PRIVACY POLICY
PERSONAL DATA PROTECTION POLICY
CYTES BIOTECHNOLOGIES S.L. is an organisation that collects personal data through various available means, which entails an important responsibility in designing and organising procedures so that they comply with data-protection laws.
For this reason, CYTES BIOTECHNOLOGIES S.L. shall adopt all necessary security measures to ensure the protection of the data collected.
In exercising these responsibilities, and in order to establish the general principles that must govern the processing of personal data within the organisation, CYTES BIOTECHNOLOGIES S.L. adopts this Personal Data Protection Policy, which is communicated and made available to all its stakeholders and observes the following laws:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
- Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE)
I. Scope of Application
This policy applies to CYTES BIOTECHNOLOGIES S.L., its governing and management bodies, staff, and all persons related to the organisation, expressly including service providers with access to personal data (“processors”).
The data-controller is CYTES BIOTECHNOLOGIES S.L., Tax ID B66534959, represented by Jordi Xapellí Mias.
Address: C/ Gaspar Méndez 3, Oficina 3 (Entreplanta), 06011 Badajoz, Spain
Telephone: +34 934 034 553 / +34 640 128 078
Email: mt.sierra@adeplusconsultores.com (marked for review)
II. Information about the Controller and Data Processing
Additional information on data processing must be provided to data subjects under the GDPR principle of transparency. CYTES BIOTECHNOLOGIES S.L. provides the following details:
| Processing Purpose | Objective of Processing | Retention Period |
| Medical Records | Statistical, historical or scientific purposes; clinical history; epidemiological research and related activities. | For statistical, historical or scientific purposes: no fixed term, retained as long as processed exclusively for such purposes under appropriate technical and organisational measures. For clinical records: retained as required by applicable law. |
| Web Form | Client, accounting, tax, and administrative management. | Clients 5 yrs • Accounting 6 yrs • Tax 4 yrs • Admin 5 yrs |
| Curricula Vitae | Client, accounting, tax, administrative, and HR management. | Clients 6 yrs • Accounting 5 yrs • HR 4 yrs |
| Clients | Client, accounting, tax, and administrative management. | Accounting & tax records 4–5 yrs per law |
| Suppliers | Client, accounting, tax, and administrative management. | Clients 5 yrs • Accounting 6 yrs |
| Human Resources | Payroll, HR, accounting, tax, and admin management. | Payroll 4 yrs • HR 6 yrs after employment end |
Lawful Basis for Processing
| Data Category | Legal Basis |
| Medical Records | Performance of a health-care contract |
| Web Forms | Explicit consent of the data subject |
| Curricula Vitae | Explicit consent of the data subject |
| Clients | Performance of a service contract |
| Suppliers | Performance of a purchase/supply contract |
| Human Resources | Performance of an employment or service contract |
Data Recipients and International Transfers
| Data Category | Possible Disclosures | International Transfers |
| Medical Records | Competent public authorities | No |
| Web Forms | None anticipated | No |
| Curricula Vitae | None anticipated | No |
| Clients | None anticipated | No |
| Suppliers | None anticipated | No |
| Human Resources | Competent public authorities | No |
Rights of Data Subjects
Every person has the right to obtain confirmation as to whether CYTES BIOTECHNOLOGIES S.L. processes personal data concerning them.
Data subjects have the right to access their personal data, request rectification of inaccurate data, or request erasure where, among other reasons, the data are no longer necessary for the purposes collected.
They may also request restriction of processing or object to it, in which case CYTES BIOTECHNOLOGIES S.L. will only keep the data for legal or claim-defence purposes.
Where applicable and technically feasible, data subjects may request data portability to another controller.
To exercise these rights, a written request should be sent to:
CYTES BIOTECHNOLOGIES S.L., C/ Gaspar Méndez 3, Oficina 3 (Entreplanta), 06011 Badajoz, Spain, or via email to mt.sierra@adeplusconsultores.com (attach copy of ID).
III. Principles Applicable to Data Processing
CYTES BIOTECHNOLOGIES S.L. shall ensure compliance with the following principles:
- Lawfulness, fairness, transparency and purpose limitation
- Data minimisation – only data adequate, relevant, and limited to what is necessary will be processed.
- Accuracy – data must be accurate and up to date.
- Storage limitation – data kept no longer than necessary.
- Integrity and confidentiality – appropriate security against unauthorised or unlawful processing, loss or damage.
- Prohibition of illegitimate data acquisition – no personal data may be purchased or obtained from unlawful sources.
- Processor selection – only suppliers providing adequate technical and organisational guarantees will be engaged under written contract.
- International data transfers – only under strict compliance with GDPR requirements.
- Rights of data subjects – organisation will facilitate the exercise of access, rectification, erasure, restriction, objection, and portability.
CYTES BIOTECHNOLOGIES S.L. will ensure these principles are embedded in all work procedures, products, contracts, and systems involving personal-data processing.
IV. Children’s Personal Data
Only persons aged 14 or older may validly consent to personal-data processing by CYTES BIOTECHNOLOGIES S.L.
If the individual is under 14, parental or guardian consent is required; processing will only be lawful to that extent.
V. Confidentiality and Data Security
CYTES BIOTECHNOLOGIES S.L. undertakes to notify the user without undue delay of any personal-data security breach likely to pose a high risk to their rights and freedoms.
Personal data shall be treated as confidential by the controller, who will ensure that confidentiality is respected by employees, associates, and any person granted access to such information.
VI. Staff Commitment
Employees of CYTES BIOTECHNOLOGIES S.L. acknowledge that personal information is an organisational asset and commit to:
- Completing the data-protection awareness training provided.
- Applying user-level security measures corresponding to their role.
- Using established formats for exercising data-subject rights.
- Immediately reporting any deviation or “personal-data breach” using the established form.
VII. Control and Evaluation
CYTES BIOTECHNOLOGIES S.L. shall carry out periodic verification, evaluation, and assessment—at least annually or whenever significant changes occur—to ensure the effectiveness of technical and organisational measures guaranteeing processing security.
