Linkedin

Privacy Policy

Privacy Policy

0. Introduction

Thank you for visiting this website. Your privacy matters to us. The fact that you are reading this section shows you care about how your data is used—something you should do whenever you visit a new website, especially if personal data may be requested.

This document explains what personal data we collect, on what legal basis, for how long we store it, and other aspects related to data-protection rules, in compliance with applicable legislation. Please read these terms carefully before providing any personal data.

For children under 14 years of age, parental or guardian consent is required for the processing of their data. If you are under 14, you should not provide your data on this website unless your parents/guardians have authorised it. Under no circumstances will data be collected from minors relating to the professional, financial or private situation of other family members without their consent.

If you have any questions, please contact the Data Controller or, where applicable, the Data Protection Officer (DPO) using the email addresses provided. The Controller is firmly committed to privacy and to applying best practice in the processing of your personal data.

In compliance with data-protection regulations (Regulation (EU) 2016/679, GDPR), Quimifarma 2007 S.L. (hereinafter, the “Website Owner”), owner of https://www.quimifarma.es (the “Website”), sets out the following Privacy Policy for the processing of personal data. This policy applies without prejudice to the Legal Notice and the Cookie Policyavailable on the Website.

1. Who is requesting my personal data?

Data Controller: Quimifarma 2007 S.L.
Address: P.I. Villa de Yuncos, Carlos I, Naves 5–6–7, 45210 Yuncos, Toledo, Spain
Telephone: +34 925 536 142
Data Protection Officer (DPO): info@legaltech.es
(For any queries or suggestions regarding how we use your personal data, please contact the DPO at the above email.)

We are committed to safeguarding users’ privacy. We will never request personal information unless it is genuinely necessary to provide a service; we will never share it with third parties except where strictly necessary and based on legitimate, previously informed grounds; and we will never use your data for purposes unrelated to our relationship with you. We comply with Organic Law 3/2018 (Spain), GDPR, and Law 34/2002 on Information Society Services and Electronic Commerce (LSSICE), as well as any implementing regulations.

The Controller guarantees the confidentiality of personal data and informs you that all persons with access to your information are bound by professional secrecy. While we take appropriate security measures, we cannot guarantee that this Website is impregnable or entirely risk-free. Where your privacy may be at risk, we will notify you without undue delay of any personal data breach likely to result in a high risk to your rights and freedoms, in accordance with the GDPR.

Accordingly, data requested through contact forms, data generated by mere access to the Website (cookies), data associated with interactions on linked corporate social-media pages, data entered by users in enabled sections, or data sent through other channels (e.g., email) will be processed by the Controller in compliance with current law.

2. What are my obligations when I provide data?

By providing personal information via electronic channels, the user declares that they are 14 years of age or older and that all data supplied are truthful, accurate, complete and up to date. The user is responsible for the veracity of the information provided and for keeping it updated to reflect their actual situation, being liable for any false or inaccurate data and for any direct or indirect damages arising therefrom.

3. For what purposes do we process your personal data?

When you visit this Website you may provide personal data. This information can include your IP address, name, postal address, email address, phone number and other data. The purpose depends on the context:

  • Browsing the Website. Our hosting servers may record technical data such as your IP address to enable browsing. We may also process certain information through cookies, as described in the Cookie Policy.

  • Contact forms. If you provide data via any form, we will process it for the purpose indicated in that form (e.g., responding to your enquiry, providing requested information, or contacting you by email/phone if you provided such details).

  • Email or other channels. If you contact us by email or other means, we will process your data to manage and respond to your request. In accordance with Law 34/2002, we will not send commercial communications without identifying them as such and without prior appropriate information/consent. Communications made to maintain a contractual relationship or to respond to your request are not considered commercial communications.

  • Social networks. If you interact with our official profiles linked from this Website, we will process your data solely within the context of the relevant social network and for the purposes of managing queries, comments or interactions. We will not extract data from the platform unless we have your consent. Your use of such platforms is subject to their own terms and privacy policies.

4. How long will we keep your data?

As a general rule, data will be deleted as soon as they are no longer necessary for the purposes collected and there is no legal obligation to retain them. Where data must be kept for legally permitted purposes, processing will be restricted to those specific purposes (data will be blocked).

Retention depends on the processing:

  • Cookies: as specified in the Cookie Policy.

  • Contact/email data: retained while the relationship with the data subject continues or until consent is withdrawn; thereafter, retained only as required by law (e.g., 6 years for certain accounting/tax records; 5 years under Article 1964 of the Spanish Civil Code for personal actions without a special limitation period).

  • Social-media interactions: retained by us until the data subject withdraws consent; platforms may apply their own retention rules.

5. On what legal bases do we process your personal data?

  • Legal obligation (e.g., tax/accounting duties regarding issued invoices).

  • Consent (e.g., ticking the relevant acceptance box or sending a signed document prior to processing).

  • Pre-contractual or contractual relationship (e.g., managing a request or assignment you submit to us).

6. Will we disclose your data to third parties?

Where we subcontract services, we take appropriate legal, technical and organisational measures to ensure data protection in accordance with the law.

Depending on the processing, data may be shared with:

  • Social-media platforms you use to interact with us.

  • Service providers linked to this Website (e.g., hosting providers with data centres within the EEA).

  • Public bodies and authorities (Tax Agency, courts and tribunals, etc.) where there is a legal obligation.

  • Third parties responsible for cookies, which may receive information associated with your IP address and browsing habits as set out in the Cookie Policy.

We use strict criteria for selecting service providers and enter into data-processing agreements with them, requiring appropriate security measures, purpose limitation in line with our instructions, and deletion/return of data once services end.

7. What rights do you have?

You have the right to obtain confirmation of whether we process your personal data. You may request:

  • Access to your personal data;

  • Rectification of inaccurate data;

  • Erasure when data are no longer necessary or in other legally established cases;

  • Restriction of processing, in which case we will retain data only for the exercise or defence of claims;

  • Objection to processing on grounds relating to your particular situation;

  • Withdrawal of consent at any time (without affecting the lawfulness of processing based on consent before withdrawal);

  • Portability of your data to another controller.

We have specific forms available on request to help you exercise these rights, including objection to automated decision-making/profiling where applicable. If you believe your rights have not been properly addressed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan 6, 28001 Madrid, or via its e-office: https://sedeagpd.gob.es.

You may exercise your rights by post (address above) or by email, enclosing proof of identity and specifying the right you wish to exercise.

8. Mandatory or optional nature of requested information – Accuracy

By ticking the relevant boxes and entering data in the fields provided, the user expressly, freely and unequivocallyaccepts that such data are necessary to handle their request. The user guarantees that the personal data supplied are true and correct and undertakes to notify any changes. The Controller is exempt from liability where users provide false data. All fields requested through the Website are mandatory for us to contact you; failure to provide them may mean we cannot fully address your request.

9. Principles we apply when processing your data

Processing of personal data will observe the principles in Article 5 GDPR:

  • Lawfulness, fairness and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

10. Social networks

We maintain pages/profiles on various social networks linked from this Website. We are not responsible for third-party posts on those networks. Processing carried out by those networks is subject to their own general/particular conditions; please read them carefully.

If you have a profile and choose to follow or contact us through a social network, we will consider that you consent to the processing of the personal data visible on your profile for the purposes of managing our professional page and two-way communications (e.g., private messages). We may access your public profile information, send you direct messages within the platform, and publish updates that may appear on your profile. Outside these situations, we will not use your data.

Please remember: what you publish may be viewed by other users, and you are primarily responsible for your own privacy. Images published on our page are not stored in our systems but remain on the social network.

You can review each network’s privacy policy at any time and configure your privacy settings accordingly. As regards your rights (access, rectification, erasure, restriction, objection), note:

  • Access depends on the network’s functionality and profile visibility.

  • Rectification can only be fulfilled for information under our control (e.g., deleting comments on our page); otherwise you must exercise rights with the network provider.

  • Erasure/Restriction/Objection likewise apply to information under our control (e.g., unfollowing our page).

Our online presence currently includes Facebook and Instagram (operated by Meta Platforms, Inc.). If you become a “fan”/follower, you consent to processing within those platforms for the limited purposes described above. For more on Meta’s processing, see http://www.facebook.com/policy.php.

This Website may include links to third-party sites beyond our control; those sites have their own privacy policies and are responsible for their own files and processing.

11. (Intentionally reserved in original text)

(Numbering in the Spanish source skips to section 12. We keep the subsequent numbering as provided.)

12. Security information for safe browsing

  • Keep software up to date. Use an up-to-date browser, operating system and apps. Enable automatic updates for browsers and extensions and install add-ons only from trusted sources.

  • Disable unnecessary plugins (e.g., legacy Flash/Java) for unknown sites; consider disabling JavaScript on untrusted pages.

  • Review privacy & security settings in your browser (block third-party cookies/pop-ups, avoid password sync/autofill, clear temporary files on exit, block geolocation, filter ActiveX, etc.).

  • Prefer HTTPS. Verify that certificates are valid and issued by trusted authorities. A padlock indicates encryption, not that a site is genuine.

  • Configure cookies carefully on each site; only essential cookies should load by default.

  • Protect your passwords. Do not share them; change them regularly; use strong combinations; avoid storing them in the browser; consider a reputable password manager with master-password encryption.

  • Consider privacy add-ons that block ads/trackers where lawful and appropriate.

  • Avoid unknown Wi-Fi networks. Public/rogue hotspots can compromise your devices.

  • Log out after browsing, especially on public computers.

Supervisory Authority
We hope to resolve any concern you may have regarding your personal information. However, you have the right to lodge a complaint with the competent authority. In Spain, this is the Spanish Data Protection Agency (AEPD)https://www.aepd.es – Tel: +34 91 266 35 17.

14. Updates to this Privacy Policy

We reserve the right to amend this Privacy Policy to reflect changes in law or our activities, or other significant changes affecting personal-data processing. Where consent is required, changes will only take effect if users consent to them. Users are advised to review this Policy regularly.

15. Specific clauses regarding CV management

If you send us your CV (e.g., via email) in connection with the careers section, your data will be processed for the following purposes and on the following legal bases:

  • Your personal data contained in the CV will be incorporated into our candidate database to manage staffing needs.

  • Processing is based on consent, given by sending/delivering your CV.

  • If not selected, your CV will be retained for 12 months for future vacancies, unless you object by contacting the Controller at the addresses listed above. After that period, it will be securely destroyed. Notwithstanding this, we reserve the right to delete/destroy the information at any time without prior notice.

  • If selected, your data will form part of your employee record.

  • Candidates must provide truthful and up-to-date information; we do not accept liability for inaccuracies in information submitted.

You may exercise your rights of access, rectification, erasure, restriction and portability using our forms (available on request) or by writing to the Controller (including proof of identity). You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal. If you consider your rights have not been properly addressed, you may lodge a complaint with the AEPD (Jorge Juan 6, 28001 Madrid, or via https://sedeagpd.gob.es).