Privacy Policy and General Conditions

Previous recommendation.

Welcome to the David Saldaña Garrido website, please read our Privacy Policy.

In this privacy statement we explain what personal data we collect from users and how it is used. We encourage you to read these terms carefully before providing personal data on this website. Those over thirteen years of age may register on as users without the prior consent of their parents or guardians.

In the case of minors under thirteen years of age, the consent of their parents or guardians is required for the processing of their personal data.

Our website is protected by an SSL security certificate, your data is not visible over the internet.

In no case will data related to the professional, economic situation or the privacy of the other family members be collected from the minor, without their consent.

If you are under thirteen years of age and have accessed this website without notifying your parents, you should not register as a user.

On this website, the personal data of users is respected and cared for. As a user you should know that your rights are guaranteed.

Principles regarding your privacy:

  • We never ask for personal information unless it is really necessary to provide you with the services you require.
  • We never share my users’ personal information with anyone, except to comply with the law or in case we have your express authorization.
  • I never use your personal data for a purpose other than that expressed in this privacy policy.
  • It should be noted that this Privacy Policy could vary depending on legislative requirements or self-regulation, so users are advised to visit it periodically.
  • It will be applicable in the event that users decide to fill in a form on any of their contact forms where personal data is collected.

Dr. Saldaña ( has adapted this website to the requirements of Organic Law 15/1999, of December 13, Protection of Personal Data (LOPD), and Royal Decree 1720/2007, of December 21. December, known as the Development Regulation of the LOPD. It also complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons (RGPD), as well as Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSICE or LSSI).

Responsible for the processing of your personal data.

Identity of the person in charge: David Saldaña Garrido
Trade name: Dr. Saldana
NIF/CIF: 09307284N
Address: Heart of Mary, 2 – 28002 Madrid
Activity: Medical Services

For the purposes of the provisions of the aforementioned General Data Protection Regulation, the personal data that you send through the web forms will receive the data processing of “Web users and subscribers”.

Principles that apply to personal information.

In the processing of your personal data, we will apply the following principles that comply with the requirements of the new European data protection regulation:

  • Principle of legality, loyalty and transparency: We will always require your consent for the processing of your personal data for one or several specific purposes that we will inform you of in advance with absolute transparency.
  • Principle of data minimization: We will only request data that is strictly necessary in relation to the purposes for which I require it. The minimum possible.
  • Principle of limitation of the conservation period: the data will be kept for no longer than necessary for the purposes of the treatment, depending on the purpose, we will inform of the corresponding conservation period.
  • Principle of integrity and confidentiality: your data will be treated in such a way that adequate security of personal data is guaranteed and confidentiality is guaranteed.

How is your data obtained?

The personal data that I process in comes from:

  • Contact form.
  • Service request form.
  • Newsletter registration form.

What are your rights when you provide your data?

Anyone has the right to obtain confirmation as to whether or not at we are processing their personal data.

Interested persons have the right to:

  • Request access to personal data relating to the interested party.
  • Request its rectification or deletion.
  • Request the limitation of your treatment.
  • Oppose the treatment.
  • Request data portability.

Interested parties may access their personal data,as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.

In certain circumstances and for reasons related to their particular situation, the interested parties may oppose the processing of their data.

Dr. Saldaña will stop processing the data, except for legitimate reasons when:

  • The treatment is based on consent.
  • The data has been provided by the interested party.
  • The treatment is carried out by automated means.

By exercising your right to data portability, you will have the right to have personal data transmitted directly from controller to controller when technically possible.

For what purpose do we process your personal data?

When a user connects to this website, they are providing personal information for which Dr. Saldaña is responsible. That information may include personal data such as your IP address, name, physical address, email address, phone number, and other information. By providing this information, the user gives their consent for their information to be collected, used, managed and stored by, only as described in the Legal Notice and in this Privacy Policy.

At Dr. Saldaña there are different systems for capturing personal information based on forms:

Contact form: I request the following personal information: Name, Email, telephone to respond to the requirements of the users of

Newsletter subscription form: In this case, we request the following personal information: Name, Email, to manage the subscription list, send newsletters, promotions and special offers, provided by the user when subscribing. The data will be located on MailChimp servers outside the EU in the US. MailChimp is covered by the EU-US Privacy Shield agreement, whose information is available here, approved by the European Committee for Data Protection.

Service request form: We request the following personal information: Name, Email, telephone to request any of the services that makes available to its users. The information collected will allow you to request the corresponding service for a possible offline processing. Requests will be answered by email.

Other purposes of personal data processing:

To ensure compliance with the terms of use and applicable law. This may include the development of tools and algorithms that help this website to guarantee the confidentiality of the personal data it collects.

To support and improve the services offered by this website.

Other non-identifying data obtained through some cookies that are downloaded to the user’s computer when browsing this website, which is detailed in the cookie policy, is also collected.
To manage social networks. Dr. Saldaña may have a presence on social networks.

The treatment of the data that is carried out of the people who become followers in the social networks of the official pages of, will be governed by this section. As well as those conditions of use, privacy policies and access regulations that belong to the social network that proceeds in each case and previously accepted by the user of David Saldaña Garrido.

It will process your data for the purposes of correctly managing your presence on the social network, reporting on activities, products or services of Dr. Saldaña. As well as for any other purpose that the regulations of social networks allow.

In no case will I use the profiles of followers on social networks to send advertising individually.

In accordance with the provisions of the European data protection general regulation (RGPD) 2016/679, David Saldaña Garrido (Dr. Saldaña) will be responsible for the processing of data corresponding to web users and subscribers.

Dr. Saldaña does not sell, rent or transfer personal data that can identify the user, nor will it do so in the future, to third parties without prior consent. However, in some cases collaborations with other professionals can be carried out, in these cases, consent will be required from the users informing about the identity of the collaborator and the purpose of the collaboration. It will always be carried out with the strictest security standards.

Legitimation for the processing of your data.

The legal basis for the processing of your data is: the consent.

To contact or make comments on this website, consent is required with this privacy policy.

The prospective or commercial offer of products and services is based on the consent that is requested, without in any case the withdrawal of this consent conditioning the execution of the subscription contract.

Category of data collected.

The categories of data that are processed are identifying data.

In no case are specially protected or sensitive data categories processed.

How long do we keep your data?

The personal data provided is kept until the end of the purpose for which it is processed or as long as there is a legal obligation to keep it.

To whom will your data be communicated?

To provide services strictly necessary for the development of the activity, shares data with the following providers under their corresponding privacy conditions:

Google Analytics: A web analytics service provided by Google, Inc., a Delaware company whose main office is at 1600 Amphitheater Parkway, Mountain View (California), CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files located on your computer, to help analyze the use made by users of the website. The information generated by the cookie about your use of (including your IP address) will be directly transmitted and archived by Google on servers in the United States.

Hosting: Strato, domiciled in Germany, treats the data in order to carry out its hosting services and backup copies where the files of our applications and David Saldaña Garrido hard drives are stored.

The security protocols applied are the following:

Appendix 2 to the Data Processing Agreement: technical and organizational security measures according to art. 32 GDPR
version 1.0

1. Confidentiality (Article 32 (1) (b) GDPR)
1.1 Entry control
Unauthorized persons should be denied access to rooms containing data processing equipment.
Definition of security areas.
• Implementation of effective access protection.
• Access log.
• Determination of persons with access authorization.
• Management of personal access authorizations.
• Accompaniment of external personnel.
• Monitoring of the rooms.

1.2 Login control
The use of data processing systems by unauthorized persons must be avoided.
• Determination of the protection requirement.
• Login protection
• Implementation of secure login procedures, strong authentication
• Implementation of simple authentication by username password
• Login record
• Monitoring of critical IT systems.
• Secure (encrypted) transmission of authentication secrets
• Lockout on failed attempts / inactivity and process to reset locked login ids
• Prohibit memory function for passwords and/or form entry (server/clients)
• Determination of authorized persons.
• Management and documentation of means of personal authentication and login permissions.
• Auto login lockout and manual login lockout

1.3 Access control
Only data for which access is authorized can be accessed. The data may not be read, copied, altered or deleted without authorization during processing, use and after storage.
• Create a concept of authorization
• Implementation of access restrictions.
• Assignment of minimum authorizations.
• Administration and documentation of personal access rights.
• Avoid concentration of roles.

1.4 Control of use
It must be ensured that data collected for different purposes can be processed separately.
• Data economy in the management of personal data.
• Separate processing of different data sets.
• Verification and removal of the purpose of regular use
• Separation of test and development environment.

1.5 Privacy Friendly Presets
• If data is not required to achieve the intended purpose, the default technical settings will be set in such a way that the data will only be collected, processed, transmitted or published by an action of the data subject.

2. Integrity (Article 32 (1) (b) GDPR)
2.1 Transfer control
The purpose of transfer control is to ensure that personal data cannot be read, copied, altered or deleted during electronic transmission or during transport or storage on data carriers, and that it is possible to verify and determine where the data is provided. personal information. through data transmission.
• Determination of instances / peReceiving / Transferring Persons
• Examination of the legality of the transfer abroad.
• Registration of transmissions according to the registration concept.
• Secure data transfer between server and client.
• Backup of the transmission in the backend
• Secure transmission to external systems.
• Minimization of risks through the separation of the network.
• Implementation of security gateways at network transfer points.
• Hardening of backend systems.
• Description of the interfaces.
• Implementation of machine-machine authentication
• Secure data storage, including backup copies.
• Secure storage on mobile data carriers.
• Introduction of a disk management process.
• Collection and disposal process.
• Privacy-compliant disposal and destruction procedures.
• Management of deletion records.

2.2 Entry control
The purpose of the input control is to ensure that it can be verified and subsequently verified whether personal data has been entered, modified or deleted in the data processing systems.
• Registration of entries.
• Documentation of entry permits.

3. Availability, resistance, disaster recovery.
3.1 Availability and resilience (Article 32 (1) (b) GDPR)
• fire protection
• Primary technology redundancy.
• Redundancy of the power supply.
• Redundancy of communication connections.
• Supervision
• Planning and deployment of resources.
• Defense against systemic abuse.
• Concepts and implementation of data backup
• Periodic control of emergency facilities.

3.2 Disaster recovery: rapid recovery after the incident (article 32 (1) (c) GDPR)
• Emergency plan
• Concepts and implementation of data backup

4. Data Protection Organization.
• Definition of responsibilities.
• Implementation and control of adequate processes.
• Notification and approval process.
• Implementation of training measures.
• Commitment to confidentiality.
• Regulations for the internal distribution of tasks.
• Consideration of separation of roles and assignment
• Introduction of a suitable representative scheme.

5. Control of orders
The purpose of order control is to ensure that personal data processed as part of the order can only be processed in accordance with the customer’s instructions.
• Selection of other processors for adequate guarantees.
• Conclusion of a data processing agreement with other processors.
• Conclusion of a data processing agreement with LOADING

6. Procedure for regular review, evaluation and evaluation (Article 32 (1) (d) of the GDPR, Article 25 (1) of the GDPR)
• Information security management according to ISO 27001.
• Evaluation process of technical and organizational measures.
• Security incident management process.
• Realization of technical revisions.


When browsing non-identifiable data may be collected, which may include IP addresses, geographic location (approximately), a record of how the services and sites are used, and other data that cannot be used to identify the user. Among the non-identifying data are also those related to your browsing habits through third-party services. This website uses the following third-party analysis services:

Google analytics.

We use this information to analyze trends, administer the site, track users’ movements around the site, and to gather demographic information about my user base as a whole.

Secret and data security. is committed to the use and treatment of the personal data of the users, respecting their confidentiality and to use them in accordance with the purpose of the same, as well as to comply with their obligation to save them and adapt all the measures to avoid the alteration, loss, treatment or unauthorized access, in accordance with the provisions of current data protection regulations.

This website includes an SSL certificate. It is a security protocol that ensures that your data travels in an integral and secure manner, that is, the transmission of data between a server and a web user, and in feedback, is fully encrypted or encrypted. cannot guarantee the absolute impregnability of the Internet network and therefore the violation of data through fraudulent access to them by third parties.

Regarding the confidentiality of the processing, David Saldaña Garrido will ensure that any person who is authorized by Dr. Saldaña to process the client’s data (including his staff, collaborators and providers), will be under the appropriate obligation of confidentiality and complycompliance with GDPR (either a contractual or legal duty).

When a security incident occurs that puts the rights of clients at risk, upon realizing Dr. Saldaña, he will notify the Client and the AEPD in less than 72 hours without undue delay and must provide timely information related to the Security Incident such as known or when reasonably requested by the Client.

Risk Analysis Report for data processing.

This risk report is updated every time we have to process the data of our clients, establishing the appropriate corrective measures:

  • The processing of data that we carry out does not include profiling.
  • The automated processing of data that we carry out does not carry the risk of loss of rights, legal consequences or discrimination of the user.
  • We do not monitor those who provide us with their data.
  • We do not process particularly sensitive data or those of vulnerable people.
  • We do not apply any type of technology to the data that carries the risk of loss of rights or prevents access to a contracted service.

Identified risks and control measures we take

  • Unintentional modification or alteration of personal data: There is no access to data by third parties locally, the computer where the data is stored is protected by an antivirus system and Firewall to prevent unwanted attacks.
  • Intentional loss or deletion of personal data: A backup copy of the data is stored at Strato AG, our hosting company.
  • Unauthorized access to personal data: No one in the company has access to personal data except the person in charge of treatment, who is the administrator of the company.
  • Absence of procedures for the exercise of rights: We publish in our online media the way in which the user can exercise their rights regarding the data.
  • Lack of legitimacy for the processing of personal data: We include the informative clauses of the purpose and request express consent.


Accuracy and veracity of the data.

As a user, you are solely responsible for the veracity and correctness of the data you send to our website, exonerating David Saldaña Garrido (Dr. Saldaña), from any responsibility in this regard.

Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the contact or subscription form.

Acceptance and consent.

The user declares to have been informed of the conditions on the protection of personal data, accepting and consenting to the treatment thereof by David Saldaña Garrido (Dr. Saldaña) in the manner and for the purposes indicated in this privacy policy.


The consent given, both for the treatment and for the transfer of the data of the interested parties, is revocable at any time by communicating it to David Saldaña Garrido (Dr. Saldaña) in the terms established in this Policy for the exercise of rights. This revocation will in no case be retroactive.

Changes in the privacy policy.

David Saldaña Garrido reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as industry practices. In such cases, David Saldaña Garrido will announce on this page the changes introduced with reasonable anticipation of their implementation.


In accordance with the LSSICE, our website does not carry out SPAM practices, so it does not send commercial emails that have not been previously requested or authorized by the user. Consequently, in each of the forms on the web, the user has the possibility of giving their express consent to receive the newsletter, regardless of the commercial information promptly requested.

The email servers used by Dr. Saldaña use SSL security protocols and their contents always travel encrypted over the network.

In accordance with the provisions of Law 34/2002 on Services of the Information Society and electronic commerce, undertakes not to send communications of a commercial nature without properly identifying them.

Document reviewed on 11-10-2022