📄 Agreement with Personal Data Processors (Article 28 GDPR)

Between:

Dr. Katia Herrera, with NIF 04341930J, acting as a medical professional and owner of the website https://katiatupediatra.es, with professional address in Gran Alacant, Santa Pola, Alicante, hereinafter, the Data Controller.

AND:

Each of the technology service providers used by the Data Controller, hereinafter the Data Processor(s), to the extent that they access or process personal data on behalf of the Controller.

1. Purpose of the agreement

By means of this agreement, the Data Processor undertakes to process personal data only following documented instructions from the Controller, in accordance with Article 28 of the General Data Protection Regulation (GDPR).

2. Purpose of the treatment

The Controller will process personal data exclusively to provide the services contracted to the Controller, such as:

  • Hosting and web hosting
  • Emails
  • Statistical analysis (Google Analytics)
  • Web forms
  • Contact via WhatsApp Business
  • Cookie management (Complianz)
  • Appointment calendar or comments (if applicable)
  • Other technical services necessary for the operation of the website

3. Types of data processed

The personal data processed may include, among others:

  • Identification data (name, surname)
  • Contact information (phone, email)
  • IP address and browsing data
  • Limited medical information shared by the user through forms (if applicable)

4. Obligations of the Data Processor

The Data Controller undertakes to:

  1. Process personal data only in accordance with the Controller's documented instructions.
  2. Ensure that persons authorized to process personal data respect confidentiality.
  3. Adopt appropriate technical and organizational measures to ensure an adequate level of security.
  4. Do not subcontract the processing without prior authorization from the Controller.
  5. Assist the Controller in fulfilling its obligations regarding the rights of data subjects.
  6. Delete or return data at the end of the service provision, as indicated by the Controller.
  7. Provide the Controller with all the information necessary to demonstrate compliance with its obligations.

5. Subcontracting and international transfers

The Managers may subcontract services or carry out international data transfers provided that:

  • Inform the Responsible Party in advance.
  • Comply with the appropriate safeguards required by the GDPR, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other legally valid mechanisms.

6. Duration

This agreement will have the same duration as the primary contractual relationship between the Controller and the Processor. Upon termination, the Processor will delete or return all personal data as instructed by the Controller.

7. Supervision

The Data Controller reserves the right to audit the Processor's compliance with this agreement.

📌 Additional note

This agreement is published in compliance with Article 28 of the GDPR and applies to providers who provide technical services through the website. https://katiatupediatra.es.

Electronically signed by implicit acceptance through the use of the contracted services.

Services
Facebook Instagram WhatsApp
Menu
Contact
en_GB
en_GB es_ES
Scroll to Top