Personal Data Protection Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), Spanish Organic Law 3/2018, and Law 41/2002 on patient autonomy, Clinica Cruz informs patients, users, and interested parties about the processing of personal data.

Who is responsible for processing your data?

Data controller Identification and contact details
CENTRO MEDICO Y ESTETICO CRUZ S.L. (Clinica Cruz)
Tax ID: B70765573
Address: Calle D'Alzira, 26. 46704 Gandia (Valencia)
Phone: (+34) 963 00 30 01
Data Protection Officer / Channel: dpd@clinicacruz.es

When data is collected through web forms, information requests, appointments, phone support, or in-person care, the controller is Clinica Cruz.

For what purpose do we process your data?

  1. Contact and user service: manage inquiries, information requests, and follow-up.
  2. Healthcare and clinical management: coordinate appointments, clinical assessment, diagnostic tests, treatments, and patient follow-up.
  3. Administrative and financial management: invoicing, collections/payments, document management, and insurer communications where applicable.
  4. Service reminders and communications: appointment reminders, schedule changes, pre/post-treatment instructions, and continuity-related information.
  5. Own marketing information: updates, services, and campaigns via postal, phone, or electronic channels where consent or legal basis exists.
  6. Recruitment: management of job applications.
  7. Regulatory compliance and security: meet legal obligations and protect patients, professionals, and facilities.

What is the legal basis for processing your data?

  1. Performance of the healthcare/contractual relationship: to provide requested healthcare services.
  2. Compliance with legal obligations: healthcare, tax, accounting, and data protection regulations.
  3. Data subject consent: for purposes that require it (for example, certain marketing communications).
  4. Legitimate interest: in certain service communications, fraud prevention, and quality improvement.

Who do we share your data with?

Personal data processed by Clinica Cruz may be shared, when necessary and legally justified, with:

  1. Public authorities and bodies where required by law.
  2. Financial entities and providers for payment and support services.
  3. Insurers, when healthcare is provided under an insurance policy.
  4. Clinical labs, diagnostic centers, or external healthcare professionals required for tests, diagnosis, or continuity of care.
  5. Other public/private healthcare centers, in case of referral, continuity of care, or explicit patient request.

Clinica Cruz does not sell personal data to third parties and applies contractual and technical safeguards when processors are involved.

How long do we keep your data?

Data is kept for as long as needed to fulfill the purpose for which it was collected and, afterwards, for legally required retention periods.

As a general rule, healthcare-related data is retained for at least 5 years from the discharge date of the healthcare process, unless applicable law requires a longer period.

After retention periods, data is blocked and only available to courts, prosecutors, or competent authorities during limitation periods; afterwards, it is securely deleted.

What are your rights?

Any data subject has the right to obtain confirmation as to whether Clinica Cruz processes their personal data.

You may exercise the following rights:

  • Access: know what data we process and how.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion when legally applicable.
  • Restriction of processing: temporarily restrict use of data in certain cases.
  • Portability: receive your data in a structured format and transfer it when applicable.
  • Objection: object to certain processing based on legitimate interest.

To exercise these rights, write to dpd@clinicacruz.es with valid identification. You may also withdraw consent at any time.

If you believe your rights have not been properly addressed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

What data do we process and where does it come from?

Processed data mainly comes from:

  • Information provided by you through forms, appointments, phone calls, or in-person communications.
  • Data generated during healthcare service delivery and related administrative management.
  • Data derived from the contractual relationship and clinical follow-up.

Depending on the service, we may process:

  • Identification and contact data (name, surname, ID number, address, email, phone).
  • Economic and billing data (including insurance data where applicable).
  • Health and clinical data necessary for healthcare assistance.
  • Interaction and preference data related to provided care.

Minors

Minors under 14 years of age (or the age established by applicable regulations) may not provide personal data on their own in cases where consent is required. In those cases, consent from a parent or legal guardian is necessary.

Phone call recording

At Clinica Cruz, some customer support calls may be recorded for:

  1. Quality control: improve patient care.
  2. Staff training: optimize protocols and communication.
  3. Incident resolution: manage inquiries and complaints effectively.
  4. Compliance and security: protect patients and professionals.

Recordings are kept only for the time necessary for these purposes and under appropriate technical and organizational security measures.

Changes to this Privacy Policy

Clinica Cruz may update this Privacy Policy to adapt it to legal or operational changes. In case of relevant updates, users and patients will be informed through the usual channels.

Back to home