Privacy Policy

CONTENTS

1. Purpose of the Privacy Policy

2. Definitions

3. Identity of the Data Controller

4. Applicable Laws and Regulations

5. Principles Applicable to the Processing of Personal Data

6. Data Processing Activities Carried Out

7. Necessary and Updated Information

8. Personal Data of Minors

9. Technical and Organizational Security Measures

10. Rights of the Data Subjects

11. Claims before the Supervisory Authority

12. Acceptance and Changes to the Privacy Policy

---

1.- PURPOSE OF THE PRIVACY POLICY

The purpose of this “Privacy and Data Protection Policy” is to disclose the conditions governing the collection and processing of personal data by ASENSIO ODONTOLOGÍA AVANZADA, making every effort to ensure the fundamental rights, honor, and freedoms of the individuals whose personal data are processed, in compliance with current regulations and laws governing Personal Data Protection according to the European Union and the Spanish Member State, and specifically those expressed in the “Processing Activities” section of this Privacy Policy.

Accordingly, this Privacy and Data Protection Policy informs the users of the Website https://dentalasensio.com of all details of interest regarding how these processes are carried out, for what purposes, which other entities may have access to their data, and what the users’ rights are.

2.- DEFINITIONS

• «Personal data»: Any information relating to an identified or identifiable natural person (“the Website user”); an identifiable natural person is one whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

• «Processing»: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

• «Restriction of processing»: The marking of stored personal data with the aim of limiting their processing in the future.

• «Profiling»: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

• «Pseudonymization»: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

• «Filing system»: Any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.

• «Data controller» or «controller»: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

• «Data processor» or «processor»: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

• «Recipient»: A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.

• «Third party»: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

• «Consent of the data subject»: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

• «Personal data breach»: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

• «Genetic data»: Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person.

• «Biometric data»: Personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, such as facial images or dactyloscopic data.

• «Data concerning health»: Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

• «Supervisory authority»: An independent public authority which is established by a Member State pursuant to Article 51 of the GDPR. In the case of Spain, it is the Spanish Data Protection Agency (AEPD).

• «Information society service»: Any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.

3.- IDENTITY OF THE DATA CONTROLLER

The Data Controller is:DENTI DENTISTAS S.L – CIF B97832372 Address: C/Chelva, Nº1, Pta. 5. 46018, Valencia (Valencia), Spain Email: elenacamara@dentalasensio.com Telephone: +34 963 855 214

DATA PROTECTION OFFICER (DPO): We have a specialized person or entity in charge of ensuring correct compliance with the legislation. Email: dpd@consultaygestion.es – Telephone: +34 964 090 909

4.- APPLICABLE LAWS AND REGULATIONS

This Policy is developed based on:

1. Regulation (EU) 2016/679 (GDPR).

2. Organic Law 3/2018 (LOPD/GDD) regarding Personal Data Protection and Guarantee of Digital Rights.

3. Law 34/2002 (LSSICE) on Information Society Services and Electronic Commerce.

5.- PRINCIPLES APPLICABLE TO DATA PROCESSING

• Lawfulness, fairness, and transparency: Processing will be clear, easily accessible, and understandable.

• Purpose limitation: Data collected for specified, explicit, and legitimate purposes.

• Data minimization: Adequate, relevant, and limited to what is necessary.

• Accuracy: Data shall be accurate and kept up to date.

• Storage limitation: Kept for no longer than necessary.

• Integrity and confidentiality: Processed in a manner that ensures appropriate security.

• Accountability: The controller is responsible for and must be able to demonstrate compliance.

6.- DATA PROCESSING ACTIVITIES

6.1 MAIN PROCESSING ACTIVITIES

Necessary for the provision of services.

6.2 OPTIONAL PROCESSING ACTIVITIES (Requires User Consent)

Website Inquiries	Legal Basis: Explicit Consent
Purposes	Response to inquiries received through the web form.
Data Categories	Web contacts (Identifying data).
Data Source	The data subject or their legal representative.
Recipients	None planned.
International Transfer	None planned.
Storage Period	For a period of 1 year from the last confirmation of interest.

WhatsApp Communications	Legal Basis: Consent (Art. 6.1.a GDPR)
Purposes	WhatsApp instant messaging communications.
Recipients	Telecom providers; Owners of instant messaging apps.
Storage Period	For a period of 6 years from the last confirmation of interest.

Job Board	Legal Basis: Explicit Consent
Purposes	Personnel selection.
Data Categories	Job candidates (Identifying, academic, professional, and personal data).
Storage Period	For a period of 1 year from the last confirmation of interest.

7.- NECESSARY AND UPDATED INFORMATION

Fields marked with an asterisk (*) are mandatory. Failure to provide them may make it impossible to provide the requested services. You must provide truthful information and communicate any modifications to: elenacamara@dentalasensio.com.

8.- DATA OF MINORS

Only those over 14 years of age may grant consent. Minors under 14 require prior authorization from parents or legal guardians.

9.- TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

We implement measures to ensure confidentiality, integrity, and availability, including rapid data restoration after incidents and regular evaluation of security effectiveness. We also apply principles of risk management, proportionality, and continuous improvement.

10.- RIGHTS OF THE DATA SUBJECTS

Users may exercise the following rights:

• Right of access: Confirm if data is being processed and obtain specific details.

• Right to rectification: Modify inaccurate or incomplete data.

• Right to erasure (“Right to be forgotten”): Obtain the deletion of data when no longer necessary or consent is withdrawn.

• Right to restriction of processing: Limit processing under specific circumstances (e.g., accuracy contestation).

• Right to data portability: Receive data in a structured, machine-readable format.

• Right to object: Cease processing of data.

• Right not to be subject to automated decisions: Including profiling.

• Right to withdraw consent: At any time.

To exercise these rights, contact:Responsable: DENTI DENTISTAS S.L Address: C/Chelva, Nº1, Pta. 5. 46018, Valencia, Spain Email: elenacamara@dentalasensio.com DPO Email: dpd@consultaygestion.es

11.- RIGHT TO CLAIM BEFORE THE SUPERVISORY AUTHORITY

If you consider that your data is not being processed correctly, you may file a claim with the Spanish Data Protection Agency (AEPD) at https://www.aepd.es or C/ Jorge Juan, 6, 28001, Madrid.

12.- ACCEPTANCE AND CHANGES TO THE PRIVACY POLICY

The User must have read and agreed to the conditions. ASENSIO ODONTOLOGÍA AVANZADA reserves the right to modify this policy due to legislative or doctrinal changes.

Version dated May 08, 2024