privacy-policy-1

Privacy Policy

1. Who is the data controller?

The data controller is Grifols International, S.A., with address for contact purposes at Avenida de la Generalitat 152, 08174, Sant Cugat del Vallés, Barcelona (España) ("Grifols").

2. Who is the data protection officer at Grifols and how can I contact them?

The data protection officer acts as an interlocutor between Grifols and you in order to ensure Grifols' compliance with the data protection legislation and guarantee your rights under such legislation. You can contact the data protection officer at the following email address: dpo@grifols.com.

3. How does Grifols use your personal data?

Grifols uses your personal data to:

send emails with information about StocKey® RFID Smart Cabinet;
send emails with information about products, services, activities and any other event related to the Grifols group hospital division; and
answer all your requests of information and/or suggestions

When you inform Grifols of your interest in receiving information by email about products, services, activities and any other events related to the Grifols group hospital division, Grifols shall create a user profile for each data subject interested in receiving this information.

4. Why does Grifols use your personal information?

The legal basis that allows Grifols to process your personal data is:

the consent you gave when you filled in and sent the forms provided in our website, as well as clicking on the corresponding checkbox to receive information about our products, services, activities and any other events related to the Grifols group hospital division; and

Grifols' legitimate interest in providing your personal data to the companies of the Grifols group whenever this is necessary in order to send you the information specified in section 3 or to respond to any requests of information and/or suggestions.

We understand that this legitimate interest, on which Grifols bases the processing of your data, does not diminish your fundamental rights and freedoms since it is limited to the ordinary day-to-day management of a multinational corporation. However, please bear in mind that you may exercise your right to objection, at any time, by sending your request to privacy@grifols.com.

5. How long does Grifols retain your personal data?

Grifols will only process your personal data until it has responded to your request of information and/or suggestions and, in any event, until you inform us that you do not wish to receive further information about StocKey® RFID Smart Cabinet or about products, services, activities and events related to the Grifols group hospital division.

Once we have responded to your request or you have confirmed you do not wish to receive any information, Grifols will retain your personal data, without processing it, until the end of the statures limitation periods of any liabilities arising from processing your data. The maximum period for storing your data is of five years.

6. With whom does Grifols share your personal data?

Grifols will provide your personal data to the companies within the Grifols group if it is necessary in accordance with section 4(b). Additionally, if necessary, it will share your personal data with third parties in order to comply with its legal obligations.

privacy-policy-2

Right Content Notification channel
Access You may access your personal data included in Grifols' files.
Rectification You may modify your personal data if it is inaccurate.
Deletion You may request that your personal data is deleted.
Objection You may request that your personal data is not processed. privacy@grifols.com
Portability You may receive, in an electronic file, the personal data that you provided Grifols with, as well as send it to different entities.
Restrictions on processing You may request a restriction on how your data is processed when:
  • the accuracy of your personal data is being verified after you have contested its accuracy,
  • processing of your data is illegal and you oppose to the erasure of your data,
  • Grifols does no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
  • you have objected to the processing for the performance of a task carried out in the public interest or necessary for the purposes of a legitimate interest, whilst it is being verified whether the legitimate grounds of Grifols override yours.
Right Access
Content You may access your personal data included in Grifols' files.
Notification channel
Right Rectification
Content You may modify your personal data if it is inaccurate.
Notification channel
Right Deletion
Content You may request that your personal data is deleted.
Notification channel
Right Objection
Content You may request that your personal data is not processed.
Notification channel privacy@grifols.com
Right Portability
Content You may receive, in an electronic file, the personal data that you provided Grifols with, as well as send it to different entities.
Notification channel
Right Restrictions on processing
Content You may request a restriction on how your data is processed when:
  • the accuracy of your personal data is being verified after you have contested its accuracy,
  • processing of your data is illegal and you oppose to the erasure of your data,
  • Grifols does no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
  • you have objected to the processing for the performance of a task carried out in the public interest or necessary for the purposes of a legitimate interest, whilst it is being verified whether the legitimate grounds of Grifols override yours.
Notification channel

privacy-policy-3

You may withdraw your consent at any time, without this having any effect on the legitimacy of the processing of data previously carried out, by sending an email to privacy@grifols.com, with the subject line "Stockey® RFID Smart Cabinet". To exercise your rights and withdraw consent you must also send a copy of your ID card or of any other document that confirms your identity.

In any event, you may lodge a complaint with the Spanish Data Protection Agency (www.agpd.es) or with any other competent data protection authority.

Created on: January 2019