Data protection

This document regulates the processing of personal data collected by Asistencia Sanitaria Colegial, SA de Seguros (hereinafter 'ASCSA').

This personal data protection policy ('Privacy Policy') aims to disclose the way we obtain, process, and protect the personal data we process as a result of our activity.



Who is responsible for processing your personal data?

The person responsible for processing your personal data is Asistencia Sanitaria Colegial, SA de Seguros with NIF A08169526. The contact details are as follows:

  • Postal address: Av. Josep Tarradellas, 123-127, 08029, Barcelona
  • Telephone: 93 495 44 44
  • Email: asc@asc.cat


How can I contact the ASCSA Data Protection Officer?

ASCSA informs you that it has appointed a Data Protection Officer ('DPO') before whom it will be able to raise any issue regarding the processing of your personal data. You can contact the Data Protection Officer through the following e-mail address: dpd@asc.cat.



For what purposes and legitimation will we process your personal data?

In general, ASCSA will process your personal data for the purposes and with the legitimation detailed below:

-Treatments based on your consent:

We may process your personal data in pre-contractual relationships at the request of interested parties; for example, when managing requests for information in relation to the insurance offered, as well as the processing of the insurance simulation and calculating the corresponding premium amount. In the same way, we may collect and process your personal data when you have specifically given your consent; for example, to manage your registration on the website / app and to respond to requests made through it, for participation in competitions, for the sending of commercial communications and profiling when the corresponding box is ticked when completing the health questionnaire or when we have requested your consent at fairs, events and / or other activities that may be carried out, as well as to manage the discharge as a physician or health collaborator in the Entity.

-Treatments based on the execution of a contract:

We may process your personal data based on the performance of a contract; for example, when signing the insurance contract that has, among other purposes, the underwriting, maintenance, compliance, and eventual novation of the insurance contract.

-Treatments based on legitimate interest:

We may process your personal data when we have a legitimate legal interest; for example, in certain cases for sending commercial communications and profiling to ASCSA policyholders or sending quality surveys on the products or services provided, loyalty actions, sending health advice and recommendations or for the development, compliance, dissemination and control of the Shareholders' General Meeting, provided that our legitimate interest prevails over the rights and freedoms of the data subject.

-Data processing based on a legal obligation:

We may process your data when ASCSA has to comply with certain legal obligations; for example, settlement of claims, appropriate payment to health care providers or for the exercise or defence of claims of any kind arising from the relationship maintained (article 99.2 of Act 20/2015 of 14 July, for ordination, supervision and solvency of insurance and reinsurance undertakings ('LOSSEAR')), for profiling for statistical and pricing purposes (Articles 5 and 66.5 LOSSEAR), for the prevention of fraud (Articles 99.7 and 100 LOSSEAR) or for the exchange of information between the entities of the ASCSA Group in order to comply with the supervisory obligations established in the legislation (articles 99.3 and Title V, articles 131 to 154 on group supervision) or to manage the list of attendees at the Shareholders’ General Meeting, (Art.192 Law of Capital Companies).

-Data processing based on public interest:

We may process your personal data on the legitimate basis of the public interest for the creation of common files whose purpose is to prevent insurance fraud or in certain cases for collaboration with State Security Forces and Corps.



How do we protect your personal data?

At ASCSA we process your personal data with absolute confidentiality, committing ourselves to keep professional secret and to take all necessary measures to prevent its alteration, loss, treatment, or unauthorized access, all in accordance with the legal obligations that apply us as responsible for data processing.

At ASCSA we are committed to maintaining and implementing the necessary levels of security, considering the status of technology, the nature of the stored data and the associated risks.



How long will we keep your personal data?

We will process your personal data while the consents you gave us remain in force or if you have not cancelled the contractual or business relationship you maintain with us.

Thus, we will cease to process your personal data once you have revoked your consent or have terminated your contractual or business relationship with ASCSA, provided that your data is not necessary for the purposes for which it was collected or processed.

Notwithstanding the foregoing, your personal data will be kept blocked during the legally established statute of limitations. In this respect, the exercise of the right of deletion will not reduce the legally established retention periods.



To which recipients can we disclose your personal data?

The personal data provided by the applicant and / or policyholder and / or insured will only be accessible to the administrative services of ASISTENCIA SANITARIA COLEGIAL responsible for the administration of your insurance, as well as to the entities that are part of the Assistència Group. and its related companies (SCIAS, SCCL; Autogestió Sanitària, SCCL; BIOPAT, SL; AIALE, SA; CIRHAB, SL; ANDAIRA, SL) to process the data for the same purposes as those indicated above and in accordance with the corporate purpose of each, as long as they are part of or remain in the aforementioned Corporate Group, including related companies.

Your personal data will be transferred to the entity providing Travel assistance insurance to the insured of ASISTENCIA SANITARIA COLEGIAL SA DE SEGUROS, to third parties where permitted by current legislation and to Administrations, Authorities and Public Bodies, including Court and Tribunal, when required by current regulations.



What are your rights in relation to the data you provide us and how can you exercise them?

In accordance with European data protection regulations, you have the following rights:

Right of access

You have the right, on the one hand, to access the personal data relating to those processed by ASCSA and, on the other hand, to certain information on how your personal data is processed.

Right of revocation of consent

You have the right to withdraw consent at any time when you have given permission to process your personal data. Withdrawal of consent does not affect the lawfulness of pre-withdrawal treatment.

Right of rectification

You have the right to rectify your personal data if it is inaccurate and to complete personal data that is incomplete.

Right of opposition

You have the right to object to the processing of your personal data when such processing is for the purpose of direct marketing, is based on a legitimate interest or on a public interest mission.

Once this right has been exercised, ASCSA will stop processing your data unless it proves compelling reasons that prevail over the interests, rights, and freedoms of the interested party, or for the formulation, exercise, or defence of claims.

Right of suppression


Right of limitation

You have the right that in certain cases your data cease to be processed. For instance, you can exercise this right when you have objected to the sending of commercial communications, while we respond to your request.

Right of portability

You have the right to receive the personal data provided to ASCSA in a structured, commonly used, and machine-readable format, and to transmit them to another person responsible, if the following requirements are met:

  • Processing is based on consent or a contract.
  • The treatment is done by automated means.

Right not to be subject to automated decisions

You have the right not to be subject to a decision based solely on the automated processing of your data, including profiling, which has legal effects or adversely affects you, unless the decision is necessary to formalise or execute a contract between the interested party and ASCSA, is based on the explicit consent of the interested party or is authorised by the law of the corresponding Member State.

The exercise of the rights may be carried out by attaching a scanned copy of the DNI or equivalent document, indicating the right that is intended to be exercised and with respect to which treatment through the following channels:
  • To the Data Protection Officer by e-mail at dpd@asc.cat.
  • By email to asc@asc.cat
  • By post to: Av. Josep Tarradellas, 123-127, 08029 Barcelona.


In the following link you can find the forms to exercise your rights

Your request to exercise your right will be processed by ASCSA within a maximum period of one month. In the event of particularly complex requests, the response period can be extended up to two more months.

Finally, you can file a complaint with the Agencia Española de Protección de Datos through its electronic office.



Use of email

ASCSA and its employees will use corporate email with the utmost diligence and confidentiality. In this regard, if you need to provide us with any documentation, we recommend you to do so through the private area of our website and, if this is not possible, send it encrypted via e-mail, enclosing the password separately.



Cookies Policy

A cookie is a file or device that is downloaded into a user's terminal in order to store data that could be updated and retrieved by the entity responsible for its installation.

You can consult our Cookies policy at the following link, as well as configure your consent to use them.



Assistència Sanitària reserves the right to modify its Privacy Policy without prior notice, in accordance with its own criteria, motivated by a legislative, jurisprudential, or doctrinal change in the Agencia Española de Protección de Datos. In accordance with the above, we suggest that you review our Privacy Policy periodically.


June 2020