Free first visit for body and facial cosmetic surgery.
Blog and Press
Book Now

Privacy Policy

BRASÓ CLINIC (trade name), as the entity responsible for this website, in compliance with Spanish Law 34/2002 on Information Society Services and Electronic Commerce (LSSICE), informs users of the identifying details of the website owner:

  1. RESPONSIBLE ENTITIES FOR THE WEBSITE AND DATA PROCESSING

UNITAT CONSULTORA DRA BRASO SLU (VAT: B56977531)

Commercial Registry: Barcelona, volume 49149, page 125, sheet B609461, entry 1

C/Elefant, 1, 08197 Sant Cugat del Vallès (Barcelona)

www.doctorabraso.com

info@doctorabraso.com

Phones: +34 629910683 | +34 931 03 83 95

2. APPLICABLE LEGISLATION

This website is subject to current regulations regarding data protection and digital services,

both at EU and national level, specifically:

  • Regulation (EU) 2016/679 (GDPR) of the European Parliament and Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data.
  • Spanish Organic Law 3/2018 (LOPDGDD) of 5 December on Personal Data Protection and guarantee of digital rights.
  • Spanish Law 34/2002 (LSSICE) of 11 July on Information Society Services and Electronic Commerce.

Appropriate technical, legal, and organizational security measures are adopted according to the level of risk to ensure the confidentiality, integrity, and availability of the information system.

This Privacy Policy may change due to legislative or self-regulatory requirements; users are advised to review it periodically. It applies whenever users provide personal data, whether by filling out forms or performing actions that require such communication.

3. PRINCIPLES APPLIED TO YOUR PERSONAL INFORMATION

In processing your personal data, we will apply the following principles outlined in Article 5 of the GDPR and Articles 4 and following of the LOPDGDD:

  • Lawfulness, fairness, and transparency: Consent is always required for processing personal data for one or more specific purposes, which will be clearly communicated in advance.
  • Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.
  • Data minimization: Only data strictly necessary for the stated purposes will be collected.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage limitation: Data will be retained only as long as necessary for the purposes of processing. Retention periods will be informed, and inactive records will be periodically deleted, physically or digitally, as possible.
  • Integrity and confidentiality: Data will be processed securely to ensure confidentiality. All necessary precautions are taken to prevent unauthorized access or misuse.

Accountability: The data controller is responsible for ensuring compliance with the above principles.

4. ORIGIN OF COLLECTED PERSONAL DATA

Data may be used for commercial, personalization, operational, and statistical purposes, as well as for activities inherent to the data controller’s business, including storage, extraction, and marketing studies to tailor content to users and improve website functionality.
On the website’s “Contact” and “Book Your Appointment” forms, users can opt to receive commercial information (“I agree to receive commercial information, including electronically”).

Collected personal data is provided voluntarily by the user, with explicit consent obtained through the forms.

In accordance with GDPR and LOPDGDD, a record of processing activities is maintained, specifying purposes, processing actions, and other legally required information.

5. CATEGORIES OF PERSONAL DATA

The categories of personal data processed are identification data, limited to what is strictly necessary to contact the user when required. No special categories of sensitive data are processed.

6. LEGAL BASIS FOR PROCESSING

The legal basis for processing your data is consent. Express consent is required to contact or comment on this website. Users may withdraw consent at any time; however, withdrawal does not retroactively affect processing already performed.

7. PURPOSES OF PROCESSING

Personal data is collected and managed to facilitate, expedite, and fulfill commitments between the user and the data controller, maintain the relationship established through forms, or respond to inquiries or requests.

Data may also be used for commercial, operational, and statistical purposes, as well as for marketing studies to adapt content and improve website functionality and navigation.

Users will be informed in advance of the specific purpose(s) for which their data will be used.

8. RECIPIENTS OF PERSONAL DATA

Personal data will only be processed by us. We do not share data with third parties, except for essential auxiliary services to manage acquired services, or as described in these terms.

If data is to be transferred to third countries, users will be informed via consent clauses, including any international agreements or adequacy decisions.

The controller may hire advisors or professional services involving data processing, governed by confidentiality agreements specifying purposes, communication with third parties, legitimacy, retention periods, and rights management.

Data may also be shared with tax authorities and law enforcement in compliance with legal obligations (e.g., Order INT/321/2021 modifying Order INT/1922/2003) but no international transfers are foreseen.

9. RIGHTS REGARDING PERSONAL DATA

Users have the following rights under GDPR and LOPDGDD:

  • Right of access: Confirm whether personal data is being processed and obtain information about it.
  • Right to rectification: Correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): Request deletion of data when no longer necessary, consent is withdrawn, or processing is unlawful, among other cases. Controllers must also inform third parties processing the data about the erasure request.
  • Right to restriction of processing: Limit processing under certain conditions.
  • Right to data portability: Receive personal data in a structured, common, machine-readable format and transmit it to another controller.
  • Right to object: Stop or refuse processing of personal data.
  • Right not to be subject to automated decisions, including profiling: Users may not be subject to solely automated decisions unless legally allowed.

Rights may be exercised via written communication to the controller, specifying name, ID copy, request details, notification address, and signature.

  • User’s name, surname, and a copy of their national identity document (DNI). In cases where representation is permitted, the representative must also be identified by the same means, and the document proving their authority to represent the user must be provided. The photocopy of the DNI may be substituted by any other legally valid means of proving identity.
  • Request with the specific reasons for the request or information to which access is sought.
  • Address for notification purposes.
  • Date and signature of the applicant.

Any document that proves the request being made.

This application and any attached documents may be sent to the following address and/or email of the responsible party.

Links to third-party websites

The website may include links to third-party websites that are not operated by the data controller. The owners of these websites have their own data protection policies and are responsible for their own data files, privacy practices, and the exercise of their rights.

Complaints to the supervisory authority

If a user believes there is a problem or violation of current regulations regarding the processing of their personal data, they have the right to effective judicial remedy and to file a complaint with a supervisory authority, in particular, in the Member State of their habitual residence, place of work, or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).

DATA RETENTION

Personal data is retained as long as the user maintains a relationship with the controller and for legally required periods thereafter.

Según el artículo 6.1.f) del RGPD 2016/679, estos plazos no tendrán efecto en caso de la formulación y el ejercicio o la defensa de reclamaciones. También serán ampliables en caso de tener abierto un expediente informativo, sancionador o algún tipo acción que requiera la acreditación de las actuaciones realizadas.

En caso contrario, y atendiendo al art. 28.3.g) del RGPD, una vez prescritos los plazos correspondientes, los datos serán eliminados del sistema del responsable y/o serán devueltos al usuario, según los pactos establecidos en cada caso.

DATA CONFIDENTIALITY AND SECURITY

The controller ensures confidentiality and secure use of personal data, implementing necessary technical, legal, and organizational measures.

The website uses an SSL (Secure Socket Layer) certificate, encrypting data transmission between server and user.

Absolute security cannot be guaranteed. In case of a security incident, the controller will notify users without undue delay. Only authorized personnel with prior confidentiality agreements may access personal data.

Only authorized personnel with prior confidentiality agreements may access personal data.

12. REVOCABILITY

Consent for processing and sharing personal data can be withdrawn at any time by notifying the controller, without retroactive effect.

13. CHANGES TO THE PRIVACY POLICY

The controller may modify this policy to comply with new legislation, case law, or industry practices. Changes will be published on this page in advance.

14. COMMERCIAL EMAILS

In accordance with LSSICE, no unsolicited commercial emails (SPAM) are sent. Users can give express consent via website forms.

All communications are clearly identified as commercial.

15. INFORMATION, CONSENT, AND EXERCISE OF RIGHTS

Personal data collected with user consent will be included in the controller’s databases and processed according to GDPR and LOPDGDD. Users may exercise their rights (access, rectification, erasure, portability, restriction, objection, or withdrawal of consent) via certified letter or other verifiable means, attaching proof of identity.

These terms have been updated as of October 2024.