DATA PROTECTION POLICY:
I. GESEMAL 2014 S.L. (the "Company") is an organization in which personal data processing activities occur, which gives it an important responsibility in the design and organization of procedures so that they are aligned with legal compliance in this area. In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, it approves this Personal Data Protection Policy, which it notifies to its Employees and makes available to all its Stakeholders.
1. Purpose The personal data protection policy is a measure of proactive responsibility that aims to ensure compliance with applicable legislation in this area and in relation to this, respect for the right to honor and privacy in the processing of personal data of all persons who are related to the Company. In development of the provisions of this Personal Data Protection Policy, the Principles governing the processing of data in the organization are established, and consequently, the procedures, and the organizational and security measures that the persons affected by this Policy undertake to implement in their area of responsibility. To this end, Management will assign responsibilities to the personnel involved in data processing operations.
2. Scope of application This Personal Data Protection Policy shall apply to the Company, its directors, officers and employees, as well as to all persons who deal with the Company, expressly including service providers with access to data ("Data Processors").
3. Principles of the treatment of personal data As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate it (Principle of "proactive responsibility"), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of "risk approach"). In relation to the above, GESEMAL 2014 S.L. shall ensure compliance with the following Principles:
- Lawfulness, loyalty, transparency and purpose limitation. The data processing must always be informed to the affected, through clauses and other procedures; and will only be considered legitimate if there is consent for the processing of data (with special attention to that provided by minors), or has another valid legitmación and the purpose thereof is in accordance with Normatva. - Data minimization. The data processed must be adequate, pertinent and limited to what is necessary in relation to the purposes of the processing.
- Accuracy. The data must be accurate and, if necessary, updated. In this respect, the necessary measures shall be taken to ensure that personal data that are inaccurate with respect to the purposes of the processing are deleted or corrected without delay.
- Limitation of the storage period. The data shall be kept in a form that allows the identification of data subjects for no longer than is necessary for the purposes of the processing.
- Integrity and Confidentiality. The data shall be processed in such a way as to ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by implementing appropriate technical or organizational measures.
- Transfer of data. It is forbidden to purchase or obtain personal data from illegitimate sources or in those cases where such data have been collected or transferred in contravention of the law or where their legitimate origin is not sufficiently guaranteed.
- Hiring of suppliers with access to data. Only suppliers that offer sufficient guarantees to apply appropriate technical and security measures in the processing of data will be chosen for contracting. With these third parties, the appropriate Agreement shall be documented in this regard.
- International data transfers. Any processing of personal data subject to European Union regulations involving a transfer of data outside the European Economic Area shall be carried out in strict compliance with the requirements set forth in the applicable law.
- Rights of data subjects. The Company will facilitate to the affected parties the exercise of the rights of access, rectification, suppression, limitation of processing, opposition and portability, establishing for this purpose the internal procedures, and in particular the models for its exercise that are necessary and appropriate, which must meet, at least, the legal requirements applicable in each case. The Company will promote that the principles contained in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered, (iii) in all contracts and obligations formalized or assumed, and (iv) in the implementation of all systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.
4. Commitment of employees Employees are informed of this Policy and declare that they are aware that personal information is an act of the Company, and in this respect they adhere to it, committing themselves to the following:
- Undertake the data protection awareness training that the Company makes available to them.
- Apply the security measures at user level that apply to their job, without prejudice to the responsibilities in its design and implementation that may be attributed depending on their role within GESEMAL 2014 SL.
- Use the formats established for the exercise of rights by those affected and inform the Company immediately so that the response can be made effective.
- Inform the Company, as soon as they become aware of deviations from the provisions of this Policy, in particular "Security breaches of personal data", using the format established for this purpose.
5. Monitoring and evaluation An annual verification, evaluation and assessment will be carried out, or whenever there are significant changes in the processing of data, of the effectiveness of the technical and organizational measures to ensure the security of the processing. GESEMAL 2014 S.L