1. Who is/are the data controller/s?

The data controller is Grifols, S.A., with address for contact purposes at Avda. de la Generalitat 152, 08174, Sant Cugat del Vallés, Barcelona (Spain) ("Grifols").


2. Who is the data protection officer of Grifols and how can you contact him/her?

The data protection officer acts as an interlocutor between Grifols and you in order to ensure Grifols' compliance with the data protection legislation and guarantee your rights under such legislation. You may contact the data protection officer of Grifols at dpo@grifols.com.


3. For which purposes does Grifols process the personal data?

Grifols processes the personal data to:

(a) manage and control the participation of the data subjects in the awards organized by Grifols to which they have registered (the "Awards"), in accordance with the Terms and Conditions of each of the Awards.

(b) where appropriate, to respond to requests of information, suggestions and/or queries.

(c) carry out maintenance and management tasks of the Awards' websites to offer a secure environment to its users.


4. Which is/are the lawful basis/bases to process the personal data?

The legal bases to process the personal data are:

(a) the consent provided through the different means available on the Awards' websites for the purposes set out in Section 3 (a) and (b), and

(b) the legitimate interest of Grifols to (i) share the personal data of the data subjects (including the participants in the Awards) with the Grifols' group companies when necessary to carry out the purposes established in Section 3, and (ii) ensure network and information security by preventing accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data.

Grifols considers that the legitimate interest in which bases the processing of personal data overrides data subjects' fundamental rights and freedoms, given that the processing is part of the daily management of a multinational group of companies. In any case, data subjects may request further information on legitimate interest or exercise their right to object by addressing such request to privacy@grifols.com.


5. How long does Grifols retain the personal data?

Once the purposes for which the personal data processed are fulfilled, Grifols retains the personal data until the end of statutes of limitation of any liabilities that may arise and during the term required to comply with any applicable legal obligation.


6. With whom does Grifols share the personal data?

For the purposes described in Section 3, Grifols may share the personal data with:

(a) the Grifols' group companies, in accordance with Section 4 (b). The list of the companies is available here.

(b) providers of products and services for the daily management of the activities mentioned in Section 3.  

If the personal data is processed from countries that do not offer an adequate level of data protection, Grifols and/or the providers (as the case may be) will adopt, if required, the appropriate safeguards on such international data transfers in accordance with the applicable data protection legislation.

Information on the appropriate safeguards for international data transfers can be obtained from Grifols at privacy@grifols.com.

Grifols does not share the personal data with any other third party, unless required by applicable law.


7. How does Grifols obtain the personal data and what categories of personal data are processed when not provided by the data subject?

Grifols only processes the personal data that is relevant for the purposes mentioned in Section 3.

If data subjects do not directly provide with their personal data to Grifols, the sources from which Grifols obtains the personal data are the primary applicant of the Awards in accordance with the Terms and Conditions of each of the Awards.

The personal data that might not have been obtained from the data subject and has thus been obtained from other sources are:

  • Identification data (e.g. name and last name, ID/passport number, etc.)
  • Professional contact details (e.g. e-mail address, postal address and professional phone number, etc.)
  • Professional data (e.g. job position, place of work, membership of scientific societies or associations, etc.)
  • Academic information (e.g. level of studies, CV, etc.)

8. Which are your data protection rights?

RIGHTS CONTENT
Access You may request confirmation as to whether or not your personal data is being processed and, if so, you can obtain access to your personal data included in Grifols' files.
Rectification You may request the rectification of your personal data if this is inaccurate.
Erasure You may request that your personal data is erased.
Objection You may request that your personal data is not processed in specific circumstances.
Portability You may request receiving, in an electronic file, the personal data that you provided Grifols, as well as the right to transmit it to other parties.
Restriction of processing You may request a restriction on how personal data is processed when:
  • the accuracy of your personal data is being verified after you have contested its accuracy.
  • processing of your personal data is unlawful and you oppose to its erasure.
  • Grifols does no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
  • you have objected to the processing for the performance of a task carried out in the public interest or necessary for the purposes of a legitimate interest, whilst it is being verified whether the legitimate grounds of Grifols override yours.
Withdrawal of consent You may withdraw your consent without affecting the lawfulness of processing based on consent before its withdrawal.

 

You may exercise, when appropriate, the data protection rights by sending a written communication to privacy@grifols.com and indicating as subject matter of the communication "Grifols Awards". For these purposes, Grifols may request a copy of your ID card/passport in force or any other valid document evidencing your identity.

In addition, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) or with any other competent data protection authority.


Date of update: July 2020