Contact Us hello@drguillermoescobar.com

Privacy Policy – drguillermoescobar.com

At drguillermoescobar.com, we are committed to protecting the privacy of our patients and users. This Privacy Policy explains how we process personal data, particularly health data, which are considered special categories of data under the Regulation (EU) 2016/679 – GDPR, the Spanish Organic Law 3/2018 – LOPDGDD, and Law 41/2002 on Patient Autonomy.

1. Data Controller

Controller: Dr. Guillermo Escobar
Website: drguillermoescobar.com
Contact email: hello@drguillermoescobar.com
Medical center address: Calle Muñoz León 7, 41009 SEVILLE

2. Types of Personal Data Processed

a) Data provided by the user through the website

  • First and last name

  • Phone number and email address

  • Information submitted through contact or appointment request forms

  • Reason for the consultation (if voluntarily provided by the user)

b) Clinical and health data

Collected only during in-person or telemedicine medical care:

  • Medical history

  • Diagnoses

  • Examinations, tests, or medical reports

  • Treatments prescribed

  • Clinical progress

These data are never collected automatically through the website; only if the patient provides them voluntarily or during medical care.

c) Browsing data

  • IP address

  • Technical or analytical cookies

  • Website browsing activity

(See the Cookie Policy)

3. Purposes of Data Processing

Within the website

  1. Managing information or appointment requests.

  2. Responding to messages sent through forms or via email.

  3. Improving the user experience and website security.

Within medical care (if applicable)

  1. Providing medical care, diagnostics, and treatment.

  2. Managing the patient’s medical record in accordance with Law 41/2002.

  3. Fulfilling administrative, legal, or medical billing obligations.

Health data will never be used for marketing or commercial purposes.

4. Legal Basis for Processing

Data processing is based on:

  • Informed consent of the user when submitting forms or contacting us.

  • Contractual or pre-contractual relationship for appointment management or medical services.

  • Compliance with legal obligations in the healthcare field.

  • Public interest in the area of public health (Article 9.2.h GDPR).

  • Legal obligation to maintain the medical record.

Health data are processed under strict confidentiality and enhanced protection measures.

5. Data Retention

  • Data received through the website: retained only for as long as necessary to manage the request or enquiry.

  • Medical records: retained for a minimum of 5 years from the date of the last healthcare service, according to Law 41/2002 and applicable regional regulations.

After these periods, the data will be securely blocked or deleted.

6. Data Recipients

Data may only be communicated to:

  • Healthcare entities or professionals strictly necessary for medical care.

  • Health insurance companies (if requested or authorized by the patient).

  • Public authorities when legally required.

  • Technological service providers (hosting, medical software, email) with GDPR-compliant data processing agreements.

Personal or health data will never be sold to third parties.

7. International Data Transfers

No international data transfers are made unless required by certain technological services (e.g., email servers or cloud-based software).
In such cases, Standard Contractual Clauses or equivalent safeguards will be applied.

8. Rights of the Patient or User

You may exercise the following rights:

  • Access

  • Rectification

  • Erasure

  • Restriction

  • Objection

  • Data portability

  • Withdrawal of consent

To exercise these rights:
Email: hello@drguillermoescobar.com
Subject: “Data Protection”

For clinical data, requests will be processed in accordance with Law 41/2002 on access to medical records.

You may also lodge a complaint with the Spanish Data Protection Agency (AEPD).

9. Data Security

We apply technical and organizational measures specifically designed to protect health data, including:

  • Encryption and secure protocols (SSL/HTTPS)

  • Access control systems

  • Secure backup systems

  • Reinforced confidentiality obligations for medical staff

  • Secure medical record storage

Although no system is completely infallible, we apply best-practice standards to ensure maximum protection.

10. Medical Confidentiality

All medical staff are bound by the duty of professional secrecy, which remains in force even after the end of the healthcare relationship, in accordance with Law 41/2002.

11. Links to Third-Party Sites

If the website contains links to external pages, we are not responsible for their content or their privacy policies. We recommend reviewing them carefully.

12. Changes to the Privacy Policy

This policy may be updated when necessary. The date of the latest update will be indicated.
Continued use of the website implies acceptance of any changes.

Privacy Preference Center

Privacy Preferences

Privacy Policy

Required
You have read and agree to our Privacy Policy

Google Universal Analytics

We use Google Analytics to monitor the request rate.