Policy of Privacy of the Pelon Capercaillie, LIMITED LIABILITY COMPANY.
With the purpose of to need the terms used in the present Policy Privacy, as well as in all the documents that constitute the policy of protection of data of CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY, next the DEFINITIONS of these terms are reviewed that are faithful reflection of the contained ones in article 4 of the RGPD (Regulation the EU 2016/679):
- Personal data: All information on an identified or identifiable natural person (the interested one); identifiable natural person will consider itself all person whose identity can be determined, directly or indirectly, in particular by means of an identifier, as for example a name, a number of identification, data of location, an identifier in line or one or several own elements of physical, physiological, genetic, psychic, economic, cultural or social the identity of this person.
- Treatment: Any operation or set of operations conducted on personal data or personal data sets, or automated procedure or no, as the collection, registry, organization, structuring, conservation, adaptation or modification, extraction, consults, use, communication by transmission, diffusion or any other form of qualification of access, check off or interconnection, limitation, suppression or destruction.
- Limitation of the treatment: The marked one of the personal character data conserved with the purpose of to limit its treatment in the future.
- Elaboration of profiles: All form of automated treatment of personal data to evaluate certain personal aspects of a natural person, in particular to analyze or to predict aspects regarding the professional yield, economic situation, personal health, preferences, I interest, reliability, behavior, location or movements of this natural person.
- Seudonimizaci³n: The personal data processing of way like no longer can be attributed to interesting without using additional information, whenever this additional information appears separately and is subject to technical and organizational measures destined to guarantee that the personal data are not attributed to an identified or identifiable natural person.
- File: All structured of personal, accessible data in accordance with determined criteria, or centralized set, decentralized or distributed of functional or geographic form.
- Person in charge of the treatment or person in charge: The legal natural person or, public authority, service or another organism that, only or along with others, determines the aims and means of the treatment, the specific person in charge of the treatment or criteria for its appointment will be able to settle down them the Right of the Union or the Member States.
- Ordered of the treatment or ordered: The legal natural person or, public authority, service or another organism that deals with personal data on behalf of the person in charge the treatment.
- Adressee: The legal natural person or, public authority, service and another organism to which personal data communicate, are or not a third party. However, they will not consider adressee the public authorities that can within the framework receive personal data of a concrete investigation in accordance with the Right of the Union or the Member States; the treatment of such data by these public authorities will be in agreement with the norms in the matter of protection of data applicable to the aims of the treatment.
- Third party: Legal natural person or, public authority, service or organism different from the interested one, the person in charge of the treatment, the one in charge of the treatment and the people authorized to deal with the personal data under the direct authority about the person in charge or the one in charge.
- Consent of the interested one: all manifestation of free, specific, informed and unequivocal will by which the interested one accepts, or by means of a declaration or a clear affirmative action, the personal data processing that concerns to him.
- Violation of the security of the personal data: All violation of the security that cause the destruction, loss or accidental or illicit alteration of personal data transmitted, conserved or treated about another form, or the communication or nonauthorized access to these data.
- Genetic data: Personal data regarding the inherited or acquired genetic characteristics of a natural person who provides a unique information on the physiology or the health of that person, obtained in particular of the analysis of a biological sample of such person.
- Biometric data: Collected personal data from a specific technical treatment, regarding the physical characteristics, physiological or behavioural of a natural person who allows or confirms the unique identification of this person, as face images or fingerprint data.
- Data regarding the health: Personal data regarding the physical or mental health of a natural person, including the benefit of services of health care, that reveal information on their state of health.
- Main establishment:
- Concerning a person in charge of the treatment with establishments in more of a Member State, the place of its central administration in the Union, unless the decisions on the aims and means of the treatment are taken in another establishment of the person in charge in the Union and this last establishment has the power to make apply to such decisions in which case the establishment that has made such decisions will consider main establishment.
- Concerning the one in charge of the treatment with establishments in more of a Member State, the place of its central administration in the Union or, if it lacked this, the establishment of the one in charge in the Union in which the main activities of treatment are realised in the context of the activities of an establishment of the one in charge insofar as the one in charge is subject to specific obligations in accordance with the present Regulation.
- Representative: Established legal natural person or in the Union that, having designated in writing by the person in charge or the one in charge of the treatment in accordance with article 27, represents the person in charge or the one in charge with regard to its respective obligations by virtue of the present Regulation.
- Company: legal natural person or dedicated to an economic activity, independent of its legal form, including the societies or associations that carry out an economic activity regularly.
- Enterprise group: Group formed by a company that exerts the control and its controlled companies.
- Binding corporative norms: The policies of protection of personal data assumed by a person in charge or ordered of the established treatment.
- Authority of control: The independent public authority established by a Member State in accordance with the arranged thing in article 51.
- Interested authority of control: The control authority to which it affects the personal data processing because:
- The person in charge or the one in charge of the treatment is settled down in the territory of the Member State of that authority of control,
- The interested ones that they reside in the Member State of that authority of control see substantially affected or is probable that they are seen substantially affected by the treatment, or
- A claim has appeared before that authority of control.
- Cross-border treatment:
- The personal data processing realised in the context of the activities of establishment in more of a Member State of a person in charge or the one in charge of the treatment in the Union, if the person in charge or the one in charge is settled down in more of a Member State, or
- The personal data processing realised in the context of the activities of an only establishment of a person in charge or the one in charge of the treatment in the Union, but that affects substantially or is probable that it affects substantially to interested in more of a Member State.
- Pertinent and motivated objection: The objection to a proposal of decision on the existence or not of infraction of the present Regulation, or on the conformity with the present Regulation of actions anticipated in relation to the person in charge or the one in charge of the treatment, that, where appropriate, demonstrates clearly the importance of the risks that involves the project of decision for the fundamental rights and liberties of the interested ones and for the free circulation of personal data within the Union.
- Service of the society of the information: All service according to the definition of article 1, separated 1, letter b), of Directive (the EU) 2015/1535 of the European Parliament and the Council.
- International organization: an international organization and her subordinated beings of Public international law or any other organism created by means of an agreement between two or more countries or by virtue of such agreement.
In addition to the previous legal definitions, we understand that they also can be useful the following, that also appear in developed documents, since, in some cases, they clarify them, they extend or they clarify:
- Affected or interested: Titular natural person of the data that are object of the treatment.
- Personal character data: Any, alphabetical, graphical, photographic, acoustic numerical display or of any other type concerning identified or identifiable natural people.
- Identifiable person: All person whose identity can be determined directly or indirectly, by means of any information referred to its physical, physiological, psychic, economic, cultural or social identity. A natural person will not consider herself identifiable if this identification requires out of proportion terms or activities.
- Dissociated act: That one that does not allow the identification of affecting or interesting.
- Cession or data communication: Data processing that supposes its revelation to a person different from the interested one.
- International transference of data: Data processing that supposes a transmission of the same outside the territory of the European Economic Space, either constitutes cession or data communication, or intends the accomplishment of a data processing on behalf of the person in charge of the file established in Spanish territory.
- Exporter of personal data: The legal, public or deprived natural person or, and administrative agency located in Spanish territory that realises a data transfer of personal character to a country third.
- Importer of personal data: The legal, public or deprived natural person or, either receiving administrative agency of the data in case of international transference from the same to a third country, or responsible for the treatment, ordered of the treatment or third party.
- File nonautomated: All data set of organized of form automated and not structured personal character according to specific criteria regarding natural people, who allow to accede without out of proportion efforts to their personal data, or that one centralized, decentralized or distributed of functional or geographic form.
In addition, in relation to the anticipated thing on safety measures in the data processing of personal character, it will be understood by:
- Information system: Set of files, treatments, programs, supports and if so, equipment used for the data processing of personal character.
- System of treatment: Way in which an information system is organized or used. Taking care of the treatment system, the information systems could be automated, not be automated or partially automated.
- Resource: Any component part of an information system.
- Support: Physical object that store or contain data or documents, and object susceptible to be treated in an information system and on which data can be recorded and be recovered.
- User: Subject or authorized process to accede to data or resources. The processes will have the consideration of users that allow to accede to data or resources without identification of a physical user.
- Profile of user: Accesses authorized to an user group.
- Identification: Procedure of recognition of identity of a user.
- Authentication: Procedure of verification of the identity of a user.
- Password: Confidential information, frequently constituted by a chain of characters, that can be used in the authentication of a user or the access to a resource.
- Control of access: Mechanism that based on the authenticated identification or allows to accede to data or resources.
- Accesses authorized: Authorizations granted to a user for the use of diverse resources. If so, they will include the authorizations or functions that it has given to a user by delegation of the person in charge of the file or treatment or the person in charge of security.
- Temporary files: Files of work created by users or processes that are necessary for an occasional treatment or as intermediate step during the accomplishment of a treatment.
- Backup copy: Copy of the data of a file automated in a support that makes possible its recovery.
- Document: All writing, graph, sound, image or any other class of information that can be treated in an information system as a differentiated unit.
- Document transmission: Any transfer, communication, shipment, give or spreading of the information contained in the same.
- Incidence: Any anomaly that affects or could affect to the security of the data.
- Person in charge of security: Person or people to whom the person in charge of the file has assigned the function formally to coordinate and to control the applicable safety measures.
- Cancellation: Procedure by virtue of which the person in charge stops in the use of the data. The cancellation will imply the blockade of the data, consisting of the identification and disposition of the public Administrations, Judges and Courts, for the attention of the possible responsibilities born from the treatment and only during the term of prescription of these responsibilities. Passed that term it will have to be come to the suppression of the data.
II. PRINCIPLES REGARDING THE PERSONAL DATA PROCESSING
Also we informed to him into which the RGPD regulates the Principles regarding the treatment in its article 5 of the following way:
Principles regarding the treatment:
- The personal data will be:
- Treaties of allowed, loyal way and are transparent in relation to the interested one (legality, loyalty and transparency);
- Gathered with determined, explicit and legitimate aims and they will not be dealed with incompatible way later with these aims; ¦ (limitation of the purpose);
- Adapted, pertinent and limited the necessary thing in relation to the aims for which they are tried (minimisation of data);
- Exact and, if outside necessary, updated; ¦ (exactitude);
- Maintained so that the identification of the interested ones is allowed during not more time of the necessary one for the aims of the treatment of the personal data; ¦ (limitation of the term of conservation);
- Treaties in such a way that an suitable security of the personal data is guaranteed, including the protection against the nonauthorized or illicit treatment and against its loss, destruction or accidental damage, by means of the application of appropriate technical and organizational measures (integrity and confidentiality).
- The person in charge of the treatment will be responsible for the fulfillment of the arranged thing in section 1 and able to demonstrate it (proactive responsibility).
The CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY rigorously fulfills all those principles at the time of treating its personal data.
III. FUNCTIONS AND OBLIGATIONS OF THE USERS WITH ACCESS TO THE DATA TREATED BY THE ORGANIZATION
Next we transcribed the complete content to him that this point has on the functions and obligations of the users in the Registry of Activities of Treatment and that constitutes the main instructions that usuary You as must observe. They are also indicated, in the end, the possible consequences of a possible breach.
Previous note. - To see the definitions picked up in this document, necessary for an suitable understanding of this section and, generally, all the policy of protection of data.
Users are those people or processes authorized to accede to the personal data or the resources contained in the Registries of Treatment for which the Organization is titular and responsible.
The Organization, as person in charge of the files or treatments that contain personal character data, has the obligation to adopt the necessary measures so that the personnel knows a comprehensible form the security norms that affect to the development of their functions as well as the consequences which it could incur in case of breach. In relation to this obligation next to the functions and personnel dutieses in the matter of protection of personal character data are developed of which a copy will be given to each User.
3I.1.Funciones and obligations related to the procedure of management and registry of incidences
The procedures established by the organization for the notification, management and answer before the incidences in the personal data processing are the following:
The organization has had a registry of incidences that affect to the security of the data. This registry is obligatory and its objective is to leave to certainty of the problems detected in the treatments and files of personal data with which the organization and of the activities derived from the same works, unless it is improbable that this incidence constitutes a risk for the rights and liberties of the titular natural people of the data.
An incidence is any anomaly that affects or could affect to the security of the data, understood under the aspects of confidentiality, integrity and availability of the data:
- Confidentiality: The data have to be accessible only to the users authorized. The information has to be prot©g©e with respect to the consultation, modification or nonauthorized destruction by people, to avoid alterations and an incorrect use.
- Integrity: Once introduced a data, this it must stay suitably correctly and be updated when it corresponds. The access to a information or data must be sufficiently complete not to distort the content of the same.
- Availability: The data must be available for the person who needs them at the moment that needs them, as long as it is an authorized availability.
Any incidence of any type, will be registered in the Registry of incidences.
In case of incidence, the User whom he has knowledge of the same will have to come to his inscription in the registry created to the effect, being done to consist the type of incidence, the moment at which he has taken place or, where appropriate, detected, his name, the one of the person to whom has communicated and the effects derived from same and the measures applied revisers. In this sense, communicating is constituted as obligation of all User the existence of each incidence to the Person in charge of Security designated by the organization, or, if this figure does not exist, to the Person in charge of the File. The breach of these obligations could be considered as a labor breach that would allow exercises the disciplinary action of the Organization.
The Person in charge of Security or, if she did not exist, the Person in charge of the File will control all the incidences that the Users are forced to communicate to him and he will leave them registered in the forms that to this end make their available. All the fields of the form will fill up and it will sign itself by the person who carries out the communication.
3.2. Functions and obligations related to the control of access of the Users.
Each user will have single access to those files for which he has been authorized by the Person in charge of the File or, where appropriate, by the Person in charge of Security, in agreement with his functions, and will be able to only act on the same with the reach that has been determined him (recording of data, consults, only consults and modification, etc.). The user is forced not to accede to files or data for which he does not have authorization.
The access to data for which it also does not have express authorization of the Person in charge of the File can even give rise to labor sanctions and to the dismissal.
The Users will maintain the passwords assigned in conditions of security and confidentiality.
Each User is responsible for the computer science equipment that have been assigned him for the development of their functions (computers, printers, copiers, etc.) and for the accesses nonauthorized that can carry out from the same by their negligence or negligence. In this sense, the Users will prevent that the information contained in the files to which they have authorized access is visualized by third parties nonauthorized, keeping the had safety measures with respect to the screens where the data see, on the supports that store them and the impressions of data that they execute in the printers made his available, even on the documents that are destroyed and that are to finish in the corresponding wastebaskets so that the confidentiality of the personal data is guaranteed. Also when they leave the workstation although he is with temporary character, they must leave it in form that does not allow to visualize data in screen nor to accede to the files without introducing the respective password.
The same precautions will be adopted with respect to the physical documents in which they appear the personal character data treatment object.
The knowledge of any circumstance that affects the supports and can suppose a loss or nonauthorized access by third parties to treated personal data, will have to be notified by the User to the Person in charge of Security or, if this position does not exist, the Person in charge of the File.
Files of own use. - To have any file of own use of the Users, it will be precise previous authorization of the Organization through Person in charge of Security. In case of authorization, one will verify the possible incidences that its use can originate in which to the fulfillment of the normative one on protection of data it talks about.
3.3.Funciones and obligations related to the procedure of identification and authentication of Users.
Each User is responsible for his password. The responsibility on the same is pronounced in his safeguard. The Users will not yield their password to anybody, not even in supposed of absence so that a companion replaces to him in his functions. The Users will not write down the password in visible or locatable places easily.
The Users are forced to communicate the Person in charge of Security, or to the Person in charge of the File, the loss, forgetfulness or suspects the knowledge by third parties of their password, so that the suitable measures are adopted and it comes itself to the change from the same.
3.4.Funciones and obligations related to the procedure of management of supports and documents
The Users are forced to communicate the Person in charge of Security, or to the Person in charge of the File the creation of computer science supports with personal data for the purposes of which correctly they are inventoried. The supports will have to be identified so that it is allowed to know his content. When a support is going to be rejected or reused the User it must adopt all the measures necessary to prevent any later recovery of the information contained in him and obtains, previously, the approval of the Person in charge of the File or, where appropriate, of the Person in charge of Security.
The Users will not be able to remove outside the premises in which the file or, where appropriate, of the facilities of the organization or organization responsible for the file, supports is located and/or documents that contain personal character data without the express authorization of the Person in charge of the File, including the included ones and/or supplements to an e-mail.
Despite the previous thing, the exit of supports and/or documents is authorized, including the supplements to e-mails that are related the activity of the organization (clients, suppliers, public organizations¦) whenever they comprise of the functions assigned to the User and of the files or treatments to which its access is had to him authorized. In the same previous terms, also the reception or entrance of supports and documents is authorized.
Authorized the exit of supports and documents, during the transfer the precise measures directed will be adopted to avoid their subtraction, loss or illegal access.
Whenever to any document or support is going to reject themselves that contains personal character data, once overcome the legal terms of conservation, which will have to be known or to be consulted to the treatment or file person in charge of, it will have to be come as it follows:
- To its erasure if one is computer science supports
- To its destruction if one is documents.
When one is personnel other people's, the contract of benefit of services referred to the destruction of documentation will pick up the prohibition specifically to accede to the personal data and the obligation of secret with respect to the data that the personnel had been able to know on the occasion of the benefit of the service, in agreement with the clause that will be gotten up to the corresponding contract.
Reusability, remainder and maintenance of supports
When the supports are reused or rejected and have contained protected data the suitable measures will be applied to prevent the later recovery of the information stored in them before terminating itself of the inventory and similar measures will be due to take in case the supports leave outside the premises of the organization as a result of maintenance tasks.
3.4. Supports that contain special categories of personal data.
The Art. 9,1 RGPD arranges that: They are prohibited the personal data processing that reveals the ethnic or racial origin, the political opinions, the religious or philosophical convictions, or the union affiliation, and biometric the genetic data, data processing sent to identify of univocal way a natural person, data regarding the health or data regarding the sexual life or the sexual directions of a natural person.
When, by virtue of the Art. 9,2 RGPD previous Art. 9,1 are not of application, the identification of the supports that contain personal character data that the organization considered especially sensible will be able to be realised using comprehensible systems of labelling and with meaning that allow the users with authorized access to the mentioned supports and documents to identify their content, and that makes difficult the identification for the rest of people.
3.5.Funciones and obligations related to the communication or cession of data
The personal character data object of the treatment could be communicated to a third party, for the fulfillment of aims directly related to the legitimate functions of the assigner and the assignee, with the previous consent of the interested one, when it is necessary for the execution of a contract, when the cession or communication is necessary for the fulfillment of a legal obligation, and when the legitimate interests persecuted by the person in charge of the treatment predominate, among others circumstances of legality of the treatment to which the Art. talks about 6 RGPD.
Despite the previous thing, and considering the greater risk than it supposes the cession or data communication its holder, the Person in charge of the File or treatment will specifically authorize the communications or cessions of data that can realise the Users, even those that there are to realise for the fulfillment of a legal obligation, before they take to end.
It is specifically prohibited the connection to networks or outer systems from the work places from which the data are which the organization is responsible for the files unless they have direct relation with the treatments. The revocation of the prohibition will be authorized by the Person in charge of the File or the Person in charge of Security and will be certainty of this modification in the registry of incidences.
The data transmission of personal character through networks of telecommunications will be realised basing these data or using any other mechanism that guarantees that the information intelligible nor is not manipulated by third parties and always with the express authorization of the Person in charge of the File of the Person in charge of Security.
3.6.Funciones and obligations related to the fulfillment of the rights of the affected ones by the treatment.
When affecting (to title of the data) tries to exert its rights (Access, rectification, opposition, suppression right to the forgetfulness , limitation of the treatment and portability) on its data or the treatment which they are put under, will communicate immediately to the Person in charge of Security or the Person in charge of the File if that one does not exist, with the purpose of to receive the precise instructions on the matter. The Users will have to fulfill the obligations derived from the procedures of organizational character ready by the Person in charge of the File to take care of the rights of affected by the treatment in the form and the terms legally demanded.
3.7.Tratamiento of data outside the dependencies of the organization
The execution of the data processing of personal character outside the premises of the location of the file must specifically be authorized by the Person in charge of the File.
The level of security corresponding to the treated file will have to be guaranteed.
In the case of the laptops, the authorization will be understood granted to the User, in attention to the function that carries out and always within the limits of the accesses authorized. The period of validity of this authorization will be the same that the granted one for the access to the files for which he has been authorized.
3.8. To have of secret and the confidentiality of the employees on the data processing of personal character
Between the relative principles of the data processing that more affects the Users he is the one of confidentiality. For its fulfillment who take part in any phase of the treatment of the personal character data are forced to the professional secret with respect to the same and having to keep them, obligations that will still subsist after finalizing their relations with the person in charge of the file or treatment.
Considering the previous thing, all the personnel who treats personal character data is forced to keep, professional secret during and after the labor relation with the person in charge of the file or treatment.
3.9. Responsibility by the breach of the functions and obligations that correspond to him as User, Information on labor, civil and penal responsibilities
The Person in charge of the File or Treatment can be sanctioned when some of its employees fails to fulfill the obligation to keep the secret that imposes the 3,8 RGPD to him generally and o'clock previous in particular. Also he can turns affected when a data processing becomes that is not in agreement with the predicted thing in the normative one on protection of data and in the Registry of Activities of Treatment. Finally the communication or cession of data, outside the cases also allowed can constitute punishable serious infractions.
The extraordinary and negative consequences that to the organization as Responsible for the File or Treatment him can produce the inadequate treatments of data, does indispensable that inform of the employees the responsibilities that could correspond to them if the Organization were affected by a negligent action or not in agreement with the obligations that communicate to him in writing related to the protection of personal character data.
Really, the breach of its obligations in the treatment of the personal character data in agreement with the orders and instructions that the Organization gives him through section 3 of the present document generally that is always to its disposition to consult any doubt about the treatment, will be able to give rise to consequences of labor order, in addition to the civil or penal responsibilities that of this action can be derived and that they are detailed next:
The Organization, as Person in charge of the File, can apply to the employees whom they fail to fulfill with having of secret and the rest of obligations the labor legislation to sanction to them. In particular, the Organization could apply Art. 54 of the Statute of the Workers, that establishes the following thing:
1. The work contract will be able to be extinguished on the decision of the businessman, by means of dismissal based on the serious and guilty breach of the worker. 2. Contractual breaches will be considered: ¦ b) the indiscipline or disobedience at work. ¦. D) the transgression of the good contractual faith, as well as the abuse of the confidence in the performance of the work.
The Civil Code, in its articles 1902, 1903 and 1094 regarding the obligations that are born from fault or negligence, establishes:
The one that by action or omission causes damage to another one, taking part fault or negligence, is forced to repair the caused damage.
The obligation that imposes the previous article is indispensable, not only by the own acts or omissions, but by those of those people of those who it is due to respond.
They are it also (responsible for the caused damages) the owners or directors of an establishment or organization with respect to the damages caused by its employees in the service of the branches in which employees had them, or on the occasion of their functions.
The responsibility which it deals with this article will stop when the people in him mentioned try that they used all the diligence of good family man to prevent the damage.
The one that pays the damage caused by its employees can repeat of these what it had satisfied.
The Penal code, in its following articles 197 and, regarding the crimes against the privacy, as a result of the discovery and revelation of secrets arranges:
The one that, to discover the secrets or to harm the privacy of another one, without its consent, seizes of its papers, letters, personal messages of e-mail or any other documents or effects or intercepts its telecommunications or uses technical artifices of listening, transmission, recording or reproduction of the sound or the image, or of any other signal of communication, it will be punished with the prison sentences of one to four years and fines of twelve to twenty-four months.
The same pains will prevail to which, without being authorized, it seizes, use or modify, to the detriment of third party, reserved data of character personal or familiar of which they are registered in computer science, electronic or telematics files or supports, or in any other type of file or public or deprived registry. Equals pains will prevail to that, without being authorized, accede by any means to the same and to who alters them or uses to the detriment of the holder of the data or or third party.
The prison sentence of two to five years will prevail if they spread, reveals or yields to third parties the data or made shortages or the caught images to that the previous numbers talk about.
It will be punished with the prison sentences of one to three years and fines of twelve to twenty-four months, the one that, with knowledge of its illicit origin and without to have taken part in its discovery, the described conduct will realise in the previous paragraph.
The facts described in sections 1 and 2 of this article will be punished with a prison sentence of three to five years when:
- They are committed by the people in charge or responsible for the files, computer science, electronic or telematics supports, archives or registries; or
- They are carried out by means of the nonauthorized use of personal data of the victim.
If the reserved data had spread, yielded or developing to third parties, the pains in their half will prevail superior.
Also, when the facts described in the previous sections affect to personal victim or character data that reveal the ideology, religion, beliefs, health, racial origin or sexual life, will be a junior or a person with incapacity needed special protection, the pains anticipated in their half will prevail superior.
If the facts are realised with lucrative aims, the predicted pains in sections 1 to the 4 of this article in their half will prevail respectively superior. If in addition they affect to data of the mentioned ones in the previous section, the pain to impose will be the one of prison of four to seven years.
It will be punished with a prison sentence of three months to a year or fines of six to twelve months the one that, without authorization of the affected person, spreads, reveals or bristle to third parties images or audio-visual recordings from which it had obtained with his consent in an address or any other place outside the reach of the glance of third parties, when the spreading seriously reduces the personal privacy of that person.
The pain will prevail in its half superior when the facts had been committed by the spouse or per person that is or has been united to him by analogous relation of affectivity, even without coexistence, the victim was minor or a person with incapacity needed special protection, or the facts would have been committed with a lucrative purpose.
Article 197 twice.
- The one that by any means or procedure, harming the safety measures established to prevent it, and being properly authorized, accedes or facilitates to another one the access to the set or a part of an information system or stays in him against the will from that right has the legitimate one to exclude it, it will be punished with prison sentence of six months to two years.
- The one that by means of the use of artifices or technical instruments, and without being properly authorized, intercepts nonpublic transmissions of computer science data that take place from, towards or within an information system, including the electromagnetic emissions of the same, it will be punished with a prison sentence of three months to two years or fines of three to twelve months.
Article 197 to ter.
It will be punished with a prison sentence of six months to two years or fines of three to eighteen months the one that, without being properly authorized, produces, it acquires for his use, it matters or, of any way, it facilitates to third parties, with the intention to facilitate the commission of some of the crimes to that sections 1 and 2 of 197 article or article 197 talk about twice:
- a software, conceived or adapted mainly to commit these crimes; or
- a computer password, an access code or similar data that allow to accede to the totality or a part of an information system.
Article 197 to quater.
If the facts described in this Chapter had committed in an organization or criminal group, superiors in degree will be applied to the pains respectively.
Article 197 quinquies.
When in agreement with established in article 31 twice a legal person he is responsible for the crimes included in articles 197, 197 twice and 197 to ter, the pain of fine of six months to two years will prevail to him. Taken care of the rules settled down in article 66 twice, the judges and courts will be able to also impose the punishments picked up in letters b) to g) of section 7 of article 33.
The authority or government official that, outside the cases allowed by the Law, without mediating legal cause by crime, and prevaliendo itself of its position, will realise anyone of the described conducts in the previous article, will be punished with the pains respectively anticipated in the same, its half superior and, in addition, with the one of absolute incapacitation per time of six to twelve years.
- The one that will divulge other people's secrets, of which has knowledge because of its labor office or its relations, it will be punished with the prison sentence of one to three years and fines of six to twelve months.
- The professional who, with breach of his obligation of stealth or reserve, discloses the secrets of another person, will be punished with the prison sentence of one to four years, fines of twelve to twenty-four months and special incapacitation for this profession per time of two to six years.
The arranged thing in this chapter will be applicable to which will discover, reveal or yield reserved data of legal people, without the consent of its representatives, except for the arranged thing in other rules of this Code.
- In order to come by the crimes anticipated in this chapter it will be necessary denunciation of the offended person or her legal representative. When that one is minor, person with incapacity needed special protection or a destitute person, also will be able to denounce the Fiscal Ministry.
- The denunciation demanded in the previous section will not be precise to come by the facts described in article 198 of this Code, nor when the commission of the crime affects to the general interests or a plurality of people.
- The pardon of the victim or his legal representative, where appropriate, extinguishes the criminal action notwithstanding had in the second paragraph the number 5º of section 1 of article 130.
3.10. Functions and obligations towards the temporary files. Tests with real data
The creation of temporary files will be authorized by the Person in charge of the File and will have to fulfill the security level that corresponds to them in accordance with the criteria established in this manual.
All temporary file will be correct once it has stopped being necessary for the aims that motivated their creation.
The tests previous to the implantation or modification of the information systems that deal files with personal character data not will be realised with real data, unless the level makes sure security corresponding to the realised treatment and its accomplishment in the Registry of Activities of Treatment is written down.
If it is predicted to test with real data, previously it must have realised a backup copy.
The present Policy of Privacy is faithful reflection of the commitment of the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY with the protection of the privacy and the fulfillment of Regulation (the EU) 2016/679 regarding the protection of the natural people with regard to the personal data processing (in future RGPD), as well as of Statutory law 3/2018, 5 of December, Protection of Personal Data and Guarantee of the digital rights (in future LOPD-GDD).
This document informs to him, of a simple form and is transparent, of whom she is the Person in charge of the Treatment of his personal data, what personal data we tried, why aims we treated his personal data, why we collected its personal data, to whom we yield his personal data, what right has against these treatments of its personal data.
As interested and to title of your personal data or worker, client, supplier, user of our webpage, associated or member of the organization or person of contact you, when facilitating your data, are giving your express consent to us to the treatment of your personal data on the part of the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY.
The present Policy of Privacy could be object of updates or modifications to adapt it to the effective norm at every moment, or within the framework to improve it of the development of a Policy of Privacy that looks for the continuous improvement and the protection of the rights of the interested ones.
V. RESPONSIBLE FOR THE TREATMENT.
What is a Person in charge of the Treatment?
A Person in charge of Treatment is the person, in this legal case, that she decides on the purpose, content and use of the treatment of his personal data.
Who is the Person in charge of the Treatment of its data?
THE CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY.
- C.I.F.: B81488108
- Head office: 28008 Madrid, Stroll of Florida, 16.
- Direction establishment: 28011 Madrid, on the street Lake Country house, s/n.
- Telephone: (+34) 915262369
- E-mail: email@example.com
In the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY the figure of Delegate of Protection of Data does not exist, because its implantation and appointment are not mandatory in agreement with article 37 of the RGPD, since the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY is not an authority either public organism, the activities of the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY do not require a habitual observation and systematic interested on a large scale nor are on a large scale data of special categories, nor is mandatory in agreement with the article 34 LOPDPGDD, since the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY is not within any of the categories anticipated in this rule.
It despite himself is pointed out that yes some Ones in charge of the Treatment exist.
What is the One in charge of the Treatment?
The One in charge of the Treatment is the person, in this legal case, that he serves to the Person in charge who entails the personal data processing on behalf of this one and following his instructions.
Who are the Ones in charge of the Treatment of their data?
- C.I.F.: A-28943314
- Head office: c San Epifanio nºm. 1, portal To, floor 1º, door B
- Telephone: 91.366.77.07
- E-mail: firstname.lastname@example.org
I SAW. PURPOSES.
What personal data we tried?
The personal data that we tried are classified by categories of personal data. In the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY we only treated the personal data that you facilitate to us, and are the following:
- Complete name: We need to identify to him correctly.
- Number of national identity document: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY or wants to postulate to one of the vacant positions that we have, we needed to identify to him correctly.
- Date of birth: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY or wants to postulate to one of the vacant positions that we have, we needed to know its date of birth.
- Phone number: We need to communicate with you.
- Address: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY or wants to postulate to one of the vacant positions that we have, we needed to know its address with a view to, where appropriate, to communicate with you.
- Email address: We need to communicate with you.
- Social Security number or Mutual benefit society: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY, we needed to fulfill the labor norm with the object of social quotes.
- Nationality: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY, we needed to know if its nationality has labor and fiscal implications.
- Marital status: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY, we needed to know if his marital status has fiscal implications.
- Signature/treads: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY, we needed that the contracts that sign with us are binding and reflect his express consent to contract.
- Academic formation: If you try to get up yourself to our organization by means of a process of selection of personnel, we needed to know if he is qualified for the supplied position.
- Professional experience: If you try to get up yourself to our organization by means of a process of selection of personnel, we needed to know if she has the necessary experience for the supplied position.
- Number of checking account: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY, we needed a number of checking account in which to enter its wage to him.
- Lists and historical of wages: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY, the Department of Human Resources needs to take a control of its lists.
SPECIAL PERSONAL DATA:
- In the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY we only treated the following special data:
Union affiliation: If you are trabajador/of a the CAPERCAILLIE, LIMITED LIABILITY COMPANY, we must know if she belongs to some union in all those situations in which the labor norm demands to take special measures when a worker belongs to a union (ex. in the case of disciplinary dismissals).
- Health: If you are trabajador/of a CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY and has some incapacity, we needed to know it to adapt its job to its circumstances and to give fulfillment to the tributary norm and of Prevention of Labor Risks. On the other hand, if you are client or trabajador/of a CAPERCAILLIE PELN, LIMITED LIABILITY COMPANY and wants to enjoy our services, we needed to know if it has some intolerance or allergy to some product to have it in account in the manipulation and preparation of foods.
With what purposes we dealt his personal data?
In the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY we treated the information that to us the people interested with the following aims facilitate:
- To offer products and services to him in agreement with established the precontractual and commercial contractual relations.
- To execute labor contracts of trabajadores/as of the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY.
- To manage the shipment of the publicity of our services that it asks for to us.
- To successfully obtain information with statistical aims for commercial prospections, in this last case, with its consent.
- To manage served through the www.elurogallo.net webpage, for which we needed its express consent:
- Maintenance of established the precontractual or contractual relation with you.
- Management, administration, benefit, extension and improvement of the services that we offer, as well as to manage the reserves that realise.
- Adjustment of the services that loans to its preferences and needs.
- Study of the use of the services by you.
- Design of new services.
- Shipment of updates of the services.
- Shipment, by traditional and electronic means, of, operative and commercial technical information about products and services offered by the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY and/or by third parties.
- To guarantee the security and the confidentiality of the services offered in the webpage.
- To transact requests and reserves, as well as to respond to the incidences, where appropriate, that raise to us and to realise statistical improvements and studies by means of forms and surveys.
- Fulfillment of legal obligations established by the different norms that compose the legal ordering.
Inasmuch as time we conserved its data?
The provided personal data will be conserved:
- While the mercantile trade relation stays labor//.
- While its suppression by the interested one is not asked for.
- During a maximum term of SIX (6) years from the resolution of labor the mercantile trade relation//that him one with E.L CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY This term comes justified by the following terms established in diverse norm which the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY must be put under:
- Art. 30,1 of the Code of Commerce: 1. The businessmen will conserve books, correspondence, documentation and vouchers concerning their business, properly ordered, during six years, from the last seat realised in books, except for which he settles down by general or special dispositions.
- Wage claims (Art. 59,2 of the Statute of the Workers): 2. If the action is exercised to demand economic perceptions or for the fulfillment of obligations of unique tract, that cannot take place after extinguished the contract, the term of a year will be computed from the day in which the action could be exercised.
- Personal actions (Art. 1964,2 of the Civil Code): 2. The personal actions that do not have special term prescribe to the five years since the fulfillment of the obligation can be demanded. In the continued obligations to do or not to do, the term will begin whenever they are failed to fulfill.
- Tributary obligations (Art. 66 of the General Law Tributaria): They will prescribe to the four years the following rights:
- The right of the Administration to determine the tributary debt by means of the opportune liquidation.
- The right of the Administration to demand the payment of the eliminated and autoliquidadas tributary debts.
- The right to ask for the returns derived from the norm of each tribute, the returns of illegal income and the reimbursement of the cost of the guarantees.
- The right to obtain the returns derived from the norm of each tribute, the returns of illegal income and the reimbursement of the cost of the guarantees.
Which is the legitimation for the treatment of its data?
The legal base for the treatment of its data is associate to the purposes analyzed in the previous Inscription:
Legitimation by contract execution either of work or of transaction of goods or of benefit of services:
To offer products and services to him in agreement with established the contractual and commercial relations.
To execute labor contracts of trabajadores/as of the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY.
Legitimation by consent of the interested one:
- To manage the shipment of the publicity of our services.
- To successfully obtain information with statistical aims for commercial prospections.
- To manage served through the www.elurogallo.net webpage
Legitimation by fulfillment of a legal obligation:
We must give fulfillment to all the norms that compose the Spanish legal ordering.
Legitimation based on the legitimate interests of this organization:
Also we wished to inform to him that the treatment of its data can also be based on the legitimate interests of this organization, or some company of our group, consisting of maintaining to him informed into the goods and services that habitually we offer to our clients, and especially those that they update, reform, renew or are related of some form to which motivates the present data processing. The information we will facilitate it by conventional and electronic means (even e-mail or mobile phone). However, You will be able to be against at any time to this treatment by the same route in which she received the information.
To what adressees their data will communicate?
In execution of contracts of the order, the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY will communicate and yield its personal data to the enumerated Ones in charge of the Treatment in the Inscription Second.
In any case, the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY will be able to yield its data when it is forced to legal it or contractually, to constitute such cession a necessity derived from the direct or indirect relation with the adapted fulfillment of the contractual or legal obligations or with the legitimate interests to which we finished referring. Between the assignees the following beings can be (without it supposes a closed relation):
- Organisms of the Social Security.
- Registries Public.
- Professional schools.
- Tributary administration.
- Other organs of the Public Administration.
- Forces and Bodies of Security of the State.
- Notaries and solicitors.
- Organisms of the European Union.
- Banks/Small farm loan bank and Savings banks.
- Insuring organizations.
- Sanitary organizations.
Their data will not be yielded to third parties countries nor to international organizations. In case such cession happened in necessary, the guarantees adapted in agreement with the anticipated thing in Chapter V of the RGPD would be adopted and it would inquire into it to the affected one.
Which are their rights when it facilitates his data to us?
- STRAIGHT OF ACCESS: Right to obtain confirmation on if in the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY we are treating personal data that concern to him or no, and to accede to his personal data.
- STRAIGHT OF RECTIFICATION AND SUPPRESSION: Once it has acceded to his data, it will be able to ask for the rectification of the inexact data or, where appropriate, to ask for his suppression when, among others reasons, the data no longer are necessary for the aims that were picked up.
- STRAIGHT OF LIMITATION OF TREATMENTS: In certain circumstances, they will also be able to ask for the limitation of the treatment of his data, in which case, we will only conserve them for the exercise or the defense of claims.
- STRAIGHT OF OPPOSITION TO THE TREATMENT: In certain circumstances and by reasons related to his particular situation, it will also be able to be against to the treatment of his data. The CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY will stop treating the data, safe by urgent legitimate reasons, or the exercise or the defense of possible claims.
- STRAIGHT OF PORTABILITY: In certain circumstances, right to receive the personal data that it has facilitated to us and to transmit them to another person in charge.
How it can exercise these rights?
In order to exercise the access rights, rectification, cancellation, suppression, portability of the data or limitation of the treatment, go by email postal to the CAPERCAILLIE PELON, LIMITED LIABILITY COMPANY in 28008 Madrid, the Stroll of Florida, 16 or to the email@example.com email address; in any case, we requested to him that at the time of exercising its right, in addition to a very brief communication indicating the right to exercise and the reasons for the same, it accompanies copy to us by its national identity document or similar to assure to us its identity
You must right at any time to retire the consent granted for the following treatments:
- To manage the shipment of the publicity of our services.
- To successfully obtain information with statistical aims for commercial prospections.
The retirement of this consent will not affect to the legality of the treatment based on the previous consent to its retirement.
In any case, we informed to him into which it will also have right to make a complaint before the Authority of competent Control in the matter, for the case that it has not obtained satisfaction in the exercise of his rights.