Equipo humano

  • Inicio
  • Conoce a nuestro equipo

Privacy Policy

1.-PURPOSE OF THE POLICY

At Disop, S.A. (hereinafter, Disop), we respect your privacy and protect your personal data. This policy details how we collect, use and share your information in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

This privacy policy applies to the website .

This privacy policy applies to the www.disop.com website. If you do not provide us with your personal data, no processing of your information will be carried out.

We will inform you about the purposes of the processing, the entities that could access your data and your rights as data subject. Some processing may be based on legal obligations, contracts or legitimate interests, without requiring your express consent.

If the website uses cookies, we will clearly notify you in our Cookie Policy, where you can learn more about the use of cookies and how to manage your preferences.

If the website uses cookies, we will clearly notify you in our Cookie Policy, where you can learn more about the use of cookies and how to manage your preferences.

This policy ensures transparency and is designed for you to clearly know and exercise your rights.

2.- DEFINITION OF PERSONAL DATA

  • Personal data: Personal data means any information relating to an identified or identifiable natural person (“Website user”). An identifiable natural person is any person whose identity can be determined, directly or indirectly, by means of identifiers such as a name, an identification number, location data, an online identifier, or through elements of their physical, physiological, genetic, psychological, economic, cultural or social identity.

3.-IDENTITY OF THE  PERSON RESPONSIBLE FOR THE PROCESSING

Who collects and processes your data?

The Data Controller is: Disop, S.A NIF/DNI A28423879

How can you contact us?

  • Postal and office address: Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain
  • Company address: Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain
  • Email: marketing@disop.com- Phone: +34 916 612 244

Who can help you with our Data Protection Policy?

At Disop we have a Data Protection Officer (DPO), whose role is to ensure compliance with current data protection regulations within our organization. If you have any queries or need assistance regarding the processing of your personal data, you can contact our DPO through the following means:

  • Auratech Legal - NIF B87984621 
  • Email:  rgpd@auratechlegal.es- Phone: 911 134 963

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed on the basis of the following data protection laws and regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter RGPD.
  • Organic Law 3/2018, of 5 December on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce. Hereinafter LSSICE.

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

At Disop we treat personal data in accordance with the principles established in the current regulations, guaranteeing that the treatment is:

  • Licit, fair and transparent: We inform in a clear and accessible manner about how the data is collected and used.
  • Limited to specific purposes: Data is collected for legitimate purposes and is not used for other purposes.
  • Data minimization: We only request data that is strictly necessary.
  • Accuracy: We keep data up to date and correct inaccurate data.
  • Limitation of retention: Data is retained only for as long as necessary for the stated purposes.
  • Integrity and confidentiality: We apply appropriate security measures to protect data.
  • Proactive accountability: We take responsibility for complying with and demonstrating compliance with these principles.

6.-SECURITY MEASURES

What we do to ensure the privacy of your data?

At Disop, we have implemented the necessary technical and organizational measures to ensure the security of the personal data we process. These measures are designed to prevent alteration, loss, unauthorized access or improper processing of data, adapting to the state of technology and potential risks.

Among the measures we highlight:

  • Confidentiality: Only authorized persons may access the information.
  • Integrity: The information is kept accurate and protected against unauthorized modifications.
  • Availability: We ensure that data is accessible to authorized persons at all times.
  • Continuous evaluation: We regularly review and improve our security measures to adapt to new threats and technological advances.
  • Seudonymization and encryption: We apply these techniques to reinforce the protection of data, especially sensitive data

7.- PURPOSES OF THE PROCESSING 

Why do we want to process your data?

The following are the intended uses and purposes: 

Consultations and contacts disop.com web forms

To facilitate direct communication with users and customers interested in ophthalmic products

To manage requests from distributors and potential customers

Respond to queries related to the products and services offered by Disop

Cookies, pixel and tracking - disop.com

User session management cookie

Manages cookie consent preferences, without collecting personally identifiable information

Improves website security, preventing cross-site request forgery

attacks.

How long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes stated above. Unless there is a legal obligation or requirement, the expected retention periods are as follows:

Consultations and contacts web forms disop.com For a period of 5 years from the last confirmation of interest. The data will be kept for as long as they are necessary for the stated purpose or until the interested party requests their deletion. The period of 5 years will be the maximum, unless there is a legal obligation to keep the data for a longer period
Cookies, pixel and tracking - disop.com XSRF-TOKEN: 2 hours disop_session: 2 hours cookieyes-consent: 1 year

8.- LEGITIMACY OF THE PROCESSING

Why are we processing your data?

The collection and processing of your data is always legitimated by one or more legal bases, which we detail below: 

Consultations and contacts web forms disop.com
  • (Art. 6.1.a RGPD) Consent of the person concerned
    • RGPD and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). Legal obligation compliance: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, 2018, on Personal Data Protection and guarantee of digital rights (LOPDYGDD).
Cookies, pixel and tracking - disop.com
  • (Art. 6.1.a RGPD) Consent of the person concerned
    • RGPD and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). Legal obligation compliance: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, 2018, on Personal Data Protection and guarantee of digital rights (LOPDYGDD).
  • (Art. 6.1.f RGPD) Legitimate interest of the Data Controller or third parties.

9.- RECIPIENTS OF YOUR DATA

To whom do we transfer your data within the European Union?

We may share your personal data with members of our corporate group (you can view the details of our group here) in order to provide you with the products, services or information you have requested from us. We may also share your data with other entities within our group for the purposes of IT support and maintenance, internal governance, administration and compliance with our legal or regulatory obligations.

We will not share your personal data with other entities within our group.

We will not share your personal data with third parties outside our corporate group, except in the following cases:

  • When you have given us your consent to do so.
  • When you have instructed us to share your information with third party sites or platforms, such as social networks. Please note that once shared, this data will be under the control of the receiving company and subject to their privacy practices.
  • When third parties perform services on our behalf, such as product delivery, customer service, IT services or technology solutions. We require these companies not to use your personal data for purposes other than those requested by us or required by law.
  • Where it is necessary to comply with legal obligations or in the context of a business sale; to enforce our Terms of Use; to ensure your safety or the safety of others; to protect our rights and property, as well as yours; or to comply with legal process.
  • When we share your data for direct marketing or advertising purposes, we will explicitly notify you.

Do we make International Transfers of your data outside the European Union?

The data we process is primarily stored on servers located within the European Economic Area (EEA). However, some of our service providers and group companies may be located outside the EEA, in countries such as the United States, China or Australia. These international transfers are carried out with appropriate safeguards, either through adequacy decisions, such as the EU-US Data Privacy Framework (DPF), or through the use of standard contractual clauses, approved by the European Commission, which ensure an adequate level of data protection.

In some cases, we may also use external providers who need to process or store data outside the European Union, always with the necessary measures to ensure the security and confidentiality of the data.

10.- DATA PROCESSING ACTIVITIES

The following is a description of the data processing activities carried out through www.disop.com , specifying:

  • Activity: Name of the data processing activity.
  • Purposes: Uses and treatments carried out with the data collected.
  • Legal basis: Legal basis that legitimizes the data processing.
  • Data processed: Type of data processed.
  • Provenance: Source of the data.
  • Conservation: Data conservation period.
  • Addressees: Third parties to whom the data is transferred.
  • International transfers: Data transfers outside the European Union.

10.1 - Processing activities

These are those data processing activities whose purposes are necessary  for the provision of the services.

Inquiries and contacts web forms disop.com
Legal basis (Art. 6.1.a RGPD) Consent of the data subject (RGPD and LOPDGDDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD))
Purposes To facilitate direct communication with users and customers interested in ophthalmological products; To manage requests from distributors and potential customers; To respond to queries related to the products and services offered by Disop
Data categories and groups Web users (Identifying data; Other categories)
Data source The data subject himself or his legal representative
Category of recipients Entities of the corporate group
International transfer Not foreseen
Shelf life For a period of 5 years from the last confirmation of interest. The data will be kept for as long as they are necessary for the stated purpose or until the interested party requests their deletion. The period of 5 years will be the maximum, unless there is a legal obligation to keep the data for longer
Security measures
  • Data Encryption: Use of SSL/TLS to protect the transmission of data through the contact form.
  • Access control: Restricted access to personal data to authorized Disop personnel only.
  • Secure authentication and passwords: Implementation of strong authentication measures to access the systems that manage the form data.
  • Backups: Periodic encrypted backups to ensure the availability of the information.
  • Monitoring and intrusion detection: Use of security tools to detect and prevent unauthorized access.
  • Periodic audits: Regular audits to ensure compliance with data protection regulations.
Cookies, pixels and tracking - disop.com
Legal basis (Art. 6.1.a RGPD) Consent of the data subject (RGPD and LOPDGDDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDYGDD)); (Art. 6.1.f RGPD) Legitimate interest of the Data Controller or third parties
Purposes User session management cookie; Manages cookie consent preferences, without collecting personally identifiable information; Improves website security, preventing cross-site request forgery type attacks
Data categories and groups Web users (Identifying data; Other categories)
Data source The data subject himself or his legal representative
Category of recipients Not foreseen
International transfer Not foreseen
Shelf life XSRF-TOKEN: 2 hours disop_session: 2 hours cookieyes-consent: 1 year
Security measures
  • Information encryption: Security-related cookies, such as XSRF-TOKEN, implement encryption protocols (SSL/TLS) to protect communications.
  • Logical access control: Only authorized personnel can manage cookie-related data.
  • Information security policy: The company has a clear and up-to-date policy on information management, especially in relation to security cookies.

11.- DATA OF MINORS

How do we handle the data of minors?

Minors under 14 years of age may not use the services offered through our website without the prior authorization of their parents, guardians or legal representatives. These will be solely responsible for all actions performed through the website by minors in their care, including the completion of online forms with the personal data of minors and, where appropriate, the selection of the corresponding boxes.

In accordance with the provisions of Article 8 of the RGPD and Article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent to the lawful processing of their personal data by Disop.

12.-PROCEDENCE AND TYPES OF DATA PROCESSED

Where did we obtain your data from?

Consultations and contacts disop.com web forms
  • Web users: The interested party or his legal representative.
Cookies, pixels and tracking - disop.com
  • Users of the website: The interested party or his legal representative.
 

What types of data do we collect and process from you?

Inquiries and contacts disop.com web forms
Web users
  • Identifying data (Name and surname; E-mail address)
  • Other categories (Message)
Cookies, pixels and tracking - disop.com
Web users
  • Identifying data (IP address)
  • Other categories (ID generated by Pixel or Cookie; Location)
 

 13- RIGHTS OF THE STAKEHOLDERS

What are your rights regarding your data?

Data protection regulations give you specific rights that you can exercise in relation to the processing of your data. These rights are personal and non-transferable, which means that only you, as the data subject, can exercise them after verification of your identity.

The following describes your rights:

Right of access: You may request confirmation as to whether Disop is processing your data and access information related to its processing.

Right of rectification: If your personal data is inaccurate or incomplete, you may request its correction.

Right to erasure (“right to be forgotten”): You may request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.

Right to limitation of processing: You may request limitation of the processing of your data, for example, while their accuracy is being verified or in other cases provided for by law.

Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.

Right to object: Right to object to the processing of your data on grounds relating to your particular situation, or where the processing is based on a legitimate interest.

Right not to be subject to automated decisions: You may request not to be subject to decisions based solely on automated processing of your data, including profiling.

Right to withdraw your consent: You may withdraw your consent at any time, without affecting the lawfulness of the processing based on the prior consent.

Right to file a complaint: If you consider that your rights have not been respected, you may file a complaint with the corresponding supervisory authority: Spanish Data Protection Agency info@aepd.es https://www.aepd.es

To exercise any of these rights, you may contact Disop using the following contact information:

  • Responsible: Disop, S.A
  • Address: Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain
  • Phone: +34 916 612 244
  • E-mail: marketing@disop.com
  • Website: https://disop.com/

You can also exercise your rights before the Data Protection Delegate:

Email: rgpd@auratechlegal.es - Phone: 647633242

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of consent, you can do so by sending an email to these addresses: rgpd@auratechlegal.es / marketing@disop.com or a postal mail to : Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain

How can you file a complaint if you feel that your rights are not respected?

If you believe that the processing of your personal data does not comply with data protection regulations, you have the right to lodge a complaint with the relevant Control Authority in your country of residence or place of business.

Depending on your location, you can address the competent authority in your country. For example:

•In Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit

•In France, the competent authority is the Commission Nationale de l'Informatique et des Libertés (CNIL).

Specific contact details for Spain are as follows:

  • Spanish Data Protection Agency C/. Jorge Juan, 6. 28001, Madrid (Madrid), SpainEmail: info@aepd.es- Phone: 912663517Web: https://www.aepd.es

If you are not sure which authority corresponds to you or need information about other supervisory authorities, you can consult the article on Data Protection Supervisory Authorities, where you will find contact details and links according to your location.

14.-MODIFICATION AND INFORMATION PRINCIPLE

This document ensures that you understand how we process your personal data. By using our website or services, you confirm that you have been informed about the terms of our Privacy Policy, in accordance with the information principle set out in Article 13 of the GDPR. The lawful bases for processing your personal data are set out in Article 6 of the GDPR, and may include the performance of a contract, compliance with legal obligations or legitimate interest, among others.

This policy has been developed with the collaboration of Auratech Legal, a specialist data protection firm, and will be reviewed periodically to ensure its adequacy and compliance.

Disop reserves the right to modify this policy at any time.

Disop reserves the right to modify this Privacy Policy based on changes in legislation, jurisprudence or guidelines from the supervisory authorities. Any relevant modification that affects the purposes of the processing, storage periods or users' rights will be explicitly communicated.

Last updated: November 22, 2024