The Management / Administrative body of SAEZ cranes (hereinafter, the “data controller”), assumes the maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the data controller, with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and Council, of 27 April 2016, on the protection of individuals with regard to the processing of personal data, and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and the Spanish regulations on the protection of personal data (Organic Law, specific sectorial legislation and its implementing regulations).
SAEZ crane’s Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework governing this Policy, and is able to demonstrate this to the competent control authorities.
In this sense, the data controller will be governed by the following principles, which must serve as a guide and frame of reference for all its staff, in the processing of personal data:
1. Data protection through design: the data controller shall apply, both when determining the means of processing and at the time of the processing, appropriate technical and organisational measures, designed to apply effectively data protection principles. Examples would include “pseudonymisation” (effectively a de-identification procedure), the minimisation of data, designed to integrate the necessary guarantees into the processing.
2. Data protection by default: the data controller shall implement appropriate technical and organisational measures with a view to ensuring that, by default, only exact personal data necessary for each specific purpose is processed.
3. Data protection during the stored-data life-cycle: measures guaranteeing the protection of personal data shall be applicable throughout its whole stored life cycle.
4. Lawfulness, fairness and transparency: personal data shall be processed in a lawful, loyal and transparent manner, in relation to the data subject.
5. Purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a way incompatible with those purposes.
6. Minimisation of data: personal data shall be suitable, relevant and limited to what is necessary in relation to the purposes for which it is processed.
7. Accuracy: personal data shall be accurate and, where necessary, kept up to date; all reasonable steps shall be taken to ensure that personal data which is inaccurate in relation to the purposes for which they are processed, are promptly deleted or rectified.
8. Limitation of storage period: personal data shall be kept in a form which permits identification of data subjects for a period no longer than is necessary, for the purposes of the processing the personal data.
9. Integrity and confidentiality: personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, through the implementation of appropriate technical or organisational measures.
10. Information and training: one of the keys to guaranteeing the protection of personal data is the training and information provided to the personnel involved in the processing of such data. During the life cycle of the information, all personnel with access to the data will be suitably trained and informed about their obligations in relation to compliance with data protection regulations.
SAEZ cranes Data Protection Policy is imparted to all personnel authorised for data processing, and also made available to all interested parties.
Consequently, this Data Protection Policy involves all our personnel authorised for data processing, who must be aware of, and understand it. They must consider it as their particular responsibility to apply the normative, and verify that the data protection regulations under their concern, are correctly applied. It is understood that this procedure will be beneficial for both identifying and providing opportunities to optimise excellence in its implementation.
This Policy will be reviewed by the Management / Administrative body of SAEZ cranes, as often as deemed necessary, in order to perpetually adapt to current guidelines in force, regarding personal data protection.