Through this privacy policy, we hereby inform you that, in compliance with the provisions of the applicable regulations on the Protection of Personal Data, the data requested through any forms and/or spaces where you are required to identify yourself on this website will be included in a file owned by ATRYS HEALTH, S.A., with registered office at C/ Príncipe de Vergara 132, 1º piso (28002, Madrid), and holder of tax ID number A84942150 (“ATRYS HEALTH, S.A.”).

The purpose of processing

Your data will be processed solely for the purpose of answering your query, providing you with the requested services, and providing you with information about our company.

Likewise, the contact details may be used to send news and for promotional actions related to the website, with related information only being sent by email. For this, you must give your express consent to the sending of this information on the corresponding form. In any case, if the user wishes to revoke said consent, he/she must notify ATRYS HEALTH, S.A. in writing by email.

The obligatory data on each form will be identified as such. If they are missing or incorrect, ATRYS HEALTH, S.A. will not be able to identify you correctly and, consequently, the registration will be deleted if necessary.

International Data Transfer

As part of the internal operation of this website, we hereby inform you that, at the time of updating this Privacy Policy, no international transfers of data obtained and processed through this website are planned.

Should international data transfers take place, ATRYS HEALTH, S.A. shall ensure that the countries to which your personal data is transferred always have a comparable and/or adequate level of security and protection. In any case, international transfers shall be carried out in compliance with the provisions of LOPD Arts. 33 and 34 and RLOPD Arts. 66 to 68, and in general, with regard to instances of regulation and authorisation by the supervisory authorities, Arts. 44 et seq. of the GDPR (EU).

Likewise, and in the event that the international transfer of data is in response to the provision of a service to ATRYS HEALTH, S.A., said provision shall comply with the provisions set forth in LOPD Art. 12, RLOPD Arts. 20 to 22 and GDPR (EU) Art. 28, by signing the corresponding data processing contract.

Legitimisation and exercise of rights

The user consents to the processing of his/her data for the purposes described, and may exercise his/her rights to access, rectification, cancellation, opposition, as well as the other rights set out in the European regulations, by sending an email to the address identifying him/her as a user of the website, specifying the exercise of his/her rights in his/her request, or by exercising his/her rights by post, by ordinary mail to the address (registered office) listed above.

Retention of data

Your data will be kept for the time necessary to fulfil the purpose for which they were collected and the legal obligations deriving from them and, in any case, once the business relationship has ended, for a maximum period of five years.

Responsibilities of the user

Users guarantee that they are of legal age and have sufficient capacity and the necessary knowledge to use the ATRYS HEALTH, S.A. website and its content, guaranteeing that the information they provide for each of the forms on which ATRYS HEALTH, S.A. requests their personal details are true, and that they are responsible for informing ATRYS HEALTH, S.A. of any changes and/or modifications to said data so they can be processed correctly.

Security Measures

ATRYS HEALTH, S.A. has implemented the necessary security measures to guarantee the efficient use and processing of the personal data provided by the user, safeguarding their privacy, confidentiality and integrity, complying with the regulatory requirements set out in the Regulations for the development of Organic Law 15/1999, of 13 December, on the Protection of Personal Data, approved by Royal Decree 1720/2007, of 21 December. It makes use of the technical means necessary to prevent the alteration or loss your data, unauthorised access to it, and unauthorised processing, depending on the state of the art at any given time, as well as the scope of control of ATRYS HEALTH, S.A.

ATRYS HEALTH, S.A. may modify the content of its privacy policy at any time in accordance with any changes in legislation, case law or the interpretation of the Spanish Data Protection Agency that may occur.

Rules for accessing and using the “Private Area”.

ATRYS HEALTH, S.A. provides the registered person/entity with access codes to the reserved area of the website http://www.atryshealth.com/es/, in their capacity as “authorised user”.

For the correct use of access to authorised results, and in order to comply with the provisions of Art. 91.3, in relation to Art. 89 of Royal Decree 1720/2007, of 21 December (RDLOPD), ATRYS HEALTH, S.A. establishes the duties, obligations, and responsibilities acquired by the User at the time of having access identification codes to the Private Area, in order to access results and pathology reports derived from the samples provided by the customer. These rules must be known, accepted and respected by the User.

ATRYS HEALTH, S.A. shall not be liable for any possible security errors or damage to the user’s systems and files that may arise from the detection of a virus in the user’s computer system used to connect to and access the content and services of the ATRYS HEALTH, S.A. website, or from the malfunctioning of the browser or any of its updates.

ATRYS HEALTH, S.A. reserves the right to modify the content of this privacy policy, taking into account the security measures implemented and, in general, developments in information and communication technologies, which may make it necessary to adopt different security measures.

Obligations and responsibilities for the use of access codes

1. The access codes provided are solely and exclusively for the consultation and downloading of results and analytical reports (in PDF format), derived from samples provided by the User.
2. The User is responsible for modifying and configuring his/her personal password to the system, when first accessing the private area, which must consist of numbers and letters and have a minimum length of 8 characters.
3. Once the User accesses the results and reports, he/she is solely responsible for the proper use of the data obtained, with ATRYS HEALTH, S.A. being exempt from any liability arising from improper use and handling by the User.
4. Having access codes to the data processing systems and results provided by ATRYS HEALTH, S.A. in no case implies that the User has the right to be able to modify, edit and/or alter the content provided.
5. Users are obliged to use the website with their identification data for access, and are expressly prohibited from carrying out any activity that may be considered illicit or illegal, that infringes the rights of ATRYS HEALTH, S.A. or third parties, or that may be contrary to morality or the security rules and measures implemented in the access system.
6. In the event of any incident, anomaly or malfunctioning in the operation of the processing system, data security or website access provided by ATRYS HEALTH, S.A., the user must report it immediately by email to protecciondatos@atryshealth.com or by calling 934 581 561.

Obligations and responsibilities for the use of access codes

It is expressly forbidden:

• To disclose to unauthorised third parties the user ID and password provided by ATRYS HEALTH, S.A. If the User suspects that another person knows his/her identification and access details, he/she must inform ATRYS HEALTH, S.A. so that the corresponding security measures can be adopted and a new password can be assigned to him/her.
• To destroy, alter, render useless or in any other way damage the data, programs or electronic documents that ATRYS HEALTH, S.A. makes available to the user in compliance with the contractual and service provision relationship in place.
• To use the system to attempt to access restricted areas of the computer systems of ATRYS HEALTH, S.A. or of third parties related to it.
• To introduce into the IT systems of ATRYS HEALTH, S.A. programs, viruses, macros or similar that affect or are likely to affect the systems in any way.
• Within the website environment, to introduce, download from the internet, reproduce, use or distribute computer programs not expressly authorised by ATRYS HEALTH, S.A., or any other type of work or material for which the intellectual or industrial property rights belong to third parties, when not authorised to do so.
• To delete any of the programs legally installed by ATRYS HEALTH, S.A. via its website.
• Any other activity expressly prohibited in this document, in the rules on data protection or in the Instructions of the Spanish Data Protection Agency, or those contrary to the Law and Public Order.

Confidentiality of Information

• ¹The User must treat all information, data or documentation containing particularly sensitive personal data, such as health data, confidentially, preserving its integrity, and complying with the duty of secrecy underlying the processing of particularly sensitive data.
• ²ATRYS HEALTH, S.A. reserves the right to monitor any access to its system remotely and to check, at random and without prior notice, any access session initiated by a user.

Intellectual and Industrial Property

It is strictly forbidden to use, reproduce, copy or carry out any other action relating to the disposal and communication of the computer programs, navigation systems, structure, designs, codes and any other element of the IT systems of ATRYS HEALTH, S.A. for your own purposes. In any case, the User does not have any licence, nor any authorisation to reproduce, transfer, transform or publicly communicate any type of work or invention protected by intellectual or industrial property, related to the ATRYS HEALTH, S.A. treatment system.

International Data Transfer

When the User is domiciled in a State outside the European Union, and outside the scope of Regulation 679/2016/EU on Data Protection, all necessary actions must be formalised before the competent supervisory authorities, and all necessary technical and organisational measures must be adopted in order to guarantee the confidentiality, integrity, and security of the data accessed through the ATRYS HEALTH, S.A. website.

In this case, the international transfer of data is for the purpose of obtaining medical diagnoses, the provision of healthcare or medical treatment or the management of healthcare services, and in all cases, the provisions of LOPD Arts. 33 and 34 and RDLOPD Arts. 65 et seq. will apply.