WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (RGPD) and with the rest of the legislation applicable in Spain regarding the protection of personal data, we hereby inform you that the personal data provided when completing and sending the forms published on this website, will be incorporated into the processing activities of HIPERBARIC, S.A., with Tax Identification Number A09016338, and with registered address at Calle Condado de Treviño nº 6, 09001, Burgos. Hereinafter, Hiperbaric.

 

FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS YOUR DATA?

  • Contact: The purpose of the collection is to manage and respond to your requests made through the contact area of our website. This processing is legitimised by the express consent given by ticking the acceptance checkbox (art. 6.1 a) RGPD).
  • Job applications: The purpose of data collection in this area is to manage corporate recruitment processes. This processing is legitimised by the application, at your request, of pre-contractual measures (art. 6.1 b) RGPD).
  • Subscription to our Newsletter: The purpose of data collection is to manage the sending of our Newsletter. Such processing is legitimised by the express consent given by ticking the acceptance checkbox (art. 6.1 a) RGPD).
  • Customers: The purpose of data processing in this area is to manage relations with our customers. Such processing is legitimised by the execution of a contract between Hiperbaric and the customer (art. 6.1 b) RGPD).
  • Suppliers: The purpose of data processing is to manage the relationship with our suppliers. Such processing is legitimised by the execution of a contract between Hiperbaric and the supplier (art. 6.1 b) RGPD).
  • Corporate blog: The purpose of data processing is to manage the comments you post on our blog. Such processing is legitimised by the express consent you provide by posting your comment (art. 6.1 a) RGPD).
  • Agents: We process the data of our agents in order to manage Hiperbaric's contractual relationship with them, and to have a more effective communication with our potential customers and clients in the different countries where we operate. The processing is legitimate on the basis of the performance of a contract (art. 6.1 b) GDPR).
  • Hiperbaric Challenge: We process data in this area for the purpose of managing the participation of persons registered in the Hiperbaric Challenge educational innovation programme. The processing is legitimised by the express consent given when registering for the event (art. 6.1 a) RGPD).
  • Complaints channel: The purpose of the processing is to manage internal and external complaints that we may receive. This processing is legitimised on the basis of compliance with a legal obligation (art. 6.1 c) RGPD), as well as in the legitimate interest of Hiperbaric (art. 6.1 f) RGPD).

 

TO WHOM WILL WE DISCLOSE YOUR PERSONAL DATA?

Hiperbaric will only communicate your personal data:

  • To those third parties, public bodies and institutions of the General State Administration, Autonomous Community and local administrations, including jurisdictional bodies to which it is legally obliged to provide them.
  • To financial institutions if necessary on the basis of the relationship it has with Hiperbaric.
  • To external technological service providers, such as hosting services, computer maintenance and other similar services, who provide their services to Hiperbaric, and who will process your data strictly according to the instructions of this entity and under its responsibility.
  • To Hiperbaric USA, Hiperbaric Asia, and other Hiperbaric delegations, only if necessary.
    To Hiperbaric Agents acting in your area only if necessary.

 

HOW LONG WILL WE KEEP YOUR DATA?

Personal data obtained through the contact form for information requests will be kept for a period of 10 years from the last contact you had with us.

Curricular data will be kept for a period of 2 years from the end of the selection process.

Personal data collected for the management of the sending of our Newsletter will be kept until you withdraw your consent.

Personal data of customers will be kept for a period of 10 years from the end of the contract.

Personal data of suppliers will be kept for a period of 5 years from the end of the contractual relationship.

Personal data relating to comments you post on our corporate blog will be retained until you withdraw your consent or delete the comment.

Personal data of our agents will be retained for the duration of the contractual relationship and thereafter for a period of 5 years.

Personal data of persons registered in the Hiperbaric Challenge educational innovation programme will be retained for 5 years from the end of the event.

The personal data contained in the complaints that we may receive will be kept for the time necessary to manage the complaint and, subsequently, until the prescription of possible legal responsibilities.

 

WHAT SECURITY MEASURES WILL BE APPLIED TO YOUR PERSONAL DATA?

The processing of the personal data provided shall be carried out by adopting appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons. In order to comply with this requirement, Hiperbaric has implemented an Information Security Management System in accordance with ISO/IEC 27001:2013.

 

WILL INTERNATIONAL TRANSFERS BE MADE?

International data transfers may take place in two cases:

  • To Hiperbaric USA, Hiperbaric Asia, and other Hiperbaric delegations, only if necessary.
  • Communication of your data to Hiperbaric agents operating outside the European Economic Area, in the event that you request information from a country outside the European Economic Area and such communication is necessary to manage our relationship.

Hiperbaric guarantees that any international transfer of data that may occur, if necessary, complies with all the guarantees provided for in the RGPD and other applicable regulations on the subject.

 

HOW CAN YOU EXERCISE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

In the event that you wish to revoke the consents granted, as well as to exercise your rights of access, rectification, deletion, opposition, limitation, portability and the right not to be subject to automated decisions, you may contact Hiperbaric by sending a written request to the postal address at Calle Condado de Treviño nº 6, 09001, Burgos; or by e-mail to rrhh@hiperbaric.com.

This request must include the name and surname of the interested party and specify the purpose of the request.

In the event that the interested party considers that the aforementioned rights have not been complied with in accordance with current legislation, he/she may file the corresponding claim for the protection of rights before the Spanish Data Protection Agency.

 

MANDATORY OR OPTIONAL NATURE OF THE DATA REQUESTED

The obligatory information on each form is identified as such with the "*" mark. Refusal to provide this information will prevent communication with the user and, where appropriate, the impossibility of providing the requested information and/or assistance.

 

USER COMMITMENTS

The user undertakes to inform Hiperbaric of any modification to the information provided. In order to carry out such communication, the user may contact the e-mail account rrhh@hiperbaric.com.

In the event of providing data of third parties, the user must have their consent, as well as inform them of our Privacy Policy, in order to make the data available to us with all the guarantees.

Likewise, customers undertake to keep their passwords and identification codes secret, as well as to inform Hiperbaric as soon as possible in the event of loss, theft or unauthorised access.

In the absence of such notification, Hiperbaric shall be exempt from any liability that may arise from the improper use of such passwords and identification codes by unauthorised third parties.