WATA FACTORY S.L. (the “Company”) is an organisation entrusted with the processing of personal data and therefore responsible for ensuring that all operations are carried out in a way that complies with the law.
In exercise of this responsibility and in order to establish the general principles governing the handling of personal data within the company, this personal data protection policy is approved and made available to employees and all interested persons.
The personal data protection policy is a measure of proactive responsibility aimed at ensuring compliance with the applicable law on honor and integrity, in relation to the treatment of personal data of all persons associated with the company.
The purpose of drafting the regulations of this policy on the protection of personal data is to define the principles governing the processing of data within the organization and on which it is based, and to determine the procedures and organizational and security-related measures that the persons affected by this policy undertake to implement within their area of responsibility.
To this end, TOTALDAT, S.L.U. address C/ GASPAR MENDEZ 3. OFICINA 3 BADAJOZ, BADAJOZ e-mail address firstname.lastname@example.org, in collaboration with the management, assigns responsibility to the personnel in charge of data processing operations.
This policy on the protection of personal data is applied in the company, and applies to managers, directors and employees, as well as all persons dealing with the company, explicitly include contractors with access to data (Privacy Officers)
As a general principle, conscientious compliance with the legislation regarding the protection of personal data is considered, and it must also be possible to demonstrate compliance (principle of “proactive responsibility”), with particular attention to procedures that pose a greater threat to the rights of the data subjects. (principle of “risk approach”)
In relation to the above, WATA Factory S.L. will ensure the following principles:
-Legality, loyalty, transparency and limitation of criminal liability. The data subject must always be informed, through clauses and other procedures, about the handling of his/her data and the handling will be declared lawful only if the consent to the data processing has been obtained (with special attention to minors), or another legal status is valid, which is in accordance with the normative.
-Data minimization. The data collected must be adequate, relevant and limited in relation to the purposes of processing.
-Accuracy. The data must be accurate and, if necessary, always updated. To this end, necessary measures are taken to immediately delete or correct incorrect data.
-Limitation of the storage time. The data will be kept in such a way that it is not possible to identify the data subjects for longer than is necessary for the purposes of the processing.
-Integrity and confidentiality. The data will be treated in such a way as to guarantee the protection of personal data through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing and data loss, accidental destruction or damage.
-Data transmissions. The purchase or receipt of personal data from illegal sources, data obtained or transmitted under violation of the law, whose legitimacy is not sufficiently guaranteed, is prohibited.
-Commissioning of service providers with access to data. Only service providers who can sufficiently guarantee that they have the technical facilities for adequate data processing security and that they will use them are contracted are taken under contract. A corresponding agreement will be made with these third-party service providers in this regard.
-International data transfer. Any processing of personal data that is subject to the regulations of the European Union and requires a data transfer outside the European Economic Area, then this transfer must be carried out in strict compliance with the requirements of the applicable law.
-Rights of the parties involved. The company gives the parties involved the right to access, correct, delete, restrict processing, object and transfer their data. This is based on internal procedures and especially on existing process flows, which are necessary and appropriate, and which must at least meet the applicable legal requirements.
The employees are informed about this policy and they agree that the personal data is part of the company and they will actively use it, as a consequence of which they commit themselves to the following:
-Participation in the training on data protection provided by the company.
-Application of the security measures for the user level applicable to their job, regardless of the data to which they can or could have access within their responsibilities and during the design and performance of their activities.
-Immediately inform the company of any deviations from the provisions of this policy, in particular “breaches of personal data security”, using the procedures established for this purpose.
An annual review, evaluation and assessment is carried out, or whenever there are significant changes in data processing, with regard to the effectiveness of the technical and organizational measures to ensure the security of data processing.