Patient Portal is a service made available to users and patients of all Quironsalud hospitals or medical centers. It is a personal, private and secure space through which test results or medical reports about health care that user or someone under user supervision has received from any of the centers in the group where a patient has Clinical History can be consulted; they can be saved, printed, and downloaded, even from various centers.

Information held in health facilities is not stored on the Portal; however, the Portal has a storage space where the user can upload and share information.

Portal Patient simply shows you the unique information available in each of the group’s health centers where you have received health care.

Portal also allows direct communication with the health center, as through it you can consult and manage appointments; send forms; make non-faced appointments or communicate directly with your doctor, among other things.

By creating an account of the Patient Portal, you will also have access with the same credentials, free and voluntary to other applications or websites of the group, after registration and acceptance of their terms and conditions:

  • E-quironsalud: a website of electronic commerce through which you can purchase products, services or treatments related to your health.

Information on the processing of personal data in the patient portal

This document constitutes the privacy policy of the Patient Portal, for any question in this matter, the patient can contact the Data Protection Officer of the Quirónsalud Group with postal address at calle Zurbarán 28, 28010 de Madrid. You can also contact the Data Protection Officer by sending an e-mail to the following address: DPO@quironsalud.esThis link opens in a popup window.

Who is Data Controller?

Data Controllers of health information and/or dta related administrative services are the companies that run the health centers. To consult the privacy policy of each of them you can go to their website.

To create and manage access to the functionalities of the Portal, Data Controller is IDCQ HOSPITALES Y SANIDAD S.L.U, an entity belonging to the Quironsalud Group.

What personal data do we process and where does it come from?

The following categories of personal data may be processed in connection with your relationship with us:

  • Identifying data, contact data for users or their representatives;
  • Health-related data;
  • If the user allows such collection, patient location data (geolocation) will be processed through various media, depending on the service and device being used, including GPS (via your mobile device settings), Bluetooth or Wi-Fi connections. The collection of location information (geolocation) takes place in the background on the device, even when the service is not used, if the permission granted by the patient allows such collection. The data may come from the user himself or, if applicable, his legal representative or volunteer.

For what purpose do we process your personal data?

Personal data may be processed by the controller for the following purposes:

  1. Channel of communication with the health center: display Electronic Medical History; management of appointments, access to certain medical tests, etc. Sending information and activities for monitoring care processes; promotion and prevention of health from your center, remind you of your appointments and reviews in health centers; conduct surveys to know your opinion on the care received and that will be used only to improve and develop our services; etc.
  2. Synchronization with the mobile health applications of the mobile device: if you expressly consent, you can consult the data on physical activity and sleep habits recorded in your mobile applications from the Patient Portal. If you synchronize with Google, your use and transfer of information received from Google APIs to any other application complies with the Google API Services User Data Policy, including limited usage requirements.
  3. Attention to requests for information, complaints, suggestions, complaints, complaints, complaints, exercise of data protection rights, etc.: in these cases, your data will be processed for the purpose of managing and processing the request.
  4. Compliance with legal obligations: it may be necessary to process personal data to comply with the relevant legal requirements. Specifically, to comply with data protection legislation, tax, health, etc.
  5. Sending commercial communications by any means in case of additional consent: if you explicitly consent, your data may be transferred to the entities of the quironsalud group for the purpose of informing you by any means for promotional and advertising purposes about the centers, services, products or events related to the health sector and/ or health of the companies of the Quirónsalud Hospital Group (in no case will your data be used to send you advertising content other than Quirónsalud).
  6. Location (Geolocation) of the patient: if you explicitly consent, your location data may be processed to welcome you and provide you with specific services geared towards a better experience within the hospital as an indoor guided tour in the hospital facilities, self-registration of admission if you have a medical appointment, self-registration in the emergency room, among others) and/ or to provide you with information from health centers of the Quirónsalud Hospital Group and pharmacies closest to your location.
  7. Creation and management of credentials and management of incidents: through the credentials access is allowed to the Portal and, if applicable, to other applications of the quironsalud group. Remember that passwords are personal and non-transferable. For your own security keep them safe and do not share them with third parties

The data collected will be processed for specified purposes and in no case in a way incompatible with those purposes.

Lawfulness of processing

Purpose Legal bases
Communication channel with the health center Data Subject Consent when registering as a user of the portal and/or legitimate interest of the controller
Creation and management of credentials and incident management Data Subject Consent to register as a user of the portal, and/or legitimate interest of the controller and/or for compliance with a legal obligation.
Synchronization with mobile health apps on the mobile device Data Subject Consent
Attention of requests Data Subject Consent and/or legitimate interest of the controller and/or for compliance with legal obligation.
Compliance with legal obligations Processing necessary for the compliance of a legal obligation
Sending commercial communications Data Subject Consent
Location (geolocation) of the patient Data Subject Consent

How long will we keep your data?

In general, your data will only be kept for the time strictly necessary for the purpose for which they were collected.

The data related to the health center will be kept for the time appropriate to each case and based on the privacy policy of the same.

The personal data provided for the management of your credentials will be kept until the user cancels the portal or requests the deletion of the data, in which case it will be lost to access the portal. The incidents or queries sent will be kept for the time necessary for their processing and a maximum of 3 years.

The data collected by the synchronization with the mobile health applications of the mobile device will be kept until the data subject revokes the consent.

Personal data provided for the purpose of managing any request for information, complaint, suggestion, complaint, complaint, exercise of data protection rights, etc., will be kept for as long as necessary to process the request, and in any case during the time legally established, as well as during the period necessary for the formulation, exercise or defense of claims.

Data processed for the fulfilment of legal obligations will be kept for the time set out in the applicable law.

The data processed for sending commercial communications will be kept until the interested party revokes the consent and/or exercises its rights of opposition and/or deletion.

The data processed for the location (geolocation) of the patient will be kept until the person concerned revokes the consent. The data subject can change the settings of his device to consent or oppose the collection of information or the display of corresponding notifications

To which recipients will your data be communicated?

To ensure proper service provision, it is necessary that certain service providers and/or entities of the group who process data on behalf of the controller and as processors their personal data. These entities may be, for example, IT service providers.

Your personal data for identification and to ensure the proper functioning of the service, may be shared by the different entities of the Quirónsalud group (see entities)This link opens in a popup window based on the legitimate interest of the controller and in accordance with the provisions of recital 48 of the GDPR.

What are your rights when you provide us with your data?

Through Portal, your right of access is granted as it allows access to your medical history, being a user of a system of remote, direct and secure access to personal data that guarantees, in a permanent way, access to all information in accordance with article 13.2 de la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales.

You may exercise your rights of access, rectification of inaccurate data; request the deletion, when, among other reasons the data is no longer necessary for the purposes that were collected; in certain circumstances you can also request the limitation of the processing of your data, in which case we will only retain them for the exercise or defense of claims; finally, and for reasons related to your particular situation, you may also exercise the right of opposition and portability. You can also revoke your consent to the processing of your data at any time.

The exercise of the rights, as well as the revocation of consent for the processing of your data are free of charge, except in the cases of art. 12.5 of Regulation (EU) 679/2016. You can exercise your rights through the form of the Portal: https://www.quironsalud.com/es/portal-paciente/contactar.This link opens in a popup window In case you want to exercise your rights with a health center, you can fill out the following Rights Application FormThis link opens in a popup window and send it to the patient care service of the health center to which it is addressed. In some cases, you can also exercise your rights with the health center from the portal itself.

In addition, we inform you of the possibility of lodging a complaint with the competent supervisory authority, according to the appropriate procedure according to the specific case.

Updating the Privacy Policy

This privacy policy may be amended or updated to reflect changes in applicable law, case law, industry practices, or changes in how we handle your data. For this reason, we advise users to visit our privacy policy periodically.

Privacy Policy updated in August 2025