1.- Privacy Policy

At AJL we are committed to the protection of privacy and the proper use of the personal data that we process and you facilitate us with, both on-line in this website (and if applicable any of its subdomains, microsites and/or mobile applications) as well as off-line.

Please carefully read this policy and be sure that you understand it and agree to it, before facilitating us your personal data. If you do not agree with it, do not use this website or its services or facilitate your data to us. The fact of accessing this website, using any of its services or facilitating us your data, either on-line or off-line, will be understood by us as a clear affirmative action by which you give us your consent (when it is required) to process your data for the purposes listed below.

2.- Who is responsible for the processing of your data?

AJL OPHTHALMIC, S.A.

Postal address: C/ Ferdinand Zeppelin, 1 01510 MIÑANO – ALAVA

Email: ajlsa@ajlsa.com

Telephone: 945298256 / 945298289

3.- How have we obtained your data?

If you are already a current or potential customer, for example to give you a customised implant, you have given them to us, either off-line or on-line when requesting our services in order to be able to maintain the contractual relationship with you.

If you have facilitated the data through this website or any of its subdomains, microsites and/or mobile applications, we gather information, for example, when you access the page, when you fill out any form with personal data or when you communicate with us directly by email.

We can process and record said uses, sessions and related information, either independently or with the help of third party services and even by means of the use of cookies and other monitoring technologies.

When you facilitate us your personal data, you guarantee that you are enabled to facilitate this information and that the information is true, truthful, accurate and up-to-date, that it is not confidential, that it does not violate any third party contractual restrictions or rights and you commit yourself to not impersonate other users by using their registration data to the different services and/or contents of the website.

You have the responsibility of maintaining your data accurate and up-to-date, AJL declining all responsibility in the event of failure to do so.

In the event that third parties facilitate us personal data, (doctors for performing the calculations of nomograms their patients, insurers who cover the expense of our products so that we may issue them an invoice, physicians or health centres who prescribe our health care products tailored to their patients …), the data categories we process are: Identifying data and even especially protected data relating to the individual’s health.

The sensitive data facilitated are subject to a special protection and the legitimation to process them is the express consent of the individual. It is therefore the responsibility of that third party who facilitates us data (doctor, hospital, insurance company …) both to have the prior and express consent of the interested party to use their data and convey these to us, as well as to inform them of the inclusion of their data in our files. If you convey us the personal data of third parties, by the acceptance of this privacy policy, you expressly guarantee that you have the authorisation of the interested party for said conveyance, exonerating us of any responsibility in the event of any claim by the interested party, a responsibility solely and exclusively assumed by who has conveyed us the data in the name or interest of the latter.

4.- What do we process your information for?

The data that you facilitate us, as well as any others generated during the undertaking of the contractual, commercial or other type of relationship that we may have with you, can be processed for different purposes, such as:

a.If you are a direct customer of ours or your data has been conveyed to us by an insurance company covering the expense of the implant, a physician or a health care centre that prescribes it, we shall use these to maintain contact and communication with customers and suppliers, prepare cost quotes and the control of offers presented, management and billing of the services provided/requested, justification of the insured expense and of the commercial and/or contractual relationship derived from these, as well as to comply with the regulatory framework on customised health care products.

b.If you are a mere user of our website we shall use your data to maintain contact and communicate with you and manage requests that you make to us on-line. In the event that you give us your curriculum data, we will use these to contact you and manage the selection processes we undertake. In this case, filling out the information in the fields marked as compulsory is essential for processing, if you do not facilitate said information we will not be able to take your curriculum into account.

c.In both cases we may use your data to send you information on our activities, products and/or services (including advertising and/or commercial messages for the purposes of art. 21 LSSICE 34/2002).

5.- For how long will we retain your data?

In the case of direct customers of ours or patients given to us by insurance companies covering the expense of the implant, physicians or health care centres, we shall retain them as long as the contractual or commercial relationship lasts and once these have concluded, for the required years to comply with the legal obligations and/or for the legal periods required for the statute barring of any responsibility on our part and even once these periods have elapsed we may retain insofar as you do not request their deletion and in the case of a mere user of the website, insofar as you do not request their deletion.

6.- What is the legitimation for the processing of your data?

The legal basis which legitimates us to process the data is on one hand, the contractual or commercial relationship between the parties either directly with the current or potential customer, or with the insurance company that covers the expense of the implant, the physician or the health care centre prescribing it in the event that it is these that convey the data of the individual concerned to us.

On the other hand, it may also be for the legitimate interest of said third parties for billing the implants or health care products manufactured by us that they may have prescribed, as well as compliance on our part with the regulatory framework on the manufacturing of customised health care products.

In the case of a user of our website, the legitimation for the processing of their data shall be their consent that they unequivocally give us on providing the on-line or off-line data, said provision being deemed to be a clear affirmative act that expresses said consent.

The providing of the requested data is compulsory as it is essential for the aforementioned purposes; if you do not provide these, we will not be able to carry them out.

The sensitive data facilitated are subject to a special protection and the legitimation to process them is your express consent. You unequivocally grant us said consent on facilitating us your data, said facilitation being deemed to be a clear affirmative act that expresses said consent.

In the case of direct customers (patients, doctors, insurance companies, health care centres …) given the relationship, pertinent and appropriate that these maintain with us as well as in the case of users of our website, we have a legitimate interest in processing their data, so that within the maintenance and management of said relationship, we may send information on our activities, products and services, (including advertising and/or commercial messages for the purposes of art. 21 LSSICE 34/2002).

These purposes are compatible with the initial purposes for which we gathered your data (manage the contact and communications and maintain the contractual or commercial relationship) although in any event the provision of your data for these purposes that we have just mentioned, derived from our legitimate interest, is always voluntary and your interests, rights or liberties shall always prevail, over and above our legitimate interest, so that if ask us to delete and cease to process your data for these purposes (sending us an email in this sense to ajlsa@ajlsa.com,) we shall so do, being entitled to keep them blocked for the formulating, exercising or defence of claims. Said withdrawal does not condition the processing of your data for the rest of described purposes.

If you have facilitated us sensitive data that are subject to a special protection the legitimation to process them is your express consent. You unequivocally grant us said consent on facilitating us your data, said facilitation being deemed to be a clear affirmative act that expresses said consent.

7.- To which recipients may we convey your data?

We inform you that the data that you provide us may be disclosed to third party entities for the compliance of purposes directly related to the legitimate functions of transferor and transferee such as:

1.To banking institutions for the management of collections and payments

2.To the institutions or bodies with which there is a legal obligation of communicating data (Tax Authorities…)

3.To health care centres or health insurance companies, in the case of request of our customised health care products, for purposes of billing and/or justification of the insured expense.

4.Public Administrations with competence in the matter

International Transfers of Data

We inform you that, in the event of using suppliers from outside the European Economic Area to provide us with auxiliary services for our activity (lodging, housing, SaaS, remote backup copies, IT support or maintenance services, email manager, sending of emails and email marketing, etc…) who may have access to personal data, we shall choose companies adhered to the Privacy Shield agreement between the USA and the EU, which means that they oblige themselves to comply with requirements equivalent to the European ones on data protection matters. In any event, by the acceptance of this data protection policy you expressly and unequivocally authorise us to convey the data to said companies, being aware that this involves an international transfer of data to a country that does not belong to the European Economic Area and giving your unequivocal consent to said transfer.

8.- What are you rights when you facilitate us your data?

Right of access: You may ask us which personal data we are processing and even asking us for a copy of these.

Right of rectification: You can ask for the rectification of inaccurate personal data or that we complete those that are incomplete, including by means of an additional statement.

Right of deletion (right to be forgotten): You may ask us for the deletion of your personal data when: they are no longer necessary for the purposes for which they were gathered, you withdraw your consent, here has been wrongful processing of these or for compliance with a legal obligation.

Right to limitation of the processing: You may ask us to limit the processing of your data, in which case we shall only retain them for the exercising or defence of claims.

Right to the portability of the data: You may ask us to return to you (to you or a third party designated by you) your personal data in a structured format, of common use and mechanical reading.

Right of opposition: You can oppose yourself to the processing made to your data if said processing is based on the legitimate interest of the person responsible for the file or it is for advertising purposes.

To exercise all these rights you may address us with a written signed request, in all events attaching a copy of your ID document to the postal or electronic address indicated in section 2 of this same privacy policy. In the event of modification of your data you must notify this to the same address, declining all responsibility for the company in the event of failure to do so.

Once any of the above requests have been received we shall answer you within a maximum of 10 days.

You can file claims with the Spanish Data Protection Agency. If you desire further information about the rights you may exercise and for requesting the model forms for exercising rights you may visit the Spanish Data Protection Agency’s website, www.agpd.es