Privacy Policy (updated on 4.10.2025)

 

At Wikmed Oy, we work to offer you the best possible experience through our products and services. In some cases, it is necessary to gather information to achieve this. We care about your privacy and believe we should be transparent about it.

Therefore, for the purposes of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter, “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, “LSSI”), Wikmed Oy informs the user that, as data controller, it will incorporate the personal data provided by users into an automated file.

 

Our commitment begins by explaining the following:

• We collect your information to improve the user experience, based on your interests and needs.

• We will be transparent with you about the data we collect about you and the reasons why we do so.

• Our intention is to offer you the best possible service experience. Therefore, when we use your personal information, we will always do so in compliance with the regulations, and when necessary, we will request your consent.

• We understand that your data belongs to you. Therefore, if you decide not to authorize us to process it, you can ask us to stop processing it, unless we are legally prevented from retaining it.

• Our main priority is to guarantee your security and to process your data in accordance with European regulations.

If you wish to obtain more information about the processing of your data, consult the different sections of the privacy policy below:

Who is the controller of your personal data?

• Identity: Wikmed Oy

• Tax address: Avenida Nuestro Padre Jesús Cautivo 11, loc 14, Fuengirola, 29640, Fuengirola, Spain. C.I.F. nº: N0322371F

• Business ID: 2255594-7

• Identification Number of the Health Center or Establishment in Andalusia “NICA”: 59122

• Email: info@costaklinikka.com

• Phone number: +358 505581199

Wikmed Oy has appointed a Data Protection Officer or an internal contact person within its organization. If you wish to make an inquiry regarding the processing of your personal data, you can contact them by email at info@costaklinikka.com.

Data Protection Action Plan Wikmed Oy has an administrative Data Protection Action Plan and a process management system that helps us to ensure compliance with GDPR obligations, the security of data storage and processing, and user rights. If necessary, you can consult the Action Plan with the Data Protection Officer. This action plan also contains sensitive business secrets.

What personal data do we collect? The personal data that the user may provide:

• Name

• Date of birth

• Personal identification number

• Phone number and email address

• Postal address

• Health and medical information, examinations, biometric data, treatment information, and other health information or files related to the service and treatment.

• Image data for research and analysis purposes.

• Feedback and complaint information

• Other necessary information related to the customer relationship

• Location

• Information related to payments and returns. Billing information.

• IP address, date and time you used our services, the web browser you used, and information about your device’s operating system. Response information.

• Any other information or data you decide to share with us.

• Consent information

• Video surveillance footage

• Information on staff and partners to maintain contractual obligations and information for which consent has been obtained.

   

In some cases, it is mandatory to complete the registration form to access and enjoy certain services offered on the web; likewise, not providing the requested personal data or not accepting this data protection policy means that it is impossible to subscribe, register or participate in any of the promotions in which personal data are requested.

 

Why and for what purpose do we process your data? At Wikmed Oy, we process the information provided by interested persons for the following purposes:

• To manage appointments and to use and provide services in the online appointment booking portal, through forms or at the business premises (at the Medical Center).

• To send information requested by the patient.

• To develop commercial actions and maintain the relationship with users, as well as to manage and provide information about the services offered through the website and social media. We may carry out automatic assessments, create profiles and segment customers according to their characteristics and needs, in order to personalize their experience and improve their online and service experience.

• To develop and manage contests, sweepstakes, or other promotions.

• In some cases, to disclose information to the authorities when required by law. To disclose information to third parties and partners to organize further patient care and/or examinations. When a patient uses travel insurance or a payment commitment from a travel insurance company, to disclose information to the patient’s insurance company to comply with contractual obligations and insurance terms and conditions.

• To other partners for auditing purposes and for the management of invoices, contracts, and claims.

   

We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of Processing Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the GDPR.

 

What is the legal basis for processing your data? The processing of your data may be based on the following legal grounds:

• Consent of the interested party for the contracting of services and products, for contact forms, requests for information or subscription to e-newsletters.

• Legitimate interest for the processing of our clients’ data in direct marketing actions and express consent of the interested party for everything related to automatic assessments and profiling.

   

• Compliance with legal obligations for fraud prevention, communication with public authorities and third-party claims.

   

How long do we keep your data? The processing of data for the purposes described will be maintained for the time necessary to fulfill the purpose of its collection (for example, for the duration of the commercial relationship), as well as for the fulfillment of the legal obligations arising from the processing of the data.

 

To whom will your information be disclosed? In some cases, and only when necessary, Wikmed Oy may disclose user data to third parties when required by law or when it is necessary to organize examinations and provide treatment with the verbal consent of the client. However, the data will never be sold to third parties.

• Healthcare and service providers: Personal data may be processed by medical professionals, public health bodies, laboratories, insurance companies, banking institutions, payment providers, courier companies, and collaborating health platforms such as Costa Doctor and AJAS. These third parties will only have access to the information necessary to provide the corresponding services and may not use it for their own purposes or transfer it to other third parties.

• Social networks and digital platforms: Likewise, to facilitate interaction with users, Wikmed Oy may use third-party tools such as Facebook, Instagram, Google Maps, or WhatsApp. The use of these platforms implies the communication of certain contact or interaction data under the privacy conditions of each service, of which the user will be informed at the time of connection.

• Use of artificial intelligence in the clinic: As part of the digitization of clinical processes, Wikmed Oy uses the Heidi Health assistant, based on artificial intelligence, which transcribes the doctor-patient conversation into text format to generate official clinical notes. The purpose of this tool is to improve the accuracy of clinical records and optimize the time of healthcare staff. Heidi Health acts as a data processor, under a contract signed with Wikmed Oy and in compliance with the applicable data protection regulations. In any case, the express consent of the patient will be obtained before using this service.

• Guarantees and legal obligations: Wikmed Oy guarantees that when personal data must be transferred outside the company, the third-party recipients will maintain the confidentiality, integrity, and security of the information, applying appropriate technical and organizational measures. In certain circumstances, the company may be obliged to disclose personal data to public bodies or other competent authorities, always limiting itself to the information strictly necessary for the fulfillment of legal obligations.

Where is your data stored? In general, data is stored within the EU. For data sent to third parties outside the EU, we will ensure that they offer a sufficient level of protection, either because they have Binding Corporate Rules (BCR) or because they have adhered to the “Privacy Shield”.

Who processes the data? The data is processed by the staff of Wikmed Oy, partners working on behalf of Wikmed Oy, and system providers (system maintenance and data storage). Wikmed Oy uses several SAAS cloud service systems to organize services and maintain records. Wikmed Oy ensures, through mutual agreements and contractual conditions, that service providers comply with the GDPR and offer a high level of data protection. A detailed list of the service providers used by Wikmed Oy can be found in its Data Protection Program.

What are your rights and how can you exercise them? You can direct your communications and exercise your rights by sending a request to the following email address: info@costaklinikka.com.

Under the provisions of the GDPR, you can request:

• Right of access: you can request information about the personal data we hold about you.

   

• Right to rectification: you can communicate any changes to your personal data.

   

• Right to erasure and to be forgotten: you can request the deletion of personal data after blocking it.

   

• Right to restriction of processing: this involves restricting the processing of personal data.

   

• Right to object: you can withdraw your consent to the processing of your data, opposing its continued processing.

• Right to data portability: in some cases, you can request a copy of your personal data in a structured, commonly used, and machine-readable format for transmission to another controller.

• Right not to be subject to individualized decisions: you can request that decisions are not made based solely on automated processing, including profiling, that produces legal effects or significantly affects the data subject.

In some cases, the request may be refused if you request the deletion of data necessary for the fulfillment of legal obligations. If your request is not answered within the 30-day period stipulated by law, you can file a complaint with the Data Protection Authority or, if you have other complaints about data processing, you can file a complaint with the Data Protection Officer of Wikmed Oy or the Spanish Data Protection Agency (www.aepd.es) or, for Finnish operations, the Office of the Data Protection Ombudsman of Finland: tietosuoja@om.fi

Who is responsible for the accuracy and truthfulness of the information you provide? The user (client/patient) is solely responsible for the accuracy and correctness of the information provided. This exempts Wikmed Oy from any liability in this regard. Users guarantee and are responsible, at all times, for the accuracy, validity, and authenticity of the personal information they provide and undertake to keep it duly updated. The user agrees to provide complete and correct information in the registration, consent, or order form.

Wikmed Oy reserves the right to terminate the agreements made with users if the information provided is false, incomplete, incorrect, or outdated. Wikmed Oy is not responsible for the accuracy of information that is not of its own creation and for which another source is indicated. Therefore, it assumes no liability whatsoever for any hypothetical damages that may arise from the use of said information.

Wikmed Oy reserves the right to update, modify or delete the information contained on its website and may even limit or deny access to said information. Wikmed Oy is not liable for any loss or damage that the user may suffer as a result of errors, defects, or omissions in the information provided by Wikmed Oy, provided that it comes from sources other than Wikmed Oy.

Furthermore, the user declares that they are over 14 years of age and have the necessary legal capacity to consent to the processing of their personal data. If necessary, the minor’s guardian will grant consent.

How do we process the personal data of minors? Our professional services are provided in both Spanish and Finnish territory, so it is necessary to remember the minimum age that allows access and processing of personal data of minors in each country in accordance with current regulations:

• In Spain: if any of the services are aimed at minors under fourteen (14) years of age, and in accordance with article 8 of the GDPR and article 7 of Organic Law 3/2018, of December 5 (LOPDGDD), Wikmed Oy will require the valid, free, unequivocal, specific, and informed consent of their parents or legal guardians to process their personal data. In this case, the DNI or other valid identification document of the person granting said consent will be requested. Those over fourteen (14) years of age may consent for themselves, except in those cases where the law requires the assistance of the holders of parental authority or guardianship.

• In Finland: if any of the services are aimed at minors under thirteen (13) years of age, in accordance with article 8 of the GDPR and the applicable Finnish national regulations, Wikmed Oy will also require the valid, free, unequivocal, specific, and informed consent of their parents or legal guardians, together with a valid identification of the person granting it. Those over thirteen (13) years of age may consent for themselves, except in those cases where the regulations require the intervention of their parents or guardians.

What security measures do we apply to protect your personal data? Wikmed Oy has implemented the legally required data protection security levels and strives to install other additional technical means and measures at its disposal to prevent the loss, misuse, alteration, unauthorized access, and theft of the personal data provided to Wikmed Oy.

Only employees or partners who have the right to process user or client data for the purpose of their work are authorized to use the system containing client and user data. The controller has adequately protected the data, both technically and organizationally. To protect the registry, the following methods are used, among others:

• Hardware and file protection

• Access control

• User identification

• User authorizations

• Logging of usage events

• Processing instructions and supervision

Written agreements have been made with possible subcontractors that require the confidential handling and protection of information.

Wikmed Oy is not responsible for any damages or losses that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns, or disconnections in the operational functioning of this electronic system, for reasons beyond Wikmed Oy’s control; from delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Center, in the Internet system or in other electronic systems, as well as from damages that may be caused by third parties through illegitimate intrusions beyond the control of Wikmed Oy. However, the user must be aware that Internet security measures are not impregnable.

 

Links to other websites On the website https://www.costaklinikka.com/ there may be links to other web pages. By clicking on one of these links and accessing an external website such as Facebook or Instagram, or those linked to our website, the visit will be subject to the privacy policy of that website, and Wikmed Oy is exempt from any responsibility in relation to its privacy policy.

How do we use cookies? The Wikmed Oy website uses cookies to optimize and personalize your browsing experience. Cookies are physical information files that are stored on the user’s own terminal. The information collected through cookies serves to facilitate the user’s navigation through the portal and optimize the browsing experience. The data collected through cookies may be shared with their creators, but in no case will the information obtained by them be associated with personal data or data that can identify the user. However, if the user does not want cookies to be installed on their hard drive, they have the possibility of configuring their browser in such a way as to prevent the installation of these files. For more information, consult our Cookie Policy: https://www.costaklinikka.com/cookie-policy-eu/

 

Can the privacy policy be changed? This Privacy Policy may change. We recommend that you review it periodically, at least every time you use our websites or services, and that you evaluate your own consents accordingly. By using our services, your prior consent will remain valid even if our Privacy Policy has changed. You can always change your consent by contacting the Data Protection Officer: info@costaklinikka.com