Privacy Policy

Below we provide you with all the necessary information concerning our Privacy Policy in relation to the personal data that we gather.

  1. Those responsible for processing your personal data
  • LABORATORIOS DIAFARM S.A.U (A-08725343) (herein, “DIAFARM”)
  • Avenida d’Arraona, 119-123, Polígono Industrial Santiga.
  • 08210 Barberà del Vallès (Barcelona)
  • Contact email: rgpd@diafarm.es
  • Likewise, we inform you that this data protection policy will be applied to any of the companies belonging to Grupo Faes. You can consult all of the companies that make up Grupo Faes https://faesfarma.com/accionistas-e-inversores/grupo-faes/.
  1. Specific personal data that will be collected
  • The personal data that we will collect and process will be those provided to us where there are data collection forms and the data will be forwarded to us on using any contact sections that may exist. The personal data that we will process will be appropriate, relevant and non-excessive as will be required with the aim of fulfilling the purposes that are listed below.
  1. Purposes, legal capacity and preservation of the processing of your personal data
  • 3.1 CLIENT OR POTENTIAL CLIENT DATA
    • Purpose: to maintain contact and communication with the client, manage the commercial and/or contractual relationship, including post-sales and managing and invoicing requested products and/or services. Likewise, advertising or promotional notifications can be sent to the clients pursuant to article 21 of the Law 34/2002, of 11th July, regarding the computerised and electronic business services.
    • Legal capacity: The legal foundation that validates us for processing our clients’ personal data is the contractual relationship in each instance.
    • Preservation: until the end of the contractual relationship, and subsequently, for the legally demanded time periods.
  • 3.2 SHAREHOLDER, ANALYST, INVESTOR AND MEDIA DATA
    • Purpose: To maintain the contact and communication with shareholders, investors, analysts and the media.
    • Legal capacity: The consent from the user on requesting data with our contact form and by checking the approval box for the privacy policy.
    • Preservation: Until consent is revoked by the interested party and they request to terminate the service.
  • 3.3 PHARMACOVIGILANCE
    • Purpose: Managing the data provided pursuant to the applicable law.
    • Legal capacity: The legal foundation that validates us for processing users’ personal data concerning pharmacovigilance activity is the compliance by DIAFARM of the Royal Decree 577/2013, for which human use of medication pharmacovigilance is governed.
    • Preservation: for the legally demanded time periods.
  • 3.4 SUBSCRIPTION TO OUR WEBSITES
    • Purpose: Service provision, at the request of the interested party, in every instance, in compliance with the description on each of the websites.
    • Legal capacity: The consent from the user on requesting the subscription on the website for the provision of the services and by checking the approval box for the privacy policy.
    • Preservation: Until consent is revoked by the interested party and they request to terminate the service.
  • 3.5 CONTACT FORM
    • Purpose: Providing them with a means through which they can get in contact with us and answer their requests for information.
    • Legal capacity: The consent from the user on requesting data with our contact form and by checking the approval box for the privacy policy.
    • Preservation: Once their request is resolved by way of our form or answered by email, if new processing hasn’t taken place.
  • 3.6 REGISTRATION FORM FOR PARTICIPATING IN THE BLOGS
    • Purpose: Possibility for the users to actively participate in the different publications on the websites, by posting personal opinions on them.
    • Legal capacity: The consent from the user on providing us with their personal data and by checking the approval box for the privacy policy.
    • Preservation: Until consent is revoked by the interested party and they request to remove their personal data.
  • 3.7 SENDING EMAILS
    • Purpose: Answering the requests for information, dealing with their requests and answering their queries or doubts.
    • Legal capacity: The consent from the user on requesting information from us by using the email address.
    • Preservation: Once their request has been answered by email, if new processing hasn’t taken place.
  • 3.8 SENDING CVs
    • Purpose: Having their CV so that they can participate in our staff recruitment processes.
    • Legal capacity: The consent from the user on providing us with their personal dataand documentation for our staff recruitment processes and by checking the approval box for the privacy policy.
    • Preservation: For the progression of the open staff recruitment processes and, subsequently, for one (1) year for future openings.
  • 3.9 SUBSCRIPTION TO OUR NEWSLETTERS
    • Purpose: Sending advertising and informative notifications regarding any of the Grupo Faes’ products and/or services, even electronically, by email.
    • Legal capacity: The consent from the user on subscribing to our newsletters and/or business notifications and by checking the approval box of the privacy policy.
    • Preservation: Until consent is revoked by the interested party and they request to terminate the service.
  • 3.10 COMPETITIONS AND DRAWS
    • Purpose: Participating in competitions and/or draws organised by Grupo Faes.
    • Legal capacity: The consent from the user on subscribing to the competitions and/or draws and by checking the approval box of the privacy policy.
    • Preservation: Whilst these competitions and/or draws are under way.
  • 3.11 WI-FI ACCESS FOR VISITORS
    • Purpose: Providing the visitors from any of the company facilities that are part of Grupo Faes with access to the internet using their own devices, with it also being a necessary security measure in order to know about the devices connected to the Grupo Faes network.
    • Legal capacity: The consent from the user to access the wi-fi network and by checking the approval box for the privacy policy.
    • Preservation: For the time needed the visitors to access the wi-fi network.
  • 3.12 SOCIAL NETWORKS
    • The companies that are part of Grupo Faes have different profiles on some of the main social networks online, with DIAFARM being responsible for the personal data that the users may send privately to Grupo Faes companies. The data processing that takes place on the people that follow the official pages that Grupo Faes companies have on the different social networks, and/or are put in contact with by using these official pages, and/or have any link or connection through these social networks, will be governed by this section and by the privacy policies and use of the social network that is processing them in each instance, insofar as that, the processing that DIAFARM will carry out with the data within each of the websites will be, at most, the one that the social network allows for corporate profiles.
    • Purpose: Their data will be processed for the purpose of appropriately administrating their presence on social networks, informing about Grupo Faes activities, products or services, as well as any other purpose that social network legislations allow for.
  1. Recipients of their personal data
  • DIAFARM is committed to not selling, broadcasting or transmitting in any other way, the users’ personal data to third parties, except in the situations indicated in this privacy policy.
  • Their personal data will be handed over to other businesses belonging to Grupo Faes for internal administrative purposes, including data processing for clients or employees.
  • Likewise, in order to provide the services offered on our websites, DIAFARM can share their personal data with the following service providers, who are contractually bound to protect the confidentiality and security of the personal data that they have access to, who will, in turn, have their corresponding privacy conditions:
    •  FOOCUZZ, S.L., with registered office in Spain, processes the personal data with the purpose of managing Grupo Faes’ web platforms and providing analytical services.
    •  NIVORIA GROUP, with registered office in Spain, processes the personal data with the purpose of managing Diafarm’ web platforms and providing analytical services.
    •  EMFASI COMUNICACIÓ DIGITAL S.L with registered office in Spain, processes the personal data with the purpose of managing Diafarm’ web platforms and providing analytical services.
    •  BEST RELATIONS, with registered office in Spain, processes the personal data with the purpose of managing Diafarm’ web platforms and providing analytical services.
    •  SUDLER, with registered office in Spain, processes the personal data with the purpose of managing Diafarm’ web platforms and providing analytical services.
    •  SIDECAR, with registered office in Spain, processes the personal data with the purpose of managing Diafarm’ web platforms and providing analytical services.
    •  ELEPHANT AVENUE, with registered office in Spain, processes the personal data with the purpose of managing Diactual’ web platforms and providing analytical services.
    •  WEBPOWER, with registered office in Spain, processes the personal data with the purpose of managing Diafarm’ web platforms and providing analytical services.
    •  DISTAN80, S.L., with registered office in Spain, processes the personal data with the purpose of managing Grupo Faes’ web platforms and providing analytical services.
    •  MARKETING MANAGER SERVICES DE MARKETING, S.L.U, with registered office in Spain, processes the personal data with the purpose of managing Grupo Faes’ web platforms and providing analytical services.
    •  THE ROCKET SCIENCE GROUP LLC, d/b/a MailChimp (herein, “MailChimp”), with registered office at 675 Ponce de León Ave NE, Suite 5000, Atlanta, Georgia, the United States, processes the personal data in its capacity of computer system providers.
  • Equally, DIAFARM can share the personal data of clients and employees of their clients that may be essential for implementing the contractual relationship of the following companies:
    •  ALLOGA LOGÍSTICA ESPAÑA, S.L., with registered office in Spain, processes the personal data with the purpose of delivering the orders to our clients.
    •  INFONIS, S.L. with registered office in Spain, processes the personal data with the purpose of managing the commercial relation with our clients.
  • Likewise, the users’ personal data can be consulted by regulatory, police, public or national and international bodies, or transferred to them, either when we are obliged to do so in compliance with the applicable law or when it is requested by them.
  • By accepting this data protection privacy policy, the users grant express, explicit authorisation to the communication of their data to Grupo Faes companies, understanding that this, on certain occasions, means an international transfer of data to a country that doesn’t belong to the European Union, and giving their explicit consent to this transfer. If we transfer the user personal data to any territory outside of the European Economic Area (constituting the Member States of the European Union, plus Iceland, Liechtenstein and Norway), we guarantee the protection of the users’ personal data by: (i) applying the level of protection required in accordance with the local law in terms of data or privacy protection applicable to DIAFARM; (ii) acting in accordance with our rules and policies; and (iii) and we inform you that MailChimp certifies the agreement with the EU – US Privacy Shield Framework.
  1. Rights to assist the users regarding their personal data
  • The rights exposed in this section and that assist the users, can be exercised by sending a communication to DIAFARM to the registered office that is listed in the first section of this personal data privacy policy or to the email address rgpd@diafarm.es, attaching a copy of their ID card.
  • The users can revoke their consent at any time. Equally, the users are informed that they can request to exercise the following rights:
    • The right to requesting access to the personal data. Anybody has the right to obtain conformation regarding whether DIAFARM is processing personal data that is of their concern or not, as well as to obtain a copy of the personal data subject to processing.
    • The right to request the rectification of their personal data, based on the assumption that it was inaccurate and/or to remove it.
    • The right to request the limitation of processing their personal data, in which case, their personal data can solely be processed for making or defending complaints.
    • The right to oppose DIAFARM will stop processing their personal data, except where there are compelling, lawful reasons to do so, or where making or defending potential complaints could require processing their personal data.
    •  The right to transfer their personal data, in which case, they will have the right to receive the personal data that they provided to DIAFARM in a structured format, in common use and machine-readable, and for which DIAFARM passes them on to a new officer of their choice.
  • In the event of diverging from DIAFARM in relation to processing their data, we inform you that you can submit your claim before the corresponding data protection authority, with the Spanish Data Protection Agency being the qualified body, www.agpd.es
  1. The origin of personal data
  • The personal data that we process at DIAFARM come either directly from the interested party where it was them who provided us with it, or from other companies belonging to Grupo Faes.
  • The categories of the data that is processed are:
    •  Identification data
    •  Identification passwords or codes
    •  Addresses or email addresses
    •  Business information
    •  Financial information
  • Likewise, especially protected personal data is processed such as genetic data and data concerning health, which is duly protected under the appropriate security measures established to that effect.
  1. Transactional and technical data
  • Below, we indicate the transactional and technical data categories that we can gather on the users:
    •  Information about their browser and device.
    •  Statistics related to our users’ usage of our website.
    •  Usage data.
    •  As well as any information that is given to us on using our websites.
  • The aforementioned data, as well as the personal data generated by way of cookies (you can consult the Cookies Policy at the following link https://www.diafarm.com/aviso-legal are gathered under a pseudonym and are subjected to objections to the processing of this personal data, as the Cookies Policy states.
  • Purpose: We don’t use the personal data indicated in this section to check on individual visitors or identify them, but to obtain practical knowledge on the way in which the users use our websites, which may allow DIAFARM to improve them for the users.
  1. Third-party personal data
  • With regards the data of other people, we remind you that their privacy must be respected, paying special attention when publishing their personal data. Equally, as a user, only they can consent to processing their personal data, but not that of third parties, with communicating third-party data constituting the release of personal data.
  • In the event that we are provided with third-party personal data, it’s your exclusive responsibility to gain their prior express consent to use it and inform us of it, making yourselves responsible of informing these third parties about the inclusion of their data on our files.
  1. What happens if their personal data isn’t given to us?
  • Providing personal data is voluntary, so if it isn’t given to us, we can’t deal with it appropriately nor grant the users the services that we offer on our different websites.
  1. Updating their personal data
  • When personal data is voluntarily provided, it guarantees that they are authorised to provide us with this data and that the information is correct, true and up to date. Likewise, in order to keep their personal data up to date, we need to be informed us when there has been a change in it, if not we will not be held responsible for their authenticity.
  1. Linked website and third-party applications
  • On our websites there might be hyperlinks that will take them away from the original sites, allowing them to have access to another website. The linked websites are not under DIAFARM’s control and they have different privacy policies. The DIAFARM Privacy Policy only affects the personal data that is acquired from our websites, with the usage that you make of the Grupo Faes software or the Grupo Faes services, or through their relationship with Grupo Faes. DIAFARM doesn’t accept any responsibility for the third-party websites.