Privacy Policy

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (GDPR), and Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), the user is informed of the following:

1. Data controller

• Controller: Dr. Diego Ferrández Sempere
• Address: Beethoven 20, 03203 Elche, Alicante, Spain
• Telephone: +34 965 425 372
• Email: info@diegoferrandez.com

2. Personal data we process

Through this website we may process the following categories of personal data:

• Browsing data: IP address, browser type, operating system, pages visited, time spent and other anonymised data automatically collected by Google Analytics.
• Data provided by the user: name, telephone number, email address, reason for consultation or other data voluntarily provided by the user through the SaluFile chatbot, contact forms, WhatsApp or email.
• Health data: if the patient provides clinical information through the available contact channels (chatbot, teleconsultation, WhatsApp), such information will be treated with the utmost confidentiality as special category data in accordance with Article 9 of the GDPR.

3. Purpose of processing

The personal data collected will be processed for the following purposes:

• Managing appointment requests and medical consultations.
• Maintaining communication with the patient regarding their healthcare.
• Analysing website usage for statistical and service improvement purposes (Google Analytics).
• Facilitating user interaction with the healthcare chatbot (SaluFile).

4. Legal basis for processing

The processing of your personal data is based on the following legal grounds:

• Consent of the data subject (Art. 6.1.a GDPR): by using the chatbot, submitting a contact form or communicating through the available channels, the user gives consent to the processing of the data provided.
• Performance of a contract or pre-contractual measures (Art. 6.1.b GDPR): appointment management and provision of healthcare services.
• Legal obligation (Art. 6.1.c GDPR): compliance with applicable health regulations, including the preservation of medical records.
• Legitimate interest (Art. 6.1.f GDPR): statistical analysis of the website for continuous service improvement.
• Purposes of preventive or occupational medicine, medical diagnosis or provision of healthcare (Art. 9.2.h GDPR): for the processing of health data.

5. Data recipients

Personal data may be disclosed to the following recipients:

• Google LLC (Google Analytics): receives anonymised browsing data for usage statistics. Google may transfer data to servers located outside the European Economic Area, under the European Commission's standard contractual clauses. More information in Google's privacy policy.
• SaluFile (salufile.com): healthcare management platform operating the chatbot integrated into the website. Data provided to the chatbot is processed in accordance with SaluFile's privacy policy as a data processor.
• Public authorities and health authorities: when required by law.

No data transfers to third parties will be made other than those indicated above or when there is a legal obligation.

6. Data retention periods

Personal data will be retained for the following periods:

• Contact and consultation data: for the time necessary to manage the healthcare relationship and, once concluded, for the applicable legal limitation periods.
• Medical records: in accordance with Spanish Law 41/2002, of 14 November, on patient autonomy, for a minimum of five years from discharge from each healthcare process.
• Browsing data (Google Analytics): in accordance with Google Analytics' retention settings, currently 14 months.
• Chatbot data: in accordance with SaluFile's retention policy.

7. User rights

The user may exercise the following rights at any time:

• Right of access: to know whether personal data is being processed and, if so, to obtain a copy thereof.
• Right to rectification: to request the correction of inaccurate or incomplete data.
• Right to erasure: to request the deletion of data when, among other reasons, it is no longer necessary for the purpose for which it was collected.
• Right to restriction of processing: to request restriction of data processing in certain circumstances.
• Right to object: to object to the processing of data on grounds relating to the user's particular situation.
• Right to data portability: to receive the data provided in a structured, commonly used and machine-readable format, and to transmit it to another controller.
• Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, the user may contact the data controller by email at info@diegoferrandez.com or by post to the address indicated, enclosing a copy of their identity document.

The user also has the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that the processing of their personal data does not comply with current regulations.

8. Security measures

The data controller has adopted the necessary technical and organisational measures to ensure the security of personal data and to prevent its alteration, loss, unauthorised processing or access, in accordance with the state of the art, the nature of the data stored and the risks to which it is exposed.

9. Cookies

This website uses its own and third-party cookies. For detailed information about the type of cookies used, their purpose and how to manage them, please see our Cookie Policy.

10. Changes to this privacy policy

The controller reserves the right to modify this privacy policy to adapt it to legislative or case-law developments, as well as to changes in professional practice. In the event of significant changes, the user will be informed through the website.

Last updated: March 2026