Privacy Policy

The protection of your privacy is one of our fundamental objectives.

PROTEOS BIOTECH S.L. (hereinafter, PROTEOS), NIF B-02502144, with address Calle Dublín 58, 02007, Albacete, is permanently committed to protect the online privacy of its users.

This document describes our privacy policy, explaining how your personal data is handled when you use our services, and also serves to enable you to give express, voluntary, informed and conscientious consent to the processing of your personal data on sites related to this website where such data is required.

We remind you that in the various sections of the PROTEOS websites where we collect your personal data, specific information is published in accordance with art. 13 of the EU Regulation 2016/679 (hereinafter: “Regulation”) to be read by you prior to the delivery of the requested data. The information and data provided by you or otherwise acquired during your registration or registration for the various PROTEOS services (such as: registration of professionals, sending of information of interest, circulars and correspondence in general, provision of other ancillary services; hereinafter, collectively, the “Services”), will be processed in accordance with the rules of the Regulation and with the confidentiality obligations that are the working basis of PROTEOS. In accordance with the Regulation, the processing of personal data carried out by PROTEOS shall be based on the principles of lawfulness, correctness, transparency, purpose and data retention limits, data minimisation, accuracy, completeness and confidentiality.

CONTENTS

• 1. Data Controller and Data Protection Officer
• 2. Personal Data subject to Processing
  • Navigation data
  • Data provided voluntarily by the holder
  • Traffic data
• 3. Purpose of the processing
• 4. Legal basis and compulsory or voluntary nature of processing
• 5. Recipients of personal data
• 6. Transfer of personal data
• 7. Retention of personal data
• 8. Rights of the holder
• 9. Amendments

1. Data Controller and Data Protection Officer

The Data Controller of the Data Processing that is done through the Website is PROTEOS BIOTECH S.L., as indicated above. The organisation of the Data Controller includes a Data Protection Officer (DPO). The DPO is available for any information regarding the processing of personal data at PROTEOS, including the list of Data Processors.

The DPO can be contacted by writing to dpo@smart-informatica.es.

2. Personal Data subject to Processing

By “processing of personal data” we mean any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, erasure or destruction.

The personal data processed – depending also on how you intend to use the Services offered by PROTEOS – may consist of an identifier such as a name, an email address, an identification number, location data, an online identification, purchases made or other data suitable to identify you or to make your identification possible, depending on the type of Services requested (hereinafter and collectively, the “Personal Data”).

In particular, the Personal Data processed by PROTEOS on its Website are the following:

• a. Navigation Data:
  The computer systems and software procedures used to operate the PROTEOS Website acquire, during their normal operation, some Personal Data whose transmission is considered implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified or identifiable individuals, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the devices used by users connecting to the Site, the addresses in the Uniform Resource Identifier (URI), the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and environment of the user’s device. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and the Sites by our customers and Site users in general and to verify their correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The same data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site or against third parties: except for this possibility, the data in Web contacts are not stored for more than fourteen days, unless the user expressly requests otherwise (for example: access to the user’s personal pages within PROTEOS reflecting the services used, the information published, etc.).
• b. Data provided voluntarily by the data subject:
  

  When using certain services, for example, when requesting information within the Professional area of the Website about PROTEOS products or services (it is a separate Website, https://professionals.pbserum.com; notwithstanding the fact that you have access from the PROTEOS Home), the processing of personal data of third parties sent by you to the Service Administrator may occur. In this case, you are the Data Controller independently, assuming all legal obligations and responsibilities (see the specific privacy policy for professionals at https://professionals.pbserum.com/ es/politica-privacidad/).

  In this regard, you undertake to hold PROTEOS harmless, to the fullest extent, in relation to any dispute, claim, request for compensation for damages from processing, etc. that may come to PROTEOS from third parties whose Personal Data has been processed through your use of the Services in violation of the applicable rules on personal data protection. In any case, if you provide or otherwise process Personal Data of third parties when using the Service, you warrant from now on – assuming any related liability – that these particular instances of processing always have an appropriate legal basis (e.g. consent of the data subject) in accordance with Article 6 of the Regulation, which legitimises the processing of the information in question.

• c. Traffic Data:
  PROTEOS handles some data for the purpose of transmitting communications on the electronic communications network. These data are in particular:
  • IP address used and e-mail address and any additional identification of the sender;
  • IP address and domain name of the host of the electronic mail exchanger in the case of SMTP technology, or any other type of host related to another technology than the above and used for the transmission of communications;
  • E-mail address and any additional identification of the recipient of the communication;
  • IP address and domain name of the host of the e-mail exchanger in the case of SMTP technology, or any other type of host related to another technology than the above, that delivered the message;
  • IP address used to receive or consult e-mails by the recipient, regardless of the technology or protocol used;
  • Date and time (GMT) of the user’s connection and disconnection from the Internet e-mail service and the IP address used, irrespective of the technology and protocol used;
  • The internet service used.

  These data are processed and stored by PROTEOS in order to provide the service and in addition and by law, in particular for the possible detection and suppression of criminal offences – taking strict security measures so that these data are only accessible to persons specifically authorised in writing and who access such data following a warrant issued by the judicial authority, accompanied if applicable by a reasoned decision of the public prosecutor and in any case by the authentication techniques provided for by law.

  In accordance with the law, the data is retained and stored by PROTEOS for the purpose of detecting and prosecuting criminal offences for the statutory retention period. In addition, the data is also processed by PROTEOS for ordinary business purposes related to the provision of the service (e.g., without limitation, for documentation purposes, for fraud detection, or to carry out analyses on behalf of customers), always in accordance with the applicable legal provisions. In all cases the data is stored, with the strict security measures applicable in accordance with the law, only for the legally stipulated periods of time.

3. Purpose of the processing

The processing that we intend to carry out, once we have obtained your express consent, has, in addition to allowing us to provide the Services requested by you (for example, the resolution of queries about our products or services), as well as the exchange of communications during the course of the established service relationship; the following purposes:

PURPOSE	DESCRIPTION OF THE PURPOSE	LEGITIMACY
1.- To attend to queries made by the user.	To respond to requests and/or queries made through the different contact channels available on the Website.	The User’s consent, which shall be understood to have been given when the consultation is made. In the event that the user wishes to enter into a contractual relationship with PROTEOS, the application of pre-contractual measures.
2.- To send scientific and/or promotional communications to users who are distributors or healthcare professionals.	To send scientific information about PROTEOS products and services, as well as those of PROTEOS’ third-party collaborators, by electronic and conventional means.	The express consent of the User by ticking the box provided for this purpose on the data collection form on the Website. You can revoke your consent by sending an email to unsubscribe@pbserum.com indicating in the subject line “I do not want to receive advertising”.
3.- Carry out internal analysis in order to improve service quality; marketing activities.	Statistics will be collected in order to improve the services offered by PROTEOS through its website.	PROTEOS’ legitimate interest in improving the quality of its services.
4.- Comply with the legally established obligations.	When the processing is necessary to comply with a legal obligation, for example, with certain information that may be required by the Spanish Medicines Agency, the Ministry of Health, among others.	A legal obligation applicable to PROTEOS

4. Legal basis for processing Personal Data and mandatory or optional nature of processing

The legal basis for processing personal data for the purposes set out in Section 3.1 and 3.2 is Art. 6 (1) (a) of the Regulation. The legal basis for the provision of the commissioned services is Art. 6 (1) (b) of the Regulation. Providing Personal Data for these purposes is optional, but failure to provide such data would make it impossible to activate the requested Services.

The legal basis for processing personal data for the purposes set out in Section 3.3 is Art. 6 (1) (f) of the Regulation.

The purpose of paragraph 3.4 represents lawful processing of Personal Data in accordance with Art. 6 (1) (c) of the Regulation. Once the Personal Data has been provided, the processing is in fact necessary to comply with a legal obligation to which PROTEOS is subject.

In general, the processing activities carried out for marketing purposes described in section 3 and/or for communication to third parties described in section 3 are based on the issuance of your consent in accordance with art. 6 (1) (a) of the Regulation. Processing activities pursuant to section 3.3 carried out for the purpose of e-marketing activities on products or services similar to those already purchased or consulted by you, have their legal basis pursuant to Article 6(1)(f) of the Regulation in the legitimate interest of PROTEOS to inform about and promote its products and services in a context in which the data subject can reasonably expect this kind of processing, to which he or she can object at any time.

In fact, if you object to your data being processed for promotional purposes under Section 3, you may object at any time.

To exercise these rights, you may contact PROTEOS by letter to the following address: Avenida de la Osa Mayor 4, 28023 Madrid, or by email to dpo@smart-informatica.es. If you consider that the processing of personal data has infringed the regulations on the matter, you can contact our data protection officer at the email address indicated above.

The profiling referred to in section 3 is based on the legitimate interest of the Controller in detecting fraud and fraudulent schemes committed against him/her in accordance with Article 6 (1) (f) of the Regulation.

5. Recipients of personal data:

Your personal data may be shared, for the purposes set out in Section 3 above, with:

• a. Subjects who typically act as Processors, i.e.: (i) persons, companies or professional firms that provide assistance and advice to PROTEOS in accounting, administration, legal, tax, financial, transportation, or debt collection with respect to the disbursement of services; (ii) subjects with whom it is necessary to interact for the provision of the Services; (iii) or subjects delegated to perform technical maintenance activities (including maintenance of network equipment and electronic communications networks); (iv) companies of the PROTEOS Group, or linked to it, national or foreign (all of them, collectively, the “Recipients”);
• b. Subjects, bodies or authorities to whom it is mandatory to communicate your personal data in accordance with the provisions of the law or orders of the authorities (e.g. in the course of criminal investigations, PROTEOS may receive requests from the judicial authority to provide it with logs or data of registered professionals, or of ongoing contracts);
• c. Persons authorised by PROTEOS to process Personal Data necessary to carry out activities strictly related to the provision of the Services, provided that they are bound by confidentiality or have an appropriate legal obligation of confidentiality, e.g. PROTEOS employees;
• d. Business partners for their own purposes, only if you have given specific consent.

The full list of Processors is available on request from the PROTEOS Helpdesk.

6. Transfer of personal data.

The general rule is that there is no international transfer of data.

In the event that some of your personal data is shared with recipients who may be located outside the European Economic Area. PROTEOS ensures that the processing of personal data by these recipients will be carried out in accordance with the Regulation. Transfers may be based on an adequacy decision or on standard contractual clauses approved by the European Commission (link).

7. Retention of personal data

Personal data processed for the purposes set out in Section 3 will be kept for the time strictly necessary to achieve the purposes for which they were collected and processed. PROTEOS will retain the data for the period permitted by Spanish law to protect its interests.

Personal data processed for the purposes set out in Section 3 shall be retained for the specific period for that purpose, or according to the applicable law. By way of example, there are regulations which provide that employment or social security data must be kept for four years; accounting and tax data must be kept for six years for commercial purposes and four years for tax purposes; medical records must be kept for a minimum of five years and video-surveillance files for no more than one month.

For the purposes described in Section 3 your personal data may, alternatively, be processed until you withdraw your consent or until ten years after you have ceased to be a registered customer or Professional on the PROTEOS Website, or you have registered on the Website but have not enquired about or purchased any products or services.

In any case PROTEOS is entitled to retain your personal data for the periods established by Spanish law to protect its interests. More information on the data retention periods and on the criteria adopted to define such periods can be requested in writing from PROTEOS or the DPO.

8. Rights of the holder of the Personal Data

You have the right to request from PROTEOS, at any time, access to your personal data, as well as their rectification or erasure, and to object to the processing; you have the right to request the restriction of the processing in the cases of article 18 GDPR, and you have the right to obtain, in a commonly used, structured and machine-readable format, the data concerning you, in accordance with article 20 GDPR.

Requests can be sent to PROTEOS by letter to the following address: Avenida de la Osa Mayor 4, 28023 Madrid, or by email to dpo@smart-informatica.es. If you consider that the processing of personal data has infringed the regulations on the subject, you can contact our data protection officer at the email address indicated above.

Portability. This right, if applicable, may apply to both your personal data provided and automatically generated for each of the PROTEOS Services and Products.

The request for portability will be executed within 30 days of receipt (in exceptional cases, within a maximum period of 3 months, justifying such extension). You can ask PROTEOS to deliver the data directly; you can also ask PROTEOS to send the data to another service provider. In this case, PROTEOS reserves the right to verify that this is technically possible. Please note that the new provider to whom you wish to send your data is not legally obliged to receive it. The data will be accessible on a server via SFTP access.

Portability does not automatically delete the data stored in PROTEOS systems and does not affect the planned retention period for the data being transmitted; however, we recommend that you correctly perform the portability before closing your account or unsubscribing from the PROTEOS website, so as not to run the risk that your data will no longer be present in our systems. The data we will provide you with will be the data existing at the time of receiving the portability request. In the event that the requested portability also includes data of third parties and involves the communication of data to a different owner, you guarantee us, assuming full and exclusive responsibility, to have previously informed such third parties and to be in possession of the necessary consents.

It is necessary to indicate that in case of requests from data subjects related to abuse in the use of the Services or Spam, prohibited by contract as indicated in the General Terms of Service, carried out by a customer or registered user of PROTEOS (it should be noted that such customer usually acts as Data Controller in accordance with the GDPR), and in the case of any subsequent request for the exercise of the rights referred to in Article 15 GDPR and concordant, PROTEOS, without going into the details of the request, may, on the one hand, immediately inform the customer / data controller, and on the other hand, give the data subjects the contact details and details of the customer / data controller.

In any case, you always have the right to lodge a complaint with the competent supervisory authority – Spanish Data Protection Agency – (guarantor for the Protection of Personal Data), in accordance with art. 77 of the Regulation, if you consider that the processing of your data is contrary to the legislation in force.

9. Amendments

This Privacy Policy is effective as of 01.10.2024. PROTEOS reserves the right to modify in whole or in part or simply to update this text as a result of changes in applicable law.

If the changes involve substantial changes to processing activities or are likely to have a significant impact on data subjects, PROTEOS will notify data subjects in an appropriate and timely manner.

---

PROTEOS BIOTECH S.L.
October 2024