PRIVACY POLICY

www.dralorenacastillo.com (hereinafter, the “Website”)

This Privacy Policy is adapted to current Spanish and European legislation on the protection of personal data on the internet. In particular, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

  • Royal Decree 1720/2007, of 21 December, approving the Regulation implementing Organic Law 15/1999 on the Protection of Personal Data (RDLOPD).

  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

Data Controller

Lorena Castillo Campillo
Tax ID (NIF): 24366781Y
Registration number at the Official College of Physicians of Barcelona (COMB): 36918
Registered address: Carrer dels Garrofers 36, 4º 1ª, 08016 Barcelona

Email: info@dralorenacastillo.com

Principles governing the processing of personal data

The processing of the User’s personal data will be carried out in accordance with the principles set out in Article 5 of the GDPR and Article 4 et seq. of Organic Law 3/2018:

  • Lawfulness, fairness and transparency: consent will always be required and the User will be informed clearly and transparently about the purposes of the processing.

  • Purpose limitation: data will be collected for specific, explicit and legitimate purposes.

  • Data minimisation: only the data strictly necessary for the purposes pursued will be processed.

  • Accuracy: data must be accurate and kept up to date.

  • Storage limitation: data will be kept only for as long as is strictly necessary.

  • Integrity and confidentiality: data will be processed in a manner that ensures security and confidentiality.

  • Accountability: the Controller will be responsible for compliance with these principles.

Categories of personal data

The categories of data processed through the Website are limited to identification data only.
No special categories of personal data are processed within the meaning of Article 9 of the GDPR.

1. Purpose of the data processing

The personal data provided through the contact form will be processed for the following purposes:

  • To respond to requests for information regarding the professional services offered (in-person consultation and online consultation).

  • To contact the User to arrange an appointment.

  • To manage communications relating to the submitted request (e.g. appointment confirmation, changes, reminders).

  • To comply with legal obligations arising from the provision of healthcare services.

2. Legal basis for processing

The legal basis for processing personal data is:

  • The User’s explicit consent, granted by ticking the corresponding box when submitting the contact form.

  • The execution of pre-contractual measures (appointment management) and contractual measures (healthcare service provision).

  • Compliance with legal obligations in the healthcare field.

3. Data processed

Only the data strictly necessary are requested:

  • Full name

  • Contact telephone number

  • Email address

These data are the minimum required to respond to the User’s query or appointment request.

4. Data retention

Personal data will be retained in a lawful and appropriate manner for the minimum time necessary for the purposes of the processing, or until the User requests their erasure, in accordance with applicable legislation.

5. Data recipients

Personal data will not be transferred to third parties for purposes other than those described, unless the User has granted prior consent.

Data may be communicated solely to:

  • Healthcare entities, professionals or insurers, when collaboration is necessary for service provision, and always with the User’s consent and in accordance with legislation.

  • Competent authorities, where a legal obligation exists.

6. International data transfers

No international transfers of personal data outside the European Economic Area are envisaged.
If such transfers were to occur, the User would be expressly informed and appropriate safeguards would be implemented.

7. Users’ Rights

The User may exercise the following rights at any time by contacting the Controller (Lorena Castillo Campillo) via email at info@dralorenacastillo.com or in writing to the postal address indicated above:

  • Right of access: to obtain confirmation as to whether or not personal data concerning them are being processed, and access such data and related information (Article 15.1 GDPR).

  • Right to rectification: to obtain without undue delay the rectification of inaccurate or incomplete data (Article 16 GDPR).

  • Right to erasure (“right to be forgotten”): to request the deletion of personal data when they are no longer necessary for the purposes for which they were collected, among other grounds (Article 17 GDPR).

  • Right to restriction of processing: to request the restriction of processing in specific circumstances, for example where accuracy is contested or processing is unlawful (Article 18 GDPR).

  • Right to data portability: to receive personal data in a structured, commonly used and machine-readable format, and to transmit them to another controller (Article 20 GDPR).

  • Right to object: to object, on grounds relating to their particular situation, to the processing of personal data, including profiling (Article 21 GDPR).

  • Right to withdraw consent: when the legal basis for processing is consent, the User may withdraw such consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

  • Right to lodge a complaint: with the Spanish Data Protection Agency (AEPD) if the User considers that their rights have not been respected.

8. Data security and confidentiality

Technical and organisational measures are implemented to ensure the security, confidentiality, and integrity of personal data, in accordance with the GDPR and the LOPDGDD.

Access to data is restricted to authorised personnel only, under the corresponding professional confidentiality obligations.

9. Minors

This form is not intended for minors.
If you are underage, please do not submit personal data without the consent of your legal guardians.

10. Changes to this Privacy Policy

The Controller reserves the right to amend this Privacy Policy in order to adapt it to legislative, jurisprudential or interpretative updates.
Any changes will be published on this page, indicating the date of the most recent update.

Last updated: 24 November 2025

In-person and online consultations

From 1 January 2026

(appointments now open)

Centro Médico Teknon

Consultorios 198-199

Carrer Vilana 12, 08022 Barcelona

Contact form

Email: info@dralorenacastillo.com

+34 612 345 678

Copyright © 2025. Lorena Castillo Campillo. Legal notice - Privacy policy - Cookie policy