1. Who does this Privacy Policy apply to?
The web page www.goesresearchgroup.com (henceforth, the “Website“) is an internet domain that is the property of the Gastrointenstinal Oncology, Endoscopy and Surgery research group (henceforth, “GOES Group“), at the ALTHAIA, XARXA ASSISTENCIAL UNIVERSITÀRIA UNIVERSITÀRIA DE MANRESA, FP. (henceforth, “ALTHAIA“).
By visiting or consulting the GOES Group website and using the services offered, the user (clients, potential clients, patients, doctors, teachers and students, candidates, trainees, employees, among others) agree to the processing of their personal data, in accordance with the terms established in this document (henceforth, the “Privacy Policy”).
The Website is made available to users to facilitate access to information on the marketing of seminars and courses, specifically the course “Training in optical diagnosis of early colorectal cancer” which can be studied online.
This Privacy Policy and the processing of users’ data will be regulated by the General Data Protection Regulation, or Regulation [EU] 2016/679 (“GDPR”).
2. Who is the data controller?
The table below displays information on the controller of the processing of the personal data provided by users:
| Identity | ALTHAIA, XARXA ASSISTENCIAL UNIVERSITÀRIA UNIVERSITÀRIA DE MANRESA, FP, (henceforth GOES Group) |
| Address | Carrer Dr. Joan Soler, 1-3 Postal code 08243 Manresa, Barcelona – Spain |
| Telephone | +34 93 874 21 12 |
| E-mail address | althaia@althaia.cat |
3. What is the legal basis for the data processing?
The legal bases for the processing of personal data are:
- The completion of the forms on the GOES Group Website. These forms (section 4.a), are completed by the interested party, who shares certain information and in so doing gives full consent for the processing of their personal data.
- The execution of a contract.
- Compliance with the regulations in force.
4. What information do we process?
The information that we receive from users, or information that they share with us, is processed and managed as described below. The data are treated in strict confidentiality.
a) Information that users provide directly: GOES Group compiles and stores certain data that users enter in the Website, in the following sections or forms.
| “Register” “Login” | The information that the user provides us when he/she applies for registration, that is, ID number, and e-mail address. | Identification data. |
| “Enroll now / Billing details” | The information that the user provides when making a purchase our course through the Website, that is, full name, country, address, postcode, town, province, telephone, e-mail, ID card or identification number and, where applicable, bank details. | Identification data. Financial details. |
b) Information that users provide indirectly:
| First- and third-party cookies | GOES Group uses first- and third-party cookies to distinguish between the users of the Website. To do this, it records the following, but not limited to, information: the type of browser, the operating system, including the content users consult and the time of day they are active, as well as the online identifier (that is, the IP assigned to the user’s device). | Data deriving from the identification cookies. Data deriving from browsing. |
4.1. Data quality: The user must guarantee, with regard to both GOES Group and third parties, the quality of the information and personal data provided through the GOES Group Website. This implies that all personal data and information provided must be real, truthful, updated and belong to the user and not to third parties. In the event that the data belong to third parties, we assume that they have given their consent and we request that the third party be invited to view our legal texts as soon as possible.
4.2. Data modification: Users must notify GOES Group of any changes in the personal data provided, and are responsible for the veracity and accuracy of the data provided at all times.
5. What is the purpose of the data processing?
| Provision of services | GOES Group may use the personal data that users provide: – When registering or logging in to the GOES Group’s Website to confirm their identity and to verify their personal and contact details. – To inform them of its operations by email and thus comply with internal procedures. – In order to properly provide services, such as the delivery of a course and to publicise any updates to the course. |
| Sharing data with third parties (exceptions) | – If strictly necessary for the services requested, in cases in which GOES Group collaborates with third parties. – When GOES Group is expressly and unequivocally authorized to do so by the user. – When required to do so by the competent authorities in the exercise of their functions (to investigate, prevent, or take action regarding illegal activities). – If required to do so by legal provisions. |
| Promotional messages with an option to cancel | With the user’s consent, GOES Group may use the personal data obtained in order to send information, news and advertising about its services and other similar services. In any case, users may ask not to receive informative e-mails by writing to the e-mail address goesresearchgroup@althaia.cat or through the link that appears in the body of the e-mails the group sends. If requested to do so, GOES Group will no longer send this information. |
| First- and third-party cookies | – To enhance the user’s experience while using the Website and to obtain information regarding their last visit the website uses technical and personalization cookies. – With the user’s consent, cookies may be installed to calculate the number of people who enter the website, and to store information on the behaviour of users obtained through the observation of their browsing habits (analytical cookies). Most browsers allow the use of cookies automatically, but users can configure their browser to provide on-screen notification of the reception of cookies and thus prevent their installation on their hard drive. For detailed information on the cookies used and the purposes for which we use them, please consult our Cookies Policy. |
6. How long will the data be stored?
GOES Group will keep the user’s personal data for as long as is reasonably necessary to comply with the objectives mentioned in this Privacy Policy and to comply with current legislation, regulatory requirements and relevant rulings made by the competent courts, or, in any case, as long as the group continues to send information or communications and the interested party does not request their erasure or objects to such processing.
Users’ personal data will be anonymized or deleted once they are no longer relevant to the purposes for which they were collected.
7. Who will be the recipients of the data?
The personal data that GOES Group records will be used exclusively to achieve the purpose defined on the GOES Group Website. In order to fulfil this objective and to ensure the correct provision of the service, GOES Group may share certain personal data of users:
- If legally required to do so, GOES Group may share information with authorities and/or third parties regarding requests for information related to criminal investigations and alleged illegal activities.
- External service providers: certain companies subcontracted by GOES Group may have access to users’ personal data and information (always under the exclusive control of GOES Group) when necessary to provide our services:
- Payment gateway: Redsys (Redsys, Servicios de Procesamiento, S.L.) processes personal data: (i) To contract and execute any of the services and/or products that we offer or order. (ii) To manage applications from candidates wishing to work with us. (iii) To attend to the queries sent by users via the Contact email. (iv) To use the Ethical Channel. (v) To establish business relationships through contacts of other companies. (vi) To comply with the corporate obligations of the company. (vii) To provide access to company information protected by IRM encryption measures. Users may consult this provider’s Privacy Policy here.
- Audiovisual communication platform: Google Meet (Google Ireland Limited) processes the following personal data: (i) Account information (ii) Participant’s profile and information (iii) Contacts and calendar integrations (iv) Configuration (v) Information on registration (vi) Data on the device (vii) Content and context of meetings, webinars, and messaging (viii) Product and website usage (ix) Google Meet communications (x) Information on members. Users may consult this provider’s Privacy Policy here.
- With the user’s consent: in addition to the above, users will be informed in the event that any information concerning them should be brought to the attention of the web’s business partners, or with third parties, with a purpose other than those set out on the GOES Group Website (for example: for commercial purposes), to allow users to decide whether to share their information. None of the above data communications will include the selling, renting, sharing or otherwise disclosing customers’ personal information for commercial purposes contrary to the commitments made in this Privacy Policy.
8. Can the data be transferred internationally?
In the event that we transfer users’ personal data to a third country, that is, a country outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland and Norway), we will comply with all laws applicable to such transfers, ensuring that users’ personal data are kept secure and applying safeguards to guarantee that there is adequate protection. To do so, GOES Group will use standard data protection clauses adopted by the European Commission.
9. What rights do users have regarding the data they provide?
Users may exercise the following rights in their relations with GOES Group:
- The right to be informed: users have the right to receive clear, transparent and easily understandable information regarding the ways in which their information is used and regarding their rights. For this reason, this information is provided in this privacy policy.
- The right of access: users have the right to access their information (if we are processing it), and other types of information (similar to that provided in this Privacy Policy), so that they can verify that their information is being used in accordance with legislation on data protection.
- Right to rectification: users have the right to have their information corrected if it is inaccurate or incomplete.
- Right of erasure: Also known as the “right to be forgotten”; users are allowed to request the erasure of their information when it is no longer necessary for the purposes for which it was recorded. This does not constitute a general right; there are exceptions.
- Right to limit the processing of data: users have rights that allow them to “block” or prevent the further use of their information. When the processing is limited, we will only keep users’ information for the exercise or defense of claims. Likewise, we keep lists of users who have requested that their information be “blocked” in order to ensure that the restriction is respected in the future.
- Right to data portability: users have rights that allow them to obtain and reuse their personal data for their own purposes in other services.
- Right to object: users have the right to object to certain types of processing, including processing for direct marketing purposes. This right may not apply in the case of compelling legitimate reasons, or the exercise or defence of possible claims.
The exercise of the aforementioned rights is personal, and so users will be required to prove their identity.
To exercise the aforementioned rights, provided for in the legislation, users may contact GOES Group via email dpd@althaia.cat or in writing to the address listed in section 1 of this Policy. The communication must contain the following data and documents:
- Name and surname of the interested party, attaching a photocopy of the DNI or other valid identification document and, where appropriate, of the person who represents them; the use of the electronic signature will exempt them from the need to present these documents.
- Indication of the address of the interested party and document specifying the request (the right that is to be exercised).
Users will also have the right to file a claim with the corresponding Control Authority/Spanish Data Protection Agency (www.aepd.es), when they deem it appropriate.
10. How are users’ data protected?
GOES Group informs users that it has adopted the necessary technical and organizational measures required by current regulations on Data Protection to guarantee the security of their data, and in order to avoid unauthorized alteration, loss, access or treatment of the same.
As mentioned, the personal data provided by users through the GOES Group Website will not be transferred to other entities or companies to be used for their own purposes. However, some companies subcontracted by GOES Group may have access to personal data and information, always under the exclusive control of GOES Group, for the sole purpose of providing a service necessary for the proper functioning of the GOES Group Website.
11. Modifications
GOES Group reserves the right to modify this Privacy Policy in accordance with the applicable legislation at any time. Therefore, users are advised to review this Privacy Policy periodically in order to be informed of the treatment and protection of their personal data, as well as their rights in this regard.
12. Applicable legislation
This Policy will be governed and interpreted in accordance with Spanish legislation, as will the resolution of any controversy or divergence related to this Website. The use of the services of the Website implies the express acceptance of Spanish jurisdiction.
Date of last update: February 2023.
