Privacy management system policy

The Privacy Management System Policy of GINEFIV, S.L. is based on the regulations established in Regulation (EU) 2016/679 of the 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), Spanish Organic Law 3/2018 of the 5th of December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD from the Spanish), as well as the international standards of information security management (ISO 27001) and privacy (ISO 27701).

GINEFIV, S.L. is committed to the protection of privacy within the organisation in order to guarantee the right to data protection of all interested parties involved in the development of its activity.

The Privacy Management System Policy, supervised by the Board, upholds the following principles:

1. To make privacy a basic objective of the organisation, implicating all staff in it and committing itself to the success thereof.
2. To make a sincere commitment to privacy, to which end it has published a Privacy Management System Policy, and to undertake to make this available to all interested parties.
3. To process personal data legally, in good faith and transparently, clearly and specifically identifying the purposes for which it is obtained.
4. To gather the personal data for particular, explicit and legitimate purposes and to subsequently not process said data in a way which is incompatible with said purposes.
5. To only gather and process data of a personal nature which is suitable, pertinent and limited to that which is necessary as regards the purposes for which it is obtained.
6. To always keep personal data correct and up-to-date, adopting all reasonable measures to do this, and deleting or rectifying it without delay when it is incorrect as regards the purposes for which is it processed.
7. To offer the interested parties systems to update their personal data.
8. To not retain information which identifies the interested parties for any longer than the time needed to accomplish the purposes for which said personal data is processed.
9. To process the data of a personal nature in such a way that guarantees its security, including protection against unauthorised or illegal processing and against its loss, destruction or accidental damage, applying the appropriate technical and organisational measures.
10. To ask for the consent of the interested party whenever it is necessary to process their data of a personal nature.
11. To process sensitive data with special categories.
12. To systematically assess the effectiveness of the measures adopted to guarantee its security, so that privacy management is supported and based on objective data that will lead to continuous improvement.
13. To reduce and eliminate the risks arising from the activity, using an identification and evaluation system.
14. To produce information and provide continuous training so that all the organisation’s staff involved in processing personal data take part in protecting the privacy of the interested parties and think of this as a fundamental right.
15. To guarantee the exercise of rights concerning the protection of data of a personal nature, ensuring a timely and appropriate response.