The General Management of ISOTROL, SA (hereinafter the controller) assumes the maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, ensuring continuous improvement of the controller with the objective of achieve excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 of the protection of individuals regarding with the processing of personal data and the free movement of such data and the Directive 95/46 / EC (General data protection Regulation) (DOUE L 119/1, 04-05-2016), and the Spanish data protection legislation of personal character (Organic Law, specific sectoral legislation and its implementing rules).

Data Protection Policy of ISOTROL, SA rests on the principle of proactive responsibility, according to the responsible controller, compliance with regulatory and jurisprudential framework governing the remuneration policy and is able to prove to the competent control authorities.

In the way, the controller shall be governed by the following principles must serve all its staff as a guide and framework in the processing of personal data:

  • Data protection from design: the controller will apply determining such as media period, as the current instant, technical and organizational measures, as pseudonymization, designed to effectively implement the principles of data protection, such as data minimization, and integrate the necessary guarantees treatment.
  • Data protection by default: the controller applies appropriate with a view to ensuring that, by default, are only subject to processing personal data necessary technical and organizational measures for each of the specific purposes of the processing.
  • Data protection in the lifecycle of information: the measures to ensure the protection of personal data shall apply during the entire life cycle of information.
  • Legality, fairness and transparency: the personal data will be processed lawfully, fairly and transparently in relation to the person concerned.
  • Purpose limitation: Personal data will be collected for specified, explicit and legitimate purposes and not be further processed in a way incompatible with those purposes.
  • Minimization of data: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated.
  • Accuracy: Personal data shall be accurate and, if necessary, updated; all reasonable steps to be deleted or corrected without delay personal data are inaccurate with regard to the purposes for which they are addressed be adopted.
  • Retention period limitation: Personal data will be maintained to the identification of stakeholders allows for no longer than necessary for the purposes of processing of personal data.
  • Integrity and confidentiality: Personal data will be treated in such a way that adequate security of personal data is ensured, including protection against unauthorized treatment or unlawful and against loss, destruction or accidental damage by applying technical measures or organizational appropriate.
  • Information and training: one of the keys to ensure the protection of personal data is the training and information provided to the personnel involved in treating them. During the life cycle of information, all staff with access to data will be properly trained and informed about their obligations regarding compliance with data protection rules.

Data Protection Policy of ISOTROL, SA is communicated to all staffs of the controller and made available to all interested parties.

In consequence, this Data Protection Policy involves all staffs of the controller, which must know and assume, considering it as their own, each responsible for applying and verifying standards applicable data protection member to its activity and identify and provide opportunities to improve it deems appropriately in order to achieve the excellence in relation to compliance.

This policy will be reviewed by the general management of ISOTROL, SA as often as deemed necessary, to conform at all times to the provisions in force concerning protection of personal data.