In accordance with the new regulations on data protection, we would like to share with you the new changes involved in its incorporation and how it affects you.
It is a new European regulation that aims to unify and strengthen the protection of personal data of individuals in the European Union, as well as to ensure the free movement of such data in the European Economic Area.
Its entry into force will take effect on May 25, 2018, therefore, we want to share with our customers the most information, so that we can continue to maintain this relationship that unites us.
From Ivan Plademunt Bartra, we have proceeded to update our internal procedures to ensure compliance with the provisions of the Regulation, with the sole purpose of safeguarding the personal data that you have provided us, offering you maximum legal certainty.
The RGPD adds new rights to those already existing and included in the Organic Law on Data Protection (LOPD). For this reason, we must update the information we make available to you on the data protection measures established by Ivan Plademunt Bartra.
Likewise, we must proceed to request your express consent to process your data, which will allow us to offer you a service more adapted to your needs.
In this case, we will not be able to process your personal data, and unless legally obliged to do so, we will proceed to delete any personal data we have about you. But in turn, we would have to terminate the relationship that binds us, not being able to offer you our goods and services.
Register of processing activities: it specifies the personal data we process, as well as the organizational and technical measures that are applied to comply with the principle of Accountability or proactive responsibility.
An action protocol has been established within the Company to solve and eliminate security breaches to which we may be exposed. At the same time, it is specified how and when to notify the Spanish Data Protection Agency (AEPD).
The interested parties are informed in accordance with the «multi-layered» approach. For this purpose, a first layer has been established that contemplates the basic information to be taken into account, and at the same time, this layer leads the interested parties to the second layer, in which the whole of the data protection policy applied by this Company is established.
Where necessary, and where no other basis of legitimacy is foreseen, the express consent of the data subjects is sought.
All the relationships we have, both with data controllers and data processors, are carried out following the standards established by the Regulation itself.
The necessary forms are made available to any interested party so that they can exercise their rights. Allowing them to access, rectify and delete their data, data portability, limitation or opposition to its processing, the right not to be subject to automated decisions, as well as to obtain clear and transparent information about the processing of their data, as explained in the additional information.
An Impact Assessment is carried out every three months, which certifies our compliance with the GDPR.