GDPR · LOPDGDD · EU 2016/679

Privacy Policy.

At Farmacia Vegas we process your personal data with the care they deserve. This document explains what data we collect, why, for how long, and which rights you have. If anything is unclear, write to farmavegas@gmail.com.

1 · Data controller

The personal data you share with us are held under the responsibility of:

  • Owner: Farmacia Vegas — Ldo. Fernando Vegas García.
  • Tax ID (NIF): 53531199X.
  • Address: Av. Schulz, 40, 42, 33208 Gijón, Asturias, Spain.
  • Email: farmavegas@gmail.com.
  • Phone: +34 985 386 425.

2 · Data we collect

We only collect the data needed to serve you. Depending on the channel, this may include:

  • Web contact form: name, email, phone (optional) and the content of your message.
  • In-pharmacy service: identifying data and strictly necessary health data for dispensing, MDS (weekly pill organisers) or compounded formulas, processed under professional medical secrecy.
  • Hair / biochemical tests: results and clinical notes of the consultation, processed as health data (special category under GDPR art. 9).
  • Technical browsing data: see our cookie policy.

3 · Purposes

  • Answer your enquiry through the channel you chose.
  • Deliver the pharmacy, healthcare or counselling service arranged in person.
  • Comply with legal obligations (pharmacy, healthcare and tax regulations).
  • Manage your consent for analytics cookies (see cookie policy).

We do not use your data for automated profiling or behavioural advertising.

4 · Legal basis

  • Consent (GDPR art. 6.1.a) for the web form and non-essential cookies.
  • Performance of a contract or pre-contractual measures (art. 6.1.b) for enquiries and pharmacy services.
  • Legal obligation (art. 6.1.c) for prescription dispensing, compounded formulation and health record keeping.
  • Vital or public health interest (art. 6.1.d / art. 9.2.h) in urgent pharmacy situations or health-data processing by a healthcare professional bound by secrecy.

5 · Retention

We keep data only for as long as strictly needed for the purpose, plus the applicable legal retention period:

  • Web enquiries without a contract: up to 12 months from the last interaction.
  • Dispensing and healthcare records: per applicable pharmacy and clinical record legislation (minimum 5 years; some up to 15).
  • Invoicing and tax obligations: 6 years (Spanish Commercial Code art. 30).

6 · Recipients

We do not share your data with third parties unless required by law. Specifically:

  • The Spanish health administration and SESPA when applicable for e-prescription dispensing or mandatory notifications.
  • The tax authority for tax obligations.
  • Courts and tribunals upon judicial request.

We do not share your data with marketing companies, ad networks or data brokers.

7 · International transfers

Our servers and providers operate within the European Economic Area. We do not transfer data outside the EEA except in the following limited cases, for which we apply adequate safeguards (European Commission Standard Contractual Clauses):

  • Google LLC (United States): only if you accept analytics cookies. See cookie policy.

8 · Your rights

You can exercise the following rights over your personal data at any time:

  • Access: find out which of your data we process.
  • Rectification: correct inaccurate data.
  • Erasure ("right to be forgotten"): have your data deleted when no longer needed.
  • Objection: object to specific processing.
  • Portability: receive your data in a structured format.
  • Restriction: temporarily restrict processing.
  • Withdraw consent where processing is based on it, without affecting prior lawfulness.

To exercise these rights, email farmavegas@gmail.com with a copy of your ID document. We will respond within a maximum of 30 days.

9 · Complaint to the AEPD

If you feel your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency: www.aepd.es.

10 · Security measures

We apply technical and organisational measures appropriate to the state of the art and to the risk of processing, including: role-based access restrictions, encrypted communications (TLS), regular backups, processor contracts with our technology providers, and ongoing staff training in data protection and professional medical secrecy.

11 · Amendments

This policy may be updated to reflect legal or service changes. The version in force is always the one published on this page, with the last-reviewed date at the bottom.

12 · Contact

For any question about this policy or about the processing of your personal data, email farmavegas@gmail.com or call +34 985 386 425.

We have not appointed a Data Protection Officer (DPO) because it is not mandatory under GDPR art. 37, given the pharmacy’s volume and type of processing.

In case of discrepancy between this English translation and the Spanish original, the Spanish version prevails.

Last reviewed: April 24, 2026.