GDPR

1. Spanish National Law

Fundació Sant Joan de Déu (FSJD), coordinator of the Share4Rare project, is under the Spanish legislation on data protection, and the applicable law is Organic Law 3/2018 of December 5 on the protection of personal data and guarantee of digital rights; this norm in force in the precepts not repealed by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 of April of 2016 relative to the protection of physical persons with regard to the treatment of personal data and to the free  circulation of said data, and repealing Directive 95/46 / EC (GDPR).

2. GDPR

FSJD follows the GDPR (General Data Personal Regulation) and the new guiding principles of the Regulation, which came into force in May 2016 and applicable as of May 2018.

2.1. Responsible

Fundació Privada per a la Recerca Sant Joan de Déu

Calle Santa Rosa 39-56 – 08950 Esplugues de Llobregat (Spain)

Data Protection Officer: dpd@sjdhospitalbarcelona.org

2.2. Purpose

Interactions in a global virtual community where adult patients, parents or caregivers will interact with other users. The interactions will be based in targeted questions that the users will receive accordingly with the features of their profile and interests/ expertise. An algorithm will facilitate this liaison between users in each interaction those will be based in a threat of communications among users identified with their nickname. Only in the case that the users have approved private messaging will be on place.

Clinical data donation of the patient will be collected. It will be anonymized and included in a database that will allow the study of aggregated data regarding a specific condition and the cross-analysis with diseases of the same group. Health decisions will not be made on the basis of the profiles of the interested parties.

FSJD will keep the data for the duration of the relationship with the interested party while the interested party does not ask for the right to cancel. Inform that the Foundation will dispose of them in accordance with the corresponding regulatory norm, Law 21/2000, of December 29, on the rights of information concerning the health and autonomy of the patient, and the clinical documentation.

2.3. Legitimation basis for data processing

  • Non-clinical or personal data will be donated and stored in the platform from the private communities.
  • The website has the informed consent for clinical data donation and data processing of Share4Rare. This consent identifies the legal basis on which the treatments will be developed, such as the new requirements of the GDPR. This document has been approved by the Ethics Committee of FSJD.
  • The consent is unequivocal and explicit -following and in compliance with article 9.2.a) of the GDPR.
  • The information is provided in a concise, transparent, intelligible and easily accessible manner, with clear and simple language.
  • The legal basis of the data management is the inform consent of the adult patient, one parent of the paediatric patient (patient under 18 years old) or his/her legal guardian.
  • The person that signs the consent document has the right to withdraw whenever he/she wants.

2.4. Third parties - Recipients

No data is transferred to third parties, except in the case of legal obligation. To guarantee an adequate provision of the service, it is necessary that certain service providers and / or FSJD entities that process data on behalf of the person in charge and as the ones in charge of processing their personal data. These entities can be, for example, archiving, storage or digitization of information, destruction of documentation, computer services, etc

2.5. Exercise of rights

Access, rectification and deletion of data, as well as other rights, as detailed in the Spanish Organic Law on the Protection of Personal Data and guarantee of digital rights and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), has to be exercised through a written communication to Fundació Privada per a la Recerca Sant Joan de Déu (Santa Rosa 39-56 – 08950 Esplugues de Llobregat –Spain) or through an email to dpd@sjdhospitalbarcelona.org.

If you consider that your rights have not been considered you can complain directly to the Spanish Data Protection Agency (Agencia Española de Protección de Datos).