I. PERSONAL DATA PROTECTION POLICY
SLABBINCK, RUDI (the "Company") is an organization in which activities in the field of processing of personal data take place, which gives it an important responsibility in designing and organizing procedures so that they comply with the legal requirements in this field. In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, it approves this policy on the protection of personal data, which it communicates to its employees and makes available to all its Stakeholders.
The Personal Data Protection Policy is a measure of proactive responsibility aimed at ensuring compliance with applicable legislation in this area and, in connection therewith, respecting the right to respect and privacy in the processing of personal data of all persons who associated with the Company.
In elaborating the provisions of this policy on the protection of personal data, the principles for the processing of data in the organization are established and, consequently, the procedures and the organizational and security measures that the persons affected by this policy must apply in their area of responsibility. To this end, the management assigns responsibilities to the personnel involved in data processing.
2. Scope of application
This Personal Data Protection Policy applies to the Company, its directors, officers and employees, as well as to all persons associated with the Company, expressly including service providers with access to data ("processors").
3. Principles of the processing of personal data
As a general principle, the company will strictly comply with the legislation on the protection of personal data and must be able to demonstrate this (Data Protection Principle). The "proactive responsibility"), with a particular focus on the processing operations that may pose a higher risk to the rights of the data subjects (the principle of the "risk-based approach").
In connection with the above, SLABBINCK, RUDI will ensure compliance with the following principles:
- Lawfulness, fairness, transparency and purpose limitation. The data processing must always be communicated to the data subject, through clauses and other procedures; and it will only be considered lawful if there is consent to the processing of the data (with particular reference to that of minors), or if it has another valid identification and the purpose of the processing is in accordance with the Regulations.
- Data minimization. The processed data must be adequate, relevant and limited to what is necessary for the purposes of the processing.
- Accuracy. The data must be accurate and updated as necessary. In this regard, the necessary measures are taken to ensure that any personal data that is inaccurate before the processing is erased or corrected without undue delay.
- Retention period limitation. The data will not be kept in a form that makes it possible to identify the data subjects for longer than is necessary for the purposes of the processing.
- Integrity and Confidentiality. The data is processed in such a way as to ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through the application of appropriate technical or organizational measures.
- Transfer of data. It is prohibited to purchase or obtain personal data from an unlawful source or in cases where this data has been collected or passed on in violation of the law or where its lawful origin is insufficiently guaranteed.
- Contracting suppliers with access to data. Only suppliers who provide sufficient guarantees for the application of appropriate technical and security measures in data processing are selected for contracting. The relevant agreement with these third parties will be documented.
- International Data Transfer. Any processing of personal data governed by European Union law involving the transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements of applicable law.
- Rights of data subjects. The Company will exercise the rights of access, rectification, facilitate erasure, restriction of processing, opposition and portability for data subjects, establishing internal procedures for this purpose, and in particular models for their exercise, which are necessary and appropriate, and which meet at least the legal requirements specified in each individual case apply.
- The Company will promote that the principles set out in this personal data protection policy are taken into account (i) in the design and implementation of all working procedures, (ii) in the products and services offered, (iii) in all formalized or entered into contracts and obligations, and (iv) in the operation of all systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.
4. Employee involvement
Employees are made aware of this policy and declare that they are aware that personal information is a company asset, and that they will comply with this policy in this respect, committing themselves to the following:
- Take the data protection training that the company makes available to them.
- Apply the user-level security controls that apply to your role, without prejudice to any design and implementation responsibilities that may be assigned to you depending on your role within SLABBINCK, RUDI.
- Use the forms established for the exercise of rights by those affected and notify the company immediately so that the response can be effective.
- Notify the Company, as soon as they become aware of any deviations from the provisions of this Policy, in particular "Personal Data Security Breaches", using the format established for this purpose.
5. Monitoring and Evaluation
A verification, evaluation and assessment of the effectiveness of the technical and organizational measures to ensure the security of the processing is carried out annually, or whenever significant changes in data processing occur.
Text automatically translated via https://www.deepl.com/ - On simple request we will provide you with the original Spanish version.