Legal — Can Rafal i Es Caló

Privacy policy

The Management / Governing Body of JOSE TORRES TORRES (hereinafter, the data controller), assumes the maximum responsibility and commitment with the establishment, implementation and maintenance of this Data Protection Policy, ensuring the continuous improvement of the data controller with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and the Spanish regulations on the protection of personal data (Organic Law, specific sectorial legislation and its implementing regulations).

The Data Protection Policy of XANO-XANO SL is based on the principle of proactive responsibility, according to which the controller is responsible for compliance with the regulatory and jurisprudential framework governing that Policy, and is able to demonstrate this to the competent control authorities.

In this regard, the data controller shall be governed by the following principles, which shall to serve all its staff as a guide and reference framework in data processing personal:

1. Data protection by design: the data controller shall apply, both in determining the means of processing and at the time of processing itself, appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data lamination, and to integrate the necessary guarantees into the processing.

2. Data protection by default: the data controller shall implement appropriate technical and organizational measures with a view to ensuring that, by default, only those personal data that are necessary for each specific purpose of the processing are processed.

3. Data protection in the information life cycle: measures guaranteeing the protection of personal data shall be applicable during the entire life cycle of information.

4. Lawfulness, loyalty and transparency: personal data will be treated in a lawful, loyal and transparent in relation to the interested party.

5. Purpose limitation: personal data will be collected for specific purposes, explicit and legitimate, and will not be further treated in a manner incompatible with said purposes.

6. Data minimization: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

7. Accuracy: personal data shall be accurate and, if necessary, kept up to date; all reasonable steps shall be taken to ensure that personal data that are inaccurate in relation to the purposes for which they are processed are promptly deleted or rectified.

8. Limitation of storage period: personal data shall be maintained in such a way that the identification of the interested parties is allowed for no longer than necessary the purposes of the processing of personal data.

9. Integrity and confidentiality: the personal data will be treated in such a way that ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.

10. Information and training: one of the keys to ensuring data protection training and information provided to the staff involved in the treatment of them. During the life cycle of the information, all personnel with access to the data will be properly trained and informed about their obligations in relation to compliance with data protection regulations.

The Data Protection Policy of JOSE TORRES TORRES is communicated to all the personnel of the person responsible for processing and making it available to all interested parties.

Consequently, this Data Protection Policy involves all the personnel of the person responsible for the processing, who must know and assume it, considering it as their own, each member being responsible for applying it and verifying the data protection rules applicable to their activity, as well as identifying and providing the opportunities for improvement that they consider appropriate in order to achieve excellence in relation to its compliance.

This policy will be reviewed by the Directorate / Governing Body of XANO-XANO SL, as many times as deemed necessary, to adapt, at all times, to the current provisions on the protection of personal data.