Privacy Policy

Please read this Privacy Policy carefully. It describes how we use the data you provide to us, always in accordance with the requirements of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (GDPR), Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, and other applicable concordant regulations.

Our goal is transparency in the information provided for your proper understanding as a user. However, if after reading it you have any doubts, you can always contact us through any of the communication channels made available to you, and we will clarify them.

I.- DATA CONTROLLER

Contact details of the Controller: RUTH ÁLVAREZ FERNÁNDEZ (hereinafter RUTH ÁLVAREZ FERNÁNDEZ, the Data Controller, or simply “the Controller”) with ID number 37391570X, and with address for notification purposes at CARRER DE ROSELL 8-10, 1º-1ª, 08902, L’HOSPITALET DE LLOBREGAT, BARCELONA, SPAIN.

Data Protection Contact Details: You may contact us at the aforementioned postal address and/or via email: ruthalvarez@humnext.com.

II.- PRINCIPLES UNDER THE GENERAL DATA PROTECTION REGULATION

We undertake to process the personal data (hereinafter “the data”) provided in accordance with the following principles set out in the General Data Protection Regulation (GDPR):

  • Lawfulness: We will only collect your personal data for specific, explicit, and legitimate purposes, and we will not process your personal data in a manner incompatible with said purposes.
  • Legality: In accordance with Article 6 of the GDPR, your personal data will be managed provided that you express your explicit consent for the processing of said data as a manifestation of your will and free and informed consent. Your personal data may be necessary to formalize a contract, agreement, or service to which the data subject is a party; to comply with legal obligations; to protect the vital interests of the data subject or another natural person; to perform a task carried out in the public interest or in the exercise of official authority vested in the controller; or for the purposes of the legitimate interests pursued by the controller, provided they do not override the fundamental rights and freedoms of the data subject.
  • Fairness and Transparency: In accordance with Article 5 of the GDPR, the data subject is informed of the existence of the processing operation and its purposes.
  • Data Minimization: We limit the collection of personal data to what is strictly relevant and necessary for the purposes for which they are collected.
  • Purpose Limitation: We will only collect your personal data for specific, explicit, and legitimate purposes, and they will be maintained accordingly during processing.
  • Accuracy: We will keep your personal data accurate and up to date.
  • Data Security: We apply appropriate technical and organizational measures to ensure a level of security appropriate to the risks and nature of the data, in order to prevent disclosure, unauthorized access, loss, alteration, or any form of unlawful processing.
  • Rights of access, rectification, objection, erasure, restriction of processing, portability, and not to be subject to automated individual decision-making: Any person who, having given consent for data collection, wishes to request any action regarding the processing, is recognized these rights. Their exercise shall be free of charge, and the request shall be addressed within one month (extendable by two further months under exceptional circumstances such as complexity or volume of requests).
  • Storage Limitation Principle: Data will be kept for the time necessary for the purposes of the processing without undue delay, during which time it will remain available to users and customers upon request.

III.- USER CONSENT

Filling out our contact forms, following acceptance of this Privacy Policy, constitutes the user’s unequivocal consent to the automated processing of data according to the Web’s privacy conditions. Consent is also understood to be granted if the user writes directly through other channels made available on the website, being considered a clear affirmative act of consent. The data collected is the minimum essential to respond to a request for information regarding the therapies offered by the Controller.

In this initial request for information, special category data will not be collected; such data will only be required for the provision of the specific therapy in each case.

At all times, the requested data will be adequate, relevant, and not excessive. Consent may be revoked at any time by the data subject by unsubscribing through any of the means provided.

IV.- PURPOSES OF DATA PROCESSING

The data will be processed for the following purposes:

  • To respond to information requests made through the website regarding therapies, methodology, pricing, etc.
  • For management, administration, billing, information, and service provision.
  • Due to the nature of the services provided, follow-up is necessary and will vary depending on the case.

V.- DATA RETENTION PERIOD

Data will be kept for the period strictly necessary for the specific purpose (providing information or performing the contracted therapy). Once the data is no longer necessary and if there is no consent for its continued storage, or once the service has ended (completion of therapy, voluntary withdrawal, etc.), we will keep your data blocked during the limitation periods of the obligations that may have arisen from the processing and/or applicable legal periods, remaining available to competent authorities.

“Blocking” of data (Art. 17.3 GDPR) refers to the right of “retention” as an exception to the obligation of erasure. This means the data will not be used or accessible to anyone except for legal requirements or liability claims. After the legal limitation period, they will be permanently deleted.

VI.- LAWFULNESS OF PROCESSING

We process your data based on your consent, including special category data that may be necessary for therapy if contracted. You retain full rights over your personal data and may exercise them at any time. Providing personal data is mandatory to contact and address your request. Failure to provide data or accept this policy makes it impossible to process requests on this website.

VII.- RECIPIENTS

RUTH ÁLVAREZ FERNÁNDEZ will not transfer your data under any circumstances, except to competent Public Bodies, Tax Agency, State Security Forces, and Courts, when there is a legal obligation to do so.

VIII.- DATA PROTECTION RIGHTS

You may exercise your rights of access, rectification, objection, erasure, restriction, and portability by writing to the Controller at the address indicated above or via email: ruthalvarez@humnext.com.

If you are a client, you may revoke consent or object to commercial communications at any time via the same email. If you believe your request has not been correctly addressed, you may file a claim with the Spanish Data Protection Agency (AEPD).

A) RIGHT OF ACCESS: To know if your data is being processed, the purposes, categories, recipients, and retention periods. B) RIGHT TO RECTIFICATION AND ERASURE: To request the correction of inaccurate data or the deletion of data when no longer necessary. C) RIGHT TO RESTRICTION OF PROCESSING: To request that processing be restricted under certain conditions (e.g., accuracy disputes). D) RIGHT TO DATA PORTABILITY: To receive your data in a structured, commonly used, and machine-readable format to be transmitted to another controller. E) RIGHT TO OBJECT: To object to processing for direct marketing purposes.

IX.- MINORS

The website content is not directed at minors under 18, who must attend with a legal guardian. Users must be at least 14 years old to provide valid consent for data processing. The Controller will take measures to verify age but cannot be held responsible for non-compliance.

X.- SECURITY LEVEL

The Controller implements technical and organizational security measures to prevent loss, alteration, or unauthorized access. In the event of a security breach affecting your rights, the Controller undertakes to inform the Supervisory Authority (AEPD) within 72 hours and notify affected users as soon as possible.

XI.- CONFIDENTIALITY

All collected data will be treated with absolute confidentiality. The Controller guarantees that confidentiality agreements are signed with any persons involved in any phase of data processing.

XII.- INTERNATIONAL DATA TRANSFERS

International transfers occur when data is sent outside the European Economic Area (EEA). If RUTH ÁLVAREZ FERNÁNDEZ transfers data outside the EEA (e.g., external servers), it ensures that standard contractual clauses are in place and that providers meet GDPR security standards.

XIII.- LIABILITY

The user is solely responsible for filling out forms with false, inaccurate, or outdated data. Please inform us of any changes at ruthalvarez@humnext.com.

XIV.- MODIFICATION OF THE PRIVACY POLICY

The requirements of this Policy complement rather than replace legal requirements. In case of contradiction, applicable data protection laws prevail. RUTH ÁLVAREZ FERNÁNDEZ reserves the right to modify this policy. Any changes will be published at least ten days before their application, and you will be asked to review and re-accept the latest version.