Identification of the entity responsible for data treatment
The entity responsible for data treatment, that is. those who decide what purpose the personal data is used for, shall be:
Controller: PharmexCare Cosmetics S.L.
Trade name: PharmexCare
CIF/NIF [tax ID code/no.]: B-01634781
Calle Anabel Segura, 16, Edificio 1, Planta 1,
28108 Alcobendas, Madrid.
Companies Register: Companies Register of Madrid: Sheet M-721977, Volume 40686, Folio 48
In accordance with data protection law, and any other relevant and current applicable legislation, the User is hereby informed that the personal data provided will be added, whenever appropriate, into an electronic file that will be used exclusively for the purposes described in the corresponding form, contract, preliminary contract or offer.
If you provided your personal data as a PharmexCare user, we hereby inform you that it will be processed in compliance with the contractual relationship with you for the sharing of information related to PharmexCare activities and with new products and promotions offered by PharmexCare.
The legal basis for data treatment is the compliance with the contractual relationship and a legitimate interest when sharing information and promotions.
Potential clients or consumers
PharmexCare uses the data of potential clients or consumers for the initiation and preparation of the contractual relationship and for sharing marketing/commercial information. In this way, the recipients of the information can be anyone who has previously contacted by PharmexCare, people who get in touch through PharmexCare’s contact form, owners of pharmacies or other entities or establishments that have been visited by PharmexCare staff, or staff from other centers that may be interested in PharmexCare products.
All data owner receiving this type of information fall within the categories described above. We believe the information sent by PharmexCare to be of interest for the recipient, and it will always be related to PharmexCare products or services that data owners have shown some kind of interest in.
The legal basis for the lawfulness in the treatment of data with this purpose is the preparation of pre-contractual relationships as well as the legitimate interest of PharmexCare for the forwarding of information of interest. Such legitimate interest is confirmed by reminding data owners at all times about the possibility of unsubscribing to these emails, and by sharing information always related to the products and services of PharmexCare that data owners have shown interest in. These data shall in no case be transferred to third parties.
PharmexCare will keep your data as long as there is no opposition regarding its treatment.
We inform you that PharmexCare uses the data obtained from the contact forms to answer your queries or comments. We understand that the information shared by PharmexCare is of interest to the recipient and always related to the products or services of PharmexCare data owners have shown some kind of interest in.
The legal basis for the legitimacy in data treatment for these purposes is your consent when sending a query. These data shall in no case be transferred to third parties.
PharmexCare will keep your data as long as there is no opposition regarding its treatment.
Data regarding suppliers
In the event that you have provided your data as the contact person from a supplier company or self-employed entrepreneur, we inform you that PharmexCare will use your data exclusively for the maintenance of the contractual relationship and that it will not transfer it to third parties unless such transfer of data is necessary for the fulfillment of the contractual relationship with the data owner or the company they represent. The only transfers of these data will be those related to legal counsel, tax collection or banking institutions for supplier management purposes. The data provided will be kept while the contractual relationship is maintained or during the number of years required to comply with legal obligations. The legal basis for data treatment is the compliance with the contractual relationship.
Data regarding candidates
In the event that you have provided your data to PharmexCare as a potential candidate to join the company, we inform you that PharmexCare will use the data exclusively to manage your application to any of the vacancies that may exist in PharmexCare or in the PHARMEX matrix. The data provided will be kept for a maximum period of two years. The legal basis is your consent when sharing your personal information and/or resume.
In the event that you have submitted any kind of complaint to PharmexCare, your data will be used to address the complaint, and shall not be transferred to third parties, unless such communication is necessary and only in the event that the complaint requires such communication and solely for that purpose. The data provided will be kept for the number of years required to comply with legal obligations, as long as the subject matter of your claim has not expired.
Surveillance of adverse reactions
In the event that you have filed or wish to file a complaint regarding an adverse reaction to a PharmexCare product, you must do so by sending an email to email@example.com or through the contact form on the website. In accordance with cosmetovigilance and data protection regulations, the personal data you provide will be treated confidentially and, to the extent possible, will be made anonymous or dissociated by PharmexCare. However, your data related to adverse reactions may be communicated to the authorities for monitoring purposes. The data provided will be kept for the number of years necessary to comply with legal obligations, as long as the subject matter of your claim has not expired. We inform you that PharmexCare shall keep your personal data confidential, and shall only use your personal information to contact you if necessary. In the event that PharmexCare needs to process your health data, you will be requested to provide your express consent to the treatment of your specially protected data for the purposes indicated.
Third-party data communication
No data shall be transferred to third parties unless a legal obligation so requires. However, for proper service delivery purposes, PharmexCare may share certain personal data to third parties providing such services and exclusively to guarantee the proper functioning of the company. In any case, this data sharing will be made in the form of a data processing order from such third parties for the provision of services to PharmexCare, which will imply third-party access to personal information.
In this sense, PharmexCare shall have the corresponding data treatment contracts signed with third parties processing or accessing personal data.
Exercise of rights common to all personal data
Data owners have the right to obtain a confirmation whether we are processing their personal data at PharmexCare and, therefore, they have the right to access their personal data, rectify inaccurate data or request its deletion when the data is no longer required, as well as to object to the treatment of their data for any purpose set out herein, such as receiving commercial information.
You have the rights of access, rectification, deletion, objection, portability and the right to restrict data treatment , which you may exercise through
- physical courier
Calle Anabel Segura, 16 Building 1, Floor 1, Right, 28108 Alcobendas, Madrid
In any case, the data owner may get in touch with the Data Protection Officer at firstname.lastname@example.org and/or go to the appropriate supervisory authority to file any claim deemed appropriate. In Spain, it would be the Spanish Data Protection Agency.
Data veracity and update
PharmexCare presumes that the personal data provided through the various channels and media are true, that they are provided directly by the owner, that the owner is actually the person they claim to be, that the data is up-to-date, and that the interested party/data owner will report any changes in their data the moment such change occurs.
Duty to secrecy
The persons involved in the processing of data concerning natural persons with direct or indirect access to files shall comply at all times with the duty to secrecy regarding the personal data they come in contact within the course of the activity. The Duty of Secrecy constitutes an obligation for PharmexCare, members of governing and management bodies, persons employed under Labor Law and professionals providing services contracted under Commercial Law. This obligation also applies to suppliers of goods and services and their employees, Data Processors and their employees and those subcontracted by the Data Processor and their employees. The obligation to secrecy survives after the termination of the employment or commercial relationship with PharmexCare, the entity responsible for data treatment, as well as after the expiration of the employment contracts, commercial contracts, etc. binding employees and/or professionals with the Data Processor and PharmexCare suppliers of goods or services.
When recommending or adding a link to any webpage/website, PharmexCare considers that they are of interest to the user. PharmexCare has no monitoring obligations regarding the webpages/websites linked to or recommended. These have been created by legal entities, individuals or entities that are external to PharmexCare. PharmexCare is in no way involved in their management, funding, content available, and is no way involved in the management of the services provided by the recommended/linked webpages/websites. PharmexCare shall refrain from recommending a webpage/website whenever actual evidence of the service provider or the services provided being unlawful or affecting the property or the rights of third parties liable for compensation is available.
PharmexCare has implemented all security measures required by the Protection of Personal Data Regulation in all work sites, premises, systems, communication infrastructures, etc. It has also adopted logical, physical, organizational, contractual, and other type of measures that prevent third-party access, destruction, modification, reproduction, disclosure, transmission or re-use of data.