The management/administrative body of TECHNOLOGY & SECURITY DEVELOPMENTS, SL (TSD) (hereinafter, the controller), assumes the maximum responsibility and commitment for the establishment, implementation and maintenance of this data protection policy, ensuring the continuous improvement of the controller in order to achieve excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing this Directive. 95/46/EC (General Data Protection Regulation) (OJ L 19/1, 04-05-2016), and the Spanish Personal Data Protection Regulation (Organic Law, Specific Sectorial Legislation and its Implementing Regulations).
The data protection policy of TECHNOLOGY & SECURITY DEVELOPMENTS, SL (TSD) is based on the principle of proactive responsibility, according to which the controller is responsible for compliance with the regulatory and jurisprudential framework governing this policy, and can demonstrate this to the competent supervisory authorities.
In this respect, the controller shall be governed by the following principles, which shall serve as a guide and frame of reference for all its personnel for the processing of personal data:
Intentional data protection: the controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each of the specific purposes of the processing are processed.
Data protection during the information lifecycle: measures ensuring the protection of personal data shall be implemented throughout the information lifecycle. Lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner vis-à-vis the data subject.
Purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.
Data minimisation: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: personal data are accurate and, where appropriate, kept up to date: all reasonable steps will be taken to ensure that personal data which are inaccurate in relation to the purposes for which they are processed are erased or rectified without delay.
Limitation of the retention period: personal data shall be kept in a form which doesn´t allow the identification of data subjects for longer than is necessary for the processing of the personal data.
Integrity and confidentiality: personal data shall be processed in a way that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by appropriate technical or organisational measures.
Information and training: one of the keys to ensuring the protection of personal data is the training and information of staff involved in the processing of personal data. Throughout the entire information lifecycle, all staff who have access to the data shall receive appropriate training and information on their obligations in relation to compliance with data protection rules.
The data protection policy of TECHNOLOGY & SECURITY DEVELOPMENTS, SL (TSD) is communicated to all staff of the data controller and made available to all interested parties.
Therefore, the present data protection policy involves all the staff of the data controller, who must know it and assume it, considering it as their own, each member being responsible for its application and for the verification of the data protection rules applicable to their activity, as well as for the identification and the possibilities of improvement that they consider appropriate in order to achieve excellence in compliance.
This Policy will be reviewed by the Board of Directors of TECHNOLOGY & SECURITY DEVELOPMENTS, SL (TSD), whenever necessary, in order to adapt, at any time, to the provisions in force regarding the protection of personal data.