Privacy policy

Who is responsible for the processing of your data?

The person responsible for the processing of your data is Spotlab, S.L. (hereinafter, “Spotlab”) with registered office at Paseo de Juan XXIII, 36B, CP 28040 Madrid, Spain. If you have any questions regarding data protection, you can contact Spotlab at the indicated postal address or by email: support@spotlab.org

What are the purposes for which your data will be processed?

Spotlab informs you that your data will be processed by Spotlab for the following purposes:

Registration of the user on the platform and provision of the service. Spotlab will process the identifying information necessary to enable the user’s registration on its platform and to provide the service requested by the user: opening a case, uploading case documentation for analysis or adding other users in case the user has the role of administrator.
In this regard, Spotlab shall process the user’s name, surname, username, email address, organisation to which the user belongs, assigned role, device(s) of the user with access to the service, as well as information and documentation that the user may provide to the platform in accordance with its terms and conditions.

Once the user has successfully registered, Spotlab will process all information arising from the provision of the services that the platform consists of, either in the application or the web service.

The data provided directly to Spotlab by the user are those necessary for the user’s registration and the provision of the services for which the platform is intended.

However, the user’s personal data may have been provided by a user with the role of administrator, who may register or deregister other users who have been authorized by the administrator to access the Spotlab platform.
Such user-administrator guarantees the accuracy of the third party’s information provided to Spotlab in order to proceed with its registration on the platform, as well as the fulfilment of the duty to inform the third party and, where applicable, to have obtained its consent to transfer the data to Spotlab.

Legitimation: This processing is necessary for the performance of the contract.

Communication of data: In order to provide the services that Spotlab consists of, it is necessary to communicate the user’s data that collects the patient’s information and uploads it to the platform to the doctor or health professional who analyses such information and documentation.

When viewing the aforementioned information, the doctor or healthcare professional will be able to know which particular user has provided such information in relation to one or more open cases, such communication being necessary for the purposes of providing the service and to ensure the veracity of the information provided by the user.
Similarly, when consulting the particular status of a case, the user who collects the patient’s data will be able to view the diagnoses, opinions or recommendations issued by the doctor or healthcare professional, this being equally necessary for the provision of the services and in order to enable the user to carry out the corresponding actions under the doctor’s recommendation.

Legitimation: This processing is necessary for the performance of the contract.

Management of consultations and other requests. Spotlab will carry out the data processing necessary to deal with the queries or requests sent by the user through the platform in order to guarantee the provision of the services that are the subject of the contract.

Legitimation: This processing is necessary for the performance of the contract.

Sending operational communications to the user for the provision of services. In cases where it is necessary to contact the user directly (e.g. to verify or contrast certain information or documentation provided by the user), Spotlab will do so through the appropriate channels based on the contact information provided by the user and for the sole purpose of fulfilling the provision of the service within the framework of Spotlab’s terms and conditions.

Legitimation: This processing is necessary for the performance of the contract.

Compliance with the obligations of legal obligations that may be applicable to Spotlab, for example, on the basis of the Law on Information Society Services and Electronic Commerce.

Legitimación: Este tratamiento resulta necesario para el cumplimiento de una obligación legal.

Compliance with accounting, legal, fiscal and administrative obligations.

Legitimación: Este tratamiento es necesario para la ejecución del contrato.

Spotlab does not process personal data relating to the health of patients that would allow their direct or indirect identification, in accordance with the definition of “personal data” established by the applicable data protection regulations.

The user shall be aware that, in order to provide the services offered by the Spotlab platform, it is not necessary to communicate health data allowing the identification of the patient at the time of opening or managing cases. Consequently, the user shall be fully liable in case he/she provides such personal information concerning the patient’s health, exempting Spotlab from any damage or harm that may arise from the non-compliance with this paragraph.

How long we will keep your data?

Any personal data to which we have access will be processed and retained for as long as the contractual relationship or the purpose for which it was collected is maintained.

Once such relationship has ended or in the event that the personal data obtained are not necessary for the fulfilment of the above-mentioned purposes, Spotlab will keep the data, duly blocked, to be made available to the competent Public Administrations, Judges and Courts or the Public Prosecutor’s Office for the period of limitation of any actions that may arise from the relationship maintained with the user and/or the conservation periods provided for by law. Spotlab shall proceed to the physical deletion of your data once these periods have elapsed.

To whom we will disclose your data?

Spotlab may disclose your data to:

  • Doctors or healthcare professionals who will analyse the information and documentation provided by the user, in order to fulfil the provision of the services that Spotlab consists of.
  • Where appropriate, the data of the doctor or health care professional analysing the documentation of a case may be displayed by the user who has provided the information related to the case (e.g. when displaying the diagnoses, opinions or recommendations issued by the doctor or health care professional).
  • Competent Public Bodies, Judges and Courts.

In addition to the above-mentioned data communications, Spotlab has the cooperation of certain third party service providers who have access to your personal data and who process such data on behalf and for the account of Spotlab as a consequence of their provision of services.

If Spotlab were to contract the provision of services by third party service providers, such service providers would be, but are not limited to, the following sectors: legal consultancy, multidisciplinary professional service companies, technology service providers, IT service providers.

In particular, Spotlab has a service provider – Amazon Web Services EMEA SARL – located in the European Union, but whose servers may be located outside the European Union. These servers may contain personal information of the user of the Spotlab platform.

As a consequence of the foregoing, there may be an international transfer of user data to countries that do not offer a level of protection comparable to the European Union. Spotlab guarantees that, in any case, the international transfer of data will be carried out with the guarantees required by the applicable data protection regulations. You may obtain information about such guarantees by contacting Spotlab at the e-mail address indicated by Spotlab in the following section.

What are your rights when you provide us your data?

Users may, if they so wish, exercise their rights of access, rectification and deletion of data, as well as request the restriction of the processing of their personal data, object to the processing, request the portability of their data and not to be subject to automated individual decisions, by the following means:

  • By sending a written request to the postal address indicated above.

  • By sending a request to the e-mail address [*]

In both cases, the user must attach a copy of their DNI, NIF or official document that identifies them.

How have we obtained your data?

The personal data processed by Spotlab are directly provided by the user when registering on the platform.

However, the user data processed by Spotlab may have been provided by a user with the role of administrator, who will have the possibility to register or unsubscribe third party users. The said user-administrator guarantees the accuracy of the third party’s information provided to Spotlab in order to proceed with the registration on the platform, as well as the fulfilment of the duty to inform the third party and, where applicable, to have obtained the third party’s consent to transfer the data to Spotlab.

To which authoroty can you lodge a complaint?

Users may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) regarding the response they have received from Spotlab in addressing their rights.

In any case, the user is informed that he/she can contact Spotlab to complain about any matter related to the processing of his/her personal data by the means indicated above.