Version January 2024
Introduction: who we are and what services we offer
On our website (the “Website”), we explain who we are and what services we offer. INDIBA® is a global leader in the field of radiofrequency (RF) for the physiotherapy, aesthetic, and veterinary markets, and is known worldwide for the scientific research conducted over the past 35 years.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
LOPDgdd: Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
LSSI: Law 34/2002, of July 11, on Information Society Services and Electronic Commerce.
Data controller and contact details
Legal/Business name: INDIBA, S.A.U. (“Indiba” o “nosotros”)
Address: C/ Moianès, nº 13, Pol. Ind. Can Casablanques, 08192 – Sant Quirze del Vallès (Barcelona)
NIF (VAT number): A08788804
E-Mail: [email protected]
Origin and categories of data
We will process the data you provide us through the “contact” form on the Website, as well as through other means, to address your requests and, where appropriate, manage the business relationship within the scope of providing our services. These personal data generally include your name, surname, ID card number, nationality, country of residence, email address, postal address, telephone number, and banking details for payment of products and/or services.
Finally, please note that, by providing us with your data, you guarantee the truthfulness and/or accuracy of these. Consequently, you will be responsible for any false or inaccurate statements made.
Purpose and legal basis of the processing
Base legal / Legal Basis
Provide the services requested by you and/or address your requests and complaints.
Art. 6.1.(b) GDPR
Need to offer and provide services within the framework of the commercial relationship or information requested by you.
Marketing and/or newsletter
Send you commercial communications through digital means, including, for example, email or SMS. Please note that you may object at any time by sending us an email to [email protected] or by following the instructions contained in each communication. Likewise, we may send you our newsletter with relevant information about our Services, the sector, and other market trends.
Art. 21.2 LSSICE or Art. 21.1 LSSICE / Art. 6.1.(a) GDPR
If you are a client, we will rely on the exception to consent provided for in Art. 21.2 LSSICE to send you communications through digital means about our Services, other updates, and newsletters. If you are not a client, we will only send you this information if you give us your consent in accordance with Art. 21 LSSICE consistent with Art. 6.1.(a) GDPR.
We will also process your data to comply with our legal obligations, as well as to fulfill your rights.
Art. 6.1.(c) GDPR
The need to comply with our legal obligations and facilitate the exercise of your rights.
Carry out analysis of aggregated data (not associated with any individual) of the browsing and use of our Website
Art. 6.1.(a) GDPR
We will storage your data for as long as our relationship is in effect to manage it properly. However, if we observe prolonged periods of inactivity, we will also proceed to delete your data to the extent that processing is no longer appropriate, relevant, or necessary for the intended purposes of processing. This rule will apply unless you request the deletion of your data.
Once the processing of your data is no longer appropriate, relevant, and limited to what is necessary for the purposes for which they are processed, we will retain your data properly blocked and only to address potential liabilities, as required by regulations.
Finally, we inform you that we will take all reasonable measures to ensure that your data is rectified or deleted when it is inaccurate.
No, we will not make individual decisions based solely on automated processing that produce legal effects on you or significantly affect you in a similar manner.
As a general rule, we will not disclose your data to third parties. However, in certain cases, we may need to disclose your data to:
Providers: Those providers who require such access to provide us with their services, such as managers, IT professionals, cloud or hosting providers, CRM providers, partners, logistics companies or postal services, or telecommunication providers, will have access to your personal data. These third parties will act as our (sub)processors and will have implemented appropriate safeguards to protect your personal information, including the corresponding data processing agreement in accordance with Art. 28 GDPR.
Others: We will share your personal data with third parties if required to do so by law, by an administrative or judicial authority, or for the public interest or order, such as to comply with anti-money laundering and counter-terrorism regulations, tax obligations, or with Social Security.
Please note that we may also share your information if we believe it is reasonably necessary to enforce the terms and policies of the Website or to protect our operations or users.
Additionally, in the event of a corporate restructuring, merger, acquisition, divestiture, or sale, we may transfer all your personal information to the resulting third party of such transaction.
As a general rule, we do not make international transfers of data for the processing of personal data generated within the framework of the Website. However, as is common nowadays, many IT providers have their servers outside the European Economic Area (EEA). In such cases, and only when strictly necessary to operate the Website and/or address your requests, we will make international transfers for these purposes.
In any case, we inform you that with such providers, we will enter into any necessary agreements to ensure that they provide adequate guarantees equivalent to those of the EU for such international transfers. This is the case, for example, with the provider of our CRM platform (HubSpot), with whom we have entered into such agreements (which can be consulted here https://legal.hubspot.com/es/dpa.
Personal data security
We have implemented appropriate measures to prevent any loss, alteration, or misuse of your personal data and to keep it secure. All identifying, confidential, and personal information is stored encrypted at rest, and any access to the data is only possible through secure and encrypted protocols.
What rights do you have?
As provided by the GDPR and the LOPDgdd, we inform you that you have the following rights:
Access: You have the right to access your data to know what personal data concerning you we are processing.
Rectification or erasure: In certain circumstances, you have the right to rectify any inaccurate personal data concerning you that is being processed by us or even to request its erasure.
Restriction: In certain circumstances, you have the right to request the restriction of the processing of your data, in which case we inform you that we will only keep them for the exercise or defense of claims.
Portability: In certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Objection: In certain circumstances and for reasons related to your particular situation, you have the right to object to the processing of your data, in which case we would stop processing it except for compelling legitimate reasons or for the exercise or defense of potential claims. At all times, you may object to the receipt of commercial communications.
How can you exercise your rights?
You can exercise your rights at any time by contacting the Data Controller (Indiba), as indicated in Section 1, at [email protected], indicating “Privacy” in the subject line. In order to verify your identity, we may require you to send us certain additional information or documentation, such as a copy of your ID card or similar identification document.
The exercise of these rights is free of charge. However, please note that a fee may be charged when requests are unfounded, excessive, or repetitive.
Do you have the right to withdraw your consent?
Yes, at any time you can withdraw your consent for the processing of your data for one, several, or all of the purposes indicated above that are based on consent for their processing.
Do you have the right to lodge a complaint?
Yes, at any time you can lodge a complaint with the competent supervisory authority according to your place of residence. In the case of Spain, the Spanish Data Protection Agency (AEPD). You can consult the different supervisory authorities by contacting us at [email protected]. For example, in Spain, the competent supervisory authority is the Spanish Data Protection Agency (AEPD).
In any case, before initiating any complaint, we ask you to contact us via email ([email protected]) in order to try to resolve any discrepancies or disputes amicably.
Within what timeframe will we respond?
We will respond to your requests as soon as possible and, in any case, within one month (which may exceptionally be extended by two months as provided for in the GDPR). If this is not the case, please accept our apologies and contact us again so that we can assist you and rectify any possible technical error that may have prevented us from responding to you within the deadline.