Privacidad

Compromiso de Dedalus con la Protección de la Información Personal.

The Dedalus Group Global Data Protection Policy (the “Policy”), articulates the data protection principles followed by the Dedalus Group (“Dedalus”), its business units and its employees worldwide with respect to the processing of personal data.

These principles are aligned with the highest standards in international business and human resources management. Dedalus’ commitment to these high standards reflects the value we place on earning and maintaining the trust of our employees, customers, business partners and other stakeholders whose personal data is processed and, where appropriate, shared with us.

Dedalus will process personal data in accordance with this Policy and applicable data protection laws. In the regular course of business, Dedalus collects personal data from its customers, suppliers, employees, website users, job applicants, contractors, shareholders, partners, other third parties and exceptionally, for products used directly by end users, may collect data from end users.

Dedalus recognizes that personal data must be treated with caution. We are committed to conducting our business in accordance with all relevant laws of the countries in which we operate and in line with the highest standards of ethical conduct.

If you have any questions or comments about this policy, please contact us at [email protected].

SCOPE AND APPLICABILITY

This Policy applies to all Dedalus subsidiaries and entities. It defines the expected conduct of each Dedalus employee, officer and director when processing data of Dedalus’ customers, suppliers, employees, website users, job applicants, contractors, shareholders, partners, end users of Dedalus’ services and other third parties.

Personal data of data subjects may be collected through a variety of means, including, for example, through websites, other ordering channels, and service or employment processes.

This Policy is intended to facilitate data protection by applying privacy principles by design and by default in the engineering and implementation of systems and processes by Dedalus. Therefore, among other things, it is intended to direct customer and employee data protection policies, and to influence system implementation standards, regulations, business processes, applications, web, product and service developments, and technology roadmaps.

This policy is designed to ensure that personal data is protected regardless of geography or technology, when used within the Dedalus Group, and applies to Dedalus’ processing of personal data.

This policy is organized around the underlying commitments:

  1. Processing personal data fairly and lawfully.
  2. Respecting individual rights and choices
  3. Responsible and secure management of personal data
  4. Implementing data protection by design and by predetermined paradigms
  5. Cooperation with supervisory authorities

This policy defines Dedalus’ uniform and reference standards that apply in the absence of stricter standards that may be required by local laws.

To the extent required or permitted by national laws, this policy applies worldwide to all directors, officers, employees and contracted representatives of all Dedalus companies. In addition, specific practices will be tailored to meet the legal, regulatory and cultural requirements of the countries and regions in which Dedalus operates. In addition, in all cases where the negotiated terms of any Dedalus service agreement require a level of protection for data processed by Dedalus that exceeds the minimum legal requirements, those negotiated terms will prevail. Internal implementation rules, guidelines and training are provided with all supporting documentation necessary to act in accordance with this policy.

KEY COMMITMENTS

Dedalus is committed to complying with applicable data protection laws. Dedalus is regularly audited internally and by third parties, maintains certifications, and provides industry standard contractual protections and appropriate technical and organizational measures to strengthen compliance with applicable data protection laws. Dedalus processes personal data only as permitted or required by applicable laws and in accordance with the following data protection principles.

DATA COLLECTION AND PROCESSING IN A FAIR AND LAWFUL MANNER

Dedalus informs in a clear, honest and transparent manner about the nature of the data it collects and what it intends to do with it. The use of data by Dedalus for a purpose other than that initially communicated is not authorized unless adequate information is provided to the individuals concerned and, where applicable, consent for the intended use is given to Dedalus. In general, Dedalus is authorized to use personal data for secondary purposes when implementing internal controls and audits and complying with its legal obligations.

Dedalus processes data only to the extent that there is a proper legal basis, such as valid and informed consent, the legitimate interests of Dedalus and/or the need to enter into or perform contracts and comply with legal or regulatory commitments.

Any consent given by data subjects to the collection and use of their data must be given freely and in response to clear information from Dedalus about the intended use of the data. Such consent may be withdrawn at any time by the individual without undue complications.

When processing data on behalf of a customer or other third party, Dedalus, as data processor will comply with the guidelines and instructions of the data controller in addition to this Data Protection Policy.

Dedalus, as data processor, will take reasonable steps to provide customers with a means to ensure that data is accurate and up to date, keep personal data only for as long as necessary for the purposes for which it is collected and used, and delete or anonymize it after those purposes have been fulfilled.

RESPECTING THE RIGHTS AND CHOICES OF INDIVIDUALS

Dedalus recognizes the rights of individuals to:

  • Request access to data collected on them by Dedalus and the reason Dedalus holds such data.
  • Obtain a copy of the personal data they contain
  • Request rectification or erasure of inaccurate or incomplete data
  • Withdraw the consent given to Dedalus for the collection of their data at any time.

Dedalus will respond to requests made by individuals exercising their rights within a reasonable period after the individual’s request or within any specific period that may be required by applicable local laws.
Dedalus will handle and investigate complaints made by individuals about any breach of these data protection rules or laws and will respond to such complaints in a timely manner.
We respect the rights of customers to object to the use of their data or to opt out of receiving direct marketing communications. When using personal data for marketing purposes, Dedalus will inform individuals in clear and plain language about the use of their data for such purposes. Dedalus respects the right of its current and potential customers to:

  • only receive marketing communications from Dedalus if explicit and specific prior consent has been provided, where required by applicable laws, or if Dedalus can demonstrate that it is authorized to send such communications for its legitimate business purposes.
  • we may no longer receive any marketing communications if Dedalus has received a specific preference setting, opt-out or objection to use such data for marketing purposes.

We use sensitive personal data only as necessary. Dedalus recognizes that some categories of personal data are particularly sensitive and require a higher level of protection. Sensitive data includes information about an individual’s health, biometric and genetic data, religion and political opinions, racial or ethnic origin, criminal record and any other information specifically protected by relevant applicable data protection laws.

Dedalus implements appropriate procedures and safeguards to restrict access to confidential data to only appropriate persons and to prevent its unauthorized access, use and dissemination.

RESPONSIBLE AND SECURE DATA MANAGEMENT

Dedalus is responsible for complying with the requirements set forth in this Policy and under applicable law. Dedalus will take the necessary steps to comply with the requirements of this Policy and applicable law and have the necessary internal mechanisms in place to demonstrate such compliance.

Dedalus employs data protection practices designed to support its compliance with this Policy and applicable law and provides internal controls to verify compliance with data protection laws and Dedalus’ related policies and procedures.

Dedalus strives to protect data with appropriate technical and organizational measures to ensure confidentiality, integrity and availability and to prevent the risk of unauthorized or unlawful access, alteration, destruction or disclosure.

To the extent that Dedalus has been processing personal data that has been subject to a security breach because Dedalus systems and services are directly involved, Dedalus will inform data subjects of such security breach if it affects their personal data and could represent a high risk to their rights and freedoms in accordance with applicable laws.

Dedalus requires its suppliers or subcontractors to fully comply with Dedalus’ data protection policy and any applicable data protection legislation and to maintain appropriate technical and organizational security measures to protect personal data.
Dedalus limits access to data to its employees or suppliers who need to perform specific tasks in connection with such data. Dedalus provides training and programs available to educate and create awareness among employees about their individual and collective legal, regulatory and contractual responsibilities with respect to data evaluation.

In accordance with applicable law, Dedalus provides reasonable assistance to its customers, where Dedalus acts in a processor capacity, to ensure the security of their processing and will inform customers of a security breach as required by such laws.

When data is transferred, we ensure that we have taken steps to protect personal data prior to such transfer. Dedalus makes international transfers only when this is justified for business purposes and safeguards are in place to ensure that the data continues to be adequately protected in the destination jurisdiction.

If the processing is likely to result in a high risk to individuals, Dedalus will carry out an impact assessment to identify the risks that the processing may cause to the rights of individuals and eliminate or reduce those risks.

Dedalus has established a global data protection office that is responsible for implementing this policy, promulgating additional policies related to data protection, and providing compliance and other strategically coordinated data protection-related services and resources to Dedalus’ business units.

APPLICATION OF THE DATA PROTECTION PARADIGMS BY DESIGN AND BY DEFAULT

Dedalus, from the moment the research activity is designed, implements the appropriate technical and organizational measures to effectively apply the data protection principles and integrates the necessary safeguards in the processing to comply with regulatory requirements and protect the rights of individuals, taking into account the state of the art of the technology, the cost of implementation, the nature, scope, context, purposes of the processing and the risks to the rights and freedoms of individuals posed by the processing of the data.

Dedalus also ensures that, by default, only the data necessary for each specific purpose of the processing are processed. This obligation applies to the amount of data collected, the scope of processing, the retention period and the accessibility of the data.

To comply with these principles, Dedalus business units must, whenever they design or implement new projects, services, systems or products involving the processing of data, ensure that they comply with the data protection requirements by design and by default. To this end, Dedalus also requires suppliers, software developers and other third parties to provide specific relevant safeguards and features during the design phase of such projects. When a new project, service, system or activity involves the processing of data, the business unit performing this activity must verify the technical documentation, safeguards, functions and measures taken to ensure the minimization of data and the minimization of potential risks to the individual.

COOPERATION WITH SUPERVISORY AUTHORITIES

Dedalus will cooperate with any competent national or regional supervisory authority responsible for supervising the applicable data protection law, which has reasonable grounds to question any processing of personal data by Dedalus, and will comply with the decisions of such competent supervisory authority on any issues related to this Policy.

VIOLATIONS

Failure to comply with this Policy may be considered a serious breach of the trust that Dedalus should be able to place in its personnel. Therefore, failure by an employee to comply may result in a sanction, such as suspension or other disciplinary action or action under employment law. Non-compliance by non-employees may result in termination of the relevant contract. Personnel will not be penalized for raising issues related to compliance with this Policy.

CHANGES TO THIS POLICY

This Policy supersedes all previous Dedalus policies on data protection to the extent that they address the same issues and are inconsistent with this Policy or impose less restrictive requirements.

Dedalus reserves the right to modify this Policy. Any material changes will be posted on the Dedalus website.

DATA PROTECTION OFFICER CONTACT DETAILS

We have also appointed a Data Protection Officer (“DPO”), who can be contacted by e-mail at the following address

Current version: Dedalus – privacy policy – v. 1
Last update: September 2021

This document has been prepared pursuant to EU Regulation 2016/679 (the “GDPR“) to enable users to understand what cookies are installed when they use the website www.dedalus.com (the “Website“).

  1. Data controller and data protection officer

Dedalus S.p.a., with registered office in Italy, Milano, Piazza della Santissima Trinità 6  (“Dedalus“) is the data controller of the personal data (the “Data“) of the users of the Website collected using cookies. For any request it is possible to write to Dedalus at the above-mentioned physical address or through the e-mail address [email protected].

Dedalus has appointed a Data Protection Officer (“DPO“), who can be contacted at [email protected]

 

  1. Data processed by Dedalus

The navigation on the Website involves the use of cookies, short strings of text that the websites visited send to the user’s browser, where they are stored and then transmitted to the same websites during subsequent visits. While browsing a site, the user may also receive cookies on their computer from sites or web servers other than the one he/she is visiting (so-called “third party” cookies). It is possible to distinguish:

  1. Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website.
  2. Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
  3. Marketing cookies are used to target advertising to a user (behavioural targeting). They are often served by third party companies, and track a user across websites.

This Website uses the following cookies:

 

Cookies Duration Description Host Type (first/third party)
Necessary        
cookielawinfo-checkbox-analytics 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”. www.dedalus.com 1st
cookielawinfo-checkbox-functional 11 months The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”. www.dedalus.com 1st
cookielawinfo-checkbox-others 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Other. www.dedalus.com 1st
cookielawinfo-checkbox-necessary 11 months This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”. www.dedalus.com 1st
cookielawinfo-checkbox-marketing 11 months This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Marketing”. www.dedalus.com 1st
cookielawinfo-checkbox-performance 11 months This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Performance”. www.dedalus.com 1st
CookieLawInfoConsent 1 year The cookie is set by the GDPR Cookie Consent plugin and is used to store if user has consented to the use of cookies. www.dedalus.com 1st
viewed_cookie_policy 11 months The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. www.dedalus.com 1st
wpc_* 1 day Cookies used by WP Cerber security plugin. When WP Cerber is installed on your website it can generate and set several browser cookies with the sole purpose of securing your website by detecting and mitigating malicious activity. All these cookies have randomly generated names and contain randomly generated values. No personal or sensitive data is stored in the cookies. Those cookies allow WP Cerber to distinct logged in users and non-logged in visitors as well as search engine bots and spammers. Cookies contain randomly generated alphanumeric values. No personal data is used. www.dedalus.com 1st
Analytics
_ga 2 years The gtag.js JavaScript library uses first-party cookies to distinguish unique users as well as unique sessions from a single user. The library does not require you to set cookies to transmit data to Google Analytics. .analytics.google.com 3rd
_ga_8KYD6DV1RG 2 years The gtag.js JavaScript library uses first-party cookies to store anonymized statistics. .dedalus.com 1st
_ga_K3D2S76CQB 2 years The gtag.js JavaScript library uses first-party cookies to store anonymized statistics. .dedalus.com 1st
Marketing        
VISITOR_INFO1_LIVE 6 months A cookie that YouTube sets to provide ad delivery or retargeting, store and track a visitor’s identity, store and track interaction. .youtube.com 3rd
YSC session This cookie is set by the YouTube video service to track views of embedded videos within YouTube pages to tailor user options and preferences during a browsing session. .youtube.com 3rd

 

While technical cookies cannot be refused by the user of the Website, as they are strictly functional to the Website itself, the user can freely choose to accept or refuse the use of profiling cookies. The user can set and review their choices regarding cookies here with the “cookies setting” function available on the website
(privacy section).

  1. Purposes and legal basis of the processing

By using cookies, the following purposes are pursued:

3.1 to enable the navigation of the Website and its smooth functionality. The legal basis for the processing is the provision to users of services related to the Website and the legitimate interest of Dedalus to have a functional website.

3.2 to fulfil any obligations under applicable laws, regulations, or EU legislation, or to comply with requests from the authorities. The legal basis for the processing is the obligation of Dedalus to comply with mandatory legislation.

3.3 analyse user behaviour and possibly send him advertising messages in line with the preferences expressed by the same during navigation. The legal basis for processing in this case is the consent of the interested party.

3.4 for the needs of defence of the rights of Dedalus in the context of any litigation, even in court. The legal basis of the processing is the legitimate interest of the Owner to protect its rights.

The conferment of Data is optional, but (except in cases of processing based on consent) the failure to provide Data prevents the Controller from allowing the navigation of the Website.

  1. Recipients of the Data

The Data may be communicated:

(a) to third parties who need to perform specific activities in relation to the Data, in accordance with the purposes of the processing, or to service providers to the Data Controller.

(b) to authorities, entities and/or parties to whom the Data must be disclosed, pursuant to binding legal or contractual provisions.

(c) in other circumstances, such as acquisitions and sales to potential third-party companies, when we expect to sell or transfer part of or all our business.

  1. Transfer of Data outside the European Economic Area

As for the possible transfer of Data to countries not belonging to the European Economic Area, the processing will take place according to one of the legally permitted methods and therefore through the selection of recipients established in countries considered adequate by the European Commission or through the stipulation of standard contractual clauses.

  1. Data retention

The Data will be kept only for the time necessary for the purposes for which they were collected, respecting the principles of conservation limitation and minimization. More precisely, the terms of duration of the cookies are defined in the previous section 2. For the Data whose processing is based on the consent of the interested party, it is specified that the same will be kept until such consent is revoked.

  1. Data subjects’ rights

In the presence of the relevant legal prerequisites, the data subject may ask the Data Controller or the DPO for access to their Data, to rectify or erase them or to object to their processing, to request the restriction of processing in the cases provided for by Article 18 GDPR, as well as to obtain in a structured, commonly used, and machine-readable format the data concerning him/her, in the cases provided for by Article 20 GDPR.

In addition, the user has the right to revoke any consent to processing at any time, without affecting the lawfulness of the processing carried out by the Controller before the revocation.

Requests should be made in writing to the Data Controller at the addresses indicated above.

In any case, the interested party may lodge a complaint with the Guarantor for the Protection of Personal Data if he believes that the processing of his Data is contrary to the regulations in force.

 

Current version: Dedalus –Cookie policy– Dedalus S.p.a v. 1

Last updated: October 2021

Dedalus Group attaches a great deal of importance to and intends to pay particular attention to protecting your personal data and respecting your privacy.

The aim of this privacy policy and information notice for website users (hereinafter referred to as the “notice”) is therefore to inform you of how your personal data is processed when you visit the website www.dedalus.com (hereinafter referred to as the “site”).

In this regard, please note that ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS). You can consult the essential content of the Joint Controllership Agreement in section 8.

See Section 9 (“How can you contact us?”) below for contact details

1. WHAT PERSONAL DATA DO WE COLLECT?

When you browse our site, we may collect the following categories of personal data about you:

  • identification data (e.g., surname, first name, email address, username, password, Region, type of device).
  • professional data (e.g., position held, field of activity, employer).
  • technical data (e.g., IP address, type of browser used, etc.).
  • any personal data contained in any correspondence you send to us.

Provision of your personal data is voluntary, but we will be unable to provide you with the services and information you request without it. For example, if you contact us through the site, you will need to provide us with your email address so that we can respond to you.

In any case, we will inform you when it is mandatory to provide your personal data.

Additionally, if you provide us with personal data belonging to third parties, you undertake to ensure that such persons have been duly informed of the processing of their personal data in accordance with this policy and, if required, have consented to the processing of their personal data.

2. WHY DO WE USE YOUR PERSONAL DATA?

The table below outlines the purposes that we process your personal data for and, for each purpose, the legal basis for the processing operation in question:

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH? 

In the context of our processing operations, we may communicate your personal data to the following recipients:

  • to our service providers, suppliers, agents, and contractors, to the extent that they assist us in carrying out the purposes set out in this policy (e.g., we use IT service providers to host your personal data on our behalf).
  • the other entities of the Dedalus Group.
  • to competent courts, public authorities, government agencies and law enforcement agencies (including where we are required to comply with legal or regulatory requests).

Regardless of the recipient, we will only disclose your personal data to them on a strictly need-to-know basis and only to the extent required to fulfill the purposes identified in this policy.

4. DO WE TRANSFER DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?

Should your personal data be transferred outside the European Economic Area (“EEA”), we ensure that the level of protection your personal data is given is not adversely affected by such transfers.

This specifically means that each of the intended transfers is based on one of the following mechanisms at least:

  • the existence of an adequacy decision issued by the European Commission for the country that your personal data is transferred to; or, alternatively;
  • the conclusion of standard contractual clauses reproducing the models adopted by the European Commission; or, alternatively;

the existence of an exemption related to one of the specific situations exhaustively provided for by the General Data Protection Regulation 2016/679 (“GDPR”) (e.g. where you have given your consent to such transfer having been informed of the absence of safeguards, where the transfer is necessary for the performance of a contract concluded between you and us, where the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and a third party, or where the transfer is necessary for the establishment, exercise or defense of our legal claims, etc.).

5. HOW LONG DO WE STORE YOUR PERSONAL DATA FOR? 

We store your personal data for no longer than is necessary for the purpose of the processing concerned.

In other words, this means that the storage periods we apply vary depending on the purpose for which we process the data in question. The table below therefore indicates, for each purpose, the storage period that will be applied to your personal data:

6. DO WE USE COOKIES?

We use cookies on our site.

To find out more about the cookies we use and the purposes that we use them for, please refer to our cookie policy, which can be found here: www.dedalus.com/spain/es/privacidad/

7. WHAT RIGHTS DO YOU HAVE? 

In accordance with the applicable data protection legal framework, particularly the GDPR, you have the following rights as a data subject:

  • You may request access to your personal data and request that it be rectified or erased.
  • You also have the right to request that processing of your personal data be restricted or to object to the same.
  • You have the right to portability of your personal data.
  • Where processing of your personal data is based on your consent, please note that you may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent carried out prior to your withdrawal of the same.

However, please note that some of the above rights are subject to specific conditions dictated by the applicable data protection legal framework. So, if your specific situation does not meet these conditions, we will unfortunately be unable to comply with your request.

To exercise your rights, please contact our DPO using the contact details provided in Section 8 (How can you contact us?). To process your request as efficiently as possible, we may ask you for certain additional information to confirm your identity and/or assist in locating the personal data that forms the subject matter of your request.

In any case, please note that you may lodge a complaint with Agencia Española de Protección de Datos (AEPD) www.aepd.es 

8. ESSENTIAL CONTENT OF THE JOINT CONTROLLERSHIP AGREEMENT

ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS).

The Joint Controllers will ensure compliance with data protection legislation at all times during the term of this contract and will not act or allow to act in a way that causes a breach of data protection legislation in relation to such shared personal data.

The Joint Controllers have appointed a single point of contact (Data Protection Officer – DPO) who will address any issue arising from the processing of shared personal data.

For more information: contact us as indicated in section 9

9. HOW CAN YOU CONTACT US? 

If you have any questions or requests regarding our processing operations with your personal data under this policy, including exercising your rights, as outlined above, you may contact us on the following address: C/ José Echegaray, nº 8 – 28232 Las Rozas – Madrid

We also have appointed a data protection officer (“DPO”), which you can contact by e-mail at the following address: [email protected]

Current version: Dedalus – Privacy policy for website visitors – v. [1]

Last updated: [November 2021

The Dedalus Group attaches a great deal of importance to and intends to pay particular attention to protecting your personal data and respecting your privacy.

The aim of this information notice is therefore to inform you of how your personal data is processed when you act on behalf of a client or prospect of the Dedalus Group (e.g., employee, intern, company representative, etc.).

In this regard, please note that ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS). You can consult the essential content of the Joint Controllership Agreement in section 7.

See Section 8 (“How can you contact us?”) below for contact details.

1. WHAT PERSONAL DATA DO WE COLLECT?

We collect the following categories of personal data about you:

  • Identification data (e.g., surname, first name, contact details, etc.).
  • Professional data (e.g., position held, identity of your employer, etc.).

In most cases, provision of your personal data is mandatory; we will be unable to manage our working relationship with the entity on behalf of which you are acting properly without it. For example, if you refuse to provide us with your contact details so we can send you an agreement to sign, we will be unable to enter into an agreement with the entity on behalf of which you are acting.

In any case, we will inform you when it is mandatory to provide your personal data.

Additionally, in the event that you provide us with personal data belonging to third parties (e.g. if you provide us with the data of a signatory so we can prepare the agreement to be signed), you undertake to ensure that such persons have been duly informed of the processing of their personal data in accordance with this policy and, if required, have consented to the processing of their personal data.

2. WHY DO WE USE YOUR PERSONAL DATA?

The table below outlines the purposes that we process your personal data for and, for each purpose, the legal basis for the processing operation in question:

In any case, we will inform you when it is mandatory to provide your personal data.

Additionally, in the event that you provide us with personal data belonging to third parties (e.g. if you provide us with the data of a signatory so we can prepare the agreement to be signed), you undertake to ensure that such persons have been duly informed of the processing of their personal data in accordance with this policy and, if required, have consented to the processing of their personal data.

2. WHY DO WE USE YOUR PERSONAL DATA?

The table below outlines the purposes that we process your personal data for and, for each purpose, the legal basis for the processing operation in question:

In any case, please note that we will not process your personal data for any other purpose that is incompatible with the above-mentioned purposes.

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH? 

In the context of our processing operations, we may communicate your personal data to the following recipients:

  • to our service providers, suppliers, agents, and contractors, to the extent that they assist us in carrying out the purposes set out in this information notice (e.g., we use IT service providers to host your personal data on our behalf; in the case of unpaid invoices, we may use the services of service providers specialized in debt collection; etc.).
  • to other entities of the Dedalus Group (e.g., in the context of our accounting / fiscal obligations, we may have to share a certain amount of information, including personal data concerning you, for consolidation purposes at Dedalus Group level). 
  • where applicable, to investors / buyers and their advisors (e.g., in the context of mergers and acquisitions).
  • to competent courts, public authorities, government agencies and law enforcement agencies (including where we are required to comply with legal or regulatory requests).

Regardless of the recipient, we will only disclose your personal data to them on a strictly need-to-know basis and only to the extent required to fulfill the purposes identified in this information notice.

We do not sell your personal data.

4. DO WE TRANSFER DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?

In connection with the processing operations described in this policy, we transfer your personal data outside the European Economic Area (“EEA”), including to countries that are not recognized by the European Commission as providing an adequate level of data protection.

In this context, we ensure that the level of protection your personal data is given is not adversely affected by such transfers.

This specifically means that each of the intended transfers is based on one of the following mechanisms at least:

  • the existence of an adequacy decision issued by the European Commission for the country that your personal data is transferred to; or, alternatively;
  • the conclusion of standard contractual clauses reproducing the models adopted by the European Commission; or, alternatively;
  • the existence of an exemption related to one of the specific situations exhaustively provided for by the General Data Protection Regulation 2016/679 (“GDPR”) (e.g. where you have given your consent to such transfer having been informed of the absence of safeguards, where the transfer is necessary for the performance of a contract concluded between you and us, where the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and a third party, or where the transfer is necessary for the establishment, exercise or defense of our legal claims, etc.).

You can obtain copies of these documents by emailing our Data Protection Officer (“DPO”), whose contact details are set out in Section 7 (How can you contact us?) below.

5. HOW LONG DO WE STORE YOUR PERSONAL DATA FOR? 

We store your personal data for no longer than is necessary for the purpose of the processing concerned.

In other words, this means that the storage periods we apply vary depending on the purpose for which we process the data in question. The table below therefore indicates, for each purpose, the storage period that will be applied to your personal data:

We have also defined an archiving policy. This ensures that your personal data is not stored in the active database unnecessarily.

In any case, once the applicable storage period has elapsed, we will irrevocably erase or anonymize your personal data so that you can no longer be identified.

6. WHAT RIGHTS DO YOU HAVE? 

In accordance with the applicable data protection legal framework, particularly the GDPR, you have the following rights as a data subject:

  • You may request access to your personal data and request that it be rectified or erased.
  • You also have the right to request that processing of your personal data be restricted or to object to the same.
  • You have the right to portability of your personal data.
  • Where processing of your personal data is based on your consent, please note that you may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent carried out prior to your withdrawal of the same.

However, please note that some of the above rights are subject to specific conditions dictated by the applicable data protection legal framework. So, if your specific situation does not meet these conditions, we will be unable to comply with your request.

To exercise your rights, please contact our DPO using the contact details provided in Section 7 (How can you contact us?). To process your request as efficiently as possible, we may ask you for certain additional information to confirm your identity and/or assist in locating the personal data that forms the subject matter of your request.

In any case, please note that you may lodge a complaint with the Agencia Española de Protección de Datos (AEPD) www.aepd.es

7. ESSENTIAL CONTENT OF THE JOINT CONTROLLERSHIP AGREEMENT

ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS).

The Joint Controllers will ensure compliance with data protection legislation at all times during the term of this contract and will not act or allow to act in a way that causes a breach of data protection legislation in relation to such shared personal data.

The Joint Controllers have appointed a single point of contact (Data Protection Officer – DPO) who will address any issue arising from the processing of shared personal data.

For more information: contact us as indicated in section 8

8. HOW CAN YOU CONTACT US? 

Your personal data will be processed by Grupo Dedalus Iberia with which you have entered into the contractual/pre-contractual relationship, which will act as the Data Controller. The Data Controller can be contacted at the address of its registered office, as indicated on the respective website and in the contractual documentation.

We also have appointed a data protection officer (“DPO”), which you can contact by e-mail at the following address: [email protected]

Current version: Dedalus – client privacy policy – v. [1]

Last updated: [October 2021]

The Dedalus Group attaches a great deal of importance to and intends to pay particular attention to protecting your personal data and respecting your privacy.

The aim of this privacy information notice is therefore to inform you of how your personal data is processed when you act on behalf of a supplier or business partner of the Dedalus Group (e.g., employee, intern, company representative, etc.).

In this regard, please note that ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS). You can consult the essential content of the Joint Controllership Agreement in section 7.

Please refer to Section 8 (“How can you contact us?”) below to access the contact details of the relevant controller.

1. WHAT PERSONAL DATA DO WE COLLECT?

We collect the following categories of personal data about you:

  • Identification data (e.g., surname, first name, contact details, etc.).
  • Professional data (e.g., position held, identity of your employer, etc.).

In most cases, provision of your personal data is mandatory; we will be unable to manage our working relationship with the entity on behalf of which you are acting properly without it. For example, if you refuse to provide us with your contact details so we can send you an agreement to sign, we will be unable to enter into an agreement with the entity on behalf of which you are acting.

In any case, we will inform you when it is mandatory to provide your personal data.

Additionally, in the event that you provide us with personal data belonging to third parties (e.g. if you provide us with the data of a signatory so we can prepare the agreement to be signed), you undertake to ensure that such persons have been duly informed of the processing of their personal data in accordance with this policy and, if required, have consented to the processing of their personal data.

2. WHY DO WE USE YOUR PERSONAL DATA?

The table below outlines the purposes that we process your personal data for and, for each purpose, the legal basis for the processing operation in question:

In any case, please note that we will not process your personal data for any other purpose that is incompatible with the above-mentioned purposes.

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH? 

In the context of our processing operations, we may communicate your personal data to the following recipients:

  • to our service providers, suppliers, agents, and contractors, to the extent that they assist us in carrying out the purposes set out in this policy (e.g., we use IT service providers to host your personal data on our behalf; etc.).
  • to other entities of the Dedalus Group (e.g., in the context of our accounting / fiscal obligations, we may have to share a certain amount of information, including personal data concerning you, for consolidation purposes at Dedalus Group level, e.g. some services may be contracted by the holding in favor of all group entities). 
  • where applicable, to investors / buyers and their advisors (e.g., in the context of mergers and acquisitions).
  • to competent courts, public authorities, government agencies and law enforcement agencies (including where we are required to comply with legal or regulatory requests).

Regardless of the recipient, we will only disclose your personal data to them on a strictly need-to-know basis and only to the extent required to fulfil the purposes identified in this policy.

We do not sell your personal data.

4. DO WE TRANSFER DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?

In connection with the processing operations described in this policy, we transfer your personal data outside the European Economic Area (“EEA”), including to countries that are not recognized by the European Commission as providing an adequate level of data protection.

In this context, we ensure that the level of protection your personal data is given is not adversely affected by such transfers.

This specifically means that each of the intended transfers is based on one of the following mechanisms at least:

  • the existence of an adequacy decision issued by the European Commission for the country that your personal data is transferred to; or, alternatively;
  • the conclusion of standard contractual clauses reproducing the models adopted by the European Commission; or, alternatively;
  • the existence of an exemption related to one of the specific situations exhaustively provided for by the General Data Protection Regulation 2016/679 (“GDPR”) (e.g. where you have given your consent to such transfer having been informed of the absence of safeguards, where the transfer is necessary for the performance of a contract concluded between you and us, where the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and a third party, or where the transfer is necessary for the establishment, exercise or defense of our legal claims, etc.).

You can obtain copies of these documents by emailing our Data Protection Officer (“DPO”), whose contact details are set out in Section 7 (How can you contact us?) below.

5. HOW LONG DO WE STORE YOUR PERSONAL DATA FOR? 

We store your personal data for no longer than is necessary for the purpose of the processing concerned.
In other words, this means that the storage periods we apply vary depending on the purpose for which we process the data in question. The table below therefore indicates, for each purpose, the storage period that will be applied to your personal data:

We have also defined an archiving policy. This ensures that your personal data is not stored in the active database unnecessarily.

In any case, once the applicable storage period has elapsed, we will irrevocably erase or anonymize your personal data so that you can no longer be identified.

6. WHAT RIGHTS DO YOU HAVE? 

In accordance with the applicable data protection legal framework, particularly the GDPR, you have the following rights as a data subject:

  • You may request access to your personal data and request that it be rectified or erased.
  • You also have the right to request that processing of your personal data be restricted or to object to the same.
  • You have the right to portability of your personal data.
  • Where processing of your personal data is based on your consent, please note that you may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent carried out prior to your withdrawal of the same.

However, please note that some of the above rights are subject to specific conditions dictated by the applicable data protection legal framework. So, if your specific situation does not meet these conditions, we will be unable to comply with your request.

To exercise your rights, please contact our DPO using the contact details provided in Section 7 (How can you contact us?). To process your request as efficiently as possible, we may ask you for certain additional information to confirm your identity and/or assist in locating the personal data that forms the subject matter of your request.

In any case, please note that you may lodge a complaint with Agencia Española de Protección de Datos: www.aepd.es.

7. ESSENTIAL CONTENT OF THE JOINT CONTROLLERSHIP AGREEMENT

ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS).

The Joint Controllers will ensure compliance with data protection legislation at all times during the term of this contract and will not act or allow to act in a way that causes a breach of data protection legislation in relation to such shared personal data.

The Joint Controllers have appointed a single point of contact (Data Protection Officer – DPO) who will address any issue arising from the processing of shared personal data.

For more information: contact us as indicated in section 8.

Grupo Dedalus Iberia (“Dedalus”) attaches a great deal of importance to and intends to pay particular attention to protecting your personal data and respecting your privacy.

The aim of this privacy policy (the “Policy”) is therefore to inform you of how your personal data is processed when you submit your application for a position within Dedalus (paid employment, internship, etc.).

In this regard, please note that ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS). You can consult the essential content of the Joint Controllership Agreement in section 7.

See Section 8 (“How can you contact us?”) below for contact details.

1. WHAT PERSONAL DATA DO WE COLLECT?

We collect the following categories of personal data about you:

  • Identification data (e.g., surname, first name, date of birth, etc.).
  • Professional and educational data (e.g., resume, identity of your current employer (if applicable).
  • Evaluation data regarding your professional skills, including the results of practical tests performed during the recruitment process
  • Personal data (i.e., data relating to your personal life, as it appears on your resume or that you voluntarily convey in your exchanges with us, such as your hobbies or your marital status).
  • Economic data (e.g., your salary expectations, etc.).
  • Health-related data, limited, solely and exclusively, to the degree of disability when you transmit them voluntarily and there is a legal obligation (for example, information on disability)

The provision of your personal data is voluntary, but in most cases, we will be unable to process your application properly without it. For example, if you refuse to provide us with reasonably required information regarding your educational and professional background, we will be unable to determine whether your profile meets the needs of the position and will have to reject your application.

In any case, we will inform you when it is mandatory to provide your personal data.

Additionally, if you provide us with personal data belonging to third parties (e.g., contact details for people with whom we can verify your references), you undertake to ensure that such persons have been duly informed of the processing of their personal data in accordance with this policy and, if required, have consented to the processing of their personal data.

The personal data may be collected directly from you or can be provided by third parties (such as, previous employers solely to verify your references) and/or publicly accessible sources only for those cases in which the information reviewed serves to verify if the candidate meets certain qualities strictly related to the position offered.

2. WHY DO WE USE YOUR PERSONAL DATA?

The table below outlines the purposes that we process your personal data for and, for each purpose, the legal basis for the processing operation in question:

In any case, please note that we will not process your personal data for any other purpose that is incompatible with the above-mentioned purposes.

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH? 

In the context of our processing operations, we may communicate your personal data to the following recipients:

  • to our service providers, suppliers, agents, and contractors, to the extent that they assist us in carrying out the purposes set out in this policy (e.g., we use IT service providers to host your personal data on our behalf).
  • to other entities of the Dedalus Group.
  • to competent courts, public authorities, government agencies and law enforcement agencies (including where we are required to comply with legal or regulatory requests).

Regardless of the recipient, we will only disclose your personal data to them on a strictly need-to-know basis and only to the extent required to fulfil the purposes identified in this policy.

We do not sell your personal data.

4. DO WE TRANSFER DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?

Should your personal data be transferred outside the European Economic Area (“EEA”), we ensure that the level of protection your personal data is given is not adversely affected by such transfers.

This specifically means that each of the intended transfers is based on one of the following mechanisms at least:

  • the existence of an adequacy decision issued by the European Commission for the country that your personal data is transferred to; or alternatively;
  • the conclusion of standard contractual clauses reproducing the models adopted by the European Commission; or, alternatively;
  • the existence of an exemption related to one of the specific situations exhaustively provided for by the General Data Protection Regulation 2016/679 (“GDPR”) (e.g. where you have given your consent to such transfer having been informed of the absence of safeguards, where the transfer is necessary for the performance of a contract concluded between you and us, where the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and a third party, or where the transfer is necessary for the establishment, exercise or defense of our legal claims, etc.).

5. HOW LONG DO WE STORE YOUR PERSONAL DATA FOR? 

We store your personal data for no longer than is necessary for the purpose of the processing concerned.

In other words, this means that the storage periods we apply vary depending on the purpose for which we process the data in question. The table below therefore indicates, for each purpose, the storage period that will be applied to your personal data:

 
We have also defined an archiving policy. This ensures that your personal data is not stored in the active database unnecessarily.

In any case, once the applicable storage period has elapsed, we will irrevocably erase or anonymize your personal data so that you can no longer be identified.

6. WHAT RIGHTS DO YOU HAVE? 

In accordance with the applicable data protection legal framework, particularly the GDPR, you have the following rights as a data subject:

  • You may request access to your personal data and request that it be rectified or erased.
  • You also have the right to request that processing of your personal data be restricted or to object to the same.
  • You have the right to portability of your personal data.
  • Where processing of your personal data is based on your consent, please note that you may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent carried out prior to your withdrawal of the same.

However, please note that some of the above rights are subject to specific conditions dictated by the applicable data protection legal framework. So, if your specific situation does not meet these conditions, we will unfortunately be unable to comply with your request.

To exercise your rights, please contact our DPO using the contact details provided in Section 7 (How can you contact us?). To process your request as efficiently as possible, we may ask you for certain additional information to confirm your identity and/or assist in locating the personal data that forms the subject matter of your request.

In any case, please note that you may lodge a complaint with Agencia Española de Protección de Datos (AEPD) www.aepd.es

7. ESSENTIAL CONTENT OF THE JOINT CONTROLLERSHIP AGREEMENT

ISOFT SANIDAD, SL. with CIF A29626009, DH HEALTHCARE PROVIDER SOFTWARE SPAIN, S.L.U. with CIF B02685212, DH HPS PORTUGAL, UNIPESSOAL LDA, with NIPC: 516221817 and DEDALUS GLOBAL SERVICES, S.A. with CIF A19513506, hereinafter, GRUPO DEDALUS IBERIA, act with respect to the processing of personal data as “JOINT CONTROLLERS” by virtue of the joint controllership agreement signed between the Entities that make up GRUPO DEDALUS IBERIA (integrated into GRUPO DEDALUS).

The Joint Controllers will ensure compliance with data protection legislation at all times during the term of this contract and will not act or allow to act in a way that causes a breach of data protection legislation in relation to such shared personal data.

The Joint Controllers have appointed a single point of contact (Data Protection Officer – DPO) who will address any issue arising from the processing of shared personal data.

For more information: contact us as indicated in section 8.

8. HOW CAN YOU CONTACT US? 

If you have any questions or requests regarding our processing operations with your personal data under this policy, including exercising your rights, as outlined above, you may contact us on the following address: C/ José Echegaray, nº 8 – 28232 Las Rozas – Madrid

We also have appointed a data protection officer (“DPO”), which you can contact by e-mail at the following address: [email protected]

Current version: Dedalus – applicant privacy policy – v. 1]

Last updated: September 2021 

 

Please open in latest version of Chrome, Firefox, Safari browser for best experience or update your browser.

Update Browser