Close

 

08.02.- SECOND LEVEL PRIVACY POLICY

https://www.lactapp.es

 

DETAILS OF OUR PRIVACY POLICY, DETAILED SECOND LEVEL 

ÍNDEX

  1. Purpose of the Privacy Policy
  2. Definitions
  3. Identity of the Data Controller
  4. Applicable laws and regulations
  5. Principles applicable to the processing of  personal data
  6. Security measures
  7. Purposes of processing
  8. Legitimation of the treatment
  9. Recipients of your data
  10. Data Processing Activities Carried Out
  11. Personal data of minors
  12. Origin and types of data processed
  13. Rights of data subjects
  14. Acceptance

1.-OBJECTIVE OF THE POLICY

This "Privacy and Data Protection Policy" aims to make known the conditions governing the collection and processing of your personal data by LactApp to ensure fundamental rights, your honor and freedoms, all in compliance with current regulations that regulate the Protection of Personal Data according to the European Union .

In accordance with these regulations, we need to have your authorization and consent for the collection and processing of your personal data, so below, we indicate all the details of your interest regarding how we carry out these processes, with what {nalities, that other entities could have access to your data and what your rights are.

For all the above, once reviewed and read our Data Protection Policy, it is essential that you accept it in proof of your agreement and consent.

2.- DEFINITIONS

  • personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
  • ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
  • ‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
  • ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • ‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
  • ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
  • ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
  • ‘main establishment’ means:
  1. as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
  2. as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;
  • ‘representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
  • ‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
  • ‘group of undertakings’ means a controlling undertaking and its controlled undertakings;
  • ‘binding corporate rules’ means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;
  • ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51;
  • ‘supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data because:
    1. the controller or processor is established on the territory of the Member State of that supervisory authority;
    2. data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
    3. a complaint has been lodged with that supervisory authority;
  • ‘cross-border processing’ means either:
    1. processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
    2. processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
  • ‘relevant and reasoned objection’ means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;
  • ‘information society service’ means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (¹);

‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

 

 3.-IDENTITY OF THE DATA CONTROLLER

Who collects and processes your data?

The Data Controller is that natural or legal person, of a public or private nature, or administrative body, which alone or jointly with others determines the extent and means of the processing of personal data; in case the extent and means of the treatment are determined by the Law of the European Union.

In this case, our identification data as Data Controller are the following:  

LACTAPP WOMEN HEALTH, S.L CIF B66777780

How can you contact us? 

  • Postal address and our offices:   Melcior de Palau, 135 08014 Barcelona Barcelona  Spain 
  • Registered office: Melcior de Palau, 135 08014 Barcelona Barcelona  Spain
  • Email: hola@lactapp.es- Phone: 673639918

 

Who can help you with our Data Protection Policy? 

We have a person or entity specialized in data protection, which is responsible for ensuring the correct compliance in our entity with current legislation and regulations. This person is called Data Protection Officer (DPO) and, if needed, can contact him as follows:

 

AURATECH LEGAL SOLUTIONS SLP- CIF B87984621
Email: rgpd@auratechlegal.es- Phone: 0034 91 113 49 63

 

4.- APPLICABLE LAWS AND REGULATIONS 

This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of these data. Hereinafter GDPR.  
  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter  LOPD/GDD
  • Law 34/2002, of 11 July, on the Services of the Information Society and Electronic Commerce. Hereinafter    LSSICE.

 

5.- PRINCIPLES APLICABLES TO THE PROCESSING OF PERSONAL DATA 

The personal data collected and processed through this website will be treated in accordance with the following principles:

  • Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be lawful and loyal, being totally clear to the user when the personal data that concerns him is being collected, used, consulted or processed. Information regarding the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language.
  • Principle of limitation of purpose: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a manner incompatible with the purposes for which they were collected.
  • Principle of data minimization: The data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Principle of accuracy: The data will be accurate and, if necessary, updated, taking all reasonable measures to delete or rectify without delay personal data that is inaccurate with respect to the purposes for which they are processed.
  • Principle of limitation of the retention period: The data will be kept in such a way as to allow the identification of the interested parties for no longer than necessary for the purposes of processing personal data.
  • Principle of integrity and confidentiality: The data will be processed in a way that guarantees adequate security of personal data, including protection against unauthorized or illicit processing and against accidental loss or damage, through the application of appropriate technical and organizational measures.
  • Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.
  •  

6.-SECURITY MEASURES 

What do we do to guarantee the privacy of your data? 

LactApp adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, prevent its alteration, loss, treatment or unauthorized access, depending on the state of technology, the nature of the stored data and the risks to which they are exposed.

Among others, the following measures stand out:

  • Ensure the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
  • Restore availability and access to personal data quickly, in the event of a physical or technical incident.
  • Verify, evaluate and evaluate, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
  • Pseudonymize and encrypt personal data, in case it is sensitive data.

 

On the other hand, LactApp manages information systems according to the following principles:

  • Principle of regulatory compliance: All information systems will comply with regulatory and sectoral legal regulations that affect information security, especially those related to the protection of personal data, system security, data, communications and electronic services.
  • Risk management principle: Risks will be minimized to acceptable levels and the balance between security controls and the nature of the information will be sought. Security objectives must be established, reviewed and consistent with the information security aspects.
  • Awareness and training principle: Training, awareness programs and awareness campaigns will be articulated for all users with access to information, in terms of information security.
  • Proportionality principle: The implementation of controls that mitigate asset security risks will be carried out seeking the balance between security measures, nature and information and risk.
  • Principle of responsibility: All members of the Data Controller will be responsible for their conduct regarding information security, complying with established rules and controls.
  • Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed on a recurring basis to increase the ability to adapt to the constant evolution of risk and the technological environment.

 

7.- PURPOSES OF THE TREATMENT 

 What do we want to process your data for? 

We need your authorization and consent to collect and process your personal data, so below we detail the intended uses and purposes:

  • App Store and Google Play: Allow downloading the app depending on the device; Process subscription payments; Gift an annual subscription from a user to another friend or colleague who is a mother.
  • Chat Application: Collect information and images to be used for research and training; Train the artificial intelligence models integrated in vAlba; Answer specific questions about breastfeeding and other topics related to women's sexual and reproductive health and review the images and videos that are sent to us.
  • Comments on the blog: Make comments or express opinions about products, services or published topics.
  • Commercial communications / Newsletter: Keep up to date with news, workshops, pieces of training and promotions: marketing, advertising and commercial prospecting.
  • Congresses: Comply with the contractual terms of the course, event or congress, as well as comply with the legal obligations arising from it; Manage the relationship and send information about the course, event or congress; Provide information about Lactapp services and similar training; Treat the images of attendees to publicise the congress in RRSS. To record the lectures and workshops.
  • Cookies, pixel and tracking: Obtain statistical data on user navigation, identify problems, analyze their preferences and offer advertising tailored to their interests...
  • Health data of users or subscribers: Provision of information service, help and advice on motherhood and breastfeeding in a personalized way.
  • LactApp Shop: Collections, returns, billing and online shopping cart management; Online purchase of products on the web.
  • Resume management / Job board: Personnel selection.
  • APP registration management as subscribers and users: Giving an annual subscription as a gift from a user to another friend or colleague who is a mother; Processing registrations, information and payments of people who register in the App.
  • Volunteer management: Occupational risk prevention; Human resources.
    Research and development: Study and research projects related to breastfeeding and its possible pathologies and associated problems.
  • User Registration: Register in the application...
    RRSS Social Networks: Creation and management of information through social networks.
    Use of images: Train the artificial intelligence models integrated in vAlba. Collect information and images to be used for research and training; Show real cases about breastfeeding through own channels; Use of images in studies, research and training.
  • Training: Case of the week in LactApp Medical in which real cases are treated; Congresses and conferences in which Lactapp participates; IBCLC training Training carried out within the LactApp Medical application; Training on maternity and breastfeeding to health professionals, employees of health companies such as hospitals or insurance companies and other people who individually may be interested in training with our courses. .
  • LactApp Clinic: Purchase and reserve a place in our workshops; Receive physiotherapy, speech therapy, breastfeeding or psychology treatment; Book an appointment with our experts in breastfeeding, physiotherapy, speech therapy or psychology.
  • Consultations and web contacts: To respond to requests received from the contact form on our website.
  • Agenda / Calendar management: Appointment control and agenda; Book an appointment with one of our experts to resolve doubts or difficulties related to breastfeeding; Book a place for online workshops; Book your visit with our expert psychologists in breastfeeding and mental health; Request appointment LactApp training information.
  • Blanquerna training activities: Teaching the Master in advanced practice in breastfeeding; Teaching the University Postgraduate "University Expert in breastfeeding"; Teaching training on maternity and breastfeeding online through the zoom platform; Teaching FUA (University Training for Access to the IBCLC); Updating or continuous training sessions in which Blanquerna certifies the training; Use of images or consultations received through LactApp Clinic (video calls) for training.

How long do we keep your data?

We use your data for the time strictly necessary to fulfill the reasons indicated above. Unless there is an obligation or legal requirement, the expected storage periods are:

  • App Store and Google Play As long as the contractual relationship is maintained.
  • Chat Application The personal data provided will be kept as long as they are necessary or relevant for the purpose for which they were collected or recorded.
  • Comments on the blog: As long as their deletion is not requested by the interested party.
  • Commercial communications / Newsletter: As long as their deletion is not requested by the interested party. No minimum or maximum retention periods have been established; if the data subject shows opposition to the processing of data, they are deleted depending on the channel of interaction or request for opposition to the processing of data.
  • Congresses: As long as their deletion is not requested by the interested party. The data of the attendees will be as long as the relationship is maintained, and their deletion is not requested by the interested party and in any case until the legal periods of conservation are fulfilled.
  • Cookies, pixel and tracking You should access our cookies policy to know the retention time of each cookie and the information that has been collected.
  • Health data of users or subscribers The data is retained for as long as the business relationship is maintained for the provision of the service, With the cancellation of the account data may continue to be used for research purposes after having anonymized.
  • LactApp Shop : For a period of 5 years from the last confirmation of interest. We will keep your personal information for as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right of deletion, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without giving it any use, while it may be necessary for the exercise or defense of claims or may derive some kind of judicial, legal or contractual responsibility of its treatment, which must be attended and for which its recovery is necessary.
  • Resume management / Job board: For a period of 1 year from the last confirmation of interest. The personal data provided will be kept as long as their deletion is not requested by the interested party and this is appropriate, and as long as they are necessary - including the need to keep them during the applicable statute of limitations - or relevant for the purpose for which they were collected or registered, and if you do not update the curriculum or do not perform any job search management for a period of one year, your data will be deleted, implying the blocking of the same.
  • Management of registration in APP as subscribers and users The data are treated until the user or subscriber cancels his account.
  • Management of volunteers : For a period of 5 years from the last confirmation of interest.
  • Research and development Data are processed for the development of research.
    User Registration : As long as the user does not request its deletion. The data are processed until the user or subscriber cancels his account.
  • RRSS Social Networks: As long as their deletion is not requested by the interested party. The personal data provided will be kept as long as they are necessary or relevant for the purpose for which they were collected or recorded. We are obliged to block the data when it is deleted. The blocking of the data consists in the identification and reservation of the data, adopting technical and organizational measures to prevent its processing, including its visualization, except for the provision of the data to the judges and courts, the Public Prosecutor's Office or the competent Public Administrations, in particular the data protection authorities, for the demand of possible responsibilities derived from the processing and for three years, the period of limitation of the same. The blocked data may not be processed for any purpose other than that indicated above.
  • Use of images The data are kept to train our AI in anonymized form.
  • Training :They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine any liabilities arising from the processing. Subsequently, the deletion is carried out in accordance with the documentation and archiving regulations.
  • LactApp Clinic : For a period of 5 years from the last confirmation of interest. We will keep your personal information for as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to erasure, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without making any use of it, while it may be necessary for the exercise or defence of claims or may derive some type of judicial, legal or contractual liability from its processing, which must be attended to and for which its recovery is necessary.
  • Web enquiries and contacts: For a period of 5 years from the last confirmation of interest. The personal data provided will be kept for as long as their deletion is not requested by the data subject and is appropriate, and for as long as they are necessary - including the need to keep them for the applicable limitation periods - or relevant for the purpose for which they were collected or recorded.
  • Use images Data are retained to train our AI in an anonymised form.
  • Training They are retained for as long as necessary to fulfil the purpose for which they were collected and to determine any liabilities arising from the processing. Subsequently, the deletion is carried out in accordance with the regulations on documentation and archives.
  • LactApp Clinic : For a period of 5 years from the last confirmation of interest. We will keep your personal information for as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to erasure, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without making any use of it, while it may be necessary for the exercise or defence of claims or may derive some type of judicial, legal or contractual liability from its processing, which must be attended to and for which its recovery is necessary.
  • Web enquiries and contacts: For a period of 5 years from the last confirmation of interest. The personal data provided will be kept for as long as their deletion is not requested by the data subject and is appropriate, and for as long as they are necessary - including the need to keep them for the applicable limitation periods - or relevant for the purpose for which they were collected or recorded.
  • Agenda / Calendar management : As long as their deletion is not requested by the data subject. Personal data will be kept for as long as the data subjects do not request their deletion or when the data are no longer necessary - including the need to keep them during the applicable limitation periods - or relevant for the purpose for which they were collected or recorded.
  • Blanquerna training activities They will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities arising from the processing. Subsequently, they will be deleted in accordance with the documentation and archives regulations. The personal image and voice data of participants in activities for the promotion and dissemination of official postgraduate master's degrees will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities arising from the processing will be kept for the time necessary to fulfil the purpose for which they were collected, as long as deletion is not requested by the interested party and for the time necessary to determine any possible liabilities that may arise from this purpose and from the processing of the data.
 
 

8.- LEGITIMATION OF TREATMENT 

Why do we process your data?

The collection and processing of your data is always legitimated by one or more legal bases, which we detail below:

  • App Store and Google Play: (Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of a contract or pre-contract.
  • Chat Application : (Art. 6.1.a RGPD) Consent of the data subject ; (Art. 8.1.b RGPD) Consent of the holder of parental authority or guardianship of a minor under 14 years of age or a person who is physically or legally incapacitated ; (Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by contract or pre-contract

  • Comments on the blog: Explicit consent of the data subject.

  • Commercial communications / Newsletter: (Art. 6.1.a RGPD) Consent of the data subject; (Art. 6.1.f RGPD) Legitimate interest of the Data Controller or third parties.

  • Congresses: (Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of a contract or pre-contract.

  • Cookies, pixel and tracking: (Art. 6.1.a RGPD) Consent of the Data Subject

  • Health data of users or subscribers: (Art. 6.1.a GDPR) Consent of the data subject; (Art. 8.1.b GDPR) Consent of the holder of parental authority or guardianship of a minor under 14 years of age or a person who is physically or legally incapacitated; (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject by contract or pre-contract.

  • LactApp Shop: (Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of a contract or pre-contract

  • Management of curriculum / Job board: Explicit consent of the data subject.

  • Management of registration in APP as subscribers and users: (Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of a contract or pre-contract.

  • Management of volunteers: Explicit consent of the data subject.

  • Research and development: (Art. 6.1.f RGPD) Legitimate interest of the Data Controller or third parties; (Art. 9.2.j RGPD) Public interest for historical, statistical or scientific research purposes; (Art. 6.1.a RGPD) Consent of the data subject.

  • Registration of Users: (Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of a contract or pre-contract.

  • RRSS Social Networks: (Art. 6.1.a RGPD) Consent of the data subject.

  • Use of images: (Art. 6.1.a RGPD) Consent of the data subject.

  • Training: (Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of contract or pre-contract.

  • LactApp Clinic: (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject by contract or pre-contract

  • Consultations and web contacts: (Art. 6.1.a RGPD) Consent of the data subject.

  • Agenda / Calendar management: Explicit consent of the data subject; Existence of a contractual relationship with the data subject by contract or pre-contract.

  • Blanquerna training activities: (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject by means of a contract or pre-contract; (Art. 6.1.e GDPR) Performance of a public task or exercise of public powers vested in the Data Controller; (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject by means of a contract or pre-contract.

 

9.- RECIPIENTS OF YOUR DATA  

To whom do we transfer your data within the European Union?

Sometimes, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:

App Store y Google Play. Se comparten datos con APPLE y GOOGLE.
Congresos. En algunos eventos sus datos serán compartidos con nuestros colaboradores.
Cookies, píxel y tracking : Empresas dedicadas a publicidad o marketing directo
Datos de salud de los usuarios o suscriptores. Facultativos expertos en la materia como expertos en lactancia o profesionales sanitarios.
LactApp Shop: Administración Tributaria ; Bancos, cajas de ahorros y cajas rurales . Empresas de mensajería. Proveedores de la tienda electrónica.
Gestión de curriculum / Bolsa de trabajo: Organizaciones o personas directamente relacionadas con el responsable . Como consecuencia de la gestión de las finalidades autorizadas sus datos podrán ser comunicados ofertantes de empleo que les pueda interesar su perfil.
Gestión de voluntarios: Organismos de la Seguridad Social
RRSS Redes Sociales. Entidades prestadoras de servicios de redes sociales
Uso imágenes. Los datos serán cedidos a las redes sociales Twitter, Instagram, LinkedIn, YouTube y Facebook.
Formación : Organismos de la Seguridad Social ; Entidades formadoras . Blanquerna, Universidad Ramón Llull.
LactApp Clinic. Se entregarán datos los profesionales que prestan servicios de logopedia, fisioterapia, psicología y lactancia materna para Lactapp
Agenda / Gestión del calendario: Entidades del grupo empresarial . En su caso, podrán realizarse comunicaciones a personas relacionadas con la actividad o servicio prestado.
Actividades de formación Blanquerna: Entidades formadoras

Registro de Usuarios

ISALUD HEALTH SERVICES SL (Envío de leads interesados de seguros de Isalud.: Datos identificativos; Características personales)

Actividades de formación Blanquerna

Fundació Blanquerna (Universidad con la que se imparte el curso: Datos identificativos; Académico y profesionales; Información crediticia)

  • App Store and Google Play. Data is shared with APPLE and GOOGLE.
  • Congresses. In some events your data will be shared with our partners
  • Cookies, pixel and tracking : Companies engaged in advertising or direct marketing.
  • Health data of users or subscribers. Medical experts in the field such as breastfeeding experts or health professionals.
  • LactApp Shop: Tax Administration; Banks, savings banks and rural banks. Courier companies. E-shop providers.
  • Management of curriculum vitae/ Job opportunities: Organizations or persons directly related to the person in charge. As a result of the management of the authorized purposes, your data may be communicated to job offers that may be interested in your profile.
  • Management of volunteers: Social Security Agencies.
  • RRSS Social Networks. Entities providing social networking services.
  • Use of images.:The data will be transferred to the social networks Twitter, Instagram, LinkedIn, YouTube and Facebook.
  • Training : Social Security Agencies ; Training entities . Blanquerna, Ramón Llull University.
  • LactApp Clinic: Data will be provided by professionals who provide speech therapy, physiotherapy, psychology and breastfeeding services for Lactapp.
  • Agenda / Calendar management: Entities of the business group. Where appropriate, communications may be made to persons related to the activity or service provided.
  • Blanquerna training activities: Training entities.
  • User Registration:
      • ISALUD HEALTH SERVICES SL (Sending of leads interested in Isalud insurance: Identification data; Personal characteristics).
      • Blanquerna training activities
        Fundació Blanquerna (University with which the course is given: Identifying data; Academic and professional data; Credit information)

 

Do we make International Transfers of your data outside the European Union? 

In the processes of processing your data carried out by our entity, we need to contract external services that could imply that your data is stored and / or processed by organizations that are established or operate from outside the European Union, which would imply that we make international transfers of your data. Below, we indicate all the details of these international transfers, (they only appear if they were made):

Uso imágenes
  • DIGITAL AVOCADOS OÜ - Estonia
    • Nivel de protección garantizado: Garantías Adecuadas
    • Categoría de garantías: Garantías aprobadas por la Autoridad de Control
      • Cláusulas contractuales tipo.

  • Use of images:
      • DIGITAL AVOCADOS OÜ - Estonia
        Guaranteed level of protection: Adequate Guarantees
        Category of warranties: Guarantees approved by the Supervisory Authority.
        Standard contractual clauses.

 

 

10.-ORIGIN AND TYPES OF DATA PROCESSED

Where have we obtained your data from?

  • Subscribers and Users registered in the App: The interested party or his/her legal representative.
  • Users of the website: The interested party or his legal representative. The data are captured by our cookies or from the contact form on our website.
  • Ecommerce customers: The interested party or its legal representative.
  • Employees: Yourself or your legal representative
  • Job Candidates: Yourself or your legal representative
  • Research and development: The data subject or his/her legal representative. The data of minors are provided by their mother, the person who has parental authority over the child.
  • Followers: The person concerned or his/her legal representative.
  • Students: The person concerned or his/her legal representative. The data has been provided by the student.
  • Volunteers: The person concerned or his/her legal representative

What types of data have we collected and processed yours? 

  • Identifying data (IP address; Baby's IP address; Baby's name, weight, date of birth and sex; Email address; First and last name; Phone number) 
  • Special categories of data (Biometric data Baby's percentile; Baby's stool status)
  • Personal characteristics (Images of breasts and body areas related to breastfeeding; Existence of pain or discomfort; Mood; Physical or anthropometric characteristics; Date of birth;  Existence of pain or discomfort and body areas related to breastfeeding )
  • Other categories (Password ID generated by the Pixel or Cookie)
  • Economic, financial and insurance (Payment of subscriptions via Google Pay and iTunes, Bank card data debit or credit card, Paypal, etc.)
  • Academic and professional (Curriculum Vitae; Degrees; Professional experience; Student record; Memberships in professional associations or colleges )
  • Employment details (Worker history)

 11-RIGHTS OF THE INTERESTED PARTIES 

What are your rights?

Current data protection regulations protect you in a series of rights in relation to the use we give to your data. Each and every one of your rights are one-person and non-transferable, that is, they can only be performed by the owner of the data, after verification of your identity.

Below, we indicate what your rights are:

  • Right of access: It is the right of the user of the Website to obtain confirmation of whether or not the Data Controller is processing his personal data and, if applicable, obtain information about his specific personal data and the treatment that the Data Controller has carried out or carries out, as well as, among others, of the available information about the origin of said data and the recipients of the communications made or provided for therein.
  • Right of rectification: It is the right that the user of the Website has to have their personal data modified that turn out to be inaccurate or, taking into account the purposes of the treatment, incomplete.
  • Right of deletion: It is usually known as "right to be forgotten", and it is the right that the user of the Website has, provided that current legislation does not establish otherwise, to obtain the deletion of his personal data when these are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his consent to the treatment and he does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data have been processed illicitly; the personal data have been the product of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its application, will take reasonable measures to inform other potential controllers who are processing the personal data of the data subject's request for deletion of any link to that personal data.
  • Right to limitation of data: It is the right of the User of the Website to limit the processing of their personal data. The Website User has the right to obtain the limitation of processing when he challenges the accuracy of his personal data; the processing is illegal; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the Website User has objected to the treatment.
  • Right to data portability: In those cases where the processing is carried out by automated means, the Website User will have the right to receive his personal data from the Data Controller in a structured, commonly used and machine-readable format, and to transmit them to another controller. whenever technically possible, the Data Controller will transmit the data directly to that other Responsible.
  • Right to object: It is the User's right not to carry out the processing of their personal data or to cease the processing of them by the Data Controller.
  • Right not to be subject to automated decisions and / or profiling: The right of the Website User not to be the subject of an individualized decision based solely on the automated processing of their personal data, including profiling, existing unless current legislation establishes otherwise.
  • Right to revoke consent: It is the right of the Website User to withdraw, at any time, the consent given for the processing of their data.
  • Right to file a data protection claim with the Control Authority: Spanish Data Protection Agency Agencia Española de Protección de Datos

The interested party can exercise any of the aforementioned rights by contacting the Data Controller and after identifying the User using the following contact information:

  • Responsible: LACTAPP WOMEN HEALTH, S.L
  • Address: Melcior de Palau, 135 08014 Barcelona Barcelona 
  • Phone: 673639918
  • E-mail: hola@lactapp.es
  • Website: https://www.lactapp.es

You can also exercise your rights before the Data Protection Officer:

Email: rgpd@auratechlegal.es - Phone: 0034 91 113 49 63

 

How can you exercise your rights in relation to your data?

or the exercise of your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so as follows::

  • Responsible: LACTAPP WOMEN HEALTH, S.L
  • Address: Melcior de Palau, 135. 08014, Barcelona (Barcelona), Spain
  • Telephone: 673639918
  • E-mail: hola@lactapp.es
  • Website: https://www.lactapp.es

 

How can you file a claim? 

In addition to your rights, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you can make a claim with the Control Authority, whose contact details we indicate below:

  • Agencia Española de Protección de Datos
  • C/. Jorge Juan, 6 28001 Madrid Madrid
  • Email: info@aepd.es- Phone: 912663517
  • Web: https://www.aepd.es

12.-ACCEPTANCE 

Acceptance and making available to you this document indicates that you understand and accept all the clauses of our privacy policy so you authorize the collection and processing of your personal data in these terms. This acceptance is made by activating the "Reading and Acceptance" checkbox of our Privacy Policy. LactApp reserves the right to modify this Privacy Policy, in accordance with its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.

 

Last updated : October 25, 2023

Copia este enlace y compártelo con una amiga

https://links.lactapp.es/community

¿Cómo puedes acceder a las ponencias en diferido?