PARQUE TECNOLOGICO DE FUERTEVENTURA S.A., MP
DATA PROTECTION POLICY
(Adapted to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of these data and repealing Directive 95 /46/CE and to the Organic Law 3/2018, of 5 December, of protection of personal data and guarantee of the digital rights.)
- Scope of application
- Principle of “lawfulness, loyalty and transparency”
- Principle of “limitation of purpose”
- “Data minimization” principle
- “Accuracy” principle
- Principle of “limitation of shelf-life”
- Principle of “integrity and confidentiality”
- Proactive responsibility
- Risk assessment or analysis
- Impact assessment
- Record of treatment activities
- Security breaches.
- Rights of stakeholders
- Treatment managers
- International Data transfers
- Implementation: The Data Protection management system
- Control and evaluation
The protection of natural persons in relation to the processing of their personal data is a fundamental right laid down in Article 8.1 of the Charter of Fundamental Rights of the European Union and Article 16.1 of the Treaty of operation of the Union European, thus transferred in article 18.4 of the Spanish Constitution which states that “the law will limit the use of computer science to guarantee the honor and personal and family intimacy of citizens and the full exercise of their rights”.
THE TECHNOLOGICAL PARK OF FUERTEVENTURA, S.A. MP (hereinafter, PTFSA), within the framework of its commitment in matters of normative compliance, approves this POLICY OF DATA PROTECTION, hereinafter, the policy, in which it develops the norms and principles of conduct That should serve as a guide to the professionals of PTFSA, in relation to the protection of personal data in accordance with the legislation in force.
This policy aims to make known to PTFSA professionals the rules of application in the field of data protection and, in particular, REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT and OF THE COUNCIL of 27 April 2016, on the protection of persons Physical as regards the processing of personal data and the free movement of these data and repealing Directive 95/46/EC (hereinafter, RGPD) and ORGANIC LAW 3/2018, of 5 December, on the PROTECTION OF PERSONAL DATA and GUARANTEE OF DIGITAL RIGHTS LES (hereinafter, LOPDGDD).
The rules of action contained in this policy will apply in the context of the work carried out by the professionals of PTFSA and will have as objective the protection of the personal data, both of the professionals and of all the third parties ( Suppliers, clients, representatives of public administrations, entities and organizations with which they are linked by their performance, etc.) that relate to PTFSA.
The rules contained in this policy are mandatory guidelines for all PTFSA professionals who should also use their best efforts to ensure that they are respected, both by the other professionals and by the Subcontractors of PTFSA who participate in activities involving the processing of personal data.
The rules contained in this policy will be supplemented by the INFORMATION PROTECTION and DATA SECURITY USER MANUAL for PTFSA staff.
Scope of application
This policy applies to the total or partially automated or non-automated treatment of personal data in the environment of the activities developed by PTFSA.
On the other hand, this policy applies to all PTFSA professionals, regardless of their hierarchical position within the organization or their professional qualifications or the typology of their relationship with PTFSA.
The presence of PTFSA in the international field is carried out in the field of its action on the development R + D and promotion of the technology. PTFSA, as long as it acts outside Spain and the European Union, undertakes to respect and comply with national legislation in the field of data protection if it exists in any country with which it may be related.
Chapter II of the RGPD establishes the principles governing data protection and therefore form the basis of this policy:
Principle of “lawfulness, loyalty and transparency”
PTFSA will treat the personal data in a lawful, loyal and transparent way, that is to say, the interested person is informed about the treatment of his data and the specific purposes, offering him any additional information that is necessary.
Natural persons will be informed that they are collecting, using, consulting or otherwise treating personal data concerning them, as well as the extent to which such data are or will be treated.
The personal data will be treated in a way that guarantees adequate security and confidentiality, including to prevent the unauthorized access or use of such data and the equipment used in the treatment.
No personal data shall be treated without the consent of the person concerned or in accordance with the general rules of the applicable law.
PTFSA will not collect or treat personal data relating to ethnic or racial origin, political opinions, religious or philosophical convictions or union affiliation and the processing of genetic data, biometric data aimed at identifying in a Unambiguous to a natural person, data relating to health or data relating to the sexual life or sexual orientation of a natural person, unless such collection and subsequent treatment were necessary, legitimate or obligatory or permitted by the legislation applicable, in which case they will be collected and treated in accordance with the provisions of that.
Principle of “limitation of purpose”
The data persons treated by PTFSA will always be collected for specific, explicit and legitimate purposes and will not be treated further inconsistently with them; Unless they are in the future for archival purposes in the public interest, the purpose of scientific and historical research or statistical purposes shall not be deemed incompatible with the initial purposes.
“Data minimization” principle
PTFSA will treat only those personal data that are strictly necessary for the purpose for which they were collected, i.e. they shall be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are treated.
PTFSA will ensure that the personal data treated are accurate and up-to-date, adopting those reasonable measures to be abolished or rectify when it is detected that they are inaccurate with respect to the purposes for which they were collected.
Principle of “limitation of shelf-life”
PTFSA will not retain the personal data that it treats beyond the time necessary for the purposes for which they were collected, unless legal obligation or if they are retained for archival purposes in public interest, scientific or historical research purposes or statistical purposes.
Principle of “integrity and confidentiality”
PTFSA will endeavour to guarantee the integrity and confidentiality of the personal data processed, applying technical or organisational measures to protect them from unauthorized or illicit treatments, against their loss, destruction or accidental damage.
PTFSA is committed to complying with the above principles by applying due diligence and must be able to demonstrate such compliance by applying a “proactive responsibility” that translates to:
Risk assessment or analysis
The person responsible for the treatment is obliged to implement timely and effective measures and must be able to demonstrate the conformity of the treatment activities with the applicable legislation, including the effectiveness of the measures. Such measures should take into account the nature, scope, context and purposes of treatment, as well as the risk to the rights and freedoms of natural persons. For this purpose, PTFSA will undertake an evaluation or analysis of the risk of the treatments it performs, in order to ponder on the basis of an objective evaluation by which it is determined whether the
Data-processing operations pose a risk and if it is high, thus determining that the measures applied are in conformity with the legal obligations.
PTFSA will carry out impact assessments in those cases provided for in the applicable legislation, that is, where there is a probability that a certain treatment and, in a particular way if new technologies are used, presents a high risk for the Rights and freedoms of natural persons. The probability that the type of treatment involves risks will be assessed according to the following criteria: its nature, its scope and the context or the purposes of the type of treatment. The impact assessment shall include, in particular, the measures, guarantees and mechanisms envisaged to mitigate risk, ensure the protection of personal data and demonstrate conformity with applicable law.
The guidelines and instructions set out in the corresponding internal procedure must be followed.
Record of treatment activities
PTFSA, both when acting as responsible for treatment and when acting as a person in charge of the treatment of some of its clients, or entities, agencies and public administrations with which it is related will keep records of the treatment activities Under your responsibility.
In the event of an impact on the processing of personal data for which PTFSA is responsible and which may cause physical, material or immaterial harm or damage to natural persons, such as loss of control over their personal data or Restriction of their rights, discrimination, identity theft, financial losses, unauthorized reversal of seudonimización, reputation damage, loss of confidentiality of data subject to professional secrecy or any other injury Significant economic or social for the physical person holder of the personal data, the internal guidelines and norms established in PTFSA will be followed for the management of the so-called violations or security breaches.
The functions of monitoring, control and implementation of the regulations will fall into the management office of PTFSA.
Rights of stakeholders
Anyone has the right to obtain information about whether or not their personal data is being treated in this PTFSA.
PTFSA is committed to providing the person concerned with the exercise of their rights recognised by the applicable law:
-Right of access, periods of conservation, even obtain a copy of them;
-Right to rectify your data if it is inaccurate;
-Right those interested may exercise the right of suppression (right to oblivion) provided that the circumstances enumerated in the RGPD are given;
-Right to the limitation of treatment, in order to do so, they must request it from the person responsible, who shall suspend the processing of the data when the citizens request the rectification or deletion of their data, until their application is resolved;
-The right to portability to obtain the data in a structured format, of common use and of mechanical reading, and to transmit it to another person in charge of the treatment when the treatment is based on the consent or is carried out by automated means.
-Right of opposition and not being the subject of automated individual decisions.
To this end, the guidelines and rules established in the internal procedures governing the exercise of the rights of stakeholders shall be followed. In any case, the interested parties may exercise the rights listed in the preceding paragraphs, through the forms available at the PTFSA electronic site or by sending a letter to the same one by post.
PTFSA has internal contracting procedures regulating and establishing the specific measures to be taken regarding the hiring of the services of suppliers accessing data in the figure of treatment managers, as well as those Suppliers who, without being in charge of treatment, could accidentally access or access personal data PTFSA’s responsibility. The provision of these services shall be governed by the corresponding data-processing contracts or including ad hoc clauses in the main service contract.
International Data transfers
PTFSA does not currently have a major international presence and the need for international data transfers to states that do not provide the same security as the Member States of the European Union or those recognised by the Commission is not common. As a safe destination. However, PTFSA uses for the processing of its data, information systems that may sometimes assume international data transfers. PTFSA subscribes agreements with its service providers with the right guarantees and decisions.
PTFSA shall ensure that any treatment which carries out a transfer of data outside the union or to countries which do not have an adequate level of data protection is carried out in compliance with the requirements laid down in the applicable legislation.
Implementation: The Data Protection management system
Following the principles and norms included in this policy, PTFSA will develop the appropriate internal procedures, or any other internal support document, that allows the implementation of the applicable legislation thus forming a system of management of Data protection. Such procedures or supporting documents shall be mandatory for all PTFSA professionals.
Control and evaluation
The Data protection management system will have to be monitored and assessed on a regular basis. To this end, under the direction and supervision of the Office of Management PTFSA A periodic audit of compliance with the provisions of this policy and the applicable legislation in general.
On the other hand, internal audit, within the framework of its annual review planning of all PTFSA systems, will include a specific section on data protection in order to control compliance with the rules applicable to the subsidiaries and Delegations you visit.
The results obtained from the different audits and other controls will be reported to the governing body, in particular, to the board of directors.
The data protection policy will be available as documented information, will be communicated to all stakeholders and professionals of PTFSA who have to respect and implement it.
Last update: 28 March 2019