Terms and Conditions of Use of the App

1. INTRODUCCIÓN

1.1. CONTRACT

These Terms of Use govern access to, browsing of, and use of the TOOL PRIVE application (hereinafter, the Platform), developed and managed by MEDITY PLATFORMS S.L., with registered office at CALLE ISABELES, 2 – ENT, 37002, Salamanca, Spain, and Tax Identification Number (CIF) B10574440, in compliance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), and Spanish Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

The Platform aims to facilitate communication, organization, and participation among members of professional groups, associations, federations, sector entities, foundations, professional bodies, or other entities (hereinafter, User Entities), providing a private and secure digital environment where authorized users can:

Communicate with each other using internal messaging tools or forums.
Share documents, circulars, and official notices.
Access information and resources of interest to the group.
Participate in surveys, votes, or activities organized by your organization.

Use of the Platform implies full acceptance of these Terms of Use.

By registering or accessing TOOLPRIVE, the user (hereinafter, the User) declares having read and understood this document and the Privacy Policy, and agrees to comply with it at all times.

2. OBLIGATIONS OF USERS AND USER ENTITIES

2.1. REQUIREMENTS FOR USE

Access to and use of the Platform are reserved for users duly authorized by the User Entities.

To access TOOL PRIVE, the User must have personal credentials (username and password) provided by their entity or created by themselves, under the entity’s supervision.

The User agrees to:

Use the Platform responsibly, ethically, and in accordance with the law.
Do not take any actions that could negatively affect the security, integrity, or availability of the Platform or the information contained therein.
Do not share your login credentials with third parties, nor allow others to use your account.
Keep your profile information up-to-date and accurate.

Access to the Platform implies that the User is of legal age and/or has the express authorization of their organization to use it within the scope of their professional, associative, or institutional functions.

2.2. RESPONSIBILITIES OF USER ENTITIES

User Entities are responsible for the proper use and administration of their space within the Platform. In particular, they must:

Manage the access and profiles of their authorized members.
Ensure that the use of the Platform adheres to legitimate communication and organizational purposes.
Comply with the obligations arising from personal data protection regulations (GDPR and LOPDGDD), especially in relation to the data of their members, employees, or collaborators.
Notify MEDITY PLATFORMS S.L. of any technical or security incidents they detect.

Each User Entity will act as the Data Controller with respect to the personal data of its members managed within its environment on the Platform, while MEDITY PLATFORMS S.L. will act as the Data Processor, in accordance with Article 28 of the GDPR and the corresponding data processing agreement.

2.3. COMMUNICATIONS AND NOTICES

The Platform may issue notifications, alerts, or informational messages to keep the community connected and informed.

These communications will be sent solely for functional or informational purposes and may be received through the application itself, email, or other enabled electronic means, and never for commercial or advertising purposes unrelated to the entity’s mission.

Users may configure their communication preferences or unsubscribe from notifications that are not essential for the service to function.

2.4. PROPER USE AND PROHIBITIONS

Users and User Entities agree to use the tool responsibly, professionally, ethically, and in accordance with the law, refraining from any action that may affect the normal operation of the Platform, or using it for purposes other than those established in these Terms and Conditions. In particular, the following are prohibited:

Using the Platform to distribute illegal, offensive, discriminatory, or content contrary to public order.
Introducing malicious software, viruses, or any element that could damage the system.
Impersonating other people or entities.
Distributing information or documents without authorization or that infringe the rights of third parties.
Using the Platform for unauthorized commercial purposes or to send unsolicited mass communications.

MEDITY PLATFORMS S.L. may suspend or cancel access to any User or Entity that violates these conditions, without prejudice to any applicable legal action.

3. RIGHTS AND LIMITATIONS OF USE

3.1. INTELLECTUAL PROPERTY AND LICENSE

All intellectual and industrial property rights to the TOOL PRIVE Platform, its design, source code, content, structure, databases, logos, trademarks, and other elements belong to MEDITY PLATFORMS S.L., or to third parties who have authorized their use.

Use of the Platform does not imply any transfer of intellectual or industrial property rights to the User or User Entities. The reproduction, transformation, distribution, public communication, or any other form of exploitation of the aforementioned elements is expressly prohibited without the express written authorization of the rights holder.

Users shall retain ownership and rights to the content they publish or share on the Platform (messages, documents, images, or other materials), authorizing MEDITY PLATFORMS S.L. and the User Entity to access, host, and process said content solely for the purpose of ensuring the proper functioning, technical support, and operational improvement of the Platform, without this implying any transfer of ownership or exploitation rights.

3.2. SERVICE AVAILABILITY

MEDITY PLATFORMS S.L. will make every reasonable effort to ensure the continuous availability, proper functioning, and security of the Platform. However, it cannot guarantee the absence of temporary interruptions resulting from maintenance, updates, technical incidents, or causes beyond the company’s control.

In the event of an interruption or incident, MEDITY PLATFORMS S.L. undertakes to restore the service as quickly as possible and to inform User Entities, where applicable, of the causes and estimated resolution time.

The company will not be liable for failures resulting from force majeure, errors attributable to the network connection, the User’s device, or improper use of the Platform.

3.3. LIMITATIONS OF USE

The Platform is intended exclusively for the internal and legitimate use of User Entities and their members. Therefore, the following are prohibited:

Using the Platform for commercial, political, or other purposes unrelated to the activities of the group without authorization.
Introducing automated tools (bots, scrapers, etc.) to extract information or alter its operation.
Hosting, sharing, or distributing content that infringes intellectual property rights, privacy, or confidentiality.
Engaging in activities contrary to law, morality, or public order.

Failure to comply with these limitations may result in the suspension or cancellation of the User’s or Entity’s access, as well as the adoption of appropriate legal measures.

3.4. UPDATES AND IMPROVEMENTS

MEDITY PLATFORMS S.L. may periodically perform technical, security, or functional updates to improve the Platform’s performance and user experience.

These updates may involve modifications or changes to the design or functionalities, without altering the nature of the contracted service.

The modifications will be carried out in a way that guarantees the security, integrity, and confidentiality of the personal data processed.

Under no circumstances will these updates result in the loss of rights acquired by Users or User Entities.

3.5. SUPPORT AND ASSISTANCE

The Platform offers technical support and user assistance, accessible directly from the digital environment or through the contact channels established by MEDITY PLATFORMS S.L. or the User Entity.

This service aims to resolve technical issues, answer queries about functionality, or address access problems, always guaranteeing the confidentiality of personal data processed during the support process.

4. RESPONSIBILITIES AND GUARANTEES

4.1. LIABILITY OF MEDITY PLATFORMS S.L.

MEDITY PLATFORMS S.L. is committed to providing the service diligently and professionally, ensuring the quality, continuity, security, and confidentiality of the Platform, in accordance with applicable technical and regulatory standards.

In particular, MEDITY PLATFORMS S.L. guarantees:

That the Platform is developed and managed entirely in compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).
That appropriate technical and organizational measures are applied to protect the personal data and information managed by User Entities.
That access points, servers, and storage systems are hosted in the European Union or in countries with an adequate level of protection, in accordance with Articles 44 et seq. of the GDPR.

However, it will not be liable for:

Failures or interruptions caused by force majeure, technical incidents beyond its control, or necessary maintenance tasks.
Damages or losses that may arise from the improper or unauthorized use of the Platform by Users or User Entities.
Content published or shared by Users within the spaces managed by User Entities, which are solely responsible for said content.
Decisions or actions taken by Users based on information published on the Platform.

4.2. LIABILITY OF USER ENTITIES

User Entities will be responsible for the management, control, and supervision of access to their environment within the Platform, as well as the processing of the personal data of their members or users. In this regard, User Entities must:

Manage the access and permissions of their members, keeping the information of authorized users up to date.
Verify the accuracy and legality of the content published within their environment.
Use the Platform exclusively for the legitimate purposes of communication, management, participation, and coordination of their group, without transferring its use to unauthorized third parties.
Comply with all legal obligations regarding the protection of personal data, acting as the Data Controller with respect to the data processed through the Platform, in accordance with the provisions of Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).
Notify MEDITY PLATFORMS S.L. any security incident, breach or misuse detected on the Platform, as well as collaborate in its resolution.

Furthermore, User Entities accept and acknowledge that they are solely responsible for the following obligations in relation to the use of TOOL PRIVE and the services provided:

To inform TOOL PRIVE and its authorized users of any relevant policies, practices, or adjustments that may affect data processing, including updates to their internal procedures or regulatory changes.
To obtain the necessary rights, permissions, or consents from users or third parties whose data is processed, ensuring that the Platform is used lawfully and in accordance with applicable regulations.
To guarantee that the collection, recording, transfer, and processing of personal data are carried out on a valid legal basis, complying with the GDPR, the LOPDGDD, and other applicable legislation.
In cases where MEDITY PLATFORMS S.L. acts as a Data Processor, it must ensure that a data processing agreement has been formalized in accordance with Article 28 of the GDPR, which governs the instructions, measures, and obligations of both parties.
In the event of international data transfers outside the European Economic Area (EEA), it must ensure that these transfers are carried out under the appropriate safeguards provided for in the GDPR, such as standard contractual clauses or adequacy decisions of the European Commission.
MEDITY PLATFORMS S.L. (TOOL PRIVE) must directly address and resolve any conflict, claim, or incident that arises with authorized users in relation to customer data, managed content, or the use of the Platform.
Furthermore, MEDITY PLATFORMS S.L. (TOOL PRIVE) will not be liable for breaches committed by User Entities or for damages or losses arising from a lack of diligence, accuracy, or legality of the data, content, or decisions adopted by them. Your responsibility will be limited to the proper technical functioning of the Platform and to compliance with the obligations that correspond to you as the Data Processor, in accordance with the GDPR and the LOPDGDD.

4.3. USER RESPONSIBILITIES

The User is responsible for the accuracy of the data provided and for the diligent use of their login credentials.

Likewise, the User is responsible for the content they publish, share, or transmit within the Platform, ensuring that such content does not infringe upon the rights of third parties or violate applicable law.

The User agrees to:

Do not take any actions that could compromise the security or operation of the Platform.
Do not disclose internal or confidential information of your organization without authorization.
Do not use the Platform for advertising, commercial, or illegal purposes.

4.4. SERVICE GUARANTEE

MEDITY PLATFORMS S.L. guarantees that the Platform complies with the security, privacy, and confidentiality standards required by applicable regulations regarding digital services and data protection.

However, it cannot guarantee continuous and uninterrupted service availability, as external or technical factors beyond its control may exist.

In the event of prolonged interruptions, the company will inform the affected User Entities and take the necessary measures to restore service as quickly as possible.

4.5. DISCLAIMER

The Platform may contain links, access points, or references to third-party websites or content. In this situation, MEDITY PLATFORMS S.L. is not responsible for the accuracy, reliability, or legality of such external content, nor for any damages that may arise from its use.

Likewise, the company will not be liable for content generated by Users or Entities within the Platform, nor for opinions or statements made in forums, groups, or internal communication channels, nor for any consequences that may arise from them.

The company will also not be liable for indirect damages, lost profits, or data loss caused by factors beyond its reasonable control.

5. DURATION, MODIFICATION, AND TERMINATION OF THE AGREEMENT

5.1. DURATION

This Agreement shall remain in effect as long as the User maintains an active account on the Platform or the User Entity retains its subscription or agreement with MEDITY PLATFORMS S.L.

Access to and use of the Platform are linked to the validity of the service contracted by the User Entity.

Once this agreement has ended or the service has been suspended, users will no longer have access to their digital space and associated functionalities.

The termination of the User’s or Entity’s account will not affect any outstanding legal obligations arising from the use of the Platform, particularly regarding confidentiality, intellectual property, and data protection.

5.2. SERVICE OR TERMS MODIFICATIONS

MEDITY PLATFORMS S.L. may introduce technical updates, functional improvements, or contractual modifications in order to:

Adapt the Platform to technological or legal changes.
Incorporate new functionalities or services.
Ensure continuity, security, and improved performance.

In the event that modifications substantially affect these Terms of Use, MEDITY PLATFORMS S.L. will notify User Entities and, where applicable, Users of such changes through the Platform itself or by electronic means.

The modifications will take effect on the date indicated in the notification.
Continued use of the Platform after the new terms take effect will constitute express acceptance of them.

If an Entity or User does not agree with the modifications, they may request to terminate their account before they take effect.

5.3. VOLUNTARY TERMINATION

Both User Entities and Users may request to close their account or cancel the service at any time, through the procedures enabled on the Platform or by sending written notification to MEDITY PLATFORMS S.L.

In the event of voluntary cancellation:

Personal data will be deleted or anonymized in accordance with the Privacy Policy and applicable legal retention periods.
Access to shared content or information will no longer be available, except for data that must be retained due to legal or contractual obligations.

5.4. TERMINATION FOR BREACH OF CONTRACT

MEDITY PLATFORMS S.L. may suspend or cancel access to the Platform, in whole or in part, in the following cases:

Serious or repeated breach of these Terms of Use.
Improper, fraudulent, or use contrary to the purpose of the service.
Dissemination of illegal content or content that infringes the rights of third parties.
Breach of confidentiality or data protection regulations.

In such cases, the company may temporarily or permanently deactivate the affected accounts, without right to compensation, and notify the corresponding User Entity.

5.5. EFFECTS OF TERMINATION

Once the contract is terminated or access is canceled:

Personal data and content associated with the account will be processed in accordance with Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 (LOPDGDD), and TOOL PRIVE’s Information Security Policy, applying appropriate technical and organizational measures to guarantee their secure deletion or anonymization, in accordance with the principles of confidentiality, integrity, and availability.
Any outstanding obligations arising from the use of the Platform—especially those relating to confidentiality, regulatory compliance, liability, and personal data protection—will remain in effect until fully fulfilled.
MEDITY PLATFORMS S.L. may retain, in a limited and secure manner, the technical records, audit trails, and security evidence necessary to comply with legal obligations, audits, or court orders, in accordance with its Information Retention and Security Policy.
The entire process of data disposal, retention, or deletion will be carried out under the Information Security Management System certified according to the National Security Framework (ENS), medium level, which guarantees compliance with the requirements established by Spanish regulations regarding information security in the public sector and collaborating entities.

6. PERSONAL DATA PROTECTION AND PRIVACY

6.1. GENERAL PRINCIPLES

MEDITY PLATFORMS S.L., as the owner and developer of the TOOL PRIVE Platform, guarantees that the processing of personal data is carried out in accordance with the principles established in Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), ensuring at all times compliance with the principles of:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization and accuracy
Storage limitation
Integrity, confidentiality, and security
Accountability

MEDITY PLATFORMS S.L. has appointed a Data Protection Officer, whom interested parties may contact regarding any matter related to the processing of their personal data or the exercise of their rights, at the email address: contacto@delegado-lopd.es or at the registered office address indicated in these Terms and Conditions.

Personal data will be processed lawfully, fairly, transparently, and solely for legitimate purposes related to the operation, support, and improvement of the Platform.

6.2 ROLES AND RESPONSIBILITIES IN DATA PROCESSING

For the purposes of Article 4 of the GDPR:

User Entities (professional associations, federations, foundations, or organizations that contract TOOL PRIVE) act as Data Controllers of the personal data of their members, employees, or users managed within their digital environment.
MEDITY PLATAFORMAS S.L. acts as Data Processor, pursuant to Article 28 of the GDPR, and is responsible for providing the technical service and processing the data solely under the documented instructions of the User Entity.

A data processing agreement is formalized between both parties, establishing the obligations, guarantees, and security measures applicable under the GDPR and the LOPDGDD.

6.3. PURPOSES AND LEGAL BASIS FOR PROCESSING

The personal data processed through TOOL PRIVE is used exclusively for:

Ensure the technical operation, maintenance, and support of the Platform.
Facilitate internal management and communication among members of the User Entity.
Enable access to the various contracted functionalities (information, news, forums, surveys, voting, training, events, etc.).
Comply with contractual obligations arising from the use of the Platform.
Address user inquiries or technical issues.
Improve the security, stability, and user experience of the application.

The legal basis for processing will be, as applicable:

The performance of a contract or legal relationship (Art. 6.1.b GDPR).
Compliance with legal obligations (Art. 6.1.c GDPR).
The legitimate interest of the parties in ensuring the security, communication, and operation of the digital environment (Art. 6.1.f GDPR).
The user’s explicit consent where required (Art. 6.1.a GDPR).

6.4. DATA PROCESSED AND SOURCE

The types of personal data that may be processed through TOOL PRIVE include, among others:

Identification data (name, surname, email address, national identity document number or professional registration number).
Professional data or data related to membership in a professional association.
Access and usage data (username, encrypted password, connection logs, activity).
Internal communication and activity participation data.
Where applicable, images or documents shared by users within the authorized environment.

The data comes directly from the data subjects or from the User Entity that registers it in the system.

6.5. SECURITY MEASURES

MEDITY PLATFORMS S.L. implements an Information Security Management System certified in accordance with the National Security Framework (ENS), medium level, guaranteeing a high level of protection against risks that could affect the confidentiality, integrity, and availability of data.

The main technical and organizational measures adopted include:

Encryption of communications and passwords.
Access control and secure authentication.
Environment segmentation and activity logging.
Backups and recovery systems.
Security audits and periodic reviews.
Incident and breach management procedures.
Internal policies for data classification, retention, and disposal.
Ongoing training for personnel with access to personal or sensitive information.

These measures are regularly reviewed to ensure their effectiveness and adaptation to technological advancements.

6.6. DATA RETENTION

Personal data will be retained for the time necessary to fulfill the purposes of the processing and while the User Entity maintains its relationship with MEDITY PLATFORMS S.L. Once the contract or use of the Platform has ended:

The data will be securely deleted or anonymized, except for data that must be retained due to legal, contractual, or audit obligations.
Technical or security records will be retained for the period required in accordance with TOOL PRIVE’s Information Retention and Security Policy.

6.7. EXERCISE OF RIGHTS AND CONSENT MANAGEMENT

Users may exercise their rights of access, rectification, erasure, objection, restriction of processing, and data portability at any time, in accordance with Articles 15 to 22 of the GDPR.

These rights may be exercised through:

The User Entity, in its capacity as Data Controller.
Or directly to MEDITY PLATFORMS S.L., when acting as the data controller for technical or support aspects, by sending a request to: protecciondedatos@toolprive.com

Users may also withdraw their consent at any time, without affecting the lawfulness of processing based on prior consent.

MEDITY PLATFORMS S.L. has internal procedures for managing rights requests (ARSDOLP) and consent management, integrated into its Information Security System.

In case of disagreement, data subjects may file a complaint with the Spanish Data Protection Agency (www.aepd.es).

6.8. INTERNATIONAL TRANSFERS

Personal data processed through TOOL PRIVE will not be transferred outside the European Economic Area. Should any international transfer be required for technical or infrastructure reasons, it will be ensured that:

An adequacy decision has been issued by the European Commission, or
Standard contractual clauses or other mechanisms provided for by the GDPR are in place.

6.9. DATA PROCESSORS

For the provision of the service, MEDITY PLATFORMS S.L. may use technology providers or data processors, duly selected and contracted in accordance with Articles 28 and 32 of the GDPR.

These providers will offer hosting, technical support, maintenance, backups, or other complementary services, always under a written contract that guarantees compliance with the same confidentiality, security, and data protection obligations established by MEDITY PLATFORMS S.L.

The updated list of data processors will be available to User Entities and can be consulted upon request to protecciondedatos@toolprive.com.

6.10. SECURITY BREACH NOTIFICATION

In the event of a personal data breach, MEDITY PLATFORMS S.L. will notify the affected User Entity without undue delay, in accordance with Articles 33 and 34 of the GDPR and TOOL PRIVE’s Incident and Security Breach Management Policy.

The notification will include, at a minimum:

Description of the nature of the breach and the data categories affected.
Estimated date of detection and potential impact.
Measures taken to mitigate its effects.
Recommendations for the User Entity or stakeholders.

All incidents and actions taken will also be documented in the Security Incident Log, in accordance with the management system certified under the National Security Framework (ENS), medium level.

7. APPLICABLE LAW AND JURISDICTION

These General Terms of Use are governed by Spanish law, in particular by the provisions of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), Law 34/2002, on Information Society Services and Electronic Commerce (LSSI-CE), Law 9/2014, the General Telecommunications Law, Royal Decree 311/2022, which regulates the National Security Framework (ENS), as well as any other Spanish or European regulations applicable to digital services and the processing of personal data. Furthermore, TOOL PRIVE complies with the provisions of Regulation (EU) 2022/2065 of 19 October on a single market for digital services (Digital Services Act), with regard to transparency, content moderation and notification mechanisms.

The parties agree to resolve amicably any dispute or disagreement that may arise in connection with the interpretation or application of these Terms and Conditions. If no agreement is reached, the parties expressly submit to the jurisdiction of the Courts of the city of Salamanca, Spain, expressly waiving any other jurisdiction that may apply, unless otherwise provided by applicable law.

If any clause of these Terms and Conditions is declared null, invalid, or unenforceable by judicial or administrative ruling, such declaration shall not affect the validity or enforceability of the remaining provisions, which shall remain in full force and effect. In such case, MEDITY PLATFORMS S.L. shall replace the affected clause with another that, to the extent possible, maintains the original purpose and respects the spirit of the document.