Whistleblowing Channel Privacy Policy. Information on Personal Data Protection.

Data controller and data protection officer

The entity responsible for processing the personal data collected within the framework of the whistleblowing channel is MEDICAL SERVICE JIM SL, with registered office at Alameda Principal 21, 2nd floor, offices 4 and 5. CP 29001- Málaga, Spain. 

Contact: secretaria@medicalservice.care 

Data minimization and purpose of processing

The personal data collected through the reporting channel will be strictly and objectively limited to what is necessary to process the reports received and, where applicable, investigate the reported incidents. This data will be processed solely for this purpose and will not be used for any incompatible purposes.

Legal basis for legitimation

The legal basis for processing personal data collected through the whistleblowing channel is compliance with a legal obligation arising from Law 2/2023 of February 20, regulating the protection of individuals who report regulatory infringements and combating corruption (Article 6.1.c of EU Regulation 679/2016, the General Data Protection Regulation). The processing of special categories of personal data for reasons of general public interest may be carried out in accordance with Article 9.2.g of EU Regulation 679/2016, the General Data Protection Regulation.

Data recipients

Without prejudice to the processing by the Data Protection Officer of the reporting channel, the information contained in the report and any information gathered during its investigation may be communicated to the Data Protection Officer, the head of the entity's legal services, or the body responsible for processing any potential disciplinary proceedings. It may also be communicated, where appropriate, to the competent police or judicial authorities in the context of an investigation or for the exercise of legal action.

Storage period

The retention periods for personal data will be those established in Article 32 of Law 2/2023, of February 20, regulating the protection of persons who report regulatory infringements and the fight against corruption.

Exercise of rights

In any case, individuals whose data is collected within the framework of the reporting channel may exercise their rights of access, rectification, erasure, limitation, opposition and portability through the Exercise of Rights of Rectification, Erasure, Limitation, Portability or Opposition in relation to Personal Data, as well as to file a complaint with the competent supervisory authority.

Confidentiality of the complainant's identity

The complainant may choose to submit their complaint confidentially or anonymously. If an anonymous complaint is submitted, no personal data that could identify the complainant will be collected or processed.

If the complainant chooses to reveal their identity, it will be treated confidentially and will not be disclosed to any third parties unrelated to the processing of the complaint. Therefore, it is expressly stated that the right of access is limited to the complainant's own personal data. The complainant's identity will be kept confidential in all cases, and neither the accused nor any third parties will have access to the complainant's identifying information.

The identity of the complainant may only be communicated to the judicial authority, the Public Prosecutor's Office or the competent administrative authority within the framework of an investigation, with the safeguards contained in the applicable regulations.