Skip to content

Privacy Policy

This notice explains how NeuroBehavior Clinic handles personal data across website enquiries, clinical referrals, research participation, forensic or institutional work, recruitment, and professional collaboration. It is designed to be read together with any protocol-specific consent form, clinical documentation, or institutional data notice provided to you.

Data Controller

NeuroBehavior Clinic
Hospital Clínic de Barcelona
Carrer de Villarroel 170, 08036 Barcelona, Spain

Privacy Contact

privacy@neurobehaviorclinic.com

Use this address for privacy questions, data-rights requests, or concerns about confidentiality.

Applicable Frameworks

EU GDPR, Spanish data protection law, Swiss data protection law where relevant, professional confidentiality duties, ethics approvals, and protocol-specific research governance.

1. Scope of This Notice

This public notice covers website use, contact forms, clinical or institutional enquiries, collaboration messages, job applications, and general information requests.

Clinical care, research studies, forensic instructions, and partner projects may include more specific privacy information. Where a specific consent form or protocol notice applies, it should be read as the controlling document for that activity.

2. Categories of Data We May Process

Website and contact data

Name, email address, organisation, phone number, enquiry type, message content, language preference, IP address, browser data, device information, and basic security logs.

Clinical and referral data

Referral questions, appointment administration, clinical history supplied by the patient or referrer, assessment notes, reports, and legally required documentation.

Research data

Eligibility data, consent records, study identifiers, behavioral tasks, psychometric scales, neuroimaging, EEG, fNIRS, biometrics, psychophysiology, and coded research datasets.

Professional and recruitment data

CVs, qualifications, publications, references, application messages, interview notes, professional profiles, and collaboration history.

3. Sensitive and Special-Category Data

Health, psychological, neurobiological, biometric, genetic, forensic, and research data may be sensitive. Such data is processed only where there is a defined purpose, appropriate legal basis, ethics or clinical justification where required, access control, confidentiality safeguards, and proportionate documentation. Research data is coded, pseudonymized, or anonymized whenever this is compatible with the protocol and scientific purpose.

4. Purposes and Legal Bases

Responding to enquiries: to answer clinical, research, institutional, media, collaboration, or recruitment messages. Legal basis may include legitimate interests or steps prior to a possible service, employment, or collaboration relationship.

Clinical administration and documentation: to assess suitability, schedule appointments, prepare records, manage reports, and meet professional obligations. Legal basis may include contract, legal obligation, legitimate interests, and health-care related grounds for sensitive data.

Scientific research: to conduct approved studies under protocol-specific consent, ethics review, and data governance. Legal basis depends on the study and may include explicit consent, public-interest research provisions, legitimate interests, or applicable research-law grounds.

Forensic or institutional work: to respond to authorized referral questions, maintain records, support report preparation, and preserve evidentiary integrity within the agreed scope.

Security and compliance: to protect systems, prevent misuse, respond to lawful requests, manage incidents, and comply with regulatory, ethics, audit, or professional requirements.

5. Roles, Recipients, and Service Providers

Depending on the activity, NeuroBehavior Clinic may act as a controller, joint controller, or processor acting under documented instructions from an institution, sponsor, hospital, court, or collaborator.

Data may be accessed by authorized clinical staff, researchers, research coordinators, administrative staff, ethics bodies, institutional partners, IT providers, secure storage providers, laboratories, auditors, insurers, legal authorities, or other recipients where there is a documented and lawful reason.

6. International Transfers and Cross-Border Research

Some clinical, research, or collaboration activities may involve Spain, Switzerland, EU/EEA partners, or non-EU institutions. Where personal data is transferred internationally, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, data-processing agreements, pseudonymization, access restrictions, ethics-approved transfer rules, or protocol-specific limitations.

7. Retention

Website enquiries: retained while active and for a reasonable administrative period afterward.

Clinical records: retained according to professional, institutional, Spanish, Swiss, and legal record-keeping duties.

Research records: retained according to the protocol, consent language, ethics approval, funder requirements, and scientific integrity standards.

Recruitment records: retained for the recruitment process and a limited period for legitimate administrative or legal purposes.

8. Security Measures

Access control: role-based access to sensitive systems.

Pseudonymization: coded identifiers for research datasets where possible.

Secure handling: controlled document storage, restricted file access, and staff confidentiality duties.

Incident response: review, containment, documentation, and notification procedures where required by law.

9. Your Rights

Depending on the applicable law and processing context, you may have rights to information, access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and safeguards concerning automated decision-making or profiling.

Spain / EU: the Agencia Española de Protección de Datos (AEPD) may be relevant for processing connected with Spain or EU GDPR.

Switzerland: the Federal Data Protection and Information Commissioner (FDPIC) may be relevant for processing connected with Switzerland.

To exercise rights, contact privacy@neurobehaviorclinic.com. We may need to verify your identity and the context of processing before responding.

10. Automated Decision-Making

NeuroBehavior Clinic may use statistical or computational tools for research analysis, quality control, or clinical support. We do not use website contact data to make solely automated decisions with legal or similarly significant effects. Any clinically relevant interpretation requires professional review and appropriate context.

11. Cookies and Website Analytics

The website may use technical cookies or similar technologies required for security, navigation, language selection, and basic performance. If optional analytics, advertising, or third-party tracking tools are introduced, they should be governed by an appropriate consent and information mechanism.

12. Updates

We may update this notice when our services, research operations, technology, partners, or legal obligations change. The current version is published on this page.