The Direction / Governance body of SpainTop, Servicios Turísticos SL (hereafter, the person in charge of the processing), assumes the maximum responsibility and commitment with the establishment, implementation and maintenance of the present Data Protection Policy, guaranteeing the continuous improvement of the controller of the processing with the aim to reach the excellence regarding the compliance of the Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, relatively to the protection of the natural persons regarding the processing of personal information and to the free traffic of this information and and repealing Directive 95/46/CE (General regulation of data protection) (DOUE L 119/1, 04-05-2016), and of the Spanish regulation of personal data protection (Organic law, sectorial specific legislation and its procedure of development).
The Data Protection Policy of SpainTop, Servicios Turísticos SL. rests in the principle of proactive responsibility, according to which the person in charge of the processing is responsible for the compliance of the normative and jurisprudencial frame that governs the above-mentioned Policy, and is capable of demonstrating it before the competent authorities of control.
To this respect, the person in charge of the processing will be ruled for the following principles that must serve to all his personnel as guide and frame of reference in the processing of personal information:
- Protection of information from the design: the person in charge of the processing will apply, both at the time to determine the means of processing and in the moment of the own processing, technical and organizational appropriate measures, as the pseudonymization, conceived to apply of effective form the principles of data protection, as the minimization of information, and to integrate the necessary guarantees in the processing.
- Data protection by default: the person in charge of the processing will apply the technical and organizational measures adapted with a view to guaranteeing that, by default, only are an object of processing the personal information that are necessary for each of the specific purposes of the processing.
- Data protection in the life cycle of the information: the measures that guarantee the protection of the personal information will be applicable during the complete cycle of the life of the information.
- Legality, loyalty and transparency: the personal information will be processed as a lawful, loyal and transparent way in relation with the interested party.
- Limitation of the purpose: the personal information will be gathered by certain, explicit and legitimate purposes, and will not be processed subsequently as an incompatible with the above-mentioned purposes.
- Minimization of information: the personal information will be adapted, pertinent and limited to the necessary in relation with the purposes for which they are processed.
- Accuracy: the personal information will be exact and if it was necessary, updated; all the reasonable measures will be adopted in order that there is suppressed or rectifies without delay the personal information that are inaccurate regarding the purposes for which they are processed.
- Limitation of the term of conservation: the personal information will be supported so that the identification of the interested parties is allowed during not more time of the necessary one for the purposes of the processing of the personal information.
- Integrity and confidentiality: the personal information will be processed in such a way that there is guaranteed a security adapted of the personal information, included the protection against the not authorized or illicit processing and against its loss, destruction or accidental damage, by means of the application of technical or organizational appropriate measures.
- Information and training: one of the keys to guarantee the protection of the personal information is the training and the information that is facilitated to the personnel involved in the process of the same ones. During the life cycle of the information, the whole personnel with access to the information will be suitably trained and informed regarding his obligations in relation with the compliance of the data protection regulation.
The Data Protection Policy of SpainTop, Servicios Turísticos SL involves the whole personnel of the person in charge of the processing and put at the disposal of all the interested parts.
In consequence, the present Data Protection Policy involves to the whole personnel of the person in charge of the processing, who must know and assume it, considering it to be like own, being every member responsible of applying it and of checking the data protection procedure applicable to its activity, as well as to identify and to provide the opportunities of improvement that he considers to be opportune with the aim to reach the excellence in relation with its compliance.
This Policy will be checked by the Direction / Governance body of SpainTop, Servicios Turísticos SL, so often as to be considered necessary, to be adapted, at all time, to the regulations in force to protect the personal data.