Who is responsible for the Processing of your Personal Data?

Denomination: 08520 Dental SLP (hereinafter  CeraRoot  CLINIC)

Address: C/  Parpers  15, 08520 Les  Franqueses del Vallés

Contact phone: 93 595 02 47

Email: josep.oliva@cerarootclinic.com


Who is it and what  does the Data Protection Officer do?

The Data Protection Officer is responsible for carefully ensuring compliance with data protection regulations; you can contact him in the following email:  dpd@utpr.es


Principles we will apply to your personal information

In the processing of your personal data, we will apply the following principles that are so juquentto the requirements of the new European data protection regulation.

  • Principle of lawfulness, loyalty and transparency: We will always require your consent for the processing of your personal data for one or more specific purposes that we will inform you in advance with absolute transparency.
  • Principle of data minimization: We will only request the data that is specifically necessary in relation to the purposes for which we require it.
  • Principle of limitation the retention period: The data will be kept in our database for no longer than necessary for the purposes of the processing, depending on the purpose, we will inform you of the corresponding retention period in all case.
  • Principle of integrity and confidentiality: Your data will be treated in such a way as to ensure adequate security of personal data and to ensure confidentiality.
  • You should know that we take all necessary precautions to prevent unauthorized access or misuse of our users’ data by third parties.


How have we obtained your data?

 The legal basis for the processing of your data is the free, specific, informed and unambiguous consent, for the purpose of the execution of the contract for the provision of dental services formalized by the acceptance of budget, or where appropriate, the  pre-budgeting.

Exceptionally, and always with the prior consent, they could have been obtained by other means.


What personal data do we process?

The personal data we process, for the legitimate purposes explained to you in point 6., and depending on the services, may be,

  • First and last names
  • Mailing address
  • Nif
  • Phone
  • Email
  • Dental x-rays (periapical, fin/bite, cephalometry or telephotometry, dental tac,  orthopantomography)
  • Photographs and videos(intra-oral and extra-oral)
  • Health data from conversations with you
  • Health insurance data.


For what  purpose do we process your personal data?

 We process your personal data for the primary purpose of collecting your health data in order to provide you with the best healthcare, leaving record of all the data that, in medical criteria, allow truthful knowledge and acts health status and that are relevant to the medical treatment to be performed.

We also process your personal data to manage all additional services related to healthcare (analysis laboratories,psrotésicos), the relationship with your insurer or mutual entity, and for accounting and tax management, in particular, the billing of the services provided.

Likewise, as long as we have your consent in advance for the management and development of marketing activities and the sending of commercial communications by electronic means.


When and why can we provide your data to third parties?

Your personal data may be transferred to the following recipients for the reasons indicated,

  • Public administrations: for the fulfillment of the legal obligations to which we are subject by our activity.
  • Mutuals and InsuranceCompanies: in the event that you access our services through health insurance and for the sole purpose of being able to manage the management and collection of the services provided.
  • Laboratories of analysis, dental prosthetics and the like: with the sole purpose of giving the contracted treatment.
  • Health professionals, collaborators of the clinic: with the sole purpose of being able to carry out the contracted treatment. In any case, the data never leave the clinic.
  • Medical inter consultations with other physicians or dentists of the patient: in order to consult the health status and history of the patient, and request when necessary pre and post-intervention recommendations.
  • Fiscal and accounting management: for the sole purpose of managing our accounting(issue invoice, presentation of tax returns, commercial obligations….)


International data transfers

 In no case do we transfer your personal data to any person or entity either inside or outside the EEC without your prior consent.


How long do we keep your personal data?

 Clinical History: the legally established deadlines for this type of document that are currently set at 5 years.

Other personal data (names and surnames, postal address, NIF): the deadlines legally established by tax and commercial legislation


What are your rights?

 Anyone has the right to obtain confirmation as to whether CeraRoot  CLINIC  is processing data that concerns him or her or not.

Interested persons have the right to

  • Request access to personal data relating to the data subject.
  • Request rectification or deletion.
  • Request limitation of your treatment
  • Oppose treatment.
  • Request data portability.

We have at your disposal the corresponding models so that you can exercise your rights.

Data subjects may access their personal data, as well as request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes that were collected.

In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case they will only be kept for the exercise or defense of claims.

In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data.

Data subjects will also have the right to effective judicial protection and to file a complaint with the supervisory authority, in this case, the Spanish Data Protection Agency, if they consider that the processing of personal data concerning them infringes European Data Protection Regulation.