Privacy policy - MD SERVEIS

Go to content
Pages out of the menu


PRIVACY POLICY
YOUR PRIVACY IS IMPORTANT FOR US.



Through this privacy policy, DAVID UBANELL MARTÍNEZ wishes to inform everyone who browses and accesses the mdserveis.cat website about the processing of personal data carried out.

Access to the website does not require prior registration. Before sending any request for information through the contact form on this website, the user must accept the privacy policy, in order to give express and informed consent for the processing of data for the purposes indicated.

DAVID UBANELL MARTÍNEZ, in accordance with Regulation (EU) 2016/679, of April 27, 2016, regarding the protection of natural persons in terms of the processing of personal data and the free circulation of these data, as well as the Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, as Responsible for the Treatment of the personal data provided, provides you with the following information:


  1. Responible for the Tratment

    • Responsible: DAVID UBANELL MARTÍNEZ - henceforth MDSERVEIS -.
    • Adress: Urb. Can Ginebra, 4A - 08359 Sant Iscle de Vallalta (Barcelona)
    • NIF: 38803786A
    • Email: david@mdserveis.cat


2. Contact Form

On our website there is a contact form available that can be used to contact electronically. If a user uses this option, we will receive and store the data entered in the data entry screen:
    • Name
    • Email address
    • Phone

2.1. Purpose of the treatment
    • Manage the use of the functionalities made available through the Website, among which is the response to requests and/or queries made.
    • Keep users informed of MDSERVEIS products and/or services, through email or equivalent electronic means of communication, provided that the User has given their consent by checking the corresponding box.

2.2. Legitimation
    • The legitimate basis for the processing of personal data is the consent granted by the interested party through the acceptance box enabled for this purpose, under article 6.1.a) of the GDPR.
    • If the purpose of the contact by email is to formalize a contractual relationship, then the legal basis for the treatment is for the execution of contractual obligations, by virtue of article 6.1.b) of the GDPR.
    • The legal basis for the processing of data for sending communications is the prior and express consent that the user grants by checking the corresponding box, in accordance with the provisions of art. 21 of the LSSI-CE.

2.3. Conservation period
The data will not be kept for longer than necessary for which they have been collected, unless there is a legal obligation.

2.4. International data transfers
No International Data Transfers are made to third countries outside the European Union.
The interested party is informed that the sending of commercial communications will be done through Mailchimp, with registered office and servers and located in the United States. Likewise, it is reported that Mailchimp has standard contractual clauses that allow international transfers to be made with the guarantees established in the GDPR.


  1. Form work with us

Through this form MDSERVEIS will be able to advise you on the project in case the product is personalized.
The data requested is the following:
    • Name
    • Email
    • Phone
    • Job details: profession, jobs, other CV details

3.1. Purpose of data processing
Your data will be treated confidentially and for the exclusive purpose of processing your application. The data transmission will take place in encrypted form. In the event of any change in your data, please notify us in writing as soon as possible, in order to keep your data duly updated.

3.2. Legal basis for data processing
The legitimate basis for the processing of personal data is the consent that the interested party has given at the time, by virtue of article 6.1.a) of the GDPR; either

3.3. Conservation period
The data will not be kept for longer than necessary for which they have been collected, unless there is a legal obligation.

3.4. International data transfers
There are no international transfers of data to third countries outside the European Union.


  1. Rights taht exist to the interested part

When your personal data is processed by the User, you will have the status of interested person within the meaning of the GDPR and, as such, you have the following rights before the person responsible for the treatment:

4.1. Right of access
You can ask the controller to confirm if your personal data is being processed by it.

If your data is being processed, you can request information about:
    1. the purpose of processing personal data;
    2. the categories of personal data that will be processed;
    3. the recipients or categories of recipients to whom the personal data has been or will be disclosed;
    4. the period for which the personal data will be kept or, where this is not possible, the criteria used to determine that period;
    5. the existence of the right to rectify or delete the personal data that concerns you, the right to limit the treatment by the person in charge or the right to oppose said treatment;
    6. the existence of the right to file a claim with a control authority;
    7. all available information on the origin of the data when the personal data has not been obtained from the person concerned;
    8. the existence of automated decision-making, including profiling, in accordance with art. 22, apts. 1 and 4 of the GDPR and, at least in these cases, significant information on the logic applied, as well as the importance and expected effects of said treatment for the person concerned.

You have the right to request information about whether your personal data has been transferred to a third country or to an international organization. In this context, you can request to be informed under article 46 of the GDPR regarding the transfer of data.

4.2. Right of rectification
If the personal data concerning you is inaccurate or incomplete, you have the right to rectify or complete it with the data controller. The person in charge of the treatment will carry out the rectification without delay.

4.3. Right to limitation of processing
The User may request the limitation of the processing of their personal data when any of the following conditions is met:
    • If you contest the accuracy of your personal data within a period that allows the controller to verify its accuracy;
    • That the treatment is illegal and the User opposes the deletion of personal data and requests the limitation of its use on its site;
    • That the person in charge no longer needs the personal data for the purposes of the treatment, but the User needs them to formulate, exercise or defend claims;
    • If the User has opposed the treatment under art. 21, pt. 1 of the GDPR, while it is verified if the legitimate reasons of the person in charge prevail over their own.

When the processing of personal data has been limited, except for its conservation, these data can only be processed with your consent or to formulate, exercise or defend claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

If the treatment has been limited in accordance with the above conditions, you will be informed by the controller before this limitation is terminated.

4.4. Right of erasure
You can request the data controller to delete her personal data immediately and he will be obliged to delete this data without delay when any of the following circumstances occur:
    • That the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
    • If the User revokes the consent, on which the data processing was based in accordance with art. 6, section 1, sentence 1, letter a) or in art. 9, section 2 lit. a) GDPR, and there is no other legal basis for the processing.
    • If the User objects in accordance with art. 21, pt. 1 GDPR to the processing and there are no compelling justified grounds for the processing or you object to the processing pursuant to Art. 21, pt. 2 of the GDPR.
    • That his personal data have been processed illegally.
    • That personal data must be deleted to comply with a legal obligation established in the law of the European Union or in the law of the Member States to which the data controller is subject.
    • That your personal data have been obtained in relation to the offer of information society services offered in accordance with art. 8, section 1 of the GDPR.
    • If the person responsible for data processing has made the personal data public, he is obliged to suppress them by virtue of art. 17, pt. 1 of the RGPD, it will take the appropriate measures, including the technical measures, keeping in mind the available technology and the implementation deadlines to inform those responsible for processing the personal data that the User, as the interested person, has requested. The elimination of all the links to these personal data or of copies or replicas of these personal data.

The right of deletion will not exist to the extent that the treatment is necessary
    • to exercise freedom of expression and information;
    • to comply with a legal obligation that requires the processing of data required by the legislation of the European Union or of the Member States to which the controller is subject or to fulfill a task in the public interest or to exercise public power vested in the controller;
    • for reasons of public interest in the field of public health, in accordance with art. 9, section 2, letters h) and i) and art. 9, section 3 of the GDPR.
    • for archiving purposes of public interest, scientific or historical research purposes or statistical purposes pursuant to art. 89, pt. 1 of the GDPR, insofar as the law mentioned in section a) may make it impossible or seriously impair the achievement of the objectives of this treatment, or
    • to formulate, exercise or defend claims.

4.5. Right to information
If you have exercised your right to rectification, deletion or limitation of the treatment before the person in charge, the latter will be obliged to inform all recipients to whom your personal data have been communicated about this rectification, deletion or limitation of the treatment, unless this is impossible or involves a disproportionate effort.

The User has the right to be informed by the person in charge of who these recipients are.

4.6. Right to data portability
You have the right to receive the personal data that concerns you, that you have provided to the person in charge, in a structured, commonly used and machine-readable format. In addition, he has the right to transmit this data to another person in charge without the person in charge to whom it was provided preventing it, when:
    1. the processing is based on consent in accordance with art. 6, section 1 sentence 1 letter a) GDPR or Art. 9, section 2 lit. a) GDPR, or in a contract according to art. 6, section 1 sentence 1 letter b GDPR and
    2. the treatment is carried out by automated means.

By exercising this right, the user will also have the right to have personal data transmitted directly from one data controller to another whenever technically possible. The freedoms and rights of other people may not be negatively affected by this.

This right to data portability will not apply to any processing of personal data that is necessary to fulfill a task in the public interest or to exercise public authority vested in the controller.

4.7. Opposition right
The User has the right to oppose at any time, for reasons derived from his or her particular situation, that the personal data concerning him/her be processed in accordance with the provisions of art. 6, section 1 sentence 1 letter e) or f) GDPR; this will also apply to profiling based on these provisions.

The controller will stop processing his personal data unless he can demonstrate compelling legitimate grounds for this processing that outweigh his interests, rights and freedoms or the processing is intended to establish, exercise or defend claims.

If the processing of his personal data takes place to carry out direct marketing actions, the User will have the right to oppose at any time the processing of the data for the purpose of this advertising; this shall also apply to profiling insofar as it is associated with this direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

The User has the option to exercise the right of opposition through automated procedures that use technical specifications in relation to the use of information society services, regardless of the provisions of Directive 2002/58/CE.

4.8. Right to revoke the declaration of consent regarding data protection
The User has the right to revoke the declaration of consent regarding data protection at any time. The revocation of consent does not affect the legality of the treatment that took place on the basis of the consent given before its revocation.

4.9. Automated individual decisions, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects for the User or significantly affects the User in a similar way. This will not apply if the decision:
    1. it is necessary for the conclusion or performance of a contract between the User and the data controller;
    2. is authorized by the legislation of the European Union or of the Member States to which the controller is subject and when this legislation contains reasonable measures to safeguard your rights and freedoms and your legitimate interests, or
    3. if it is based on explicit consent.

However, these decisions will not be based on the special categories of personal data specified in art. 9, section 1 GDPR, unless Art. 9, section 2 lit. a) or b) GDPR and appropriate measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.

Regarding the cases mentioned in points 1 and 3, the data controller will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including, at least, the right to obtain the intervention of a person by responsible, in expressing the point of view and in challenging the decision.

4.10. Right to file a claim with a control authority
Without prejudice to any other administrative or judicial remedy, the User shall have the right to file a claim with a control authority, in particular in the Member State of their residence, job or position of alleged infringement, if they consider that the treatment of the personal data concerning you violates the GDPR.

The supervisory authority to which the claim has been filed will inform the claimant about the status and results of the claim, including the possibility of filing a judicial appeal in accordance with art. 78 of the GDPR.


  1. Where can you exercise the right of the User?

The User may exercise their rights by sending a letter to Urb. Can Ginebra, 4A-08359 Sant Iscle de Vallalta (Barcelona), or by email david@mdserveis.cat.

Likewise, the interested party is informed that they may revoke their consent to send commercial communications by sending an email to david@mdserveis.cat.


  1. Is it mandatory to provide all the information requested in the contact section?

Regarding the forms on the Website, the User must complete those marked as "required". Not completing the required personal data or doing so partially may mean that MDSERVEIS cannot meet your requests and, therefore, MDSERVEIS will be exonerated from all responsibility for the non-provision or incomplete provision of the requested services.

The personal data that the user provides to MDSERVEIS must be current so that the information in the records is updated and without errors. The User will be responsible for the veracity of the data provided.


  1. What security measures has the company implemented?

MDSERVEIS informs that the processing of personal data is carried out at all times in accordance with the applicable regulations on data protection and information society services.

MDSERVEIS has implemented the necessary technical and organizational security measures to guarantee the security of the User's personal data and prevent its alteration, loss, treatment and/or unauthorized access in accordance with the state of technology, the nature of the stored data and the risks to which they are exposed, whether they come from human action or from the physical or natural environment, in accordance with the provisions of current regulations.


Back to content