Data Protection Policy
The protection of natural persons in relation to the processing of their personal data is a fundamental right established in Article 8.1 of the Charter of Fundamental Rights of the European Union and Article 16.1 of the Treaty on the Functioning of the European Union, thus transferred in article 18.4 of the Spanish Constitution that states that "the law shall limit the use of information technology to guarantee the honor and personal and family privacy of citizens and the full exercise of their rights."
TRADINFORME, SL, within the framework of its commitment regarding regulatory compliance, approves this DATA PROTECTION POLICY, hereinafter, the Policy, in which it develops the rules and principles of conduct that should serve as a guide for professionals of TRADINFORME, SL, in relation to the protection of personal data in accordance with current legislation.
This Policy is intended to inform the professionals of TRADINFORME, S.L. the applicable regulations on data protection and, in particular, REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, concerning the protection of natural persons with regard to the treatment of personal data and the free circulation of these data and which repeals Directive 95/46 / EC (hereinafter, RGPD). The rules of action contained in this Policy will be applicable in the context of work performed by professionals of TRADINFORME, SL and will aim to protect personal data, both professionals and all third parties (suppliers, customers, etc.) that are related to TRADINFORME, S.L.
The rules included in this Policy are mandatory guidelines for all professionals of TRADINFORME, S.L. that, in addition, they should use their best efforts to ensure that they are respected, both by other professionals and subcontractors of TRADINFORME, S.L., in the event that they participate in activities that involve the processing of personal data.
The rules contained in this Policy will be complemented with the provisions of the Manual of Functions and Obligations for the personnel of TRADINFORME, S.L.
Area of application
This Policy applies to the total or partially automated or non-automated processing of personal data in the environment of the activities developed by TRADINFORME, S.L.
On the other hand, this Policy applies to all professionals of TRADINFORME, S.L., regardless of their hierarchical position within the organization or their professional qualification or the type of their relationship with TRADINFORME, S.L.
Chapter II of the RGPD establishes the principles that govern data protection and that, therefore, form the basis of this Policy:
- Principle of "legality, loyalty and transparency"
TRADINFORME, S.L. will treat the personal data in a lawful, loyal and transparent way, that is, the interested party will be informed about the treatment of their data and the specific purposes, offering all the additional information that is necessary.
Individuals will be informed that they are collecting, using, consulting or otherwise treating personal data that concerns them, as well as the extent to which said data is or will be processed. Personal data will be treated in a way that ensures security and adequate confidentiality, including to prevent unauthorized access or use of said data and the equipment used in the processing. Personal data will not be processed without the consent of the interested party or in accordance with the general rules of the applicable legislation.
TRADINFORME, S.L. will not collect or process personal data related to ethnic or racial origin, political opinions, religious or philosophical convictions or union affiliation and the processing of genetic data, biometric data aimed at univocally identifying a natural person, data relating to the health or data relating to sexual life or sexual orientation of a natural person, unless such collection and subsequent treatment were necessary, legitimate or mandatory or permitted by applicable law, in which case they will be collected and treated in accordance with the provisions in that.
- Principle of "limitation of purpose"
Data people treated by TRADINFORME, S.L. they will always be collected for specific, explicit and legitimate purposes and will not be subsequently processed in a manner incompatible with them; Unless they are treated in the future for archival purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the initial purposes.
- Principio de “minimización de datos”
TRADINFORME, S.L. will not keep the personal data that is processed beyond the time necessary for the purposes for which they were collected, except legal obligation or if they are kept for the purpose of filing in the public interest, scientific or historical research purposes or statistical purposes.
- Principle of "data minimization"
TRADINFORME, S.L. ensure that the personal data processed are accurate and up-to-date, adopting for that reason those reasonable measures to be deleted or rectified when it is detected that they are inaccurate with respect to the purposes for which they were collected.
- Principle of "data minimization"
TRADINFORME, S.L. no conservará los datos personales que trate más allá del tiempo necesario para los fines para los que se recogieron, salvo obligación legal o si se conservan con fines de archivo en interés público, fines de investigación científica o histórica o fines estadísticos.
- Principle of "integrity and confidentiality"
TRADINFORME, S.L. will seek to guarantee the integrity and confidentiality of the personal data processed, applying technical or organizational measures to protect them from unauthorized or illegal treatments, against their loss, destruction or accidental damage.
TRADINFORME, S.L. commits to compliance with the principles listed above by applying due diligence and must be able to demonstrate compliance by applying a "proactive responsibility" that translates into:
- Risk assessment or analysis
The controller is obliged to apply timely and effective measures and must be able to demonstrate the conformity of the treatment activities with the applicable legislation, including the effectiveness of the measures. Such measures must take into account the nature, scope, context and purposes of the treatment, as well as the risk to the rights and freedoms of natural persons. For this, TRADINFORME, S.L. will perform an evaluation or analysis of the risk of the treatments carried out, in order to weigh on the basis of an objective evaluation by means of which it is determined whether the data processing operations involve a risk and if this is high, thus determining that the applied measures are in accordance with legal obligations.
- Impact evaluation
TRADINFORME, S.L. It will carry out impact evaluations in those cases foreseen in the applicable legislation, that is, when there is a probability that a certain treatment and, in particular, if new technologies are used and involves a high risk for the rights and freedoms of natural persons. . The likelihood that the type of treatment involves risks will be assessed according to the following criteria: its nature, scope and the context or purposes of the type of treatment. The impact assessment will include, in particular, the measures, guarantees and mechanisms provided to mitigate the risk, guarantee the protection of personal data and demonstrate compliance with the applicable legislation.
For this, the guidelines and instructions established in the corresponding internal procedure must be followed.
- Registration of treatment activities
TRADINFORME, S.L., both when acting as responsible for treatment and when acting as responsible for the treatment of some of its clients, will maintain records of the treatment activities under its responsibility.
- Security breaches
In case of an incident in the processing of personal data for which is responsible TRADINFORME, S.L. and that may involve physical, material or immaterial damage or injury to natural persons, such as loss of control over their personal data or restriction of their rights, discrimination, identity theft, financial losses, unauthorized reversion of pseudonymization, damage to the reputation, loss of confidentiality of data subject to professional secrecy or any other significant economic or social damage to the individual owner of the personal data, will follow the guidelines and internal rules established in TRADINFORME, SL for the management of calls Security breaches or breaches.
- Responsible for Data Protection
TRADINFORME, S.L. He has appointed Helas Consultores as Data Protection Delegate. S.L.
Rights of the interested parties
TRADINFORME, S.L. undertakes to provide the interested party with the exercise of their rights recognized by the applicable legislation:
- Right of access;
- Right of rectification;
- Right of withdrawal (right to be forgotten);
- Right to limitation of treatment;
- Right to data portability;
- Right of opposition and not to be subject to automated individual decisions.
For this, the guidelines and rules established in the internal procedures that regulate the exercise of the rights of the interested parties will be followed.
Managers of the treatment
TRADINFORME, S.L. it has internal contracting procedures that regulate and establish the concrete measures to be taken regarding the contracting of the services of suppliers that access data, occupying the figure of treatment managers, as well as those suppliers that, without being responsible for treatment , they could access accidentally or accessory to personal data, responsibility of TRADINFORME, SL The provision of these services will be regulated in the corresponding data treatment contracts or including ad hoc clauses in the main contract of the service.
International data transfers
Currently, TRADINFORME, S.L. does not perform data processing that involves an international transfer of data to third States that do not offer the same security as the Member States of the European Union or those recognized by the Commission as a safe destination. In the event that this occurs, TRADINFORME, S.L. ensure that any treatment that involves a transfer of data outside the Union or to countries that do not have an adequate level of data protection, is carried out in compliance with the requirements established in the applicable legislation.
Implementation: the Data Protection Management System
Following the principles and standards included in this Policy, TRADINFORME, S.L. will develop the appropriate internal procedures, or any other internal support document, that will allow the implementation of the applicable legislation, thus forming a Data Protection Management System. These procedures or supporting documents will be mandatory for all professionals TRADINFORME, S.L.
The data protection delegate or the Security Committee, as the case may be, will be responsible for monitoring the compliance and implementation of the aforementioned Data Protection Management System, coordinating at all times with those responsible for subsidiaries or delegations.
Control and evaluation
The Data Protection Management System will have to be checked and evaluated periodically. For this purpose, a periodic audit of compliance with the provisions of this Policy and applicable legislation in general will be carried out under the direction and supervision of the Security Committee (or Data Protection Delegate, if any).
The Data Protection Policy will be available as documented information, it will be communicated to all interested parties and professionals who will respect and implement it. It will also be available through the website (http://www.tradinforme.es).