DATA PROTECTION POLICY

 

 

The Management / Governing Body of OPTIMISSA SERVICIOS PROFESIONALES, S.L. (hereinafter, the controller), assumes the maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, ensuring continuous improvement of the controller with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the European Council dated 27 April 2016, on the protection of individuals with regards to the processing of personal data and the free movement of such data and the Directive 95/46 / EC (general regulation of data protection) (OJ L 119 / 1, 5.4.2016), and the Spanish rules on protection of personal data (Organic Law, specific sectoral legislation and its implementing rules).

 

OPTIMISSA SERVICIOS PROFESIONALES, S.L.’s Data Protection Policy rests on the principle of proactive responsibility, according to which the controller is responsible for compliance with the regulatory and jurisprudential framework governing the such policy and is able to prove so before the competent control authorities.

 

In this regard, the controller shall function according to the following principles that must serve all its staff as a guide and framework in the processing of personal data:

 

  1. Data protection by design: the controller will apply, both when deciding the means of processing and at the time of the treatment itself, appropriate technical and organisational measures, such as pseudonymisation, designed to effectively implement the principles of data protection, like data minimisation and to integrate the necessary guarantees in the processing.

 

  1. Data protection by default: the controller will apply appropriate technical and organizational measures with a view to ensuring that, by default, only those personal data necessary for each of the specific purposes are subject to processing.

 

  1. Data protection in the information lifecycle: the measures to ensure personal data protection shall apply during the entire information lifecycle.

 

  1. Legality, fairness and transparency: personal data will be processed lawfully, fairly and transparently in relation to the person concerned.

 

  1. Purpose limitation: Personal data will be collected for specified, explicit and legitimate purposes and will not be further processed in a way incompatible with those purposes.

 

  1. Minimisation of data: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated.

 

  1. Accuracy: personal data must be accurate and, if necessary, updated; all reasonable steps will be taken to delete or correct without delay personal data that are inaccurate with regards to the purposes for which they are processed.

 

  1. Limited term of retention: personal data will be retained to allow identification of stakeholders for no longer than necessary and for the purposes of processing of personal data.

 

  1. Integrity and confidentiality: personal data will be treated in such a way that their adequate security is ensured, including protection against unauthorised or unlawful treatment and against loss, destruction or accidental damage, by applying the appropriate technical or organisational measures.

 

  1. Information and training: one of the keys to ensure personal data protection is the training and information provided to the personnel involved in their processing. During the information’s lifecycle, all staff with access to data will be properly trained and informed about their obligations with regards to compliance with data protection rules.

 

OPTIMISSA SERVICIOS PROFESIONALES, S.L.’s Data Protection Policy is communicated to all the controller’s staff and made available to all interested parties.

 

In consequence, this Data Protection Policy involves all of the controller’s staff, who must be aware of it and commit to it, considering it as their own, each member being responsible for applying it and verifying the standards applicable to their activity, as well as of identifying and providing opportunities for improvement they deem appropriate in order to achieve excellence in relation to compliance.

 

This policy will be reviewed by the Management / Governing Body of OPTIMISSA SERVICIOS PROFESIONALES, S.L., as often as deemed necessary, to conform at all times to the provisions concerning protection of personal data in force.