The Directorate / Governing Body of GT Manages, SL (hereinafter, the controller), assumes the maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, ensuring the continuous improvement of the controller with the objective of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal and free data circulation of this data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJUE L 119/1, 04-05-2016), and the Spanish legislation on the protection of personal data (Organic Law, specific sectoral legislation and its development standards).
The Data Protection Policy of GT Gestiona, SL rests on the principle of proactive responsibility,according to which the controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy, and is able to demonstrate this to the competent supervisory authorities.
In this sense, the controller shall be governed by the following principles which should serve all his/her personnel as a guide and frame of reference in the processing of personal data:
- Data protection from design: the controller shall apply, both at the time of determining the means of treatment and at the time of the processing itself, appropriate technical and organisational measures, such as pseudonymization, designed to effectively implement the data protection principles, such as data minimization, and integrating the necessary safeguards into the processing.
- Default data protection: the controller will apply appropriate technical and organisational measures with a view to ensuring that, by default, only the personal data that are necessary for each of the data are processed specific purposes of treatment.
- Data protection in the information lifecycle: measures to ensure the protection of personal data will be applicable throughout the entire information life cycle.
- Lawfulness, loyalty and transparency: personal data will be treated lawfully, fairly and transparently in relation to the data subject.
- Limitation of purpose: personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with such purposes.
- Data minimization: personal data will be appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy: personal data will be accurate and, if necessary, up-to-date; all reasonable measures shall be taken to remove or rectify personal data which are inaccurate with respect to the purposes for which they are processed are deleted or rectified without delay.
- Limitation of the storage period: personal data will be kept in such a way that the identification of the interested parties is allowed for no longer than necessary for the purposes of the processing of personal data.
- Integrity and confidentiality: personal data will be treated in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against loss, destruction or damage by means of appropriate technical or organisational measures.
- Information and training: one of the keys to ensure the protection of personal data is the training and information provided to the personnel involved in the processing of them. During the information lifecycle, all staff with access to data will be adequately trained and informed about their obligations in relation to compliance with data protection regulations.
The Data Protection Policy of GT Gestiona, SL is communicated to all the personnel of the controller and made available to all interested parties.
As a result, this Data Protection Policy involves all the personnel of the controller, who must know and assume it, considering it as their own, being each member responsible for applying it and verifying the rules of protection data applicable to its activity, as well as identify ingessuring and providing the opportunities for improvement that it deems appropriate in order to achieve excellence in relation to its compliance.
This Policy will be reviewed by the Directorate / Governing Body of GT Gestiona, SL,as many times as necessary, to adapt, at all times, to the current provisions on the protection of personal data.