PRIVACY POLICY
We reserve the right to make changes.
Also read:
Booking Terms: https://www.costadoctor.com/booking-terms/
Legal Notice: https://www.costadoctor.com/legal-notice/
Data Controller and Processor: Wikmed Oy.
Purpose
- Providing services and customer service
- Providing services and managing online users
- Maintaining and managing contractual obligations
- Communication related to our services
- Commercial communication and marketing activities (newsletters and social media ads, such as Facebook, Instagram, and Google advertising).
Legal Basis: Explicit consent and legal basis
Recipients: Information will not be transferred to third parties unless required by law or if necessary for arranging follow-up care, further examinations, or with the customer’s verbal consent.
Rights:
Inspection, correction, and deletion of data, as well as other rights as described in the additional information.
Additional Information
At Wikmed Oy, we work to provide you with the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this goal. We take care of your privacy and are transparent with our customers and patients about the information we collect about them.
Therefore, in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”) on the protection of individuals regarding the processing of personal data and on the free movement of such data, and in compliance with Law 34/2002 of 11 July (Spain) and, regarding operations in Finland, the Data Protection Act (5.12.2018/105), which concerns information society services and electronic commerce (hereinafter “LSSI”), Wikmed Oy informs the user that, as the data controller, it will include personal data provided by users in an automated register.
Our commitment begins with explaining the following:
- We collect your information to improve your user experience based on your interests and needs.
- We will openly inform you about the data we collect about you and the reasons why we do so.
- Our goal is to provide you with the best possible service experience. Therefore, when we use your personal data, we always do so in compliance with the regulations and will ask for your consent when necessary.
- We understand that the data belongs to you. Therefore, if you decide not to allow us to process them, you can request that we stop processing them unless the law requires the retention of the data.
- Our main focus is to ensure your safety and handle your data in accordance with European legislation.
If you would like more information on how your data is handled, please refer to the various sections of privacy below:
Wikmed Oy (Costadoctor)
Register Names:
- Customer and patient data register
- Staff and partner data register
Who is responsible for the register and the processing of your personal data?
Identity: Jan Wiklund, Wikmed Oy
Official Address: Avd. Nuestro Padre Jesus Cautivo 11, loc 14, Fuengirola, 29640, Fuengirola, Spain.
Company ID: Spain: N0322371F Finland: 2255594-7
Email: info@costaklinikka.com
Phone Number: +358 50 5581199
Data Protection Program
Wikmed Oy has an administrative Data Protection Program and process management system that ensures GDPR obligations, the security of data storage and processing, and user rights. If necessary, you can review the program with the data protection officer. This program also contains sensitive business secrets.
What personal data do we collect?
The user may provide the following personal data:
- Name
- Date of birth
- Personal identification number
- Phone number and email address
- Postal address
- Health and illness information, examinations, biometric data, treatment information, and other health data or files in connection with the provision of services and care. Image data for research and analysis purposes.
- Feedback and complaint data
- Other necessary information related to the customer relationship
- Location
- Payment and refund information. Billing information.
- IP address, date and time of using our services, the browser used, and information about the device’s operating system. Cookie information.
- Any other information you choose to share with us.
- Consent information
- Video surveillance material
- Staff and partner information to maintain contractual obligations and information for which consent has been obtained.
In some cases, completing the registration form is mandatory to use and enjoy certain services offered on our website. The request will not be responded to if the required personal data is not provided or if the terms of this privacy policy are not accepted.
Why and for what purpose do we process your data?
Wikmed Oy processes data for the following purposes:
- Management of bookings and use of services and provision through the online booking portal, forms, or business premises (Medical Center).
- Sending information requested by the patient.
- Development of commercial actions and maintenance of the user relationship, as well as the management of services and information activities offered through the website and social media. We may perform automatic evaluations, create profiles, and segmentation functions of customers according to the characteristics and needs of users to tailor the user experience and improve the customer’s online and service experience.
- Development and management of competitions, draws, or other organized promotions.
- In some cases, disclosure of data to authorities when required by law.
- Disclosure of data to third parties and partners to organize follow-up care and/or examinations for the patient.
- When the patient uses travel insurance or a travel insurance payment commitment, disclosure of data to the patient’s insurance company to fulfill contractual obligations and insurance conditions.
- To other partners for auditing purposes and for managing invoices, contracts, and complaints.
We inform you that the personal data of registered users are included in the processing and handling activities (RAT), which are regularly updated in accordance with the GDPR.
What is the legal basis for processing your data?
The processing of your data may be based on the following legal grounds:
- User consent to order and receive services and products, contact forms, inquiries, or newsletters.
- Legitimate basis for marketing activities in which our customers participate, as well as explicit consent for automatic evaluations and profile creation-related matters.
- Legal obligations to prevent fraud, in cooperation with public authorities, and to respond to third-party claims.
How long do we keep your data?
The processing of data for the purposes described above will continue for as long as necessary to fulfill the purpose of data collection (e.g., the duration of the commercial relationship) and to fulfill legal obligations arising from the processing of data.
To whom is your data disclosed?
In some cases, only when necessary, Wikmed Oy may disclose user data to third parties when required by law or necessary to organize examinations and provide treatment with the customer’s verbal consent. However, data is never sold to third parties.
Service providers working in cooperation with Wikmed Oy (such as other doctors, public or private healthcare facilities, laboratories, platforms specializing in customer communication, service platforms, and insurance companies, banks, payment service providers, transport companies, etc., required to provide Wikmed Oy’s services) may use data to provide services in cooperation with Wikmed Oy according to the needs of the customers. However, they do not use this data for their own purposes or disclose it to third parties. Wikmed Oy strives to ensure the security of personal data when transferred outside the company and ensures that third-party service providers maintain confidentiality and have appropriate measures to protect personal data. These third parties are obliged to ensure that the data is handled in accordance with data protection regulations. By law, it may be necessary to disclose personal data to public authorities or other parties, and they will only be disclosed if it is absolutely necessary to fulfill these legal obligations.
Where is your data stored?
Generally, data is stored within the EU. Data sent to third parties outside the EU is secured with adequate protection, either because they have binding corporate rules (BCR) or because they have joined the “Privacy Shield” framework.
Who processes the data?
The data is processed by Wikmed Oy’s staff, partners working on behalf of Wikmed Oy, and system providers (system maintenance and data storage).
Wikmed Oy uses several SAAS cloud service systems to organize services and maintain registers. Wikmed Oy ensures through mutual agreements and contract terms that service providers comply with the GDPR data protection obligations and maintain a high level of protection. A detailed list of different service providers used by Wikmed Oy is available in Wikmed Oy’s Data Protection Program.
What are your rights, and how can you exercise them?
You can direct your message and exercise your rights by sending an email request to: info@costaklinikka.com.
In accordance with the Data Protection Regulation (GDPR), you may request:
- Right of access: You can request information about personal data stored about you.
- Right of rectification: You can notify changes to your personal data.
- Right to deletion and the right to be forgotten: You can request the deletion or blocking of personal data.
- Right to restrict processing: This means limiting the processing of personal data.
- Right to object: You can withdraw your consent for the processing of personal data and object to their processing.
- Data portability: In some cases, you can request a copy of your personal data in a structured, commonly used, and machine-readable format for transfer to another data controller.
- Right not to be subject to automated individual decision-making: You can request that decisions not be based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.
In some cases, the request may be denied if you request the deletion of data necessary to comply with legal requirements.
If your request is not responded to within 30 days as required by law, you may file a complaint with the data protection authority, or if you have other complaints about data processing, you may file a complaint with Wikmed Oy’s data protection officer, the Spanish Data Protection Authority (www.aepd.es), or for operations in Finland, the Office of the Data Protection Ombudsman of Finland: tietosuoja@om.fi
Who is responsible for the accuracy and truthfulness of the information you provide?
The user (customer/patient) is solely responsible for the accuracy and truthfulness of the data provided. This releases Wikmed Oy from any responsibility in this regard. Users guarantee and are always responsible for the accuracy, validity, and authenticity of the personal data provided and commit to keeping them properly updated. The user agrees to provide complete and correct information on the registration, consent, or order form.
Wikmed Oy reserves the right to terminate contracts with users if the information provided is false, incomplete, incorrect, or outdated.
Wikmed Oy is not responsible for the accuracy of the information if it has not been created by the company and if its source is other than Wikmed Oy. Therefore, it does not assume any responsibility for possible damages that may result from the use of such information.
Wikmed Oy reserves the right to update, change, or remove information on its website and may restrict or prevent access to this information.
Wikmed Oy is not responsible for possible damages or inconveniences caused to the user due to errors, omissions, or negligence in the information prepared by Wikmed Oy if they originate from external sources.
Furthermore, the user declares that they are over 14 years of age and possess the necessary legal capacity to give consent for the processing of their personal data. If necessary, the guardian of a minor will give the required consent.
How do we handle the personal data of minors?
If any of our services are directed at individuals under fourteen years of age, Wikmed Oy requires valid, free, unambiguous, specific, and informed consent from their legal guardians for the processing of the minors’ personal data. In this case, identification of the person providing the consent or other identification documents will be required.
In the case of individuals over fourteen years of age, the processing of personal data may occur with the user’s consent, except in cases where the law requires the involvement of parents or guardians.
What security measures do we apply to protect your personal data?
Wikmed Oy has implemented the data protection security levels required by law and strives to install other additional means and technical measures to prevent the loss, misuse, alteration, unauthorized access, and theft of personal data.
Only those employees or partners who have the right to handle user or customer data as part of their job have access to the system containing customer and user data.
The data controller has adequately protected the data both technically and organizationally. The protection of the register uses, among other things, the following means:
- Hardware and file protection
- Access control
- User identification
- Usage permissions
- Logging of usage events
- Processing instructions and control
- Written agreements with potential subcontractors that require confidential handling and protection of data.
Wikmed Oy is not responsible for possible damages or inconveniences that may result from disruptions, negligence, interruptions, computer viruses, telephone malfunctions, or interruptions in the operation of this electronic system due to causes outside the control of Wikmed Oy, delays, or hindrances in the use of this electronic system due to deficiencies in telephone lines or overloads, overload of the Information Processing Center, Internet system, or delays or hindrances caused by other electronic systems, as well as damages that may result from illegal intrusions by third parties beyond the control of Wikmed Oy. However, the user must be aware that Internet security measures are not infallible.
Links to other websites
The website https://www.costadoctor.com/ may contain links to other websites. By clicking on one of these links and navigating to an external website, such as Facebook or Instagram, or those linked to our website, the visit is subject to the privacy policy of that website, and Wikmed Oy is released from any responsibility related to its privacy policy.
How do we use cookies?
Wikmed Oy’s website uses cookies to optimize and personalize the user’s browsing experience. Cookies are physical data files stored on the user’s device. The information collected through cookies helps facilitate the user’s navigation of the portal and optimize the browsing experience. The information collected through cookies may be shared with their creators, but they are not in any way linked to personal information or data that can identify the user. However, the user can prevent the installation of cookies on the hard drive by configuring their browser to block them. The user can also delete cookies from their device. For more information, please review our cookie policy: https://www.costadoctor.com/cookie-policy-eu/
Can the privacy policy be changed?
This privacy policy may be changed. We recommend that you check the privacy policy regularly and at least whenever you use our websites or services and review your consents accordingly. By using our services, your previous consent remains valid even if our privacy policy has changed. You can always change your consent by contacting the data protection officer: info@costaklinikka.com.