In accordance with the General Data Protection Regulation, GRUPO PENSA SALUD, SL., informs you of its Privacy Policy.

1.Responsible for the processing of personal data

We inform you that your personal data will be processed by GRUPO PENSA SALUD, SL., (onwards, "GRUPO PENSA SALUD”) as data controller, with registered office at C/ Gran Vía de les Corts Catalanes, nº 657 - 08010 - Barcelona.

To ensure the fair and transparent processing of your personal data, GRUPO PENSA SALUD has a Data Protection Delegate, with whom you can contact in or in C/ Ireland No. 7 Local ground floor. 080030 Barcelona.

2. Purposes and legitimizing bases of the treatment

Your personal data, including health data, will be processed based on the following purposes:

2.1. If you are a user of the website, GRUPO PENSA SALUD will process the data for the following purposes:

  • Website maintenance.
    • The basis of legitimacy is the legitimate interest to allow communication between the equipment and the network, to provide the service requested on the Website, such as the user's log-in and subsequent identification and customization of the user interface.
    • This purpose corresponds to the need of GRUPO PENSA SALUD to display content on its website and improve usability by users who access it.
  • Analysis of browsing behavior and profiling of your browsing preferences and interests.
    • The basis of legitimacy is the consent granted by you, allowing GRUPO PENSA SALUD to proceed to the elaboration of your profile based on your browsing information, according to your consumption habits.
    • This purpose responds to the need to show you products or services with an advertising nature on the different browsing websites adjusted to your real needs, maintain the preferences chosen on the website and measure product traffic on the website. The information related to your profile will be treated in a secure and confidential manner, being processed only in the systems that analyze the information obtained in an automated manner. On the other hand, you may, at any time, express your wish not to be subject to this treatment, exercising your right to oppose it.
  • In the event that you provide your personal data through the contact form, telephone or email made available to you on the Website, your data will be processed in order to manage your requests for information, resolve your doubts, answer your queries or process your claims.
    • The basis of legitimacy is the consent given expressly when completing the contact form, when calling or writing to us. In this way, the treatment is necessary to allow the adequate processing of your requests for information, resolution of your doubts, answering your queries or the processing of your communicated claims and verify the operation of the service in accordance with the established procedures, as well as to Obtain evidence of the content of the requests received and the reason for the processing of personal data that may be provided.
    • You have the right to withdraw consent at any time. Finally, we inform you that the withdrawal of consent will not affect the legality of the treatment based on the consent prior to its withdrawal.
  • Recording of calls made to certain telephone numbers (for example, Emergency telephone), in order to provide the best possible assistance service and demonstrate the content of the conversations.
    • The execution of the contract for the provision of care services, your consent and the legitimate interest of the data controller in being able to provide the best possible care service and in demonstrating the content of the conversations held. If you do not provide us with the data that we request, the requested service cannot be provided, as these are necessary contractual and legal requirements.

2.2.If you are a potential patient and are interested in our healthcare and surgical services:

  • Manage and attend to the requests made by any channel on health and surgical care services, as well as the maintenance and development of the legal relationship that may be established between the parties, prior to contracting.
    • The basis of legitimacy is the consent in the admission to the Center and, in any case, the application of pre-contractual measures, at your request (article 6.1.b RGPD) and the fulfillment of legal obligations, in accordance with article 6.1.c RGPD and Article 8.1 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
  • Sending information or advertising, offers and promotions, gifts and loyalty campaigns, or any other actions of a commercial nature (including the preparation of a commercial profile for this purpose), by post, email, telephone, SMS or other equivalent electronic means, about our products and services for health and surgical care.
    • The basis of legitimacy is the consent granted by you for the sending of commercial communications through postal mail, email, telephone, SMS or other equivalent electronic means, in this sense, the Information Services Society Law itself (hereinafter , the "LSSI") allows the provider to send commercial communications regarding products or services of its own company that are similar to those that were initially contracted with the client.
    • At any time you can oppose the processing of your data for this purpose, free of charge, and in each electronic communication made, you can unsubscribe to stop receiving this type of communication. Likewise, the "Rights" section of this Policy describes how to request the cancellation of this type of communication.

2.3.If you are a patient and contract healthcare or surgical services through any authorized channel, GRUPO PENSA SALUD will process your data for the following purposes:

  • Provision, monitoring, management, control and billing of healthcare and/or surgical services requested directly or through a third party, including prevention, diagnosis and medical treatment, as well as the generation of medical records.
    • All the data you provide when receiving medical or surgical care and throughout your relationship with GRUPO PENSA SALUD, including health data to manage possible events in your service, are necessary for the formalization and management of your contract and the associated treatments and operations. The legitimizing basis is the management and formalization of the contract and of which you are an integral part (article 6.1.b and 9.2.h RGPD). As well as, compliance with legal obligations, in accordance with article 6.1.c. of the RGPD and article 8.1 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
    • Likewise, for compliance with the provisions of the applicable regulations (among others, Law 14/1986, of April 25, General Health, in Law 4/2002, of November 14, regulating patient autonomy and obligations and rights in matters of information and clinical documentation, regional health regulations and tax regulations) as well as in tax and accounting matters and, only in certain cases of extreme urgency, will the basis of legitimation of the patient's vital interest be applicable.
    • If you do not provide us with the data that we request, the interested care service cannot be provided, as it is necessary contractual and legal requirements, GRUPO PENSA SALUD reserving the right of admission.
  • When we use written electronic signature systems, for your greater security, convenience, saving on paper and better management, capture biometric elements in the creation of the signature, for example, the speed and acceleration of each stroke or the pressure exerted at each point. This data is essential to ensure that you are the one signing the documents and that no one is impersonating your identity. If you refuse to provide us with biometric data in the form of a written electronic signature, you may sign the document in a non-electronic written signature, always understanding the harm that this entails for you, since we understand that the written electronic signature is a safer, faster and efficient storage and computer management, completely legal and with security and technological certification for the highest security of treatment.
    • The legitimizing basis is the consent, which you give by signing the form provided to you by GRUPO PENSA SALUD.
  • Use for scientific purposes for public health and biomedical research and for statistical purposes and, where appropriate, application of anonymization and pseudonymization processes for later use for scientific research or statistical purposes.
    • The basis of legitimation is the legal authorization of Additional Provision 17Seventeenth additional provision. Health data processing. of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
  • Transfer of your data to third parties that participate in the care process (for example, external health personnel) or in aspects related to it, for the provision of a comprehensive care service (laboratories, prosthetic services and suppliers of surgical material, etc.) ; to other public or private health centers, in case of patient referrals; to banking entities to manage the collection of the services provided, where appropriate; to insurance or reinsurance service entities for the collection of fees for the services provided and fraud prevention, when the services are provided under the coverage of an insurance policy of which you are a beneficiary, as well as to organizations by legal obligation and for scientific research or statistical production with the application of appropriate anonymization or pseudonymization measures, where appropriate. In addition, your data may be communicated to courts and tribunals, as well as to persons or public or private entities due to legal obligation.
    • The basis of legitimation is the fulfillment of the contract for the provision of care services, in order to provide comprehensive health care; your consent, which you grant by signing the personal data protection form that is delivered to you (consent that legitimizes, among other exposed transfers, the transfer of your data to external health personnel, laboratories, suppliers of prosthetic material, etc. ., the transfer of your data to banks for the collection of services, or mutual, insurers or reinsurers of services when they cover the amount of fees generated and prevention of fraud, to third parties for participation in scientific research or statistical studies, as well as the transfer to other health centers to which he has to be referred for the continuation of his treatment);

3.Personal data category

Since GRUPO PENSA SALUD We will treat the following categories of data to achieve the purposes set forth throughout this Privacy Policy.

  • Website maintenance
    • Data on behavior and interaction between the parties:
      • Browsing data on the web or mobile applications through cookies or other data storage and retrieval devices: information collected from browsing them, in the event that you have accepted the use of cookies and similar technologies in your devices.
  • Customer Service
    • Identification data: name and surnames.
    • Contact details: email address.
    • Other data (if applicable): subject and message.
  • Surgical and health care service
    • Identification data: name, surnames, date of birth and ID.
    • Contact information: telephone, address, email.
    • Health, biometric and genetic data: medical history, diagnostic tests, medical history data.
    • Biometric data: written electronic signature, image and voice.
    • Financial data: bank account number, insurance policy data.
    • Identification and contact data of relatives, relatives or contact persons.

4. Main recipients

Personal data will not be transmitted to third parties, except in the following cases:

  • External health care providers (for example, your private doctor who is involved in the treatment you receive at GRUPO PENSA SALUD) and providers of health services or materials (laboratories for performing analyzes or tests, providers of prosthetic services and surgical material, when they must access personal data), all in order to provide adequate health care.
  • Health entities to which they must be referred for the continuation of the treatment, in the cases in which it proceeds.
  • Banks and financial entities, to manage the collection of the services provided, when appropriate.
  • Mutual, insurers or reinsurers of services that cover, under the corresponding policy of which you are a beneficiary, the fees generated with health care, in order to proceed with the collection. The necessary identification and health data will be transferred to prove the services provided and quantify their amount, as well as to prevent fraud. If you object to the transfer of this data GRUPO PENSA SALUD will not provide you with the assistance service covered by your policy, so you must pay the cost of the service.
  • Authorities and Public Administrations (including the Tax Agency, Social Security, Cantabrian Health Service or Ministry of Health), courts and tribunals and other natural and legal persons, public or private, when appropriate according to the regulations applicable to GRUPO PENSA SALUD.
  • Organizations for participation in scientific research or preparation of statistical studies.
  • Relatives up to the second degree of consanguinity or affinity, if they request it, to comply with the provisions of labor regulations or relative to public officials with regard to permits for illnesses and hospitalizations of relatives.
  • Family members and close friends, regarding the patient's condition, when the patient has expressly or tacitly authorized it or when appropriate according to the applicable regulations. It is reported that GRUPO PENSA SALUD will not communicate to any third party the admission of a patient in the center or the room number, unless it must provide said information in the cases in which it results from the applicable regulations.
  • Data processors, that is, people and entities that provide services to GRUPO PENSA SALUD and that, for this, they need access to personal data.

5. International transfers of personal data

We inform you that GRUPO PENSA SALUD no type of international data transfers will be made.

However, should they occur in the future, GRUPO PENSA SALUD guarantees that the suppliers will be covered by standard clauses or by any of the other guarantees established in the applicable regulations.


As the owner of the data, and at any time, you have the right to contact GRUPO PENSA SALUD, C/ Gran Vía de les Corts Catalanes, No. 657 - 08010 - Barcelona, or to the email, to exercise the following rights:

  • Right of access

You have the right to GRUPO PENSA SALUD, inform you about whether or not your personal data is being processed and, in such a case, to be able to access said data and receive information about the purposes for which they are processed, the categories of data affected by the processing, the recipients to whom they are They communicated their personal data and the expected period of conservation of the data, among other information.

  • Right of Rectification and Deletion

You have the right to request the deletion of personal data provided that the applicable legal requirements are met, and the rectification of inaccurate data that concerns you when, among other reasons, these are no longer necessary for the purposes for which they were collected.

  • Right to limitation of treatment

In certain circumstances (for example, in the event that the applicant contests the accuracy of their data, while their accuracy is verified), you may request that the processing of your personal data be limited, these being only processed for the exercise or the defense of claims.

  • Right to withdraw consent

You also have the right to revoke the consent given at any time.

  • Right of total or partial opposition to the treatment.

You have the right to object to the treatment at any time, for reasons related to your particular situation, in case the treatment is based on our legitimate interest or on the legitimate interest of a third party (including the treatment that has the purpose of marketing directly and the elaboration of the corresponding profiles). In this case, GRUPO PENSA SALUD will cease in the treatment, unless accreditation of legitimate reasons.

  • Right to the portability of your data

You have the right to receive the personal data that you have provided to GRUPO PENSA SALUD, in a structured, common and machine-readable format, and to be able to transmit them to another controller without being prevented by the controller to whom they were provided, in the cases provided by law for these purposes.

  • Automated individual decisions

Likewise, in addition to the rights mentioned in the context of those treatments that imply the adoption of automated decisions, including the elaboration of profiles, you have the right to obtain human intervention on the part of GRUPO PENSA SALUD, and to express their point of view and to challenge the decision.

  • Others

Likewise, when personal data is transferred to a third country or to an international organization, you will have the right to be informed about how you can access or obtain a copy of the adequate guarantees related to the transfer.

For any questions or additional questions about the exercise of your rights or, in general, about the processing of your personal data, you can contact our Data Protection Delegate at

Finally, you will have the right to file a claim with a national control authority (Spanish Data Protection Agency at C/Jorge Juan, 6. 28001-Madrid or tel. 912663517) or respective regional authority.

7. Origin

Together with the information that you provide us directly (for example, through forms, request for information, etc.), we will obtain information about your browsing habits if you consent.

In the event that the data provided refers to third-party natural persons other than the patient, you expressly state that you have informed and obtained their prior consent for the processing of their data in accordance with the purposes set forth in this Privacy Policy.

In the specific case of minors or those legally incapacitated, it will be necessary for the legal representative of the minor or of the legally incapacitated person to give their express consent before any type of data processing.

Likewise, we may obtain personal data from mutuals, insurers, reinsurers, health centers or doctors, laboratories, relatives or close friends for the correct provision of the health or surgical care service.

8. Storage period

Your personal data will be kept as follows:

Navigation data Up to 2 years
Data as a potential patient Up to 2 years
Contractual data of the patient During the time necessary for the provision of the service or request and the billing and collection of the fees accrued, if applicable.
Call recording 2 years
Documentation or medical history of the patient 15 years from the last care of the patient.

All this without prejudice to the fact that said term may be extended when you expressly authorize it or there are particular treatments derived from the contractual relationship that remain in force after said term. Likewise, your personal data will be kept during the limitation period of the responsibilities derived from the treatment, without prejudice to the duty of blocking. Once the retention periods have expired, the information will be deleted.

Last update: July 2022

© GRUPO PENSA SALUD, SL All rights reserved.