Privacy policy

SURGERY SCHOOL SL considers it a fundamental objective to guarantee the privacy and confidentiality of the personal data it collects, complying with current data protection regulations (Regulation (EU) 2016/679 and applicable Spanish legislation). Detailed information on the processing of this data is provided below:

1. WHO IS RESPONSIBLE FOR THE PROCESSING

File controller
Responsible: SURGERY SCHOOL SL (SurgSchool), CIF B72963879
Address: Calle Euterpe, 17, 4º D, 28002 Madrid, Spain
Contact email: info@surgschool.com

Currently, Surgery School SL is not required to appoint a data protection officer (DPO) under the GDPR, as the circumstances requiring it do not exist.

2. WHAT THIS POLICY APPLIES TO

This policy applies to the processing of personal data carried out through:
– the web surgschool.com (including forms and cookies), and
– the app SurgSchool (user account, access to content, support and communications related to the service).

3. WHAT PERSONAL DATA DO WE PROCESS

Depending on the case, we can try:
– Identification and contact information: name, email, telephone.
– Professional data: hospital/center, specialty, information provided in collaborations.
– Account and subscription data: user identifiers, preferences, subscription/license status.
– Usage and technical data: logs, IP, device/browser, online identifiers, and data associated with cookies (see “Cookie policy
– Communications: messages sent through the form or support.
– Content provided by contributors: metadata (surgery, description, keywords) and uploaded files (e.g., video).

HEALTH DATA / PATIENTS
SurgSchool It does not request patient health data nor does it intend to process patient identification data.
If a contributor uploads a video that includes personal data of patients (e.g. face, voice, name, medical record number), the contributor guarantees that they have the necessary legal basis/authorizations and have applied anonymization measures. SurgSchool may require the removal, anonymization or non-publication of the content.

4. WHERE DO WE GET THE DATA FROM?

– From you, when you fill out forms or use the app.
– From your device/browser, when you browse (cookies/logs).
– From third parties (e.g., app stores or technical gateways).

5. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS

We process your data for:
A) To provide the service and manage your account/subscription/license (basis: performance of the contract or pre-contractual measures).
B) To handle inquiries, requests and support (basis: pre-contractual/contractual measures and/or legitimate interest in attending to and improving the service).
C) Manage the reception, review, editing (dubbing/subtitles) and publication of content sent by collaborators (base: relationship with the collaborator and management of the service).
D) To send you communications related to the service (basis: contract / legitimate interest; and where applicable, device permissions for push notifications).
E) To send you commercial communications (emails with medical cases, events, promotions) (basis: consent, except for applicable legal exceptions).
F) Security, prevention of fraud and misuse (basis: legitimate interest).
G) Compliance with legal obligations and attention to rights (basis: legal obligation).

6. WHO WE SHARE YOUR DATA WITH (RECIPIENTS)

We do not sell your data.
We may share data with:
– Providers that provide necessary services (data processors), for example:
* Web/app hosting: Firebase.
* Email and communications provider: Mailchimp.
* Analytics/Measurement (if enabled): Firebase.
* Video storage/streaming: Cloudflare.
* Dubbing/subtitling/editing services: Rask.ai.
– Public authorities when there is a legal obligation.

7. INTERNATIONAL TRANSFERS
En general, SURGSCHOOL Ensure that your suppliers and data processors are established within the European Economic Area (EEA) or in countries that have been declared to have a adequate level of protection by the European authorities. In the event that SURGSCHOOL need to use third-party services located in countries outside the EEA that do not have an adequacy decision (for example, services from companies in the US), will ensure to adopt adequate safeguards for the protection of your personal data. In particular, SURGSCHOOL will enter into Standard Contractual Clauses approved by the European Commission or other mechanisms permitted by the regulations with said suppliersalong with additional security measures if necessary, to ensure that data is protected in accordance with European standards. Users can request further information about any international data transfers through the contact channels of SURGSCHOOL.

8. HOW LONG DO WE KEEP THE DATA?
We retain data for as long as necessary according to the purpose and applicable legal deadlines. For guidance purposes:
– Account and use of the service: while the account is active; afterwards, blocking/deletion according to obligations and defense of claims.
– Contact/support inquiries: during management and an additional traceability time.
– Marketing: until you withdraw your consent or object; and purging due to inactivity.
– Content from contributors: as long as necessary for publication/training; removal or deletion upon request or for non-compliance (e.g., inclusion of patient data).
– Legal compliance (accounting/tax): during the legally required periods.

9. YOUR RIGHTS

You can exercise your rights of access, rectification, erasure, objection, restriction of processing, and data portability. You can also withdraw your consent at any time when the processing is based on consent.
To exercise them: write to info@surgschool.com.
You can file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have been violated.

10. COOKIES

We use cookies and similar technologies. Necessary technical cookies can be installed without consent when essential. For non-essential cookies (analytics/marketing), we will request your consent via the preference banner/panel; you can accept, decline, or configure them.

11. MINORS

SurgSchool This service is intended for users aged 18 and over. If you are under 18, you should not send us your information. If we detect information from minors, we may request verification or delete it.

12. SAFETY

We implement reasonable technical and organizational measures to protect data (access control, encryption where appropriate, backups, etc.). No system is completely secure.

13. POLICY CHANGES

We may update this policy to reflect legal or service changes. The "Last Updated" date indicates the current version.

14. INFORMATION FOR THE U.S.

CCPA/CPRA: not applicable due to known income threshold or known data volume.
FTC: We will avoid misleading claims and align this policy with our actual practices.