Affidea Group's privacy management system policy

AFFIDEA GROUP's Privacy Management System Policy is based on the standards set out in Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as in the international standards for information security (ISO 27001) and privacy (ISO 27701) management systems.

AFFIDEA GROUP is committed to the protection of privacy within the Organization to ensure the right to data protection of all stakeholders involved in the development of its activity.

The Privacy Management System Policy, led by the Management, is based on the following principles:

  1. Make privacy a basic objective of the Organization, involving all personnel committed to its success.

  2. To make a sincere commitment and, to this end, publish the Privacy Management System Policy and undertake to make it available to any interested party.

  3. To treat personal data in a lawful, fair and transparent manner, clearly and specifically identifying the purpose for which they have been obtained.

  4. To collect personal data for specific, explicit and legitimate purposes and not to process them in a way that is incompatible with those purposes.

  5. Collect and process only personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected.

  6. To always keep personal data accurate and up to date, taking all reasonable steps to ensure that they are deleted or rectified without delay when they are inaccurate in relation to the purposes for which they are processed.

  7. To make available to the interested parties systems for updating their personal data

  8. Not to retain information that identifies data subjects beyond the time necessary to achieve the purposes for which the personal data were processed.

  9. To process personal data in a way that ensures their security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by implementing appropriate technical or organizational measures.

  10. To request the consent of the data subject whenever necessary for the processing of his or her personal data.

  11. Treat sensitive data with special categories.

  12. Systematically evaluate the effectiveness of the measures taken to ensure security, so that privacy management is supported and based on objective data in order to achieve continuous improvement.

  13. Reduce and eliminate risks arising from the activity, by means of a system of identification and evaluation.

  14. To conceive information and continuous training as the basis for all the Organization's personnel involved in the processing of personal data to become involved in the protection of data subjects' privacy and conceive it as a fundamental right.

  15. To guarantee the exercise of personal data protection rights, ensuring a timely and appropriate response.