Home >
Processing of personal data

Processing of personal data

Who controls your personal data?

The data controller is CLINICA UNIVERSIDAD DE NAVARRA, with TIN R3168001J and corporate domicile at Avenida Pio XII, 36, 31008, Pamplona, (hereinafter, “CUN”).

You may contact the data controller through the following email addresses:

If you have been treated in Navarra: protecciondedatosnav@unav.es.
If you have been treated in Madrid: protecciondedatosmad@unav.es.

CUN has formally appointed a Data Protection Officer and also offers the following communication channel: dpocun@unav.es

How do we obtain your personal data?

To answer this question, we need to distinguish between the sources of your personal data and the type of personal data processed by CUN:

a.- Sources of your personal data:

Provided by patients in legal, contractual, medical or any other kind of relationship entered into with CUN.
Management, maintenance and development of the relationship between CUN and the patient.
Insurance companies.
Public administrations and bodies.

b.- Types of personal data.

Identification data, including images.
Data about personal characteristics and social situation.
Clinical and health data contained in your clinical records, obtained during the relationship between CUN and the patient.
Economic, financial and health data needed to issue invoices for medical treatment and care.

If a patient provides identifying and contact data of persons related to him/her for family or other reason so that CUN can keep them informed about their state of health, he/she is obliged to inform them that CUN shall process their personal data.

What are the purposes and legitimate grounds for processing your personal data?

CUN processes your personal data for the purposes described below. The legitimate grounds for processing are also described:

Purpose of processing	Legitimate grounds for processing
Management, maintenance, and development of the legal, contractual and/or healthcare relationship established between CUN and the patient, which may include: Medical care provided to the patient. Medical tests carried out on the patient. Clinical diagnoses. Another other matter that forms part of medical practic.	Execution, performance and development of legal and/or contractual relationships between the data subject and CUN. Preventive or occupational medicine, evaluation of workforce capability, medical diagnosis, provision of medical or social assistance or treatment, and management of healthcare and social assistance services and systems.
Management of billing and collection for healthcare and medical interventions.	Execution, performance and development of legal and/or contractual relationships between the data subject and CUN.
CUN may analyse certain items of information that include personal data to structure, detect and remedy any detectable deficiencies or fundamental areas. This includes. optimisation of space in facilities or increasing staff efficiency. And the improvement in the structuring of medical records. By identifying areas for improvement, corrective measures can be implemented to ensure more efficient operations and more effective management of personal information.	The legitimate interest of CUN in processing data that is not specially protected is based on quality management and ongoing service improvement, optimising available resources and providing better attention to patient needs. You can withdraw your consent to your data being processed for this purpose at any time by using the channels provided by CUN, as described in the section What are your rights with regard to the processing of your data?
Use of medical data for research purposes carried out at Clínica Universidad de Navarra (CUN), either to assess your eligibility and invite you to participate in a research project or clinical trial, or to use the data already included in your medical record for a research project or in the preparation of a scientific publication presenting your clinical case, provided you have given your consent. The processing of medical data for research purposes will in all cases be carried out in accordance with current legislation. You are also informed that the use of you data for research porpuses shall be carried out with codified and/or pseudonymised data, in strict compliance with the security measures applicable to the storage and custody of the data and always with the approval of the Research Ethics Committee. Here is the translated version of the paragraph: Likewise various techniques involving the use of new technologies may be employed during the research process. These techniques may include advanced data analysis tools, artificial intelligence, machine learning, or other emerging technologies. The application of these new technologies aims to improve the efficiency and accuracy of the research. Any use of new technologies within the scope of the research will be carried out in strict compliance with applicable ethical standards, regulations, and legislation.	Your consent granted by checking the box provided for that purpose. You may withdraw your consent at any time by using the channels made available by CUN, as detailed in the section What are your rights in relation to the processing we carry out on your data?
CUN may send information by post, telephone, or electronic mail about CUN, the University of Navarra, or CIMA (Centre for Applied Medical Research). This information may relate to projects, activities, and clinical research studies carried out by Clínica Universidad de Navarra, either independently or in collaboration with other scientific research entities, and may include invitations to participate in such studies, provided prior consent has been given. It may also include updates and news about advances in products, services, and techniques in the healthcare and research fields. Information may likewise be sent regarding entities that collaborate with CUN. All of the above will only be sent if prior consent has been given.	Data subject's consent is given or withdrawn by ticking one of the boxes. You can withdraw your consent to your data being processed for this purpose at any time by using the channels provided by CUN, as described in the section What are your rights with regard to the processing of your data?
Access to personal data by students of CLINICA UNIVERSIDAD DE NAVARRA for educational purposes, only if the patient has given their consent.	Data subject's consent is given or withdrawn by ticking one of the boxes. You can withdraw your consent to your data being processed for this purpose at any time by using the channels provided by CUN, as described in the section What are your rights with regard to the processing of your data?

To which recipients will your personal data be disclosed?

The personal data processed by CUN for the purposes detailed above may be disclosed to the following recipients depending on the legal basis for the disclosure.

Accordingly, the following data disclosures are intended to ensure the proper development of the contractual relationship, as well as compliance with legal obligations requiring such disclosures:

Public agencies and government authorities for compliance with the legal obligations to which CUN is subject.
Financial institutions for the management of collections and payments.
Suppliers of medical materials and healthcare products, as well as pharmaceutical companies.
Insurance companies for maintaining the healthcare and financial relationship.

How long do we retain your data?

Personal data will be retained for the duration of the healthcare, legal, and/or contractual relationship and, thereafter, provided that you have not exercised your right to erasure, they will be retained in accordance with the legal retention periods applicable in each specific case, taking into account the type of data and the purpose of processing.

The data and documentation serving as evidence of the healthcare and/or legal relationship established by the patient with CLÍNICA UNIVERSIDAD DE NAVARRA will be retained for the periods required by applicable regulations, as well as for the limitation periods of any civil, criminal, administrative, or other actions that may arise from the relationship established.

You may request more information about CLÍNICA UNIVERSIDAD DE NAVARRA’s personal data retention periods at dpocun@unav.es

What are your rights in relation to the processing we carry out on your data?

CUN informs you that you have the right to access your personal data and obtain confirmation as to how such data are being processed. Likewise, you have the right to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected by CUN.

In certain circumstances, you may request restriction of the processing of your data, in which case CUN will only retain them for the exercise or defense of possible claims.

Likewise, in certain circumstances, you may object to the processing of your personal data for the purpose communicated by CUN. In that case, CUN will stop processing the personal data unless there are compelling legitimate grounds, or in order to ensure the exercise or defense of possible claims.

Finally, you may request the right to data portability and obtain for yourself or for another service provider certain information derived from the contractual relationship entered into with the Entity.

We also remind you that you may object at any time to the processing of your data for advertising or promotional purposes.

You may exercise these rights by writing to “CLÍNICA UNIVERSIDAD DE NAVARRA,” which you may send to one of the following addresses or to the email addresses indicated above:

If you are a Pamplona patient, by mail to: Avenida Pio XII, 36, 31008, Pamplona. Patient Care Service.
If you are a Madrid patient, by mail to: Calle Marquesado de Santa Marta, 1, 28027 Madrid. Security and Data Protection Unit.

In both cases, the request must include the reference “Data Protection” and provide your first and last name, a postal address or email address for notifications, and the right you wish to exercise.

CUN informs you that template documents through which you may exercise your data protection rights can be found on the website of the Spanish Data Protection Agency (www.agpd.es)

CUN will provide the requested information within a maximum period of one month from receipt of the request. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests.

You may withdraw your consent at any time if consent has been given for any specific purpose, without affecting the lawfulness of processing based on consent before its withdrawal.

You may lodge a complaint with the competent Supervisory Authority on data protection matters. However, in the first instance, you may lodge a complaint with the Data Protection Officer at the email address dpocun@unav.es, who will resolve the complaint within a maximum period of two months.

We inform you that, as a signatory, you agree that the signing of the document may take place electronically by means of your digital signature. If you use the digitized signature system, CUN will process the biometric data associated with that signature solely for the purpose of maintaining traceability of the receipt and acceptance of the documentation. If you do not wish to provide such data, you may sign the document on paper.