In accordance with the provisions of Articles 13 and 14 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as ‘PGN’), and articles 6 and 11 of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, “LOPDGDD”), which regulates the right to information in the collection of data, we inform you of the following:
Who is responsible for processing your personal data?
Controller: GoodGut S.L.U.
Address: Parc Científic i Tecnològic UdG (Edifici Centre d’Empreses) – C/ Pic de Peguera, 11-17003 Girona
Contact e-mail: firstname.lastname@example.org
What personal data do we collect?
The personal data that the user may provide:
- First and last name.
- E-mail address.
- Postal address. Country.
- Payment method (Paypal, card, Apple Pay, Google Pay or bank transfer)
- Company and position in it.
- Results of the intestinal health diagnostic test, including specially protected personal data, such as health data.
- Cookies and usage data. This usage data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, device identifiers and other evaluation data.
- Any other information or data you decide to share with us.
What is our presence in social networks?
GoodGut S.L.U. has the following profiles on the main social networks on the Internet (Twitter, Instagram, Facebook and LinkedIn).
It is recognized as responsible for processing the data of its users, followers, or persons who make comments through them. Likewise, in accordance with the Law on Information Society Services and Electronic Commerce, GoodGut S.L.U. is exonerated from any type of responsibility derived from comments made by users and followers on its social networks.
GoodGut S.L.U., may use the profiles described above to inform its users of topics it considers of interest.
Why and for what purpose do we process your data?
We process your data for the following purposes:
– Contact. If you decide to contact us through the web forms.
– Sending newsletters with corporate or commercial information about GoodGut
– Sending commercial information (offers, promotions, etc.) to the user via electronic media
– Purchase and performance of the test: We will process your data to manage the purchase, payment and shipment of the kit to perform the test; as well as to perform the analysis and send the results to you or to the doctor you have chosen from among our medical staff.
– Arrange an online visit. When you purchase a test, we will process your data to manage an online visit with a professional from our list of specialists, so that they can interpret the test result.
What is the legitimacy for the processing of your data?
The processing of your data is based on the following grounds:
– Consent (art. 6.1.a RGPD): The processing of contact data for sending communications is based on the express consent you give us at the time of contacting us to receive commercial communications and/or advertising or subscribing to our newsletter. When you request an online visit, we will need your consent to manage it. Likewise, in the case of the processing of data by means of certain cookies, your consent is required.
– Sales contract (art. 6.1.b GDPR): the processing of billing data and data relating to test results is necessary for the performance of the sales contract.
– Legitimate interest (art. 6.1.f GDPR): in the case of some cookies, we may process data without asking for your consent, based on the legitimate interest for the proper functioning of our website.
How long do we keep your data?
The processing of data for the purposes described will be maintained for the time necessary to comply with the purpose of collection, as well as to comply with legal obligations arising from the processing of data. Without prejudice to the fact that the conservation is necessary for the formulation, exercise or defence of potential claims and/or whenever permitted by the applicable legislation.
Likewise, the clinical data of the TestUrGut analysis result may be kept for a longer period of time for the purpose of carrying out a clinical study, maintaining the confidentiality required by Law 14/2007 on Biomedical Research and only being identifiable by means of a code.
In addition, we can anonymize the result of the analysis of the tests (so that it does not identify you). We use anonymous information for purposes including conducting internal testing and validating new equipment to optimize our testing procedures. Usage data is generally retained for a shorter period, except when this data is used to strengthen the security or improve the functionality of our service or when we are required by law to retain this data for a longer period.
GoodGut S.L.U. will also retain certain data for internal analytics properties. Use data is usually kept a shorter time period, except when this data is used to strengthen security or improve the functionality of our service or when we are required by law to keep this data for a longer period.
GoodGut S.L.U. commits to ceasing the processing of personal data when the retention period is over, as well as duly blocking them in our databases.
To which recipients are your data communicated?
In general, GoodGut S.L.U., will not give the personal data to third parties, except in those situations that the same can be given to other collaborators that provide services to GoodGut S.L.U. , in order to manage the provision of services, the contractual and/or pre-contractual relationship with the interested parties or to process requests made by them. This category includes doctors who are part of GoodGut’s medical staff and who carry out online medical visits.
GoodGut S.L.U. seeks to guarantee the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have appropriate measures in place to protect personal data. These third parties have the obligation to guarantee that the information is treated in accordance with data privacy regulations.
In some cases, the law may require that personal data be disclosed to public bodies or other parties, but only to the extent necessary to comply with such legal obligations.
Where is your data stored?
In general, the data is stored on the Nominalia servers, located in the United Kingdom, a country that has been declared with an adequate level of protection by the European Commission, following the decision of June 28, 2021 of application of the Commission.
What rights do you have and how can you exercise them?
You may direct your communications and exercise your rights by sending a written communication to the following e-mail address: email@example.com
By virtue of what is established in the regulations on data protection you can request:
- Right of access: you can ask for information about the personal data we have about you.
- Right of rectification: you can communicate any change in your personal data. However, whenever possible, you can update your personal data directly from the settings section of your account.
- Right to delete and forget: you can request the deletion of your personal data after they have been blocked.
- Right of limitation to the treatment: it supposes the restriction of the treatment of the personal data.
- Right to object: you can withdraw your consent to the processing of your data by opposing their further processing.
- Right to portability: in some cases, you can request a copy of the personal data in a structured, commonly used, machine-readable format for transmission to another manager.
- Right not to be subject to individual decisions: you can request that decisions not be taken based on automated processing alone, including profiling, which produces legal effects or significantly affects the data subject.
In some cases, the request may be refused if you ask for the deletion of data necessary to comply with legal obligations. Also, if you have a complaint about the processing of your data, you can file a claim with the data protection authority.
Who is responsible for the accuracy and truthfulness of the data provided?
The user is solely responsible for the truthfulness and correctness of the data communicated to the company, exonerating GoodGut S.L.U. from any responsibility in this regard. The users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information. GoodGut S.L.U. is not responsible for the veracity of the information that is not of its own making and of which another source is indicated, so it does not assume any responsibility for hypothetical damages that could arise from the use of this information.
What security measures do we apply to protect your personal data?
GoodGut S.L.U. has adopted the legally required personal data protection security levels, and tries to install those additional technical means or measures within its reach to avoid the loss, misuse, alteration, unauthorized access and theft of the personal data provided to GoodGut S.L.U.