INTRODUCTION Veedmee has a Data Protection Policy, hereinafter referred to as PPD, which respects the legal provisions in force in the European territory, including the new General Regulation on Data Protection approved by the European Commission.
The purpose of the PPD is to regulate and monitor the use of the information generated and obtained within the company’s internal and external business processes.
It is in this context that Veedmee has developed its Data Protection Policy (PPD) applicable to employees and users.
What information we collect and process and why we do it;
How we use this information;
The options we offer, including how to access, update, and remove information.
OBJECTIVE AND SCOPE
The purpose of this document is to establish and maintain a certain level of data protection that:
– Be in compliance with applicable legal provisions on data protection;
– Be in accordance with the needs of customers, partners and employees;- Enable effective business processes;
– Allow Veedmee to maintain a positive external image on the market.
Data protection is a core function and a Data Protection Officer, hereinafter referred to as “DPO”, will be appointed to report to the administration at least once a year on the development of PPD activities.
RULES AND PROCEDURES
All employees or units of the company that use personal data are individually responsible for compliance with applicable legal and regulatory provisions.
The members of the Administration and Management, in addition to being obliged to comply with the rules and procedures related to the PPD, are responsible for implementing structures and guarantee adequate resources for the proper functioning of the PPD.
The department heads should ensure that the processes in your department are in accordance with the PPD.
Employees are obliged to guarantee the confidentiality of the data as an inseparable part of their duties under the employment contract. They should also proceed in accordance with all information and training received and comply with all the guidelines set out in the SGP. Failure to comply with these obligations may have disciplinary consequences, and all failures under the PPD must be reported to the DPO.
For the purposes of the Data Protection Policy, employees with Veedmee are considered to be collaborators for a work, internship, service or other equivalent relationship.
DPO is responsible for ensuring compliance with data protection regulations, by providing information to all employees of the company in this area.
The DPO will also be responsible for identifying risks and proposing improvement opportunities related to PPD.
With the approval of the Administration, the DPO may, within the scope of its functions, determine the implementation of PPD measures in any department, and for this purpose, have adequate controls and access.
DEFINITION OF PERSONAL DATAPersonal data shall mean all information of any kind and regardless of the medium in which it is stored, relating to personal characteristics or material circumstances of a natural or identifiable person (including data subject), including but not limited to the address, number identification, tax identification, civil identification, personal email, bank identification, profession, biometric data and other details such as state of health, income among others legally applicable.
TREATMENT OF PERSONAL DATA
Processing of personal data means any operation or set of operations relating to personal data, whether performed with or without automated means, such as collection, registration, organization, preservation, adaptation or alteration, retrieval, use, communication by transmission, dissemination or otherwise making available, by comparison or interconnection, as well as blocking, deletion or destruction.
Personal information must be collected, processed and used:
– on the basis of a contractual and confidential relationship with the data subject;
– With the written consent of the persons involved;
– With the detail that is legally possible or required.
All personal data processing procedures must meet the requirements of applicable standards. (See Annex)
Any change to the method of collecting and processing personal data shall be communicated to the DPO to verify its feasibility and compliance with the applicable standards.
The collection of data must be carried out for specific purposes and be limited to the information necessary for the process in question and can not, except with the prior consent of the data subject, relate to personal data concerning philosophical or political beliefs, party affiliation and trade union, religious faith, private life, racial or ethnic origin, health or sexual life.
The personal data collected must be accurate and should be updated as necessary, and appropriate measures must be taken to erase or rectify inaccurate and incomplete data.
As far as possible and when deemed advantageous the information should be anonymous and pseudonyms may be used.
In the case of transfer of personal information and / or its media, special security measures must be taken
DELETE AND “FREEZE” INFORMATION
When the data is not needed for a particular purpose, or when the purposes for which it was stored have been fulfilled, the information must be deleted.
In case it is necessary to retain the data for a certain period of time the information should be “frozen”.
In the latter case, access to “frozen” information requires specific authorization from the administration, having heard the DPO.
DATA HOLDER RIGHTSVeedmee sets out procedures to protect the rights of data subjects with regard to:
– Conformity with the specific objective of data collection, ie personal data can not be used for purposes other than those which led to their collection, and of which the data subject has been duly informed;
– Provision of information to the data subject on the storage of his data, on its content and on its right to consult and correct information;
– Rectification, deletion or blocking of data, and notification thereof, if possible, to third parties who have become aware of such data;
– Opposition, always based on weighty and legitimate reasons relating to his particular situation, to the processing of the data he owns;
– Notification when the information is first stored by another method distinct from the original;
– Non-use of personal data for the purposes of advertising, direct marketing or any other form of commercial prospecting, as well as its non-communication to third parties for the same purposes, except with the prior consent of the data owner.
COLLABORATOR DATA MANAGEMENT
The personal data of the employees will be treated in accordance with the data protection policy, taking into account the rights and operational requirements of the company.
The personal data of the employees are treated exclusively within the scope of the employment contracts.
The processing of the employee’s personal data in the context of a business relationship underlies the same data processing procedure as a normal customer.
Access to this information will be regulated in the company agreement.
DISCLOSURE AND CONTRACT
PPD is posted on the company’s website.
The obligation of confidentiality by Veedmee employees in relation to the personal data to which they have access by virtue of their duties must be included in the employment contracts and in any case remain in force even after the termination of their respective duties at the service of the Veedmee. Veedmee for the time legally required.
INFORMATION AND TRAININGAppropriate information and training on PPD should be made available to all employees of the company.
AVAILABILITY OF PERSONAL DATA TO THIRD PARTIES
Personal data may only be made available to external entities when specifically provided for in the Law, or by the express consent of the data subject.
Before any information is provided by telephone, an adequate identification of the data subject by contrast of specific personal data shall be carried out.
The applicant must be informed in advance that the information requested for contrast purposes constitutes a measure to protect his own personal data.
The provision of personal data to spouses or legally treated as persons whose personal data are collected shall follow the same rules as the provision of information to third parties.
In the event of personal data being demanded by external auditors or authorities, their supply shall be limited to what is strictly necessary for these entities to perform properly the tasks and functions that are performed by law or contract.
In case of doubt about rights of access to information, the DPO should be consulted.
EXTERNAL SERVICE PROVIDERSContracts with external providers should include appropriate specific PPD requirements.
DATA PROTECTION AND SAFETY MEASURES
Measures will be implemented that aim at an adequate policy of data protection avoiding its undue, accidental or intentional disclosure.
The data will be classified according to your level of confidentiality.
The strictness of protection measures shall be proportionate to the level of confidentiality of the data to be protected.
In the case of doubts about access rights to information, specific requirements to be imposed on third parties or others that pertain to the PPD, the DPO should be consulted and, where appropriate, use the Legal Services to obtain the legal framework of the respective DPOs. decisions.
The DPO reports to the administration the cases in which it was heard and the guidelines it provided on such cases.
The DPO immediately informs the administration whenever its intervention has been requested and may interfere with the normal functioning of the services.