Privacy Policy
Information on how we collect, use and protect your personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
Last updated: 12 June 2026
This policy governs the processing of your personal data on this website. For more information about the data controller and the terms of browsing, please see our Legal Notice and our Cookie Policy.
1. Data Controller
In accordance with Article 13 of the GDPR and Article 11 of the LOPDGDD, the user is informed that the controller responsible for processing their data is:
2. Purpose of processing
ANYO HEALTH SL processes the information you provide us in order to:
- Maintain the business relationship and provide the contracted service.
- Prepare a quote tailored to your needs.
- Manage email communications with interested parties.
- Send commercial information related to our sector: a Sanitas health insurance sales office.
- Carry out recruitment processes and manage human resources.
- Control the security of our premises (video surveillance).
- If you accept all cookies, measure the effectiveness of our advertising through Google Ads' "Enhanced Conversions": the phone number and email address you provide in the contact form are sent to Google in encrypted (hashed) form to associate your request with the campaign that generated it, without Google being able to read the data in plain text.
Retention periods
Data will be retained for as long as the business relationship is maintained or until consent is withdrawn. In addition, the following legal retention periods apply: four (4) years for tax and employment matters (General Tax Law and Law on Infractions and Sanctions in the Social Order); five (5) years for personal actions (Article 1964 of the Civil Code); six (6) years for accounting matters (Article 30 of the Commercial Code); ten (10) years for data subject to the Law on the Prevention of Money Laundering; two (2) years for recruitment processes; and thirty (30) days for video surveillance recordings.
3. Lawful basis for processing
Depending on the purpose, the legal basis for processing is:
- Performance of a contract or pre-contractual relationship (Article 6(1)(b) GDPR): management of the business relationship, quotes and employee management.
- Consent of the data subject (Article 6(1)(a) GDPR and Articles 20/21.2 of the LSSI-CE): email communications, sending commercial communications and recruitment processes.
- Legitimate interest (Article 6(1)(f) GDPR): video surveillance and certain communications with interested parties.
Only persons over the age of 14 may provide personal data on this website; for minors under 14, the consent of their parents or legal guardians is required. Only persons over the age of 18 may contract our services.
4. Recipients
Except where legally required, data will not be disclosed to third parties unless strictly necessary for the provision of a service. Generally speaking, data may be disclosed to technology and payment service providers, courier companies, and service providers (accounting firms, consultancies, partners) acting as data processors. If you accept advertising cookies, Google LLC acts as a data processor for the Google Ads conversion measurement described in the previous section. The third parties the controller works with have their servers located within the EU, the EEA or Switzerland, with adequate security measures in place. Processing by Sanitas, S.A. de Seguros will take place only to formalize the contract if the user requests it.
5. Source and categories of data
Personal data comes from the data subject themselves or from group or partner companies. The categories of data processed may include: identification data (name, surname, national ID/foreigner ID/passport number, postal and email addresses, sex, date and place of birth, phone number), commercial information, financial data (bank account number, credit card), academic data and CV, and image (video surveillance). Special categories of data will be processed in accordance with Article 9 of the GDPR and Article 9 of the LOPDGDD.
6. Your rights
In accordance with Articles 15 to 22 of the GDPR and Articles 12 to 18 of the LOPDGDD, you may exercise the following rights at any time:
- Access to the personal data concerning the data subject.
- Rectification or erasure of data.
- Restriction of processing.
- Objection to processing.
- Portability of data.
You may exercise these rights by writing to the postal address Calle Santiago Apóstol, 5 (Oficina Sanitas), 28220 Majadahonda, Madrid, or to the email address mromanyuk.pex@sanitas.es.
Additionally, you may file a complaint with the Spanish Data Protection Agency (AEPD) — C/ Jorge Juan, 6, 28001 Madrid, Spain.
7. Additional information
Security measures
We have adopted the technical and organizational security measures available to us to prevent the loss, misuse, alteration, unauthorized access to, and theft of data. The website uses SSL encryption to enable the secure transmission of personal data through contact or registration forms.
Social media
The controller maintains profiles on the main social networks (Facebook, Instagram, YouTube, TikTok and LinkedIn) and acknowledges itself as the controller responsible for processing the data of its followers. The legal basis is the consent of the data subject, which may be withdrawn at any time.
Accuracy of data
The user represents that all data provided is true and accurate and undertakes to keep it up to date, being solely responsible for any conflicts or disputes that may arise from its falsity.
Documentation prepared by LegalDPO (https://legaldpo.es) based on the information provided by the data controller. For the privacy policy of Sanitas, S.A. de Seguros, visit www.sanitas.es/politica-privacidad.