1. Who is the data controller?

The data controller is Grifols, S.A. with address for contact purposes at Avda. de la Generalitat 152, 08174 Sant Cugat del Vallés, Barcelona (Spain) ("Grifols").

2. Who is the data protection officer of Grifols and how can you contact him/her?

The data protection officer acts as an interlocutor between Grifols and you in order to ensure Grifols' compliance with the data protection legislation and guarantee your rights under such legislation. You may contact the data protection officer of Grifols at dpo@grifols.com.

3. For which purposes does Grifols process the personal data?

Grifols processes the personal data to:

(a)  manage and control the participation in the Martín Villar Haemostasis Awards (the "MV Awards"), in accordance with the Terms and Conditions , and

(b) respond data subjects' requests of information and/or suggestions. 

4. Which are the lawful bases to process the personal data?

The legal basis to process the personal data is the consent you have provided when enrolling in the MV Awards and, as the case may be, when you contact Grifols through the means available on the MV Awards website.

5. How long does Grifols retain the personal data?

Upon the termination of the MV Awards, Grifols will retain the personal data until the end of statutes of limitation of any liabilities that may arise from the participation in the MV Awards and during the term required to comply with any applicable legal obligation. 

6. With whom does Grifols share the personal data?

Grifols does not share the personal data with any other third party, unless required by applicable law. 

7. How does Grifols obtain the personal data and what categories of personal data are processed when not provided by the individual?

If the participants in the MV Awards do not provide their personal data directly to Grifols, these may have been provided by other participants who apply to the MV Awards on behalf of such other participants. In this particular case, the categories of personal data processed are identification data of the participants, including without limitation name, last name, membership and curriculum vitae.

8. Which are your data protection rights?

Access You may request confirmation as to whether or not your personal data is being processed and, if so, you can obtain access to your personal data included in Grifols' files.
Rectification You may request the rectification of your personal data if this is inaccurate.
Erasure You may request that your personal data is erased.
Objection You may request that your personal data is not processed in specific circumstances.
Portability You may request receiving, in an electronic file, the personal data that you provided Grifols, as well as the right to transmit it to other parties.
Restriction of processing You may request a restriction on how personal data is processed when:
  • the accuracy of your personal data is being verified after you have contested its accuracy.
  • processing of your personal data is unlawful and you oppose to its erasure.
  • Grifols does no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
  • you have objected to the processing for the performance of a task carried out in the public interest or necessary for the purposes of a legitimate interest, whilst it is being verified whether the legitimate grounds of Grifols override yours.
Withdrawal of consent You may withdraw your consent without affecting the lawfulness of processing based on consent before its withdrawal.


You may exercise, when appropriate, the data protection rights by sending a written communication to privacy@grifols.com and indicating as subject matter of the communication "MV Awards 2019-2020". For these purposes, Grifols may request a copy of your ID card/passport in force or any other valid document evidencing your identity.

In addition, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) or with any other competent data protection authority.

Date of update: July 2019