1.-POLICY OBJECTIVE

At Disop, SA (hereinafter, Disop), we respect your privacy and protect your personal data. This policy details how we collect, use and share your information in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

This privacy policy applies to the website www.ocucan.com. If you do not provide us with your personal data, no processing of your information will be carried out.

We will inform you about the purposes of the processing, the entities that may access your data and your rights as the data owner. Some processing may be based on legal obligations, contracts or legitimate interests, without requiring your express consent.

If the website uses cookies, we will clearly notify you in our Cookie Policy, where you can find out more about the use of cookies and how to manage your preferences.

This policy ensures transparency and is designed to help you understand and exercise your rights clearly.

2.- DEFINITION OF PERSONAL DATA

  • Personal data: Personal data means any information relating to an identified or identifiable natural person (“Website user”). An identifiable natural person is any person whose identity can be determined, directly or indirectly, by means of identifiers such as a name, an identification number, location data, an online identifier, or through elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

 3.-IDENTITY OF THE DATA CONTROLLER

Who collects and processes your data?

The Data Controller is: Disop, SA NIF/DNI A28423879

How can you contact us?

  • Postal address and our offices: Avda Valdelaparra No. 31 A. 28108, Alcobendas (Madrid), Spain
  • Registered office: Avda Valdelaparra No. 31 A. 28108, Alcobendas (Madrid), Spain
  • Email: marketing@disop.com- Phone: +34 916 612 244

Who can help you with our Data Protection Policy?

At Disop we have a Data Protection Officer (DPO), whose role is to ensure compliance with current data protection regulations within our entity. If you have any questions or need assistance regarding the processing of your personal data, you can contact our DPO through the following means:

  • Auratech Legal - NIF B87984621 
  • Email: rgpd@auratechlegal.es- Telephone: 911 134 963

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter GDPR.
  • Organic Law 3/2018 , of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
  • Law 34/2002 , of July 11, on Information Society Services and Electronic Commerce. Hereinafter LSSICE.

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

At Disop we process personal data in accordance with the principles established in current regulations, ensuring that the processing is:

  • Lawful, fair and transparent : We provide clear and accessible information about how data is collected and used.
  • Limited to specific purposes : Data is collected for legitimate purposes and is not used for other purposes.
  • Data minimization : We only request the data that is strictly necessary.
  • Accuracy : We keep data up to date and correct inaccurate data.
  • Conservation limitation : The data is kept only for the time necessary for the purposes indicated.
  • Integrity and confidentiality : We apply appropriate security measures to protect data.
  • Proactive Responsibility : We take responsibility for complying with and demonstrating compliance with these principles.

6.-SAFETY MEASURES

What do we do to ensure the privacy of your data?

At Disop, we have implemented the necessary technical and organizational measures to guarantee the security of the personal data we process. These measures are designed to prevent the alteration, loss, unauthorized access or improper processing of data, adapting to the state of the technology and potential risks.

Among the measures we highlight:

  • Confidentiality : Only authorized persons can access the information.
  • Integrity : Information is kept accurate and protected from unauthorized modification.
  • Availability : We ensure that data is accessible to authorized persons at all times.
  • Continuous evaluation : We regularly review and improve our security measures to adapt to new threats and technological advances.
  • Pseudonymization and encryption : We apply these techniques to reinforce the protection of data, especially sensitive data.

7.- PURPOSES OF THE TREATMENT 

Why do we want to process your data?

Below we detail the intended uses and purposes: 

Cookies, Pixel and Tracking - Ocucan

Web analytics: Implementation of tools to understand how users search and navigate the web. Security and fraud prevention: Security cookies prevent attacks and unauthorized access. Session management: Store the user session temporarily to improve the browsing experience.

Managing user sessions

Identify bots using Google Recaptcha to prevent spam attacks

Improving navigation safety

Queries and contacts web forms - Ocucan

Sending personalized responses based on user needs

Managing relationships with potential customers and users interested in canine eye health products

Query log to improve customer service quality

Respond to queries about products, services or technical details provided through the website

How long do we retain your data?

We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the expected retention periods are:

Cookies, Pixel and Tracking - Ocucan According to the site's cookie policy, cookies are stored for the time specified in each cookie: XSRF-TOKEN (2 hours), disop_session (2 hours), cookiefirst-id (never), and Google Recaptcha cookies (duration according to Google service)
Queries and contacts web forms - Ocucan : For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as they are necessary for the purposes of the treatment, and for a period of 5 years after the last significant interaction of the user, respecting the applicable limitation periods and guaranteeing the right of deletion by the interested party.

8.- LEGITIMATION OF THE TREATMENT

Why do we process your data?

The collection and processing of your data is always legitimised by one or more legal bases, which we detail below: 

Cookies, Pixel and Tracking - Ocucan
  • (Art. 6.1.a GDPR) Consent of the interested party
    • LSSICE. Law 34/2002, of July 11, on information society services and electronic commerce.. Law 34/2002, of July 11, on information society services and electronic commerce.
Queries and contacts web forms - Ocucan
  • (Art. 6.1.a GDPR) Consent of the interested party
    • GDPR and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDYGDD). Compliance with legal obligation: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDYGDD)

9.- RECIPIENTS OF YOUR DATA

To whom do we transfer your data within the European Union?

We may share your personal data with members of our group of companies ( details of our group can be found here ) to provide you with the products, services or information you have requested from us. We may also share your data with other entities within the group for the purposes of IT support and maintenance, internal governance, administration and compliance with our legal or regulatory obligations.

We will not share your personal data with third parties outside our business group, except in the following cases:

  • Where you have given us your consent to do so.
  • When you have instructed us to share your information with third party sites or platforms, such as social networks. Please note that once shared, this data will be under the control of the receiving company and subject to their privacy practices.
  • When third parties perform services on our behalf, such as product delivery, customer support, IT services or technology solutions. We require these companies not to use your personal data for purposes other than those requested by us or required by law.
  • If necessary to comply with legal obligations or in the context of a business sale; to enforce our Terms of Use; to ensure your safety or the safety of others; to protect our rights and property, as well as yours; or to comply with legal process.
  • When we share your data for marketing or direct advertising purposes, we will explicitly notify you.

Do we make international transfers of your data outside the European Union?

The data we process is stored primarily on servers located within the European Economic Area (EEA). However, some of our service providers and group companies may be located outside the EEA, in countries such as the United States, China or Australia. These international transfers are carried out with appropriate safeguards, either through adequacy decisions, such as the EU-US data privacy framework (DPF), or through the use of standard contractual clauses, approved by the European Commission, which ensure an adequate level of data protection.

10.- DATA PROCESSING ACTIVITIES

The data processing activities carried out through www.ocucan.com are described below  , specifying:

  • Activity : Name of the data processing activity.
  • Purposes : Uses and treatments carried out with the data collected.
  • Legal basis : Legal basis that legitimizes data processing.
  • Data processed : Types of data processed.
  • Origin : Data source.
  • Conservation : Period for which the data is kept.
  • Recipients : Third parties to whom the data is transferred.
  • International transfers : Data transfers outside the European Union.

10.1 - Treatment activities

These are data processing activities whose purposes are necessary for the provision of services.

Cookies, Pixel and Tracking - Ocucan
Legal bases (Art. 6.1.a GDPR) Consent of the interested party (LSSICE. Law 34/2002, of July 11, on information society services and electronic commerce.)
Purposes Manage user sessions; Identify bots using Google Recaptcha to prevent spam attacks; Improve browsing security; Web analytics: Implementation of tools to understand how users search and navigate the web. Security and fraud prevention: Security cookies prevent unauthorized access and attacks. Session management: Store the user session temporarily to improve the browsing experience.
Data categories and groups Web users (Other categories)
Data provenance The interested party or his legal representative
Category of recipients Entities of the business group
International transfer Not planned
Conservation period According to the site's cookie policy, cookies are stored for the time specified in each cookie: XSRF-TOKEN (2 hours), disop_session (2 hours), cookiefirst-id (never), and Google Recaptcha cookies (duration according to Google service)
Safety measures
  • Access authentication: Ensure that data and cookies are protected by authentication mechanisms to prevent unauthorized access.
  • Encryption: All data related to browsing and the use of cookies are protected by TLS/SSL encryption.
  • Access control: Only authorized personnel can access and manage data derived from the use of cookies.
  • Regular audits: Regular risk assessments and security audits in relation to the use of cookies and tracking technologies.
  • Transmission security: Ensure secure transmission of data through encrypted connections.
Queries and contacts web forms - Ocucan
Legal bases (Art. 6.1.a GDPR) Consent of the interested party (GDPR and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDYGDD))
Purposes Sending personalized responses based on user needs; Managing relationships with potential customers and users interested in canine eye health products; Recording queries to improve the quality of customer service; Responding to queries about products, services or technical details provided through the website
Data categories and groups Website users (Other categories; Identification data)
Data provenance The interested party or his legal representative
Category of recipients Entities of the business group
International transfer Not planned
Conservation period For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as they are necessary for the purposes of the processing, and for a period of 5 years after the last significant interaction of the user, respecting the applicable limitation periods and guaranteeing the right of deletion by the interested party.
Safety measures
  • Access authentication: Implementation of secure access and authentication systems using strong passwords and multi-factor authentication protocols (2FA).
  • Encryption: Encryption of personal data both at rest and in transit using secure protocols such as TLS/SSL.
  • Access control: Limiting and monitoring access to information, granting access only to authorized personnel.
  • Perimeter security: Use of firewalls, intrusion detection systems (IDS) and tools to prevent unauthorized access.
  • Incident Logging: Maintaining a detailed record of any security incident affecting the confidentiality, integrity or availability of data.
  • Periodic Assessments: Ongoing review and regular penetration testing to identify vulnerabilities in the system.
  • Training: Ongoing staff training in security practices and data protection awareness.

11.- DATA OF MINORS

How do we handle the data of minors?

Minors under 14 years of age may not use the services offered through our website without the prior authorization of their parents, guardians or legal representatives. They will be solely responsible for all actions carried out through the website by minors under their care, including the completion of online forms with the minors' personal data and, where applicable, the selection of the corresponding boxes.

In accordance with the provisions of Article 8 of the GDPR and Article 7 of the LOPD/GDD, only persons over 14 years of age may give their consent for the lawful processing of their personal data by Disop.

12.-ORIGIN AND TYPES OF DATA PROCESSED

Where did we get your data from?

Cookies, Pixel and Tracking - Ocucan
  • Users of the website : The interested party or his/her legal representative

Queries and contacts web forms - Ocucan

  • Users of the website : The interested party or his/her legal representative

What types of data have we collected and processed about you?

Cookies, Pixel and Tracking - Ocucan
Web users
  • Other categories (ID generated by the Pixel or Cookie)
Queries and contacts web forms - Ocucan
Web users
  • Other categories (Message)
  • Identification data (Electronic address)
 

 13- RIGHTS OF INTERESTED PARTIES

What are your rights regarding your data?

Data protection regulations grant you specific rights that you can exercise in relation to the processing of your data. These rights are personal and non-transferable, meaning that only you, as the data subject, can exercise them after verification of your identity.

Your rights are described below:

Right of access : You can request confirmation of whether Disop is processing your data and access information related to its processing.

Right to rectification : If your personal data is inaccurate or incomplete, you can request its correction.

Right to deletion (“right to be forgotten”) : You can request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.

Right to restriction of processing : You may request restriction of processing of your data, for example, while its accuracy is being verified or in other cases provided for by law.

Right to data portability : You have the right to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.

Right to object : You may object to the processing of your data for reasons relating to your particular situation, or when the processing is based on a legitimate interest.

Right not to be subject to automated decisions : You may request not to be subject to decisions based solely on the automated processing of your data, including profiling.

Right to withdraw consent : You may withdraw your consent at any time, without affecting the legality of the processing based on prior consent.

Right to file a complaint : If you consider that your rights have not been respected, you can file a complaint with the corresponding control authority: Spanish Data Protection Agency info@aepd.es https://www.aepd.es

To exercise any of these rights, you may contact Disop using the following contact information:

  • Sponsor: Disop, SA
  • Address: Avda Valdelaparra No. 31 A. 28108, Alcobendas (Madrid), Spain
  • Telephone: +34 916 612 244
  • Email: marketing@disop.com
  • Website: https://disop.com/

You can also exercise your rights before the Data Protection Officer:

Email: rgpd@auratechlegal.es - Phone: 647633242

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so by sending an email to these addresses: rgpd@auratechlegal.es  / marketing@disop.com or a postal mail to: Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain

How can you make a complaint if you feel your rights are not being respected?

If you believe that the processing of your personal data does not comply with data protection regulations, you have the right to lodge a complaint with the relevant Control Authority in your country of residence or place of activity.

Depending on your location, you may contact the competent authority in your country. For example:

•In Germany , you can contact the Berlin Commissioner for Data Protection and Freedom of Information .

•In France , the competent authority is the National Commission for Information Technology and Civil Liberties (CNIL).

Specific contact details for Spain are as follows:

  • Spanish Data Protection Agency
    C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
    Email: info@aepd.es- Phone: 912663517
    Web: https://www.aepd.es

If you are unsure which authority applies to you or need information about other supervisory authorities, you can consult the article on Data Protection Supervisory Authorities , where you will find contact details and links depending on your location.

14.- MODIFICATION AND PRINCIPLE OF INFORMATION

This document ensures that you understand how we treat your personal data. By using our website or services, you confirm that you have been informed about the terms of our Privacy Policy, in accordance with the information principle set out in Article 13 of the GDPR. The legal bases for the processing of your personal data are set out in Article 6 of the GDPR, and may include the execution of a contract, compliance with legal obligations or legitimate interest, among others.

This policy has been prepared in collaboration with Auratech Legal , a law firm specialising in data protection, and will be reviewed periodically to ensure its suitability and compliance.

Disop reserves the right to modify this Privacy Policy based on legislative changes, jurisprudence or guidelines from supervisory authorities. Any relevant modification that affects the purposes of processing, retention periods or user rights will be communicated explicitly.

Last updated: November 26, 2024