OUR COMMITMENT TO THE PROTECTION OF PERSONAL DATA: “INFORMED PEOPLE AND PROTECTED DATA”
The Management / Governing Body of Hispalica Propiedades SL (hereinafter, the Data Controller) assumes the highest responsibility and commitment to establishing, implementing, and maintaining this Data Protection Policy, ensuring the continuous improvement of the Data Controller with the aim of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) (OJ L 119/1, 04-05-2016), and the applicable Spanish legislation on personal data protection (Organic Law, sector-specific laws, and implementing regulations).
Hispalica Propiedades SL’s Data Protection Policy is based on the principle of proactive responsibility, under which the Data Controller is responsible for complying with the legal and jurisprudential framework governing this policy and must be able to demonstrate such compliance to the relevant supervisory authorities.
Accordingly, the Data Controller shall be governed by the following principles, which must guide all personnel and serve as a reference framework in the processing of personal data:
-
Data protection by design: The Data Controller shall implement, both when determining the means of processing and at the time of processing itself, appropriate technical and organisational measures, such as pseudonymisation, designed to effectively apply data protection principles (e.g. data minimisation) and integrate necessary safeguards into processing.
-
Data protection by default: The Data Controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose of processing is processed.
-
Data protection throughout the information lifecycle: Measures that ensure the protection of personal data will apply throughout the entire lifecycle of the information.
-
Lawfulness, fairness, and transparency: Personal data will be processed lawfully, fairly, and transparently in relation to the data subject.
-
Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes and will not be processed further in a manner incompatible with those purposes.
-
Data minimisation: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
-
Accuracy: Personal data will be accurate and, where necessary, kept up to date. Every reasonable step will be taken to ensure that inaccurate data is erased or rectified without delay.
-
Storage limitation: Personal data will be kept in a form that allows the identification of data subjects for no longer than necessary for the purposes for which the data is processed.
-
Integrity and confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, through appropriate technical or organisational measures.
-
Information and training: A key element in ensuring personal data protection is the training and information provided to personnel involved in processing. Throughout the information lifecycle, all personnel with access to data will be properly informed and trained on their obligations under data protection regulations.
This Data Protection Policy is communicated to all personnel of the Data Controller and made available to all interested parties.
Consequently, this policy involves all personnel of the Data Controller, who must be familiar with it and adopt it as their own, being responsible for applying it, verifying applicable data protection regulations in their activities, and identifying and contributing any improvement opportunities to achieve excellence in compliance.
This Policy will be reviewed by the Management / Governing Body of Hispalica Propiedades SL as often as necessary to ensure its continued adaptation to applicable personal data protection laws.
