Email addresses

Email addresses

The e-mail addresses of the professionals of the Consorci Corporació Sanitària Parc Taulí de Sabadell that appear on this website are disseminated to facilitate communication between professionals and citizens. In no case to be used for the dissemination of advertising in any of its formats.

Functions and action plan

Data Protection Officer functions and action plan CCSPT

I.- FUNCTIONS

1.  Inform and advise the person responsible for and in charge of the processing of personal data, as well as the professionals who deal with the processing of the obligations that are incumbent on them under the Regulation and other data protection provisions.
2. Supervise compliance with the provisions of the regulatory regulations and the policies of the person responsible for data processing, in matters of data protection.
3. Provide the advice requested on the impact assessment relating to the protection of personal data.
4. Cooperate with the Catalan Data Protection Authority (ACPD) and act as a point of contact with it.
5. Intervene in the event that interested parties present a potential claim before the ACPD.
6. To address the questions of interested parties regarding the processing of their personal data and the exercise of their rights under the General Data Protection Regulation (GDPR).
7. Participate in collegial bodies, committees and commissions in their capacity as Data Protection Delegate and, especially those in which the Law requires their incorporation.
8. Ensure compliance with the GDPR and identify the risks associated with processing operations, taking into account the nature, scope, content and purposes of the processing, offering the controller the necessary assistance and advice for the adoption of the necessary measures and supervising that they have been put into practice.
9. Seek training actions in the format of pills, messages, or online or classroom training, generic or sectorized by professional groups, that ensure knowledge of the obligations regarding confidentiality and data protection.
10. Biannually (the periodicity of the actions) will be the link with the external auditors who must carry out the field work and write the mandatory Report.

II.- GUARANTEES 

A.- The person responsible and, where applicable, the person in charge of the treatment, are obliged to:

1. Guarantee that the DPO participates appropriately and in a timely manner in the development of the assigned functions.
2. They will support the DPO in the exercise of his/her functions and, in particular, guaranteeing his/her legal position, the exercise of his/her functions with autonomy and having sufficient resources to carry out his/her function effectively.
3. They will ensure that the DPO does not receive any instructions in the performance of his/her duties.

                       

B.- He may not be sanctioned or dismissed for acts related to the exercise of his functions, except in cases of intent or serious negligence, and without prejudice to his subjection to the internal control and supervision rules of the organization.

C.- Will report to the highest hierarchical level of the Controller or person in charge of the treatment.  

D.- Failure to follow the recommendations, criteria or requests of the DPO by the data controller must be accompanied by the good practice of “documenting with reasons the non-compliance with the DPO criteria”.

E.- He must guarantee that conflicts of interest are avoided and, therefore, he cannot intervene in the adoption of decisions or in the execution of certain actions on which he will later be the object of his work.  

III.- OBLIGATIONS

1. Professional secrecy and confidentiality with respect to all data to which you have access based on your position, an obligation that is indefinite, that is, beyond the date of your removal from office.
2. Respond to each of the functions listed in the previous section 1.
3. It will act as a point of contact for interested parties in everything that concerns their personal data and especially the exercise of ARSOPOL rights and traceability, advising the Data Controller with respect to each specific situation, notifying interested parties, in a timely manner, of the resolution adopted when the Data Controller does not do so directly.
4. Develop its functions with full independence to prioritize them based on the severity, probability and different risks to the rights and freedoms of natural persons.

IV.- DESIGNATION

1.  The designation will be made in accordance with article 37.5 of the GDPR.

In the field of the Department of Health, article 2.2 and article 6 of Decree 148/2023 of August 1 on the data protection delegates of the Administration of the Generalitat and its public sector, an appointment was made by the General Secretariat of the Department of Health on March 01, 2025, an appointment that was tacitly confirmed by Resolution of the Minister of Health on July 29, 2024 within the framework of Order SLT/131/2024 of June 6, which determines the organization of the Data Protection delegation in the field of the Department of Health and the entities of its public sector on the occasion of the appointment of the same DPD by the linked entities SABADELL GENT GRAN CENTRE DE SERVEIS SA I COORDINACIÓ LOGÍSTICA SANITÀRIA AIE.

2. The designated person is Antoni Llamas Losilla. Lic. in Law. Professional of the Consortium.  This e-mail address is being protected from robots spam.Necessites Javascript enabled to view it. . DPD Parc Taulí. Parc del Taulí núm. 1 (08208) Sabadell

V.- ANNUAL ACTION PLAN

The DPD will carry out annually, some proactively and others on demand, due to their very nature, the functions listed in section I above and:

A.- Periodically (monthly, quarterly or semi-annually) it will provide at least the management level of the Data Controller with reports on:

1. Queries raised with the Catalan Data Protection Authority
2. Inquiries raised to external consultants or to the Type Code
3. Inquiries received from the organization and reports issued.
4. Criteria applied, where applicable, in the exercise of advisory and control functions (such as criteria for assessing risk assessment and monitoring or impact assessments).
5. Systematized information on the exercise of the rights of access, rectification, deletion, opposition, portability, limitation and traceability as well as the meaning of the resolutions issued by the Controller.  
6. Security incidents with indication of whether they have been notified to interested parties and the ACPD.
7. RAT matrix by associated risks and ARSOPOL+T rights exercised.

B.- Will program, carry out and report on the training actions to be carried out in each exercise.

C.- It will prepare during the calendar quarter of each year the annual report of the activities carried out in the previous year closed with respect to the aspects included in the preceding sections and the rest of the activities carried out or vicissitudes that have occurred on which it has had to intervene in matters of data protection. Said report will include an analysis of the resources at its disposal, including an assessment of their suitability, which will take into account, among others, the adequacy of its dedication in the event of partiality, the incorporation of new technologies into the treatments, the regulatory changes produced as well as its training needs. This report must be taken into account by the data controller when establishing the scope of the actions for the year following that of the report.

D.- It may incorporate an annual schedule of extraordinary actions planned for each financial year, assigning responsibilities, resources and deadlines.

VI.- PLANNING

The Annual Plan will contain the following variables depending on the available human and material resources:

Professionals available in terms of ETC: 0,9

Activities	Frequency
ARSOPOL+ Tr	Permanent
Committees and Commissions	Weekly / Monthly
Inquiries and Reports	Asked
Contract review	Asked
Documentation preparation/ ACPD / areas / reviews	Continued
Meetings Advice	Asked
Training preparation	Permanent
other

 

Data protection officer functions and action plan Sabadell Gent Gran

I.- FUNCTIONS

1. Inform and advise the person responsible for and in charge of the processing of personal data, as well as the professionals who deal with the processing of the obligations that are incumbent on them under the Regulation and other data protection provisions.
2. Supervise compliance with the provisions of the regulatory regulations and the policies of the person responsible for data processing, in matters of data protection.
3. Provide the advice requested on the impact assessment relating to the protection of personal data.
4. Cooperate with the Catalan Data Protection Authority (ACPD) and act as a point of contact with it.
5. Intervene in the event that interested parties present a potential claim before the ACPD.
6. To address the questions of interested parties regarding the processing of their personal data and the exercise of their rights under the General Data Protection Regulation (GDPR).
7. Participate in collegial bodies, committees and commissions in their capacity as Data Protection Delegate and, especially those in which the Law requires their incorporation.
8. Ensure compliance with the GDPR and identify the risks associated with processing operations, taking into account the nature, scope, content and purposes of the processing, offering the controller the necessary assistance and advice for the adoption of the necessary measures and supervising that they have been put into practice.
9. Seek training actions in the format of pills, messages, or online or classroom training, generic or sectorized by professional groups, that ensure knowledge of the obligations regarding confidentiality and data protection.
10. Biannually (the periodicity of the actions) will be the link with the external auditors who must carry out the field work and write the mandatory Report.

           

II.- GUARANTEES

 

A.- The person responsible and, where applicable, the person in charge of the treatment, are obliged to:

1. Guarantee that the DPO participates appropriately and in a timely manner in the development of the assigned functions.
2. They will support the DPO in the exercise of his/her functions and, in particular, guaranteeing his/her legal position, the exercise of his/her functions with autonomy and having sufficient resources to carry out his/her function effectively.
3. They will ensure that the DPO does not receive any instructions in the performance of his/her duties.                       

B.- He may not be sanctioned or dismissed for acts related to the exercise of his functions, except in cases of intent or serious negligence, and without prejudice to his subjection to the internal control and supervision rules of the organization.

C.- Will report to the highest hierarchical level of the Controller or person in charge of the treatment. 

D.- Failure to follow the recommendations, criteria or requests of the DPO by the data controller must be accompanied by the good practice of “documenting with reasons the non-compliance with the DPO criteria”.

E.- He must guarantee that conflicts of interest are avoided and, therefore, he cannot intervene in the adoption of decisions or in the execution of certain actions on which he will later be the object of his work.  

III.- OBLIGATIONS

1. Professional secrecy and confidentiality with respect to all data to which you have access based on your position, an obligation that is indefinite, that is, beyond the date of your removal from office.
2. Respond to each of the functions listed in the previous section 1.
3. It will act as a point of contact for interested parties in everything that concerns their personal data and especially the exercise of ARSOPOL rights and traceability, advising the Data Controller with respect to each specific situation, notifying interested parties, in a timely manner, of the resolution adopted when the Data Controller does not do so directly.
4. Develop its functions with full independence to prioritize them based on the severity, probability and different risks to the rights and freedoms of natural persons.

IV.- DESIGNATION

1. The designation will be made in accordance with article 37.5 of the GDPR.

The appointment of the DPD of the entity was carried out by Resolution of the Minister of Health on July 29, 2024 within the framework of Order SLT/131/2024 of June 6, which determines the organization of the Data Protection delegation within the scope of the Department of Health and its public sector entities on the occasion of the appointment of the same DPD by the linked entities SABADELL GENT GRAN CENTRE DE SERVEIS SA I COORDINACIÓ LOGÍSTICA SANITÀRIA AIE.

It should be remembered that Sabadell Gent Gran is included in the Health sector since its sole partner is the Parc Taulí Healthcare Corporation Consortium. The entity's DPD person is the same person who holds the position in the Consortium and who was appointed DPD of that entity on March 1, 2024 in accordance with article 2.2 and article 6 of Decree 148/2023 of August 1 on the data protection delegated persons of the Administration of the Generalitat and its public sector.

2. The designated person is Antoni Llamas Losilla. Lic. in Law. Professional of the Consortium.  This e-mail address is being protected from robots spam.Necessites Javascript enabled to view it. . DPD Parc Taulí. Parc del Taulí núm. 1 (08208) Sabadell

V.- ANNUAL ACTION PLAN

The DPD will carry out annually, some proactively and others on demand, due to their very nature, the functions listed in section I above and:

A.- Periodically (monthly, quarterly or semi-annually) it will provide at most to the management level of the Data Controller reports on:

1. Queries raised with the Catalan Data Protection Authority
2. Inquiries raised to external consultants or to the Type Code
3. Inquiries received from the organization and reports issued.
4. Criteria applied, where applicable, in the exercise of advisory and control functions (such as criteria for assessing risk assessment and monitoring or impact assessments).
5. Systematized information on the exercise of the rights of access, rectification, deletion, opposition, portability, limitation and traceability as well as the meaning of the resolutions issued by the Controller.
6. Security incidents with indication of whether they have been notified to interested parties and the ACPD.
7. RAT matrix by associated risks and ARSOPOL+T rights exercised.

B.- Will program, carry out and report on the training actions to be carried out in each exercise.

C.- It will prepare during the calendar quarter of each year the annual report of the activities carried out in the previous year closed with respect to the aspects included in the preceding sections and the rest of the activities carried out or vicissitudes that have occurred on which it has had to intervene in matters of data protection. Said report will include an analysis of the resources at its disposal, including an assessment of their suitability, which will take into account, among others, the adequacy of its dedication in the event of partiality, the incorporation of new technologies into the treatments, the regulatory changes produced as well as its training needs. This report must be taken into account by the data controller when establishing the scope of the actions for the year following that of the report.

D.- It may incorporate an annual schedule of extraordinary actions planned for each financial year, assigning responsibilities, resources and deadlines.

 

VI.- PLANNING

The Annual Plan will contain the different actions depending on the human and material resources available:

Professionals available in terms of ETC: 0,05