1.- Who is the Data Controller?

The controller of your personal data is SINTONIA SCIENTIFIC PROJECTS & CONSULTING, S.L., (hereinafter, “SINTONIA CONSULTING”), with Tax Identification Number (N.I.F.) B- 21995774 and registered office at Calle Aribau, No. 127, 2nd Floor, Door 2, 08036 Barcelona (Spain).

Please note that the ownership of the website https://sintoniaconsulting.com (hereinafter, the “Website”) lies with SINTONIA CONSULTING.

This Privacy Policy governs access to and use of the Website made available by SINTONIA CONSULTING to internet users (hereinafter, the “User” or “Users”) interested in the content (hereinafter, the “Content”) and services (hereinafter, the “Services”) offered by SINTONIA CONSULTING.

The User may contact SINTONIA CONSULTING via the following email address: info@sintoniaconsulting.com

2.- Recommendations

Please read and follow the recommendations below carefully:

• Ensure that your device is equipped with up-to-date antivirus software to protect against malicious software and spyware that may compromise your internet browsing and the information stored on your device.

• Read and review this Privacy Policy and all other legal texts made available by SINTONIA CONSULTING on the Website.

3.- Information collected by SINTONIA CONSULTING through the Website

To ensure the proper functioning of the Website, SINTONIA CONSULTING may access the following types of data provided, where applicable, by the User:

1. Identification data: full name, national ID card (DNI/NIE/passport).

2. Contact data: email address, phone number, postal address.

3. Browsing data: IP address, device type, operating system, browser, language, pages visited, browsing time, and cookies or similar technologies (as per SINTONIA CONSULTING’s Cookie Policy).

4. Interaction data: information provided through contact forms, queries, complaints or communications with SINTONIA CONSULTING.

5. Administrative and billing data: where applicable, banking or billing details required for managing services, payments, or refunds.

6. Other data: additional information provided by the User via forms, surveys, or communications with SINTONIA CONSULTING.

4.- What is the legal basis for processing your data?

The legal basis for processing Users’ personal data through the Website may vary depending on the purpose of the processing:

• User consent: SINTONIA CONSULTING will process the User’s personal data when the User has given explicit consent. This includes managing services offered on the Website where the User has accepted this Privacy Policy and selected the relevant opt-in checkboxes.

• Performance of a contract: In certain cases, data processing is necessary for the execution of a contract to which the User is a party. This includes managing purchases, bookings, subscriptions, or other services provided through the Website.

• Legal obligation: SINTONIA CONSULTING may process personal data to comply with applicable legal obligations, such as tax, accounting, or anti-fraud regulations.

• Legitimate interest: SINTONIA CONSULTING may process personal data on the basis of its legitimate interest, provided that such interest does not override the User’s rights and freedoms. This includes analysis of Website usage, information security, fraud prevention, or sending marketing communications to existing clients about similar products or services.

SINTONIA CONSULTING takes the privacy and protection of Users’ personal data very seriously. For this reason, data are stored securely and processed with the highest care, in compliance with Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation – “GDPR”).

Users may withdraw their consent at any time by sending an email to: rgpd@sintoniaconsulting.com without affecting the lawfulness of processing based on consent before its withdrawal.

5.- What are the purposes of the processing?

SINTONIA CONSULTING will process Users’ personal data for the following purposes, in a manner that is adequate, relevant, and limited to what is necessary for the purposes of scientific project management and medical training consulting:

1. Management of contractual and pre-contractual relationships

• Managing relationships with client entities, primarily pharmaceutical laboratories and medical societies, including needs assessment, proposal drafting, service delivery, and monitoring of scientific projects and training programmes.

• Administrative, fiscal, and accounting management derived from contractual relationships.

2. Organisation and execution of scientific and educational programmes

• Collecting and processing personal data required for the registration, participation, and certification of healthcare professionals in training activities, congresses, seminars, e-learning, or other events managed or organised by SINTONIA CONSULTING.

• Managing communications, reminders, educational material delivery, attendance or performance certificates, and quality assessments of the activities provided.

3. Compliance with legal and regulatory obligations

• Complying with applicable legal requirements, especially those related to transparency regarding transfers of value to healthcare professionals and organisations, in line with the codes of conduct of the pharmaceutical industry.

• Responding to requests from administrative, health, or judicial authorities.

4. Communications management and customer support

• Responding to information requests received via contact forms, email, or other means provided on the Website or through commercial communications.

• Providing technical or informational support to Website Users or participants in projects or training activities.

5. Sending commercial and scientific information (subject to prior consent)

• If the User has expressly authorised it, sending information about new services, training opportunities, scientific publications, collaborations with medical societies or laboratories, and newsletters related to the medical and scientific fields.

6. Improving the User experience and maintaining the Website

• Analysing Website usage for statistical purposes and continuous improvement, ensuring platform security, and facilitating User navigation through the use of technical cookies (as described in the Cookie Policy).

6.- Accuracy of the data provided by Users

The User guarantees the accuracy of the personal data provided and undertakes to notify SINTONIA CONSULTING of any changes to said data. In all cases, the User shall be solely responsible for the accuracy of the data provided, and SINTONIA CONSULTING reserves the right to exclude any User who has provided false data from access to services, without prejudice to any legal actions that may apply.

Users are advised to protect their data diligently, using appropriate security tools. SINTONIA CONSULTING shall not be held liable for any theft, unlawful modification, or loss of data.

Any modification or update of the data must be communicated to SINTONIA CONSULTING through the means of contact set out in this Privacy Policy.

7.- Data retention

Protecting the privacy and personal data of Users is a top priority for SINTONIA CONSULTING. Accordingly, SINTONIA CONSULTING makes every effort to ensure that User data are not misused. Only authorised personnel have access to User data.

User personal data will be retained as long as the User’s account with SINTONIA CONSULTING remains active for the purposes for which the data were collected, unless the User withdraws consent, requests deletion of their account, or the erasure of certain personal data from the Website.

Subsequently, and where necessary, SINTONIA CONSULTING will keep the information duly blocked for the legally prescribed periods.

SINTONIA CONSULTING undertakes to comply with its duty of confidentiality regarding personal data, in accordance with applicable legislation.

8.- Users’ Rights

Users have the right to:

1. Access their personal data;

2. Request the rectification of inaccurate data;

3. Request the erasure of their data;

4. Request the restriction of the processing of their data;

5. Object to the processing of their data;

6. Request data portability;

7. Not be subject to a decision based solely on automated processing.

Users may exercise these rights by contacting rgpd@sintoniaconsulting.com indicating the reason for their request.

Alternatively, Users may send their request by post to: Calle Aribau, No. 127, 2nd Floor, Door 2, 08036 Barcelona (Spain).

The communication addressed to SINTONIA CONSULTING must include:

• The User’s full name;

• A specific description of the request.

Without prejudice to any other administrative or judicial remedy, Users have the right to lodge a complaint with a Supervisory Authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the processing of their personal data does not comply with the applicable regulations or if their rights have not been adequately satisfied. The Supervisory Authority shall inform the complainant of the outcome of the complaint.

9.- Data security

SINTONIA CONSULTING takes privacy and personal data protection very seriously. It has adopted all reasonable technical and organisational measures to prevent misuse of User data and to ensure that only authorised personnel have access to such data.

SINTONIA CONSULTING implements adequate security measures in accordance with applicable data protection law and has deployed all technical means at its disposal to prevent loss, misuse, alteration, unauthorised access, or theft of the data provided by the User through the Website. However, Users are reminded that no security system on the Internet is completely invulnerable.

SINTONIA CONSULTING also undertakes to maintain confidentiality regarding personal data in accordance with applicable legislation.

SINTONIA CONSULTING shall not be liable for damages that may arise from the User’s failure to comply with their obligations.

10.- Disclosure to third parties

SINTONIA CONSULTING informs Users that their personal data will not be disclosed to third parties, except where strictly necessary for the execution of the contracted services or in compliance with legal obligations. In particular, data may be shared with financial institutions, payment gateways, or technology providers solely for the purpose of processing payments, managing technical incidents, or supporting the operation of platform features.

In no case shall internationally transfers of data outside the European Economic Area be carried out without first ensuring compliance with the appropriate safeguards required by current legislation, such as adequacy decisions by the European Commission, standard contractual clauses, or equivalent mechanisms.

User data will be used exclusively by SINTONIA CONSULTING to fulfil the purposes set out in section 5 of this Privacy Policy and will be processed with the highest levels of confidentiality and security. Under no circumstances will data be shared with third parties for commercial or advertising purposes without the User’s prior and express consent.

11.- Changes

SINTONIA CONSULTING reserves the right to review this Privacy Policy at any time. For this reason, we recommend that Users regularly review this Privacy Policy to stay informed of the latest version.

Nevertheless, any changes made to this Privacy Policy will be communicated to the User.

12.- Links to Third-Party Websites

The Website may include links to third-party websites, platforms, or organisations. SINTONIA CONSULTING is not responsible for how those third parties handle the privacy or processing of personal data.

Therefore, we recommend that Users carefully review the privacy policies and terms of use of any external websites accessed via links from the Website, as their conditions may differ from those set by SINTONIA CONSULTING.

The inclusion of such links does not imply approval, oversight, or responsibility by SINTONIA CONSULTING for the content, services, or privacy policies of the linked pages.

13.- Questions

If you have any questions about this Privacy Policy, please contact us by email at: info@sintoniaconsulting.com

Likewise, if you believe your rights have not been adequately safeguarded, you may lodge a complaint with the Spanish Data Protection Agency (AEPD). Contact details:

• Phone: +34 900 293 183 o +34 900 293 621 (Education and Minors’ Data Protection)

• Address: St. Jorge Juan 6, zip: 28001 Madrid (Spain)

• Electronic Office: https://sedeaepd.gob.es/sede-electronica-web/

• Online Form: https://www.aepd.es/en