PERSONAL DATA PROTECTION POLICY

Similar documents
Ethical Code. Fondazione Pirelli Hangar Bicocca 1

The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,

HIGÈA. Limited company with sole shareholder ETHICAL CODE

What is GDPR and Should You Care?

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation

GRIFOLS STATUTES OF THE AUDIT COMMITTEE

ORGANIZATION, MANAGEMENT AND CONTROL MODEL - ETHICAL CODE -

CORPORATE GOVERNANCE POLICY

Review of agreed-upon procedures engagements questionnaire

Humber Information Sharing Charter

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)

Policy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent

GENERAL TERMS AND CONDITIONS FOR USING THE JUVENTUS eprocurement PORTAL

Conducting privacy impact assessments code of practice

ARTICLE 29 DATA PROTECTION WORKING PARTY

Wilo Group Code of Conduct. "Responsible Behaviour

Information Governance and Records Management Policy March 2014

* SAKURA Rules * (Code of Conduct for the Terumo Group)

Code of Conduct. Integral Diagnostics Limited ACN

Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management

1. INTRODUCTION 3 2. ENGAGEMENT OF THE MCB GROUP WITH RESPECT TO ITS ETHICS 3 3. ABOUT THIS CODE 3 4. DEALINGS WITH EMPLOYEES 4

CODE OF CONDUCT ACS DOBFAR SPA GROUP. Acs Dobfar S.p.A Facta Farmaceutici S.p.A. Dphar S.p.A.

CODE OF ETHICS AND CONDUCT OF THE TELECOM ITALIA GROUP

Group Environment Policy

Aligning Records Management with ICT/ e-government and Freedom of Information in East Africa

KING IV APPLICATION REGISTER. We do it better

Lords Bill Committee on Digital Economy Bill Information Commissioner s briefing

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES

Procedure: Sasol Supplier code Of Ethics

Social Media in the Workplace

THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER

SHELL GENERAL BUSINESS PRINCIPLES

Code of Ethics Rev 2016

CODE OF ETHICS FOR CHIEF EXECUTIVE OFFICER AND SENIOR FINANCIAL OFFICERS UGI CORPORATION

Data protection (GDPR) policy

ANTI-CORRUPTION CODE

Conducting privacy impact assessments code of practice

King iii checklist 2013

TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION

Code of Business Conduct

KING III CHECKLIST. We do it better

University of Birmingham. Protocol for the Governance of University Wholly Owned Subsidiary Companies and Companies

BAM Insider Dealing Policy

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

Data Protection Policy

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry

Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications

PostNL group procedure

Supplier Code of Conduct

Field/Mobile Working Policy

Freedom of Information Model Publication Scheme Guidance

IoD Code of Practice for Directors

AUDIT COMMITTEE. each member must be financially literate (as determined by the Board);

Eurosystem Ethics Framework

The Merlin Principles. The Elements of each Principle

Quality, trust and social commitment. CaixaBank's Human Rights Policy. May 2017

EQUASS 2018 Principles, criteria and Indicators for EQUASS Excellence recognition

Dexia Group Audit Charter

EUROPEAN UNION. Brussels, 27 March 2013 (OR. en) 2011/0374 (COD) PE-CONS 80/12 CONSOM 164 MI 853 JUSTCIV 382 CODEC 3131 OC 774

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2016

King IV Application Register

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

GOVERNANCE BODIES AND COMMITTEES AND THEIR FUNCTION

Contents. General Principles

(Legislative acts) DIRECTIVE 2014/55/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 April 2014 on electronic invoicing in public procurement

Edition No. 1 of 17 March 2017

CODE OF CONDUCT Version 3 August 2016

quality, environment, information security, credit management and social responsibility policy. human forward.

Code of Conduct Guidelines and Standards of Integrity and Transparency

Job Description HR Administrator

CORPORATE GOVERNANCE POLICY

Westfield Corporation Slavery and Human Trafficking Statement. Financial Year Ended 31 December 2016

Slavery and Human Trafficking Statement 2016

UNMIK REGULATION NO. 2004/22 ON THE PROMULGATION OF A LAW ADOPTED BY THE ASSEMBLY OF KOSOVO ON ELECTRICITY

European Parliament resolution of 8 March 2011 on the revision of the General Product Safety Directive and market surveillance (2010/2085(INI))

The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,

EQUASS 2018 Principles, criteria and indicators for EQUASS Assurance recognition

Sustainability Policy of the Eletrobras Companies

National Galleries of Scotland. Procurement Policy September 2016

The Company seeks to comply with both the letter and spirit of the laws and regulations in all jurisdictions in which it operates.

STATEMENT OF BUSINESS ETHICS

(Non-legislative acts) REGULATIONS

COMPLIANCE POLICY RIBERA SALUD GRUPO

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

EU GENERAL DATA PROTECTION REGULATION

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Discipline Policy and Procedure. Adopted by the Trust Board on 6 December 2016

THICAL PRINCIPLES OF THE MAERO GROUP. The value of people

Tutor Culinary Arts (part-time)

NETWORKING CULTURE LTD CORPORATE SOCIAL RESPONSIBILITY POLICY

DATA QUALITY POLICY Review Date: CONTENT

Annexure B Section 22

Session 2: International cooperation on quality management - principles; harmonization of frameworks; peer reviews; support of countries

CODE OF ETHICS POLICY AND PROCEDURE

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

This document contains a summary of the Group s application of all of the principles contained in King III.

Practice Note 8 Engineers and Ethical Obligations

QUALITATIVE AND QUANTITATIVE PROFILE OF THE UNICREDIT S.P.A. BOARD OF DIRECTORS

2017 Archaeology Audit Program Procedure Manual. April 2017

Doing the right thing the PwC way

Transcription:

PERSONAL DATA PROTECTION POLICY 1. Reasons 2. Principles and rights of personal data protection 3. Personal data protection policy 3.1 Purpose 3.2 Scope of application 3.3 Commitments 4. Responsibilities regarding personal data protection 5. Organisational structure for personal data protection 6. Entry into force 1. REASONS Digitisation is being introduced in all areas of business activity. Consequently, personal data are increasingly more likely to be processed, in the broadest sense of the meaning. Within this context and considering that ACCIONA has acquired the commitment to comply with the specific regulations in force of every country where it operates or is present, therefore adapting its information systems to the technical and organisational measures that may be necessary, especially for legal regulations regarding personal data processing, it has been deemed that one of the priority aspects is to identify the personal data and the processing thereof for which ACCIONA is the controller and to protect that data from threats and security risks, as well as ensure compliance with the legal scheme. Finally, a breach of this regulatory framework is subject to major financial penalties, without prejudice to the harm that could be caused to the image and reputation of ACCIONA. 2. PRINCIPLES AND RIGHTS OF PERSONAL DATA PROTECTION The principles included in applicable legislation regarding personal data protection indicate how the rights of data subjects should be recorded, treated, assigned and exercised with respect to personal data in order to ensure the privacy and other fundamental rights of citizens. These principles are stated below: June 27, 2017 Página 1 de 5

Legality, loyalty and transparency in data processing. Limitation of purpose. Minimisation of data with respect to the purposes for which data are processed Accuracy. Limitation of the time kept on file. Integrity and confidentiality. Proactive responsibility. Data protection rights are those that give data subjects the power to control their own personal data and the capacity to have the data at their disposal and make decisions about the same. These rights are stated below: Right of access of the data subject. Right of rectification. Right of deletion or erasure. Right to the limitation of processing. Right to the portability of data. Right of objection. 3. PERSONAL DATA PROTECTION POLICY 3.1. Purpose The main purpose of this policy is to establish the company's commitment regarding personal data protection and to define a framework that allows ensuring said protection and respecting the aforementioned principles and rights that are established by applicable legislation. 3.2. Scope of application This policy must be complied with by all organisational units or companies and entities of the ACCIONA Group (defined as those over which Acciona, S.A. directly or indirectly exercises control over the capital and/or management thereof), as well as their employees, suppliers, shareholders and customers (among others), which record or process personal data. June 27, 2017 Página 2 de 5

In consortiums or joint ventures in which ACCIONA does not hold control, ACCIONA's representatives will observe the precepts of this policy and will promote the application thereof, to the extent possible. In turn, it will be applicable in all phases of the life cycle of information that may contain personal data (generation, distribution, storage, processing, consultation and destruction). 3.3. Commitments ACCIONA's commitments regarding personal data protection, which ensure compliance with the specified principles and rights, are detailed below: Compliance with applicable legal and regulatory requirements and alignment with internationally recognised standards and good practices. Driving the development and implementation of our own body of regulations, thereby establishing the bases for integrating protection in the processing of personal data in all processes of the organisation and guaranteeing respect for the rights of data subjects. Integrating data protection in all phases of the life cycle of information, technology systems and organisational or technological processes, therefore protecting all media that are in charge of processing, communicating or storing information. Understanding data protection as an integral process oriented at continuous improvement (planning, doing, verifying and acting). Developing a management model based on the criteria of legality and proportionality, and aligned with business strategies, which will allow adequate analysis and management of the risks that might affect the principles of personal data protection and therefore adopting the necessary measures for the protection thereof. Ensuring the governability of this management model by creating an organisational structure for the protection of personal data and the definition of responsibilities from a proactive approach. The development of these commitments will allow ACCIONA to obtain the following benefits: Improvement of personal data protection based on a process of continuous improvement and the availability of resources, knowledge, procedures and tools. Consolidation of trust in the organisation by customers and suppliers, accompanied by an improved public image. June 27, 2017 Página 3 de 5

Assurance of compliance with legal and ethical requirements, thus decreasing the costs resulting from a breach of personal data protection regulations, through the progressive implementation of security controls. 4. RESPONSIBILITIES REGARDING PERSONAL DATA PROTECTION ACCIONA Management will require and ensure compliance with personal data protection by the entire organisation and by all people with access to personal data, including its suppliers, contractors and shareholders, among others. Every division or business unit will be responsible for implementing the necessary measures that ensure an adequate level of security within the scope of their business. In turn, any person with access to ACCIONA information that may contain personal data, whether internal personnel or external personnel, will be bound to comply with the aspects set forth in the policy, regulations, procedures or any other document pertaining to personal data protection. A breach thereof will be subject to application of the corresponding disciplinary scheme determined by ACCIONA. 5. ORGANISATIONAL STRUCTURE FOR PERSONAL DATA PROTECTION To guarantee adequate management of personal data protection, the following organisational structure is established: Personal Data Protection Committee: composed of a representative from the corporate areas of ICT, HR and Legal Advising. This body, through periodic meetings, will be in charge of establishing personal data protection guidelines; defining short-, medium- and long-term strategies; ensuring appropriate management of risk; and leading the governance model of personal data protection. Unit at ACCIONA that is responsible for implementing the technical measures that are necessary for protecting personal data: Information and Communication Technologies Management will be in charge of implementing and managing ACCIONA's strategy regarding personal data protection, for developing a regulatory body and for defining, within its scope of action, adequate technical measures for ensuring the protection of personal data. Managers of personal data protection at every organisational unit or company of ACCIONA: All personnel of June 27, 2017 Página 4 de 5

the businesses that, in the development of their work, may manage or have access to personal data will ensure compliance with the security measures established at the organisational unit or company to which they belong in order to guarantee the security of such personal data, therefore integrating data protection into the business processes. 6. ENTRY INTO FORCE This personal data protection policy will enter into force as from the publication date hereof. ***************** June 27, 2017 Página 5 de 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback