PRIVACY NOTICE

Privacy notice - Videosurveillance and access control (Spain)

1. Who is/are the data controller/s?

The data controller is the Grifols' group company responsible of ensuring the access and security of the premises, assets and persons whose identity and contact details are available here ("Grifols").

2. Who is the data protection officer of Grifols and how can you contact him/her?

The data protection officer acts as interlocutor between Grifols and you in order to ensure Grifols' compliance with the data protection legislation and guarantee your rights under such legislation. You may contact the data protection officer at dpo@grifols.com.

3. For which purposes does Grifols process the personal data?

Grifols processes the personal data to guarantee the security of the premises, assets and persons and, if applicable, to investigate any possible incidents occurring in the premises. Grifols may process your data by establishing visitors' access control to the premises and/or other vigilance systems, such as videosurveillance cameras.

4. Which is/are the lawful basis/bases to process the personal data?

The legal basis to process the personal data is the legitimate interest of Grifols and third parties to access the personal data in order to guarantee the security of the persons and assets in the premises and to investigate, evidence and defend from any acts against assets, premises and the honour of persons.

We consider that the legitimate interest in which Grifols bases the processing of personal data overrides data subjects' fundamental rights and freedoms, given that the processing is part of the daily and administrative management of a multinational group of companies. In any case, you may exercise your right to object by addressing such request to privacy@grifols.com.

5. How long does Grifols retain the personal data?

Grifols only retains the personal data during the period required by the local legislation, unless it is needed to investigate, evidence and defend against the commission of illegal acts,

6. With whom does Grifols share the personal data?

Grifols does not share the personal data with third parties, unless to comply with legal obligations or if an illegal act has been recorded, in which case these may be made available to courts, public administrations, law enforcement or any other competent authorities. Grifols may also share the personal data with Grifols' group companies or interested third parties in order to investigate an illegal act and, if applicable, to establish, exercise or defend from appropriate actions or claims.

Grifols will also share personal data with product and service providers during the ordinary course of the activities detailed in Section 3.

7. Which are your data protection rights?

Right Content
Access You may request confirmation as to whether or not your personal data is being processed and, if so, you can obtain access to your personal data included in Grifols' files.
Rectification You may request the rectification of your personal data if this is inaccurate.
Erasure You may request that your personal data is erased.
Objection You may request that your personal data is not processed in specific circumstances.
Portability You may request receiving, in an electronic file, the personal data that you provided Grifols, as well as the right to transmit it to other parties.
Restriction of processing You may request a restriction on how personal data is processed when:
  • the accuracy of your personal data is being verified after you have contested its accuracy.
  • processing of your personal data is unlawful and you oppose to its erasure.
  • Grifols does no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
  • you have objected to the processing for the performance of a task carried out in the public interest or necessary for the purposes of a legitimate interest, whilst it is being verified whether the legitimate grounds of Grifols override yours.


You may exercise, when appropriate, your data protection rights by sending Grifols a written communication using the relevant address detailed here indicating as subject matter of the communication "Videosurveillance/Access Control". For these purposes, Grifols may request a copy of your ID card/passport in force or any other valid document evidencing your identity.

When the processing of personal data (images) is made through videosurveillance systems, the rights of rectification and portability are not applicable and the right of restriction of processing applies with certain nuances.

In addition, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) or with any other data protection authority.

Last update: April 2020