case, bearing in mind the type of data, and the purpose of the processing.

You can ask for more information about CUN’s deadlines for storage of personal data at: dpocun@unav.es  
 

What personal data should you provide us with in each case?

CUN informs you that when their personal data is gathered from a form made available on our website, the user will have to provide at least the data marked with an asterisk (*). If said required data is not provided, CUN may not manage the service or respond to the consultation or claim made by the user.

What guarantees do you need to give when you provide your personal data?

The user should guarantee that the data they provide is true, exact, complete and up to date, and they shall be held liable for any direct or indirect damage or loss that might occur as a result of a breach of said obligation.

If users provide data that belongs to a third party, they should guarantee that the third party has been informed about all the points of this Privacy Policy and that the third party’s consent has been obtained to provide us with their data for the relevant processing. This procedure should be carried out before the third party’s data is sent to us on any of our websites.

CUN informs you that when you provide your personal data, in any form, via our website, you must be over 14 years of age. Any user who provides CUN with data on this website declares that he/she is over 14, and shall be held responsible for said declaration.

What measures do we take to protect your personal data?

CUN makes every effort to ensure the security and confidentiality of your data, and so it has adopted the security levels required to protect personal data and has installed all the technical resources available to prevent the loss, misuse, alteration, unauthorised access and theft of personal data facilitated via the website. It should also be borne in mind that security measures on the Internet are not infallible.

What are your rights with regard to your personal data?

CUN hereby informs you that you are entitled to obtain confirmation as to whether we processing your personal data or not.

You also have the following rights regarding your personal data:

• Access to your data: You are entitled to access your personal data and see what personal data we are processing.  
• Ask for your data to be corrected or deleted: In some situations, you can exercise the right to correct data subject to processing by CUN that concerns you and that you consider to be incorrect. You are also entitled to ask for your data to be deleted when (amongst other reasons) the data is no longer necessary for the purposes for which it was gathered.   
• Ask for the data processing to be limited: In some situations, you can exercise the right to ask us to limit the processing of your data, in which case we will inform you that we will only store the data that you have asked to be limited for processing purposes for the exercise or defence of claims.  
• Ask for data portability: In some situations, you can exercise the right to receive personal data relating to you that we have been provided with, in a commonly used and machine-readable format. You also have the right to ask for the data to be transmitted by CUN to another data controller.   
• Object to the processing of your data: In some situations, and for reasons related to your particular circumstances you can exercise the right to object to the processing of your data, in which case we shall stop processing it unless there are compelling legitimate grounds to continue to do so or to carry out or defend against possible claims.  

You may also withdraw any of the consents that you have given to the processing of your data, without this affecting the legality of the processing based on the consent given prior to its withdrawal.

CUN informs you that you may exercise your rights regarding your personal data by sending a letter to CLÍNICA UNIVERSIDAD DE NAVARRA with the reference “Data protection”. You should include your name and surnames, and if you send a postal letter to CUN, please include a postal address for notifications, plus the right that you want to exercise. The document may also be sent by electronic mail to a previously provided address or to the addresses below:

• If you are patient in Pamplona: Avenida Pio XII, 36, 31008, Pamplona; protecciondedatosnav@unav.es
• If you are a patient in Madrid: Calle Marquesado de Santa Marta, 1, 28027 Madrid; protecciondedatosmad@unav.es  

CUN will provide the information that you request within the maximum period of one month, dating from reception of the request. Said period may be extended for another two months when necessary, depending on the complexity and number of requests.

CUN informs you that you can present a claim to the relevant data protection control authority (Spanish Data Protection Agency: www.aepd.es). However, you may also present a claim to the Data Protection Officer beforehand, who shall resolve the claim within the maximum period of two months.