Privacy policy

Privacy Policy. Protection of Personal Data according to the GDPR

GEMAPLAN, S.L., in compliance with current regulations regarding the protection of personal data, informs you that the personal data collected through this portal are included in the specific automated files of users of GEMAPLAN, S.L. services.

The collection and automated processing of personal data is intended to maintain the commercial relationship and to carry out information, training, advice and other activities specific to GEMAPLAN, S.L.

This data will only be transferred to those entities that are necessary for the sole purpose of fulfilling the purpose stated above.

GEMAPLAN, S.L. adopts the necessary measures to guarantee the security, integrity and confidentiality of data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the former LOPD, the new Organic Law 3/2018, of 5 December, on Data Protection and Guarantee of Digital Rights (LOPDGDD).

The user may at any time exercise their rights of access, objection, rectification, erasure, restriction of processing, and data portability recognized in the aforementioned Regulation (EU). These rights may be exercised by the user by sending an email to gdpr@gema-ai.com or by writing to: Rua Abobriga 22, C.P. 36393 - Sabarís-Baiona (Pontevedra), in which case we may request documentation to verify their identity if necessary.

Data Protection Officer contact details: GRUPO ATICO34 SL lopd-gdd@atico34.com

The user declares that all data provided by him is true and correct, and undertakes to keep it updated, communicating any changes to GEMAPLAN, S.L.

Purpose of processing personal data:

What is the purpose of processing your personal data?

At GEMAPLAN, S.L., we will process your personal data collected through this portal for the following purposes:

  1. To fulfill the company's commercial, labor, corporate, and accounting obligations.

  2. GEMA is a wellness application developed by GEMAPLAN S.L. that allows wellness specialists to create personalized virtual assistants for their clients or patients. These assistants use technology to identify, from the knowledge previously approved and uploaded by the specialist, the most appropriate information to answer their client's questions.

The purpose of this processing is to facilitate the specialist's digital delivery of pre-developed personal care plans and wellness content, with the aim of improving the continuity of the client experience outside of in-person sessions.

GEMA does not make diagnoses, interpret symptoms, or replace personalized professional advice; its responses are limited exclusively to information previously validated by the wellness specialist.

In this regard, it should be noted that GEMAPLAN S.L. acts as the data processor, while the specialist or professional who contracts our services is responsible for processing the personal data of their patients or clients managed through the software. will not process such data for its own purposes.

  1. For security or fraud prevention purposes.

  2. To send promotional information electronically.

  3. To provide the information requested by the user through any of the contact channels available on the website.

The fields in these forms are mandatory; it is impossible to fulfill the stated purposes if this information is not provided.

Please note that you can opt out of receiving marketing communications at any time and through any channel by sending an email to the address indicated above.

How long is the collected personal data kept?

The personal data you provide will be kept for as long as the business relationship is maintained or until you request its deletion, and for the period during which legal liabilities may arise from the services provided. We will also keep your data until you object to its processing.

Legal Basis for Processing:

Your data is processed on the following legal grounds:

  1. Compliance with legal obligations to fulfill the legal, tax, accounting, or administrative obligations applicable to GEMAPLAN, S.L.

  2. The request for information and/or the contracting of services from GEMAPLAN, S.L., the terms and conditions of which will be made available to you in all cases, prior to any potential contract.

  3. Your free, specific, informed, and unambiguous consent, as we are informing you by making this privacy policy available to you, which, after reading it, you can accept by means of a statement or a clear affirmative action, such as checking a box provided for this purpose.

  4. Legitimate interest in responding to the request and/or inquiry submitted through any of the enabled contact channels, as well as for fraud prevention and website security.

If you do not provide us with your data, or if you provide it incorrectly or incompletely, we will not be able to process your request, making it impossible to provide you with the requested information or to carry out the contracting of services.

Origin of the data and method of collection

The personal data we process has been provided directly by the wellness professional or specialist who has contracted our services. If you provide us with data belonging to other individuals, you guarantee that you have their express consent and that you have informed them of the contents of this Policy. Furthermore, you release us from any liability arising from a breach of this obligation.

Accuracy of Personal Data

If you do not provide your data, or if you provide it incorrectly or incompletely, we will be unable to process your request, making it impossible to provide you with the requested information or to contract the services.

The data subject guarantees that the data provided is truthful, accurate, complete, and up-to-date. You will inform us of any changes to the data provided through the channels indicated in the header of this policy.

International Data Transfers and Recipients:

We inform you that, as a result of the computing service provided by Google, your data will be transferred to service providers located outside the European Economic Area, specifically to Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California 94043 (USA). In this regard, we inform you that Google LLC adheres to the EU-US Data Privacy Framework (information available at: https://www.dataprivacyframework.gov/s/participant-search) and also has standard contractual clauses adopted by the European Commission.

Furthermore, international data transfers may occur as a result of the cloud infrastructure services provided by Amazon Web Services, Inc. (AWS). In the event of international data transfers outside the European Economic Area, these are carried out with appropriate safeguards, in accordance with the AWS Data Processing Addendum (DPA), which incorporates the Standard Contractual Clauses approved by the European Commission, ensuring a level of protection equivalent to that required by the GDPR. Further information on AWS's data protection compliance can be found at: https://aws.amazon.com/compliance/gdpr-center/

Additionally, for the provision of our services, GEMAPLAN S.L. uses the Airtable platform, operated by Formagrid Inc., as an intermediary tool for data management and automation. Since Formagrid Inc. is based in the United States, the use of its services may involve international data transfers outside the European Economic Area. These transfers are carried out with the appropriate safeguards provided for in Regulation (EU) 2016/679 (GDPR), pursuant to the Data Processing Addendum (DPA) signed with Formagrid Inc., which incorporates the Standard Contractual Clauses approved by the European Commission as a safeguard mechanism. Further information on Airtable's regulatory compliance and data protection measures can be found at: https://www.airtable.com/company/dpa

Data will not be disclosed to any other third party, except where required by law.

Not considered a medical device

According to Regulation (EU) 2017/745 on medical devices (MDR) and the European Commission's guidance MDCG 2019-11, GEMA does not meet the definition of "Medical Device Software" (MDSW) for the following reasons: Page 9: "...storage, archival, communication... simple search... or lossless compression." Pages 26-27: "Communication systems are normally based on software for general purposes, and do not fall within the definition of a medical device." Page 27: "Telemedicine that solely transfers and displays information for monitoring purposes without interpreting data does not qualify as a medical device." Application to GEMA: It does not diagnose or interpret symptoms; it only transmits and displays information pre-approved by the wellness specialist, and it does not modify or analyze personal data for medical purposes.

Artificial Intelligence

GEMA is a digital assistant powered by artificial intelligence, designed to help users resolve questions related to their wellness or personal care plan.

The data processing carried out by GEMA aims to provide users with personalized answers and guidance on the content of their plan, improving continuity of care and understanding of the plan outside of in-person sessions.

GEMA only accesses data and content previously uploaded and approved by the specialist or wellness professional, as well as data that the professional adds or updates.

The processing is based on the legitimate interest of the Data Controller (Art. 6.1.f GDPR) in providing an efficient and high-quality service, offering complementary digital support, while guaranteeing proportionality and respect for the rights of data subjects at all times.

Under no circumstances does GEMA perform medical diagnoses, interpret symptoms, or replace personalized professional advice.

GEMA uses natural language processing (AI) techniques to identify and present information about the wellness plan, but it does not make automated decisions that produce legal or significant effects on the individual (Art. 22 GDPR).

The system operates under human supervision, and its scope is limited to information validated by the professional.

In accordance with Regulation (EU) 2024/1689 on Artificial Intelligence, GEMA is classified as a limited-risk AI system, designed for interaction with natural persons.

Therefore, you are hereby clearly informed that you are interacting with an artificial intelligence system, and you may request the intervention of a human professional or a review of any information provided by the system at any time.

GEMA only accesses the data strictly necessary to provide its responses, taking into account the information provided by the specialist. The data is hosted on secure infrastructures managed by GEMAPLAN S.L., which acts as the data processor and applies the appropriate technical and organizational measures to guarantee its confidentiality, integrity and availability.

Data Collected by Users of the Services

In cases where the user uploads files containing personal data to shared hosting servers, GEMAPLAN, S.L. is not responsible for the user's failure to comply with the GDPR.

Intellectual Property Rights

GEMAPLAN, S.L. owns all copyrights, intellectual property rights, industrial property rights, know-how, and any other rights related to the content of this portal and the services offered herein, as well as the software necessary for its implementation and related information.

The reproduction, publication, and/or use of the content of this portal, in whole or in part, is not permitted without prior written consent, except for strictly private use.

Software Intellectual Property

The user must respect the third-party software made available by GEMAPLAN, S.L., even if it is free and/or publicly available.

GEMAPLAN, S.L. holds the necessary intellectual property and exploitation rights to the software.

The user does not acquire any rights or licenses to the software necessary for the provision of the service, nor to the technical information used to monitor the service, except for the rights and licenses necessary for the performance of the contracted services and only for the duration thereof.

For any action that exceeds the scope of the contract, the user will require written authorization from GEMAPLAN, S.L. The user is prohibited from accessing, modifying, or viewing the configuration, structure, and files of the servers owned by GEMAPLAN, S.L., and will assume civil and criminal liability for any incident that may occur on the servers and security systems as a direct result of negligent or malicious actions on their part.

Intellectual Property Rights of Hosted Content

Any use contrary to intellectual property law of the services provided by GEMAPLAN, S.L. is prohibited, and in particular:

  1. Any use that violates Spanish law or infringes the rights of third parties.

  2. The publication or transmission of any content that, in the opinion of GEMAPLAN, S.L., is violent, obscene, abusive, illegal, racist, xenophobic, or defamatory.

  3. Cracks, software serial numbers, or any other content that infringes the intellectual property rights of third parties.

  4. The collection and/or use of personal data of other users without their express consent or in violation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

  5. The use of the domain's mail server and email addresses for sending unsolicited bulk email is prohibited.

The user is fully responsible for the content of their website, the information transmitted and stored, hypertext links, third-party claims, and legal actions related to intellectual property, third-party rights, and the protection of minors.

The user is responsible for complying with all applicable laws and regulations, including those related to the operation of the online service, e-commerce, copyright, maintenance of public order, and universal principles of internet use.

The user will indemnify GEMAPLAN, S.L. for any expenses incurred by GEMAPLAN, S.L. as a result of any legal action for which the user is responsible, including legal fees and defense costs, even in the case of a non-final court decision.

Data Protection

GEMAPLAN, S.L. performs backups of the content hosted on its servers; however, it is not responsible for the loss or accidental deletion of data by users. Likewise, it does not guarantee the complete restoration of data deleted by users, as said data may have been deleted and/or modified during the time elapsed since the last backup.

The services offered, except for specific backup services, do not include the restoration of content stored in backups performed by GEMAPLAN, S.L., when this loss is attributable to the user. In this case, a fee will be determined according to the complexity and volume of the recovery, always subject to prior acceptance by the user.

Data restoration is only included in the service price when the loss of content is due to causes attributable to GEMAPLAN, S.L.

Commercial Communications

In compliance with the LSSI (Law on Information Society Services and Electronic Commerce), GEMAPLAN, S.L. will not send advertising or promotional communications by email or other equivalent electronic means unless they have been previously requested or expressly authorized by the recipients.

In the case of users with whom there is a prior contractual relationship, GEMAPLAN, S.L. is authorized to send commercial communications regarding GEMAPLAN, S.L. products or services that are similar to those initially contracted by the client.

In any case, after verifying their identity, users may request that they no longer receive commercial information through the Customer Service channels.




‹ Cookie policy