‍‍Introduction

This Privacy Policy explains which personal data we process, for what purpose, for how long, and the legal basis for such processing. It also provides information about your rights, how to exercise them, and how to contact us if you have any questions.

About us‍‍

Our company, IOMED MEDICAL SOLUTIONS, S.L. (hereinafter, “IOMED”), has developed a platform that facilitates the use of healthcare data for clinical research. Here is our information:

Postal address: C/ Sant Antoni Maria Claret, nº 167, 08025 Barcelona, Spain.
Tax identification number (NIF): B66774969

IOMED is the entity responsible (or, as defined by law, the "data controller") for collecting and using your personal data, as described in this Policy.

For What Purposes Do We Process Your Personal Data

IOMED processes your personal data for various purposes, depending on how you interact with us. Additionally, we may obtain your personal data either directly or indirectly.

Cases Where We Have Received Your Personal Data Directly

You have entered into a contract with us as a client or supplier

Purpose of Processing	Sub-purpose	Categories of Personal Data	Legal Basis for Processing
Customer and Supplier/Data Holder Management	Contract Management: onboarding, offboarding, and monitoring of the contractual relationship with Data users and suppliers/Data Holders.	Identifying data: First and last names of the individuals signing the contract Postal address and email address ID/Tax Identification Number/Identification document Signature Position in the entity they represent	Execution of a contract
Customer and Supplier/Data Holder Management	Management of accounting, billing, and tax obligations	Financial data, including invoice information: Identifying data: name and surname; Postal address; email address; tax information; bank account number (IBAN)	Compliance with a legal obligation applicable to IOMED
Supplier Management: Inspectors	Evaluation of the quality of tasks performed by Inspectors: Preparation of reports and data analysis on the level of quality of the service provided by the Inspectors	Identifying data: Full name; Work performance data; Contact information (email address); Annotations made by each inspector in the pseudonymized hospital notes	Legitimate interest

‍

You participate in our events or receive our commercial communications

Purpose of Processing	Sub-purpose	Categories of Personal Data	Legal Basis for Processing
Event Management	Coordination, hosting, and management of participation in events and webinars organized by IOMED	Identifying data: first name and last name Contact data: country of residence and corporate email address Employment details: position held in the company	Consent
Sending of commercial communications	Sending commercial communications via email	Identifying data: first name and last name Contact data: country of residence and corporate email address Employment details: position held in the company	Consent

‍

You are a user of our website, communicate with us via another digital communication channel, or subscribe to our newsletter

Purpose of Processing	Sub-purpose	Categories of Personal Data	Legal Basis for Processing
Newsletter Management	N/A	Contact Information: Corporate Email Address	Consent
Website Management	Management of Inquiries Received Through the IOMED Website	Identifying Data: First Name and Last Name Contact Information: Email Address Employment Details: Company Information Contained in the Message	Execution of Pre-contractual Measures
Prospects Management	Management of Information Requests About IOMED Products or Services (Received)	Identifying Data: First Name and Last Name Contact Information: Corporate Email Address	Execution of Pre-contractual Measures
Communication and Promotion Activities Management	Communication About IOMED Activities and Promotion of the Company Through the IOMED Website, Marketing and Promotional Materials, Printed and Digital	Identifying Data: First Name and Last Name, Image, Signature on Image Usage Authorization	Legitimate Interest Consent for Image Use
IOMED Social Media Management	Communication about IOMED activities and promotion of the company	Identifying Data: First Name and Last Name, Image, Signature on Image Use Authorization Data Made Public by Users as Part of the General Settings of Their Account on Each Social Media Platform	Legitimate Interest Consent for Image Use
	Management of interaction (public or private messages) with IOMED social media users	Identifying Data: First Name and Last Name; Image, Signature on Image Use Authorization Information Contained in Reviews, Comments, and Messages Exchanged Data Made Public by Users as Part of the General Settings of Their Account on Each Social Media Platform	Consent
	Preparation of social media audience statistics	Identifying Data: First Name and Last Name; Image, Signature on Image Use Authorization Data Made Public by Users as Part of the General Settings of Their Account on Each Social Media Platform Data on Social Media Usage for Statistical Purposes	Consent

‍

You are a job applicant

Purpose of Processing	Sub-purpose	Categories of Personal Data	Legal Basis for Processing	Condition of Article 9 of the GDPR for Processing Special Categories of Data
Staff Selection: Employees	Management of Staff Selection	Data Collected When a Candidate Applies Through the IOMED Website: - Identifying Data: First Name and Last Name - Contact Information: Personal Phone Number; Email Address - Information Contained in the CV and Emails Sent by the Candidates - Academic and Professional Data: Education, Qualifications, Academic Record, Professional Experience - Responses to Questions Asked by IOMED to Assess the Candidate's Suitability for the Position: Salary Range Expectations; Technical Skills Related to the Position; Years of Experience in Relevant Areas/Functions - Data Related to Interviews and Positions: Interview Dates; Salary Range of the Position - Decision Made Regarding the Candidature - Type and Duration of the Proposed Contract - Notes (opinion on the candidate's suitability for the position) written by the HR department and the team where the position is vacant; data on the completion of technical tests by candidates	Execution of Pre-contractual Measures Between IOMED and the Candidates	N/A
Staff Selection: Employees	Management of Staff Selection	If Data Collected from LinkedIn Social Media via Active Search: - Identifying Data: First Name and Last Name - Contact Information: Personal Phone Number; Email Address - Academic and Professional Data	Consent	N/A
Audio Recording of Interviews	Voice	Audio Recording of Interviews	Consent	Explicit consent

‍

Additionally, if you apply through a job posting on the following websites, IOMED is a joint data controller along with:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. Contact form for DPO: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
Angel.co - AL Talent, Inc. (doing business as Wellfound) Address: 228 Park Ave S PMB 40533, New York, NY 10003-1502, USA. privacy@wellfound.com EU Representative: PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG c/o Wellfound Address: Schellinggasse 3/10, 1010 Vienna, Austria.
Joppy - Tres Techies SL Address: Raval de Corbera 39, 08740, Sant Andreu de la Barca, Barcelona, Spain. help@joppy.me
Glassdoor LLC Address: 300 Mission St, 16th Floor, San Francisco, USA. EU Representative: Glassdoor Hiring Solutions Ireland Ltd.; DPO: dpo@glassdoor.com
Hacker News - Y Combinator Management, LLC Address: 335 Pioneer Way, Mountain View, CA 94041, USA. privacy@ycombinator.com
TryCircular - Circular Talent, S.L. Address: C/ Alcalá 155, 3ºI 28009, Madrid, Spain. dpo@circular.io
Indeed Ireland Operations Limited Address: Block B, Capital Dock, 80 Sir John Rogerson’s Quay, Grand Canal Dock, Dublin, 2, D02 HE36, CRO. privacy-dept@indeed.com
PM Farma Address: Pujades 43 B, Local, 08005, Barcelona, Spain. pmfarma@pmfarma.com
EAE Institución Superior de Formación Universitaria, S.L. and Jobteaser Addresses: Av Diagonal, 662, 08034 Barcelona, Spain, and Rue Blanche, 75009 Paris, France (respectively). dpo@planeta.es

If you would like to know how each of these companies processes your data, you can consult their privacy policies or contact them directly.

How long do we retain your personal data?‍

In general, we will only retain your personal data for as long as necessary to fulfill the purposes for which it was obtained, including the purpose of complying with our legal, tax, accounting, payment, or informational obligations.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve these purposes through other means, as well as our applicable legal or other obligations.

You may request detailed information regarding the retention periods of your personal data by contacting us at the following email address: dpo@iomed.health.

What measures do we take to ensure the security of your personal data?‍

IOMED implements technical and organisational security measures to ensure the security of the personal data it processes and to protect it from unauthorised access, loss, or disclosure.

We limit access to your personal data solely to our staff and other third parties who need to know it for professional reasons. They will only process your personal data in accordance with our instructions and are subject to confidentiality obligations.

We have established a procedure to detect and manage potential data security breaches. We will notify you of any breach that affects you without undue delay, and we will notify the competent authority within 72 hours when required to do so.

Who do we share your personal data with?

Employees and other staff working for IOMED have access to your data. Additionally, under certain circumstances, third parties external to IOMED may have access to your personal data.

These third parties include:

Financial institutions: for example, for invoice payments.
Our investors and potential investors, for managing our relationship with them.
Service providers and collaborators: We share your data with our service providers only after ensuring that they comply with their data protection and information security obligations.
For example:
- Our accountants and advisors, who assist us in complying with our obligations.
- Our cloud storage service provider that hosts our website, for maintenance and hosting of databases.
- Our cloud storage service provider that stores personal data processed on behalf of our clients, for maintenance, as well as for hosting our servers and databases.
- Our service provider for sending commercial communications.

We only authorise these providers to use your personal data to the extent necessary to provide services on our behalf or to fulfill their legal obligations, and we strive to ensure that your personal data is protected at all times.

Competent authorities, whenever we are required to disclose your data, for example, tax authorities, police, or law enforcement agencies, or to comply with a court order. We may also disclose your data to third parties if this communication is necessary to ensure the protection and defense of our rights.

Where Is Your Personal Data Transferred?‍

IOMED primarily selects service providers that host your personal data within the European Economic Area (EEA).

However, on occasion, we may transfer your data to providers operating outside the EEA:

If these providers operate in a country that the European Commission deems to offer adequate protection, we will base the transfer on the relevant adequacy decision. For example, this would be the case for transfers to providers that have adhered to the "Data Privacy Framework" program in the United States.
If these providers operate in a country that the European Commission does not consider to offer adequate protection, we will apply the Standard Contractual Clauses approved by the Commission or other appropriate legal mechanisms to safeguard your data.

What Are Your Rights Regarding Your Data?‍

You have the following rights:

You have the right to ask us which personal data we are processing in relation to you.
You have the right to request that we rectify any personal data we are processing in relation to you if the data is inaccurate.
You have the right to request that we erase any personal data we are processing about you. However, this is not an absolute right, and there are circumstances in which we are legally required to retain your personal data for a specific period (as indicated in Section 4 of this Policy).
You have the right to request that we restrict the processing of your personal data in the following cases:
- While we are evaluating your request for rectification of your personal data;
- While we are evaluating your objection to the processing of your personal data;
- When the data processing is unlawful, but you prefer restriction over erasure;
- If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims.
You have the right to receive a copy of your data in a machine-readable format for the purpose of data portability, when we have collected your data based on your consent or because it is necessary for the performance of a contract. However, this right only applies to personal data that you have provided to us.
You have the right to object to the processing of your data when we process it based on our legitimate interests. When our interest relates to direct marketing, we will immediately comply with your request. For other interests, we will ask you to describe your specific circumstances that give rise to the request. If this balancing exercise results in your circumstances outweighing our interests, we will cease processing your personal data.
You have the right not to be subject to automated decisions or profiling.
If we request your consent to use your personal data, for example, to send you newsletters, you have the right to withdraw that consent at any time.

To exercise your rights, you can contact us by email at: dpo@iomed.health, or by postal address at: IOMED MEDICAL SOLUTIONS, S.L., C/ Sant Antoni Maria Claret, nº 167, 08025 Barcelona, Spain.

Please always specify the context in which we have obtained your personal data so that we can process your request quickly and efficiently. We will respond as soon as possible, and in any case, within one month of receiving your request, provided we can verify your identity. Please note that we may require you to provide a document to verify your identity in order to protect your privacy and security, for example, to prevent an unauthorized person from impersonating you and exercising a right on your behalf.

In certain circumstances, we may deny your request or charge a fee to cover costs, such as if your requests are repetitive.

If you have any complaints about how your data is processed, we appreciate you contacting us at the email address mentioned in this section. However, you also have the right to file a complaint with the relevant data protection authority (which could be the authority in the country where you reside, work, or where the alleged infringement of the law occurred).

Cookies and Tracking Technologies‍

Some of your personal data is collected through cookies on our website. You can consult detailed information about how we manage cookies in our Cookies Policy at any time.

Contact‍

If you have any questions about this Policy or how we process your data, we invite you to contact our DPO (Data Protection Officer) by sending an email to: dpo@iomed.health.

‍

Accede aquí a la Política de Privacidad en castellano.