EU Regulation 2016/679 issued by the European Parliament and the Council on 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and it repeals the General Data Protection Regulations contained in Directive 95/46/EC (DOUE L 119/1, 04-05-2016) (hereinafter GDPR). It provides a modernized framework based on accountability for data protection in Europe.
Article 12 of the GDPR is headed “Transparent information, communication and modalities for the exercise of the rights of the data subject” and paragraph 1 states the following:
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
Data Protection Authorities recommend adopting a data model using levels, to make the stricter data requirements introduced by the GDPR compatible with conciseness and ease of understanding when presenting it.
The focus of multilevel data is as follows:
- Present summarised basic data at the first level, at the same time and using the same environment in which the data was collected.
Refer to additional data at a second level, where the remaining data is presented in greater detail in an environment that is more appropriate for its presentation, understanding and filing, if desired.
BASIC INFORMATION REGARDING DATA PROTECTION
|Entity responsible for the process||VASS CONSULTORIA DE SISTEMAS SL|
|Address of the responsible entity||Avda/ de Europa 1, Building B, CP 28108, Alcobendas, Madrid|
|Purpose||Your data will be used to respond to your requests and provide our services.|
|Advertising||We will only send you advertising after receiving your prior consent, which you can provide using the corresponding check-box created for this purpose.|
|Validation||We will only process your data after receiving your prior consent, which you can provide using the corresponding check-box created for this purpose.|
|Recipients||In general, only duly authorised employees may have access to the data we request.|
|Rights||You have the right to know what data is being held about you, to correct it and remove it, as explained in the additional information available on our website.|
|Additional information||More information on the “YOUR DATA IS SAFE” section at our website.|
YOUR DATA IS SAFE
Information that complies with data protection legislation
Data protection legislation in Europe and Spain is designed to protect the personal data that is required by our entity.
Therefore, it is very important that you fully understand what we are going to do with the personal data that we request.
We will be transparent and give you control over your data using simple terms and clear options, so that you can decide what we can do with your personal data.
If you have any doubts after reading this information, please do not hesitate to ask us.
Many thanks for your collaboration.
- Who are we?
- Our legal name: VASS CONSULTORIA DE SISTEMAS SL
- Our CIF / NIF: B82422015
- Our principal business: IT Consultancy
- Our address: Avda/ de Europa 1, Building B, CP 28108, Alcobendas, Madrid
- Contact telephone: 916623404
Contact e-mail: firstname.lastname@example.org
- Our website: vass.es
Our entity has been registered in the Commercial Registry /Public Registry in order to earn your confidence, and our registration number is: B82422015
We are always at your disposal, so please do not hesitate to contact us.
- What are we going to do with your data?
In general, your personal data will be used to relate to you and provide our services.
It can also be used for other tasks, such as sending you publicity or promoting our business.
- Why do we need to use your data?
Your personal data is required to relate to you and provide our services. Therefore, we have provided various check-boxes that will allow you to clearly and simply decide how your personal information can be used.
- Who is going to have access to the data we request?
In general, only duly authorised employees may have access to the data we request.
In addition, other entities may need to have access to your personal data so that we can provide our services. For example, our bank will have access to your data if you pay for our services using a credit card or bank transfer.
We must also provide your personal data to specific public or private entities, in order to comply with the law. For example, Tax Law requires us to report to the Tax Agency certain information about financial transactions that exceed a limit.
Regardless of these situations, if we need to disclose your personal data to other entities, we will always ask for your consent beforehand using clear options that will allow you to decide how to respond.
- How will we protect your data?
We will protect your data with effective security measures commensurate with the risks involved in using your data.
This is achieved by approving a Data Protection Policy and implementing controls and annual audits to verify that your personal data is safe at all times.
- How long are we going to retain your data?
We will retain your data while our relationship continues and as required by law. When the corresponding legal deadlines have passed, we will safely eliminate your data in an environmentally friendly manner.
- What are your data protection rights?
At any time you can contact us to find out what data we are holding about you. If it is incorrect, you can amend it, then delete it once our relationship has finished, provided this is legally permissible.
You also have the right to request that your data is transferred to another entity. This right is called “portability” and can be useful in certain situations.
These rights can be exercised by sending a written request to our address, along with a photocopy of your identity card.
We have specific forms to request these rights at our offices, and we can help you to complete them.
More information about your data protection rights can be found at the Spanish Data Protection Agency website (www.agpd.es).
- Can you withdraw your consent if you change your mind later?
You can withdraw your consent if you change your mind about how your data is used at any time.
For example, if you have been interested in receiving publicity about our products or services for a while, but no longer wish to receive it, you can let us know using the publicity elimination form available at our offices.
- If you feel that your rights have been neglected, where you can file a complaint?
If you feel that your rights have been neglected by our entity, you can file a complaint with the Spanish Data Protection Agency, using any of the following:
- Website: www.agpd.es
- Postal address:
Spanish Data Protection Agency
C/ Jorge Juan, 6
Telephone 901 100 099
Telephone 91 266 35 17
Filing a complaint with the Spanish Data Protection Agency is free of charge and support from a lawyer or attorney is not needed.
- Do we use your data for other purposes?
Our policy is not to use your data for any other purpose than that already explained. However, if we needed to use your data for other purposes, we would always ask for your consent beforehand using clear options that will allow you to decide how to respond.
DATA PROTECTION POLICY
The Directors/Governing Body of VASS CONSULTORIA DE SISTEMAS SL (hereinafter, the data controller) assumes maximum responsibility and commitment to establishing, implementing and maintaining this Data Protection Policy, with the data controller guaranteeing continuous improvement in order to achieve excellence with regards to compliance with EU Regulation 2016/679 issued by the European Parliament and the Council on 27 April 2016, on the protection of individuals in relation to the processing and free circulation of their personal data, which repeals Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and Spanish regulations on the protection of personal data (Data Protection Act, specific sector legislation and its implementing regulations).
The Data Protection Policy of VASS CONSULTORIA DE SISTEMAS SL rests on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework governed by this Policy, and is able to prove such compliance before the competent supervisory authorities.
In this regard, the data controller will be governed by the following principles, which all its personnel should use as a guide and reference framework for processing personal data:
- Data protection starting from design: the data controller will, both when determining the data processing media and at the time of processing, implement appropriate technical and organizational measures, such as pseudonymization, in order to effectively apply the principles of data protection, such as minimization of data, and ensure the processing includes all the necessary guarantees.
- Data protection by default: the data controller will apply appropriate technical and organizational measures with a view to ensuring that, by default, only the personal data necessary for each of the specific purposes are processed.
- Data protection in the information life cycle: the measures that guarantee the protection of personal data will apply throughout the life cycle of the information.
- Legality, loyalty and transparency: personal data will be processed lawfully, loyally and transparently with regards to the data subject.
- Limitation of purpose: personal data will be collected for specific, explicit, legitimate purposes, and will not be subsequently processed in any way which is incompatible with these purposes.
- Data minimization: personal data will be adequate, pertinent and limited to that which is strictly necessary for the purposes they are processed for.
- Accuracy: personal data will be accurate and, if necessary, updated; all reasonable measures will be taken to ensure that any personal data that are inaccurate with regards to the purposes they are processed for are immediately deleted or rectified.
- Limitation of the conservation period: personal data will only be maintained to identify the data subjects for the time necessary for the purposes they are processed for.
- Integrity and confidentiality: suitable technical or organizational measures will be implemented to ensure personal data are processed in such a way as to guarantee their adequate security, including protection against unauthorized or illicit processing and against loss, destruction or accidental damage.
- Information and training: one of the keys to guaranteeing the protection of personal data is training and information for all personnel involved in processing them. All personnel with access to the data will be duly trained and informed of their obligations with regards to compliance with data protection regulations throughout the information life-cycle.
The Data Protection Policy of VASS CONSULTORIA DE SISTEMAS SL is made known to all the data controller’s personnel and is available to all data subjects.
In consequence, this Data Protection Policy involves all the data controller’s personnel, who must know and assume it as their own, with each member being responsible for applying it and for verifying the data protection rules which apply to his or her activity, and for identifying and proposing any opportunities for improvement which he or she deems appropriate in order to reach excellence in terms of compliance.
This Policy will be reviewed as often as considered necessary by the Directors/Governing Body of VASS CONSULTORIA DE SISTEMAS SL, in order to ensure it is aligned with current provisions on the protection of personal data.