Privacy Policy
Farmacia Fernández Díez is committed to protecting the personal data that the User provides through this website or by any other means. This Policy has been drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
1. Data controller
Owner: Arantza Fernández Díez
Address: Plaza de los Fueros, 4 — 31780 Bera (Navarre), Spain
Phone: +34 948 63 06 31
Email: farmaciafernandez@hotmail.es
2. Data we collect
We process the following personal data depending on the channel through which it is provided:
- Website contact form: first name, surname, email, phone (optional) and message content.
- Communications by mail or phone: identifying and contact data voluntarily provided by the User.
- Browsing data: IP address, browser type, pages visited and analytics data generated through cookies (see our Cookie Policy).
We do not collect special-category data (health data, prescriptions, pharmacological history, etc.) through the website. Such data is only processed in person at the pharmacy under healthcare professional secrecy and in accordance with applicable pharmaceutical regulations.
3. Purpose and legal basis
- To respond to enquiries and requests received through the contact form, email or phone. Legal basis: User's consent (Art. 6.1.a GDPR).
- To comply with legal obligations applicable to pharmaceutical activity. Legal basis: Art. 6.1.c GDPR.
- For statistical analysis of browsing to improve the website. Legal basis: consent given through the cookie banner (Art. 6.1.a GDPR).
4. Retention period
Data provided through the contact form will be kept for the time strictly necessary to respond to the enquiry and, where applicable, for the periods legally required by tax, administrative or healthcare regulations. Analytics data will be retained according to the periods described in the Cookie Policy.
5. Recipients of the data
Personal data will not be transferred to third parties, except as required by law. Some technical services (web hosting, analytics tools such as Google Analytics) act as data processors within the meaning of Art. 28 GDPR and have signed the corresponding contracts. The use of Google Analytics may involve international data transfers to the United States, covered by the EU-U.S. Data Privacy Framework.
6. User rights
The User may exercise the following rights at any time:
- Right of access to their personal data.
- Right to rectification of inaccurate data.
- Right to erasure ("right to be forgotten").
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing.
- Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise these rights, the User may write to the data controller at the postal or electronic address indicated above, attaching a copy of their ID document or equivalent.
The User also has the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that the processing of their data does not comply with the regulations.
7. Data security
The controller adopts appropriate technical and organisational measures to ensure the security of personal data and to prevent its alteration, loss, unauthorised processing or access, taking into account the state of the art, the nature of the data and the risks to which it is exposed.
8. Modifications
The controller reserves the right to modify this Policy to adapt it to legislative or jurisprudential developments. Any modification will be published on this same page indicating the date of update.