Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation
    • GP-023 Change control management
    • GP-050 Data Protection
      • Deprecated
      • R-050-001 Record of Processing Activities (ROPA)
      • R-050-001 Compliance statement 2024
      • R-050-003 Data access key
      • R-050-004 Controllers, processors and subprocessors
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • Records
  • Records
  • GP-050 Data Protection
  • R-050-004 Controllers, processors and subprocessors

R-050-004 Controllers, processors and subprocessors

  • Comes from: template T-050-004 Controllers, processors and subprocessors

Purpose​

In accordance with article 30.2 of Regulation (EU) 2016/679, of April 27, 2016 (GDPR), we must create and keep updated a registry of the treatment activities carried out under our responsibility. To that effect, we conduct a formal, documented, comprehensive and accurate record of processing activities based on a data mapping exercise that is reviewed regularly.

Processors​

Data processors are third-party companies that handle personal data according to the instructions provided by us, the data controller. They perform this processing on our behalf, under our direct authority.

The processors of the data that we process as controllers are:

Company nameIDProcessing activityDescription
Audens Legal, S.L.P.B85808954All (they are our DPO)DPO
Amazon Web Services EMEA SARLB186284PA-005 PR API, PA-011, PA-006 PR Web app, PA-011 CO Fine tuningCloud provider
Coben Business Group, SLB02875094PA-002 CO Employees, PA-008 CO SalesFinancial advisors
LAWESOME LEGAL SERVICESB95716486PA-002 CO Employees, PA-008 CO SalesGeneral law inquiries, usually about contracts
Everyday Software, SLB66854530PA-002 CO Employees, PA-003 CO Internships, PA-004 CO WorkhoursSuppliers of platform to manage human resources
HubSpot, Inc-PA-008 CO SalesSuppliers of CRM
LinkedIn Ireland Unlimited CompanyIE9740425PPA-010 CO Inbound marketingSuppliers of platform to interact with customers
Holded Technologies SLB66543778PA-008 CO SalesSuppliers of platform for financial management
Slack-PA-002 CO EmployeesSuppliers of internal messaging platform for employees
Google Spain, S.L.U.B63272603PA-002 CO Employees, PA-008 CO SalesSuppliers of platform for documenta management

Controllers​

Data controllers are entities on whose behalf we process personal data. They define the means and purposes of data processing, and we act as data processors under their instruction.

The controllers whose data we process as processors are:

Company nameIDProcessing activity
Instituto de Investigación Sanitaria Biocruces BizkaiaB186284PA-006 PR Web app
Clínica Dermatológica Dra Garay14924711BPA-006 PR Web app
Área Dermatológica Iderma SLB65713836PA-006 PR Web app
Elche Crevillente Salud, SAUA97858633PA-006 PR Web app
Torrejón Salud, SAA85740595PA-006 PR Web app
Hospital Universitario Puerta de HierroQ2877005EPA-006 PR Web app
Visiba Group AB556967-9813PA-005 PR API
DKV Servicios SAA99007205PA-005 PR API
H. U. San RoqueA35064658PA-006 PR Web app
Pierre Fabre SA662.006.170 12PA-005 PR API
Terapias Médicas Domiciliarias SLUB45395993PA-006 PR Web app
Cigna Life Insurance Company of EuropeW0021205JPA-005 PR API
Bella Aurora Labs Sa.A58303462PA-006 PR Web app
Lilly SAUA28058386PA-006 PR Web app
Boehringer Ingelheim España SAA08006470PA-005 PR API
Sanitas S.A de SegurosA28037042PA-005 PR API
Previous
R-050-003 Data access key
Next
GP-051 Security violations
  • Purpose
  • Processors
  • Controllers
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)