PRIVACY POLICY – PATIENTS
1. DATA CONTROLLER
In accordance with current Personal Data Protection Laws, the following table provides users with information about the entity responsible for the details of this Webpage:
| Hospital or Medical Centre | Data Controller |
|---|---|
| Group Headquarters |
Viamed Salud SL Postal address: Av. de la Vega, 15 C.P 28018 Alcobendas (Madrid) Telephone: (+34) 916 25 07 00 |
2. DATA PROTECTION OFFICER
- Contact: dpo@viamedsalud.com
- Form: https://www.viamedsalud.com/politica-de-privacidad/ejercicio-de-derechos/
3. DATA PROCESSING REQUIRED FOR HEALTH CARE MANAGEMENT
Purpose:
- Provide the requested health care, including prevention, diagnosis, and treatment, as well as to keep medical records.
- Management and billing of the services provided.
- Processing of complaints, claims, and suggestions received.
- Appointment management and delivery of results: users may receive calls, text messages or emails using the contact details provided.
Lawfulness of Processing: Health management care (art. 9.2.h of the GDPR) and in compliance with the performance of a contract (art. 6.1.b of the GDPR).
Retention period: Personal data included in the patient's medical records shall be kept for a minimum period of 5 years from the date of discharge from each health care process, unless such data is necessary to deal with a claim or exercising of rights, in which case it shall be held until the claim or exercising of rights has been completed
However, there are several specific time periods established by different regional regulations. The following general time frames are applicable to the regions of Spain where the Viamed Group provides its services.
| CC.AA. | Time frame |
|---|---|
| Catalonia | 15 years |
| Madrid | 5 years |
| Andalusia | 5 years |
| Aragón | 5 years |
| La Rioja | 5 years |
| Murcia | 20 years |
Recipients:
- Agencies, centres, and services affiliated to the National or Regional Health System where necessary for the provision of health care or when required by law.
- When you indicate to us the existence of a third party that is obliged to pay for the health care provided, the data necessary for the payment of the health care provision (including health details) shall be communicated to the third parties liable for payment (e.g. insurance companies, mutual societies, etc.). If the patient is from outside the European Union or has a policy contracted outside the European Union, and the third party is located outside the European Economic Area, in a country whose data protection regulations are not comparable to European standards, the international transfer of data will be necessary for the execution of the contract with the hospital facility.
- As required, entities or medical centres that have referred the provision of health care to us, in order to manage the relevant guarantees, authorisations and cover, as well as take the necessary measures, including the provision of interpretation services in the case of foreign patients, and/or follow-up with patients following hospital discharge from Viamed.
- Should you submit a claim, your personal data and other actions relating to the claim shall be communicated to the insurance broker and company, with which the hospital facility or the professionals who are the subject of the claim hold insurance policies covering risks related to the liability of the hospital, so that those companies can settle any compensation and liability that arise in such cases.
- Insurance providers or companies that have sent us your details for the provision of the health care services required (for example, medical examinations, assistance after road traffic accidents, etc.) for the purpose of billing for the services provided and, where appropriate, monitoring and verification of any injuries suffered, so that the insurance company can pay the corresponding compensation.
- Companies responsible for the manufacture or supply of prostheses, implants or any other material, test, or service required in the surgical treatment requested by the patient, where required by current laws, coverage of insurance policies subscribed by the patient, or when necessary for the payment of treatments provided, or in the vital interest thereof.
- In the case of health care resulting from traffic accidents or other events covered by insurance contracts, personal data relating to your record and injuries shall be communicated to third parties related to the determination and/or satisfaction of liability arising from the accident, as established by current legislation.
- Other clinicians, centres, or laboratories to which you are referred for the most agile and efficient study and analysis of the medical service requested.
- Health and care professionals involved in diagnosis or treatment, including trainees, the prescribing physician and professionals of the Hospital Facility or independent professionals who form part of its advisory medical committees if, in the opinion of your physician, your case so requires for the purpose of proper diagnosis and treatment.
- In the event that your health care requires the services of pathology laboratories or other diagnostic specialities, your data may be passed on to external laboratories or diagnostic services for analysis of samples or imaging and subsequent invoicing.
- In all other cases provided for by the legislation in force.
4. ADDITIONAL PURPOSES
Purpose: Issue proof of hospital stay for the patient and/or companions who require it.
Lawfulness of Processing: Legitimate interest in issuing a receipt reflecting attendance or stay at the hospital facility.
Retention period
Recipients: Companion requesting the receipt.
The receipt shall be issued with as little information as possible. If a companion requests that the patient's identity appears on the proof or receipt (for example to justify a leave of absence), the minimum amount of information possible shall be provided.
5. OPTIONAL TREATMENTS
Purpose:
- Send reminders about the date and time of appointments and scheduled tests to help the patient remember to attend appointments and thus receive the health care at the time they need it, helping to improve the continuity of care. This information will be sent to patients or representatives who have sufficient capacity and maturity to consent to health care treatments.
- Send quality and satisfaction surveys on health services provided to identify potential problems, errors, or areas for improvement in the management of the health facility or in the delivery of health services. This information will be sent to patients or representatives who have sufficient capacity and maturity to consent to health care treatments.
- Send information about our news, activities, or services.
Such information shall be sent by any means of contact provided, including mail and SMS.
Lawfulness of Processing: Legitimate interest, as set out in Article 6.1.f of the GDPR, and in relation to recital 47 of the GDPR.
At any time, you may oppose each of these purposes by any of the following means:
- Website form: https://www.viamedsalud.com/politica-de-privacidad/formulario-de-baja/
- Contact: bajasinfo@viamedsalud.com
- Paper form available at the hospital reception.
In order to successfully process your opposition, you must provide exactly the same data that you initially provided to the hospital facility.
6. WAYS IN WHICH DATA ARE OBTAINED
Any personal data we process have been obtained from the interested party or their legal representative in the case of minors and incapacitated persons.
The categories of data processed are as follow:
- Identification details.
- Contact details.
- Health data and medical records.
- Details of insurance companies, mutual companies or third parties obliged to pay for the services provided.
- Financial details relating to the services provided.
7. RIGHTS OF INTERESTED PARTIES
You may exercise your rights through:
- E-mail: dpo@viamedsalud.com
- Website form: https://www.viamedsalud.com/politica-de-privacidad/ejercicio-de-derechos
- At the front desk of our hospital facilities.
You are entitled to:
- Get confirmation about whether we are processing your data.
- Access your data and request corrections of inaccurate data.
- Request the erasure of your data when it is no longer necessary for the purposes for which it was collected.
- In certain circumstances, you may limit data processing or request the portability of your data.
- Oppose optional processing of your data.
- If necessary, file a complaint with the Spanish Data Protection Agency (www.aepd.es) or with our Data Protection Officer (dpo@viamedsalud.com)
8. VERSION
This privacy policy is dated 13/05/2022 and any changes to its terms will be posted on this website.