PERSONAL DATA PROTECTION POLICY
11-08-2018
SOLUCIONES SICNOVA S.L. (The “Company”) is an organization in which data processing activities of a personal nature take place, which gives it an important responsibiliy in the design and organization of procedures so that they are aligned with the legal compliance in this matter.
In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, approves this Policy of protection of personal data, which is notified to its employees and is also available for all its interest groups.
- Purpose
The policy of protection of personal data is an action of proactive responsibility that has the purpose of ensuring compliance with the applicable legislation in this matter and relation to it, respect for the right to honor and privacy in the treatment of data of personal nature of all the people who is related to The Company.
In accordance with the provisions of this Personal Data Protection Policy, there is the establishment of the Principles that govern the data processing in the organization and, consequently, the procedures and the organizational and security measures that the people are afected by. These people is committed to implement this policy in their area of responsibility.
To this end, the Directorate will assign the responsibilities to the staff that participate in the data processing operations.
- Scope of application
This Policy of protection of personal data will apply to the Company, its administrators, managers and employees, as well as to all the people who is related to it, with the express inclusion of service providers with access to data (“Managers of the treatment”)
- Principles of the processing of personal data
As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate it (Principle of “Proactive responsibility”), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of “Risk approach”)
In conection with the above, SOLUCIONES SICNOVA S.L. will ensure compliance with the following Principles:
- Legality, loyalty, transparency and limitation of the purpose. In the data processing, the affected pary must always be informed, through clauses and other procedures; and it will only be considered legitimate if there is consent to the processing of data (with special attention to the one provided by minors), or has another valid legitimacy and the purpose thereof is in accordance with the Regulations.
- Minimization of data. The processed data must be adequate, relevant and limited to what is necessary in relation to the purposes of treatment.
- The data must be accurate and, if necessary, updated. In this regard, the necessary measures will be taken so that personal data that are inaccurate with respect to the purposes of the processing are deleted or rectified without delay.
- Limitation of the conversation period. The data will be mantained in such a way that allow identification of interested parties for no longer than necessary to the purposes of the treatment.
- Integrity and Confidentiality. The data will be treated in a way that guarantees an adequate security of the personal data, including the protection against the unauthorized or ilicit treatment and against its loss, destruction or accidental damage, through the application of the appropriate technical or organizational measures.
- Data transfer. The purchase or acquisition of personal data is prohibited, from illegitimate sources or in those cases in which said data have been collected or transferred in contravention of the law or their legitimate origin is not sufficiently guaranteed.
- Hiring of suppliers with access to data. Only suppliers that offer sufficient guarantees to apply appropriate technical and security measures in data processing will be selected for hiring. With these third parties, it will be documented due agreement in this regard.
- International data transfers. Any processing of personal data subject to European Union regulations that involve a transfer of data outside the European Economic Area must be carried out in strict compliance with the requierements established in the applicable law.
- Rights of the affected. The Company will provide those affected with the exercise of rights of access, rectification, deletion, limitation of treatment, opposition and portability, establishing for this purpose the internal procedures, and in particular, the models for its exercise that are necessary and timely, which must satisfy, at least, the legal requirements applicable in each case.
The Company will promote that the principles contained in this Policy of protection of personal data are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services that are offered, (iii) in all the contracts and obligations that they formalize or assume and (iv) in the implementation of any systems and platforms that allow the access of employees or third parties and / or the collection or processing of personal data.
- Worker Commitment
The workers are informed of this Policy and they are aware that the personal information is an asset of the Company, and in this respect they adhere to it, committing to the following:
- Carry out the awareness training on Data Protection that the Company puts at their disposal.
- Apply security measures at user level that apply to their job, without prejudice to the design and implementation responsibilities that could be atributed to them based on their role in SOLUCIONES SICNOVA S.L..
- Use the established formats for the exercise of Rights by those affected and immediately inform the Company so that the response can be made effective.
- Inform the Company, as soon as becoming aware, of deviations from the provisions of this Policy, in particular of “Personal data security breaches”, using the established format for this purpose.
- Control and evaluation.
A verification, evaluation and assessment will be carried out each year, or whenever there are significant changes in data processing, to verify the effectiveness of technical and organizational measures in order to ensure the safety of the treatment.
SOLUCIONES SICNOVA S.L..