In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights, you are hereby informed that the personal data you provide through this website https://uatane.com (hereinafter, the website) will be processed in accordance with the following terms:

UATANE Pharma SL (hereinafter, UATANE) is committed to protecting the privacy of users who access this website and/or any of its services. UATANE implies the user's acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated therein. Please note that although there may be links from our website to other websites, this Privacy Policy does not apply to the websites of other companies or organisations to which the website is redirected. UATANE does not control the content of third-party websites nor accepts any responsibility for the content or privacy policies of these websites.

Information about data processing (Regulation (EU) 2016/679 and LO 3/2018)

Data controllerUATANE Pharma SL
NIFB70654827

AddressGirona Science Park, Pic de Peguera 11, 17003 GIRONA

E-mail: jbacardit@uatane.com

Purpose of the processingTo offer and manage our services
LegitimisationConsent obtained from the data subject
RecipientsThe data will not be shared with third parties, unless required by law or necessary to fulfil the purpose of the processing.
Human rights: Interested parties have the right to exercise the rights of access, rectification, restriction of processing, erasure, portability and objection, by sending their request to our (electronic or physical) address.
Data retention periodWhile the commercial relationship is maintained or for the years necessary to comply with your legal obligations.
ClaimInterested parties may contact the AEPD to lodge any complaint they deem appropriate.
Additional informationYou can consult the additional and detailed information below in the «Privacy Matters».

Privacy concerns

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we offer you the following information regarding the processing of your personal data:

Who is responsible for processing your data?

UATANE Pharma SL

NIF: B70654827

Address: Parc Científic de Girona, Pic de Peguera 11, 17003 GIRONA

Email jbacardit@uatane.com

For what purpose do we process your personal data?

We process the information you provide us with to manage our legal, management, and real estate brokerage advisory services.
Should you contact us using the contact form on our website, we will process your data to manage your enquiry.
If you give us your consent, we may also process your data to send you information about our activities and/or services.
If you send us a CV, we will process the data for the purpose of managing the CV database for personnel selection.

For how long will we retain your data?

The personal data provided will be retained while you are a user of our services or wish to receive information, as you may object to the processing of your data for promotional purposes at any time. Afterwards, it will be retained for the periods established to comply with our legal obligations, which in the case of accounting and fiscal documentation for commercial purposes will be 6 years, in accordance with Article 30 of the Commercial Code, and for fiscal purposes will be 4 years, in accordance with Articles 66 to 70 of the General Tax Law.
In the case of CVs, data will be retained for one year.

What is the legal basis for processing your data?

The legitimacy for its processing is found in the execution of the service contract and in the consents you give us. Regarding information sent by minors under 16 years of age, parental, guardian or legal representative consent will be essential for personal data to be processed. If not, the minor's legal representative must report it as soon as they become aware.

To which recipients will your data be communicated?

The data will not be disclosed to third parties, unless required by law or necessary to fulfil the purpose of the processing.

What are your rights when you provide us with your data?

• Any person has the right to obtain confirmation as to whether we are processing their personal data or not.
  Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where applicable, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• In certain circumstances, data subjects may request the restriction of processing of their data, in which case we will only retain it for the establishment, exercise, or defence of legal claims.
• Also, in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In this case, we will cease to process it, except for compelling legitimate grounds or for the establishment, exercise or defence of legal claims.
• Interested parties will also have the right to the portability of their data.
• Any interested party has the right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
• Finally, data subjects have the right to lodge a complaint with the relevant supervisory authority.

How can you exercise your rights?

Sending us a written document, attaching a copy of an identifying document, to our physical or electronic address.

How did we obtain your data?

The personal data we process originates from the data subject themselves, who guarantees that the personal data provided is true and is responsible for communicating any changes. Data marked with an asterisk is mandatory in order to provide you with the requested service.

What data do we process?

The categories of data that we can process are:

• Identifying data
• Postal or email addresses

In the case of CVs, also:

• Personal characteristics
• Academic and professional

The data is limited, given that we only process the data necessary for the provision of our services and the management of our activity.

Do we use cookies?

We use cookies while browsing our website with the user's consent. The user can configure their browser to notify them of cookie usage and to prevent their use. Please visit our cookie policy.

What security measures do we apply?

We apply the security measures established in Article 32 of the GDPR, therefore we have adopted the necessary security measures to ensure a level of security appropriate to the risk of the data processing that we carry out, with mechanisms that allow us to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services. Some of these measures are:

• Information on data protection policies for staff.
• Performing regular backups.
• Data Access Control.
• Regular verification, evaluation, and assessment processes.

How do we handle third-party data?

When processing personal data on behalf of our clients, for which they are the data controllers, we do so as data processors, in accordance with Article 28 of the GDPR and therefore, in these personal data processing activities:

1. We will process personal data only on documented instructions from the controller, including in relation to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which we are subject. In this case, we shall inform the controller of this legal requirement before processing, unless that right prohibits such disclosure for important reasons of public interest.
2. We guarantee that authorised persons who process personal data have undertaken to respect its confidentiality.
3. We have adopted all necessary security measures, in accordance with Article 32 of the GDPR, by implementing mechanisms to:
   
   

• To ensure the confidentiality, integrity, availability and permanent resilience of processing systems and services.
• Restore availability and access to personal data quickly, in the event of a physical or technical incident.
• To regularly verify, evaluate, and assess the effectiveness of the technical and organisational measures implemented to guarantee the security of processing.
• Anonymise and encrypt personal data where applicable.
  
  

1. We will comply with the conditions indicated in sections 2 and 4 of Article 28 of the GDPR to engage another processor.
2. We will assist the controller, wherever possible, in accordance with the nature of the processing and by appropriate technical and organisational measures, to fulfil the controller’s obligation to respond to requests for the exercise of data subject rights as provided for in Chapter III of the GDPR.
3. We will assist the controller in ensuring compliance with the data security obligations established by Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information made available to us.
4. At the controller's choice, we shall delete or return all personal data upon completion of the provision of processing services and delete existing copies unless personal data is required to be kept in accordance with the law of the Union or of a Member State.
5. We shall make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR, as well as to enable and contribute to the carrying out of audits, including inspections, by the controller or another auditor mandated by the controller.
   As data processors, the data types, categories of data subjects, and the processing activities we will be able to carry out on behalf of our clients will be as follows:

Types of personal data we may process:

• Identifying data
• Postal or email addresses
• Commercial Information
• Transactions of goods and services

Stakeholder category affected:

• Clients
• Suppliers
• Personal

Data treatments we will be able to perform:

• Data access
• Collection
• Development
• Modification
• Storage
• Analysis
• Inclusion in documentation
• Conservation
• Transmission communication