Privacy policy.

CATERINA BATTAINI MIDWIFE PRIVACY POLICY

Controller: CATERINA BATTAINI MIDWIFE - YOUR BIRTH GUIDE IN SEVILLA,
Midwife (Matrona Colegiada) License Number 025138
Contact Email: info@caterinamidwife.com
Last Updated: October 30, 2025

1. Compliance and Legal Basis

This policy is designed to comply with the European Union's General Data Protection Regulation (GDPR) and Spain's Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPD-GDD).

The processing of Health Data is strictly necessary for the provision of health care services, and is based on Article 9(2)(h) of the GDPR (processing necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services).

2. Data I Collect and How I Use It

  • Identity/Contact Data (Name, Email, Phone, Address, NIE/DNI/passport)
    Purpose of processing: To book appointments, send confirmations, process payments, and provide in-person services in Sevilla.
    Legal basis: Contractual Necessity
    Retention Period: 5 years after the last service rendered, as required by Spanish health law for medical records.

  • Health/Sensitive Data (Due Date, Clinical History, Medications, Birth Details, Lactation/Sexual Wellness Status)
    Purpose of Processing: To provide safe, effective, and personalized midwifery and consultant care. Creation of Clinical Records.
    Legal Basis: Explicit Consent (for non-essential processing) and Provision of Health Care (Article 9(2)(h) GDPR).
    Retention Period: Minimum of 5 years, in line with Spanish law (Law 41/2002 on Patient Autonomy).

  • Website Usage Data (IP Address, Browser Type, Pages Visited)
    Purpose of Processing: To maintain site security, improve performance, and analyze site traffic (via Squarespace Analytics).
    Legal Basis: Legitimate Interest.
    Retention Period: Typically 2 years (by Squarespace Analytics).

3. Data Storage and Squarespace as Processor

Your data is primarily stored on the Squarespace platform, which acts as our Data Processor. Squarespace is GDPR-compliant. We take all necessary security measures to ensure the confidentiality of your health data, including using password-protected electronic clinical records.

4. Your Data Protection Rights (LOPD-GDD & GDPR)

Under Spanish law and GDPR, you have the right to:

  • Access (Acceso): Obtain confirmation about whether or not we are processing your personal data and to obtain a copy of that data.

  • Rectification (Rectificación): Request the correction of inaccurate or incomplete data.

  • Erasure (Supresión/Olvido): Request the deletion of your data when it is no longer necessary for the purposes for which it was collected. (Note: This right is limited for mandatory clinical records as required by Spanish health law.)

  • Objection (Oposición): Object to the processing of your data.

  • Restriction of Processing (Limitación): Request the restriction of processing.

  • Portability (Portabilidad): Receive your personal data in a structured, commonly used, and machine-readable format.

To exercise these rights, please contact us at info@caterinamidwife.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).