Who is the controller in charge of processing your personal data?

Company name:  BAMBÚ DE ROCA SL 

Tax identification number: B98691074

Headquarters: Avda. General Avilés, N.º 90 bajo 46015 Valencia

Delegation: Calle Llandells, 2-4 Bajo 12598 Peñíscola Castellón

Telephone: 961042557 Headquarters / 964489132 Peñíscola Office


Contact our Data Protection Officer (DPO):

For what purpose will we process your personal data?

Your personal data will be used to allow us to maintain relationships of any type with our clients as a consequence of a contractual/healthcare contract, particularly related to economic, administrativeand fiscal, quality and personalised attention management that is necessary to meet the requirements of the contractual/healthcare relationship.

How long will we keep your personal data for?

Your personal data will be kept for the duration of the established relationship, and once this has ended, it will be kept for the legal economical and fiscal time periods. Depending on the type of document, this could vary from a minimum of four years to a maximum of ten years.

What is the legitimation for the processing of my personal data?

The legal base for the processing of your personal data is:

The identifying and contact details that are required for the development of a contractual activity established between providers, whose aim is to establish relationships of any type with them to give substance to this relationship and particular referring to invoicing, payment, accountancy, and fiscal obligations based on the legitimate interest of the controller, in accordance with Article. 6.1 f) of the GDPR and Article 19 of the Organic Data Protection Law.

As a consequence of the contractual relationship established with clients, the controller has legal economical and fiscal obligations derived from the following principle regulation, and they have their incidence in the retention periods:

Code of Commerce of 1885

Corporate Tax Law (RDL 4/2004, of the 5th of March) Article.133.1

Fiscal rules

General Taxation Law 58/2003

Article 24 of the RD Leg. 1/2011 of the 1st July, which approved the consolidated text for Law for Account Auditing

Royal decree 1514/2007, of the 16th of November, which approved the General Accountancy Plan.

Am I obliged to provide my personal data?

Contractual requirement

What will happen if I do not provide it?

It will not be possible to provide the requested service

Will we disclose your persona data?

Recipients or categories of recipients.

TAX AUTHORITYto comply with fiscal obligations.
SAVINGS BANKS AND RURAL SAVINGS UNIONSto charge for the provided services.

What rights do I have when I provide my personal data?

Right of Access: You have the right to know whether we are processing your data and to receive this information in writingvia the requested means.

Right to Rectification: You have the right to request the rectification of your data if it is inaccurate or incomplete.

You have the right to request the erasure of your data. However, remember that the right to deletion remains limited when there is a legal obligation to retain or block your data.

In certain circumstances, the data subjects may request the restriction of processing of their data. In this case we will only keep it for the exercise or defence of legal claims, protect third parties or for significant public interest reasons.

In certain circumstances and for reasons related to a particular situation, you may object to the processing of your data. The controller will stop processing your data, unless there are superior legitimate grounds for the processing, or for the exercise or defence of legal claims

When the processing of data is based on consent or on a contract or pre-contract, and it is carried out by automated means, you have the right to data portability. This means that it will be provided in a structured, commonly used and machine-readable format, including providing it to a new responsible figure..

Any interested party may lodge a complaint with the competent data protection supervisory authority, especially when they are not satisfied with the exercise of their rights. They can be contacted in writing at  Spanish Personal Data Protection Agency (Agencia Española de Protección de Datos Personales) at C/Jorge Juan n.º 6, 28001 Madrid or online at

The models to request the exercise of your rights can be found in the Privacy Policies/rightsof our website. You may also request them in writing from our management team, or online on the supervisory authority’s website . These must be sent to the manager’s postal or email address.