PRIVACY POLICY

Who is responsible for the processing of your data?

The responsible party for processing data related to the various procedures used in the management of website visitors, customers, and suppliers is SONA HEALTH, S.L, located at Calle Lope de Vega 6, 28014 Madrid, with VAT ID number B19461821. It is registered in the Commercial Registry of Madrid under entry number 1/2024/1467830,0, journal 2024, entry 8766, electronic page, IRUS 1000429709266, registration/note 1 with sheet M-833742.

For the purposes of our data protection policy, the contact email is legal@sonahealth.es

 

Data Protection Policy

The responsible party applies the principle of active responsibility in the processing of personal data, maintaining constant updates and promoting the continuous improvement of the data protection system according to legal requirements, ensuring at all times:

• Respect for the freedoms and fundamental rights of individuals
   
• That data is processed lawfully, fairly, and transparently
   
• That the processed data are accurate, adequate, relevant, and limited to the purposes for which they are collected
   
• That the purposes for which they are collected are explicit and legitimate and that they are not processed in a manner incompatible with these purposes
   

The purpose of this document is to inform users about what we do with their personal data, how it is collected, what it is used for, the rights they have, as well as all the necessary legal information required by current regulations.

 

Data Collected, Purpose, and Lawfulness

Data Collected and Accessed

Our application collects and processes the following types of data:

1. User Profile Information

• Name
• Email Address
• Contact Number
• Profile Picture (if uploaded)

2. Task & Activity Data

• Task Details (e.g., descriptions, assigned tasks, deadlines)
• Task Status (e.g., pending, completed, in progress)

3. Location Data (Collected via Google Maps API)

We collect and process location data under the following circumstances:

• Agent’s Current Location: Extracted using the Google Maps API to determine the agent’s real-time position.
• Task Completion Verification: The agent's live location is checked against the customer’s location to confirm whether the agent has arrived at the designated location for task completion.

4. Device Information

• IP Address
• Device Type & OS Version
• App Version

5. Log Data & Usage Analytics

• Time-stamped activity logs
• Interaction with app features
• Error reports and crash logs

 

Location Data Access & Usage

Our application accesses location data only with the user's explicit permission. The collected location data is used exclusively for the following purposes:

1. Task Verification – The app determines whether an agent has reached the customer’s location to mark tasks as completed.
2. Real-time Task Management – Supervisors can track active tasks and agents' progress in real-time.
3. Route Optimization (if applicable) – If enabled, the app may suggest optimal routes to the destination using Google Maps API.

Google Maps API Integration

• We use Google Maps API to collect and process location data.
• This data is used solely for verifying task completion and is not shared with unauthorized third parties.

Google may collect additional data as per its own Privacy Policy (refer to Google’s policies).

 

At SONA HEALTH, S.L, we process data provided by you to manage various activities related to sales, after-sales services, supplier management, service quality, etc. The personal data processed are those provided by users through forms available on this website and are the minimum required to send you information about our products/services, respond to queries, process orders, as well as to issue the corresponding invoices, inform about the status of orders, handle claims, and any other management derived from the provision of service carried out through this website, and send the information requested through the contact form on our website or any other means of contact with our company, provide both potential customers and our customers with product and service offers of interest, carry out the administrative, fiscal, and accounting management of our clients and/or suppliers, carry out the necessary procedures to comply with the obligations of the Money Laundering and Terrorist Financing Prevention, manage the rights of data subjects in relation to data protection, procedures related to contracting with customers, and manage relationships, advertising, and marketing with customers and potential customers.

We will not create commercial profiles based on the information provided and, therefore, we will not make automated decisions about you based on commercial profiles.

These purposes are based on legal principles of data processing collected by the current regulations: for the execution of a contract or the provision of a service to users, for the fulfillment of legal obligations, by the legitimate interest and with the consent of the users.

 

 

What kind of data do we have about you and how have we obtained them?

The categories of personal data that SONA HEALTH, S.L. processes about its customers and suppliers are:

• Identification data, postal or electronic addresses, commercial information, economic and transaction data, professional data, and data according to the regulations of Money Laundering and Terrorist Financing Prevention.
   

All the aforementioned data we have obtained directly from you through the submission of a contact form or through the submission of a commercial offer or contractual proposal, or through your company by providing us with identification data and other information necessary to fulfill the purpose of the relevant contractual relationship between the parties. In case of any change in the data, you or your company are required to provide us with an update.

 

 

How long will we keep your data?

The personal data of the individuals linked to potential clients, clients, and suppliers that SONA HEALTH, S.L. collects through the different contact forms and/or information collection will be retained as long as their deletion is not requested by the interested party. The personal data provided by our clients and suppliers will be retained as long as the commercial relationship between the parties is maintained, complying in all cases with the minimum legal conservation periods depending on the matter.

In any case, SONA HEALTH, S.L. will keep your personal data for a period of time that is reasonably necessary, taking into account our needs to respond to issues that may arise or to resolve problems, make improvements, activate new services, and meet the legal requirements applicable. This means that we may retain your personal data for a reasonable period of time even after you have stopped using our products or using this website. After this period, your personal data will be deleted from all systems of SONA HEALTH, S.L.

 

 

What is the legal basis for processing your data?

Below we summarize the legal basis for this data processing, according to its type:

• When data processing refers to accounting and billing management with clients and/or suppliers, the legal basis is the maintenance, development, and control of the contractual relationship between the parties.
   
• When data processing refers to tax management, such as the application of withholdings, deductions, etc., the legal basis is the maintenance, development, and control of the contractual relationship between the parties and compliance with legal obligations.
   
• When data processing refers to administrative procedures, such as logistics management, warehouse, customer deliveries, goods reception, etc., the legal basis is the maintenance, development, and control of the contractual relationship between the parties.
   
• When data processing is related to marketing, we carry out commercial actions regarding our products or services directed at our clients or anyone who has requested related information in the past, including conducting customer satisfaction surveys. In these cases, the legal basis is the free and unambiguous consent of the interested parties (potential clients), noting that in no case does the withdrawal of this consent affect the execution of any contract in force between the parties nor the legitimate interest of the company in promoting and marketing products or services similar to those purchased or requested by the interested parties in the past.
   
• When data processing refers to the management of the Money Laundering and Terrorist Financing Prevention, the legal basis is the free and unambiguous consent of the interested party and the legal obligation according to the laws and regulations applicable in the field of Money Laundering and Terrorist Financing Prevention.
   
• When data processing refers to the management of the rights of the data subjects in relation to data protection, the legal basis is the legal obligation according to the laws and regulations applicable in the field of data protection.
   
• When data processing refers to contracting with clients, the legal basis is the preparation of a private purchase contract and the subsequent commitment of both parties.
   
• When data processing refers to the management of relationships, advertising, and marketing by those responsible for processing with clients and potential clients, the legal basis is the legitimate interest of the data controller and the express consent of the interested party.
   

Regarding the mentioned legal basis, you are obliged to provide your personal data; if you do not, we will not be able to execute your contract nor comply with legal obligations or those derived from public authority.

 

 

Who will your data be shared with?

SONA HEALTH, S.L., as the data controller, will share the data provided with third parties with whom it has signed service provision agreements. These third parties, who are in charge of the processing, perform their functions in a regulated manner in agreements signed with SONA HEALTH, S.L., in which it is established in writing that the processor will only process the data according to the instructions issued by the data controller, that they will not apply or use it for a purpose other than that established in such agreement, nor share it, not even for preservation, with other people. We will never share personal data with any third-party company that intends to use it in its direct marketing actions, unless you have expressly authorized us to do so. Please note that we may provide your personal data to Government Bodies and competent authorities whenever SONA HEALTH, S.L. receives a judicial order from these authorities or whenever, acting in good faith, we believe that such action is reasonably necessary to comply with judicial processes, to respond to any claim or legal action, or to protect the rights of SONA HEALTH, S.L. or its clients or the public in general.

Also, your data may be shared with the Executive Service for the Prevention of Money Laundering (SEPBLAC) or with Government Bodies, by legal mandate, according to the applicable regulations in the field of Money Laundering and Terrorist Financing Prevention. Your personal data will not be transferred to third countries.

SONA HEALTH, S.L. may share your personal data with third parties (for example, Internet service providers that help us manage our website or carry out the contracted services, computer support and maintenance companies, logistics companies, administrative, fiscal, and accounting agencies, etc.). In any case, these third parties will maintain, at all times, the same security levels as SONA HEALTH, S.L. with respect to your personal data and, when necessary, will be bound by legal commitments to store your personal data privately and securely and to use the information only according to the specific instructions of SONA HEALTH, S.L.

Your personal data will not be communicated to third parties, except if such communication of data is covered under a legal obligation or when for the proper provision of the service or the execution of the contract it is necessary to communicate your data to third parties to be able to make the payment (payment gateways), as well as manage the deliveries of the products (carriers) such transfer being covered in the service needs. Payment through other payment gateways, we recommend to the user to read the privacy policy to understand how it handles personal information, for example:

• Redsys Servicios de Procesamiento, S.L. (“Redsys”), located at Francisco Sancha street, number 12, Madrid, with VAT ID number B-85955367, which fully complies with the current legislation on the protection of personal data and with the confidentiality commitments inherent in its activity. Redsys has adopted the necessary technical measures to maintain the required level of security. You can view their privacy policy at https://www.redsys.es/legal/20180223_politica_de_privacidad_web_publica_redsys.pdf
   

• PayPal (Europe) S.à.r.l. et Cie, S.C.A. (R.C.S. Luxembourg B 118 349), whose privacy policy establishes adequate security measures for the proper treatment of users' personal data. You can view their privacy policy at https://www.paypal.com/es/webapps/mpp/ua/privacy-full?locale.x=es_ES#1

 

What are your rights as an interested party?

You have the right to obtain confirmation whether SONA HEALTH, S.L. is processing your personal data (right of access) and you also have the right to rectify these data (right of rectification).

You have the right to request access to your personal data and to receive them in a commonly used and machine-readable format if the processing is carried out by electronic means (right to data portability).

You can request the restriction of the processing of your data (right to erasure), or under certain circumstances and for reasons related to your particular situation, you may exercise your right to object to the processing of your personal data (right to object).

SONA HEALTH, S.L. will cease processing the data, except for compelling legal reasons, or the exercise or defense of possible claims or in the exceptions provided in the applicable regulations.

Also, we inform you that you have the right to withdraw your consent at any time, without affecting the legality of the processing based on the consent prior to its withdrawal.

Also, we inform you that at any time you can exercise the aforementioned rights by sending an email to legal@sonahealth.es. You also have the right to file a complaint with the Spanish Data Protection Agency, especially when you have not obtained satisfaction in the exercise of your rights. Spanish Data Protection Agency C/ Jorge Juan, 6 28001 – Madrid Phone 901100099 / 912663517

In accordance with Regulation (EU) 2016/679, SONA HEALTH, S.L. informs you that your personal data will be processed under the legal basis and protection provided by your consent. By clicking the "SEND" button, you accept the processing of your personal data by SONA HEALTH, S.L. Also, we inform you that, unless legally obliged or expressly consented by you, SONA HEALTH, S.L. will not transfer your data to third parties.

We also inform you that at any time you can exercise the aforementioned rights of access, rectification or deletion of data, and assert the other rights recognized in this document and regulated in Regulation (EU) 2016/679, notifying SONA HEALTH, S.L. through legal@sonahealth.es. Furthermore, in accordance with the provisions of the Law on Information Society Services and Electronic Commerce 34/2002, of July 11, SONA HEALTH, S.L. will not send advertising by email without having previously obtained the explicit consent of the recipient. You can oppose the sending of advertising by marking the corresponding box.

 

Security Measures

The personal data provided by you to SONA HEALTH, S.L. may be stored in automated databases or not, of which it is the sole owner. SONA HEALTH, S.L. implements all the technical, organizational, and security measures that guarantee the confidentiality, integrity, and quality of the information contained in them, in accordance with the provisions of the applicable data protection regulations.

 

Processing of personal data of minors

In relation to the processing of data of minors under 14 years old, data will always be collected with the explicit consent of parents or legal guardians. Changes in our Privacy and Data Protection Policy SONA HEALTH, S.L. may, from time to time, make changes and corrections to this section on the Data Protection Policy for Web Visitors, Clients, and Suppliers. Please regularly check this section to refer to any changes that may have been made and how they affect you.

 

Data Protection Officer

The data protection officer is SONA HEALTH, SL. You can contact the officer at legal@sonahealth.es. The Data Protection Officer is responsible for ensuring compliance with data protection regulations, to resolve doubts about the privacy policy and to consult on the processing of personal data. Likewise, it is necessary to contact him to submit complaints related to the processing of personal data as well as to exercise the rights recognized to the data subjects regarding their personal data.

 

Why is it necessary to accept this Privacy and Data Protection Policy?

These conditions are governed at all times by the provisions of Spanish and European laws and regulations on the protection of personal data and privacy. This personal information will only be used for the purposes for which you have provided it or for those allowed by specific national or regional regulations. In any case, we inform you that any refusal on your part to provide certain requested data could hinder the execution of the contractual relationship between the parties with possible serious consequences at the time of providing the various services provided for in the commercial agreement signed with the contracting party. If you have any questions about this section of the Personal Data Protection Policy for Potential Clients, Clients, and Suppliers of SONA HEALTH, S.L., please contact the company through the provided email, and we will be happy to assist you and answer any additional questions you may have.

 

Applicable Laws and Regulations

These conditions are governed at all times by the provisions of Spanish and European laws and regulations on the protection of personal data and privacy.

 

Intellectual and Industrial Property

The design of the portal and its source codes, as well as the logos, trademarks, and other distinctive signs that appear on it belong to SONA HEALTH, S.L. and are protected by the corresponding intellectual and industrial property rights.

 

Content Liability

SONA HEALTH, S.L. is not responsible for the legality of other third-party websites from which the portal may be accessed. Nor is it responsible for the legality of other third-party websites that may be linked or linked from this portal.

SONA HEALTH, S.L. will not be responsible for the use that third parties make of the information published on the portal, nor for the damages suffered or economic losses that, directly or indirectly, produce or may produce economic, material, or data damage, caused by the use of such information.

 

Content Reproduction

In accordance with the Intellectual Property Law, the reproduction, distribution, and public communication of all or part of the contents of this website for commercial purposes on any medium and by any technical means are expressly prohibited without the authorization of SONA HEALTH, S.L.

 

Applicable Law

SONA HEALTH, S.L. reserves the right to file civil or criminal actions it deems necessary for the improper use of the Website and Content, or for breach of these conditions.

The relationship between the user and SONA HEALTH, S.L. will be governed by the current and applicable regulations in the national territory. Should any controversy arise concerning the interpretation and/or application of these conditions, the parties will submit the conflicts to ordinary jurisdiction, subjecting themselves to the Judges and Courts that correspond according to the law.

Also, we inform you that there is a procedure for free extrajudicial resolution of disputes accessible to all citizens, which is the online dispute resolution platform of the European Union, accessible through the following link https://ec.europa.eu/consumers/odr/main/?event=main.home2.show

 

Exercise of data protection rights

In accordance with the rights conferred by current legislation on the protection of personal data, the user may exercise the rights of access, rectification, limitation of processing, deletion, portability, and opposition to the processing of their data by directing their request to the postal address indicated or to the email leagl@sonahealth.es.

To exercise these rights, identification must be verified by presenting your ID. For any claim, you can contact the same email mentioned. You can also contact the Spanish Data Protection Agency: www.aepd.es.