SYNLAB and data privacy
SYNLAB Diagnósticos Globales, S.A.U. and its associated companies: SYNLAB PATHOLOGY, S.L.U., BRUGUES ASISTENCIAL, S.A.U., IMADIA 2005, S.A., LAB DOS ANÁLISIS, S.L., BIOKILAB, S.L., ROQUETA-ESTEVE-RIMBAU S.L.P., LABORATORIO LÓPEZ-SALCEDO, S.L., LAB.CLÍNICOS REUNIDOS GALLEGOS, LAB.CLÍNICO COMPOSTELA, RABAN GIBRALTAR LTD; promise to protect and respect your privacy.
This privacy statement establishes the bases upon which we process the personal information that we collect about visitors to our website, our establishments, or our points of contact with customers, suppliers or other business partners. We therefore ask you to read it carefully.
1. INFORMATION WE COLLECT ABOUT YOU
We may collect and process the following information about you
1.1 Information that you provide to us. This is information about you that you give to us by doing any of the following:
1.1.1 Filling out forms on our website (or other forms we ask you to fill in).
1.1.2 Giving us a business card (or similar).
1.1.3 Contacting us by telephone, mail, email or other means.
It may include, for example, your name, address, email address, and telephone number; information about your business relationship with SYNLAB; and information about your job position, background, and interests.
1.2 Information collected by our website and other systems.
1.2.1 When you visit our website, we automatically collect certain details about you and your visit. For example, the internet protocol (IP) address used to connect your device to the internet, and other information, such as browser type and version, and the pages of our site that you visit.
1.2.2 TOur website may also place cookies on your device, a process which is described separately in the statement about cookies.
1.2.3 If you communicate with our employees and other staff by email, telephone or other electronic means, our information technology systems will record the details of those communications and sometimes even their content.
1.2.4 Some of our establishments have CCTV systems that may record you, for security reasons, if you visit them.
1.3 Additional information. We may also collect information from other sources. For example:
1.3.1 If we have a business relationship with the organisation you represent, your colleagues or other professional contacts may provide us with information about you, such as your contact information or your role in that relationship.
1.3.2 We sometimes collect information from independent data providers or public sources, to fight money laundering, perform background checks or for other similar purposes, as well as to protect our business and fulfil our legal and regulatory obligations.
2. HOW WE USE YOUR INFORMATION
2.1 We may use your information for the following purposes:
2.1.1 To operate, administer and improve our website and stores, and other aspects relating to the way we do business.
2.1.2 To fulfil our legal and regulatory obligations, and to take and defend ourselves against legal actions.
2.1.3 Purposes related to our financial and banking arrangements
2.1.4 To conduct, manage, develop and promote our business and, in particular, our relationship with the organisation you represent (if any) and related transactions (for example, for marketing purposes).
2.1.5 To protect our business from fraud, money laundering, disclosure of secrets, cyber-attack, theft of private content, and other financial or business crimes.
2.2 From time to time, we may review the information about you that we store on our systems, including the content and other information in your communications with us, by email or other means, for regulatory compliance and business protection purposes, as described above.
2.3 These reviews may be for the purpose of disclosing information relevant to legal actions, or may concern records relevant to internal or external regulatory or criminal investigations.
2.4 Insofar as it is permitted by the applicable law, such reviews shall be conducted in a reasonable and proportionate manner, and approved at an appropriate management level. They may ultimately involve disclosure of your information to government agencies and other parties involved in legal actions, as described below.
2.5 Occasionally, your emails and other communications may be accessed by persons other than the staff member for whom they were intended for common business management purposes (e.g. if necessary, because a staff member has left the office or left SYNLAB).
2.6 We will only process your personal information to the extent necessary for the purposes described above and, in any event, we will check that such processing is not so prejudicial to you or your privacy as to override our legitimate interest in achieving the purposes.
2.7 Under exceptional circumstances, we may be required by law to disclose or process your personal information. When we ask you for personal information, we will inform you if it is mandatory to provide the requested information in order to comply with a legal obligation, or whether it is voluntary and without consequences if you refuse to do so. In all other cases, you should assume that we need the information for our business, or to comply with regulations (as described above).
2.8 If you have any questions concerning SYNLAB’s need to obtain the information we request, please contact the SYNLAB representative who is making the request for information, or use the details in the Contact Us section (below) to make an inquiry.
3. COMMUNICATION AND INTERNATIONAL TRANSFER OF DATA
3.1 With your consent or, as the case may be, under the legal exceptions corresponding to a legitimate purpose, your personal information may be disclosed to the following recipients:
3.1.1 Other SYNLAB Group companies.
3.1.2 Service providers who host our website or other information technology systems, or who hold or process your information on our behalf as Data Processors (including doctors and other healthcare professionals), under strict conditions of confidentiality and security.
3.1.3 In exceptional cases:
- A judicial agency or competent Authority, or the parties involved in a legal action, in any country or territory.
- Any other recipients that may be stipulated by law.
3.2 The communications referred to in paragraph 3.1 above may involve, where applicable, the transfer of your personal information abroad. If you deal with us in the European Economic Area (or the UK after its exit from the European Economic Area), you should be aware that your information may be transferred to countries outside of the EEA and the UK, that do not have such strict data privacy laws. In such cases, if we need to transfer personal data to other members of the SYNLAB Group, or to our non-EU service providers, we will ensure that we are bound by data transfer agreements or mechanisms specifically designed to guarantee the protection of your personal information, in strict compliance with the security requirements and standards required by the European Data Protection Regulation [GDPR (EU) 679/16].
3.3 Use the contact details in the Contact Us section (below) to find out which agreements, such as those mentioned in paragraph 3.2, are in force or, if applicable, to see a copy.
4. RETENTION AND DELETION OF YOUR PERSONAL DATA
4.1 We want the personal information we hold about you to be accurate and up-to-date. We will delete information about you that we no longer need.
4.2 We will never keep your information for more than 5 years from the last contact we have with you. After this time, we will delete or anonymise it. Use the contact details in the Contact Us section to obtain more information.
4.3 Please note that we may retain minimal information about you, even if we know that you have left the organisation you represented, so that we can maintain an ongoing relationship if we re-establish contact with you in the future as a representative of a different organisation.
5. YOUR RIGHTS
5.1 You may have the right to access your personal information held by us and certain related information, under data protection law. You may also request that inaccurate personal information be corrected or deleted.
5.2 You may at any time object to our use of your personal information for direct marketing purposes and, under certain circumstances, you may have the right to object to us processing some or all of your personal information (and to request that we delete it).
5.3 Under certain circumstances, you may also have the right to "data portability", i.e. to ask us to transfer your personal data to you or to a new service provider.
5.4 If you wish to exercise any of the above rights, please use the contact details in the Contact Us section (paragraph 6) below.
5.5 You can also lodge a complaint about how we process your personal information with the data protection authority in your country (details here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).
6.1 We welcome questions, comments and requests regarding this privacy statement and how we process personal information.
6.2 Send an email to the data protection officer ProteccionDeDatos@synlab.es .
7. CHANGES TO THIS POLICY
Any future changes we make to this privacy statement will be published on our website at https://www.synlab.es/es/Common/Politica-de-Privacidad.aspx and will also be made available upon receiving a request submitted using the details in Contact Us section:
- Email: ProteccionDeDatos@synlab.es
- Address: Verge de Guadalupe 18, (08950) Esplugues de Llobregat / España
- Telephone: 93 363 60 00
Check regularly for changes.