Request a Quote

Data Protection Policy

I. PERSONAL DATA PROTECTION POLICY

EUROETIQUETAS S.L. (the “Company”) is an organisation that carries out personal data processing activities, entailing significant responsibility in the design and organisation of procedures to ensure compliance with the relevant legislation.
In the exercise of these responsibilities and with the aim of establishing the general principles that must govern the processing of personal data within the Company, it approves this Personal Data Protection Policy, which it notifies to its Employees and makes available to all its Stakeholders.

1. Purpose
The Personal Data Protection Policy is a proactive measure of responsibility aimed at ensuring compliance with applicable legislation in this matter and, in relation to it, respect for the right to honour and privacy in the processing of personal data of all individuals who interact with The Company.
In accordance with the provisions of this Personal Data Protection Policy, the Principles governing data processing within the organisation are established, and consequently, the procedures, and the organisational and security measures that persons affected by this Policy undertake to implement within their area of responsibility.
To this end, the Management shall assign responsibilities to the staff involved in data processing operations.

2. Scope of application
This Personal Data Protection Policy shall apply to the Company, its directors, managers and employees, as well as to all persons who relate to it, including, specifically, service providers with access to data (“Data Processors”).

3. Principles of the processing of personal data
As a general principle, the Company shall scrupulously comply with personal data protection legislation and must be able to demonstrate this (principle of «proactive responsibility»), paying special attention to processing that may pose a higher risk to the rights of data subjects (principle of «risk-based approach»).
In relation to the above, EUROETIQUETAS S.L. will ensure compliance with the following

Principles

  • Lawfulness, loyalty, transparency and purpose limitation. Data processing must always be communicated to the data subject, through clauses and other procedures; and will only be considered lawful if there is consent for data processing (with special attention to that given by minors), or if it has another valid legal basis and its purpose is in accordance with Regulations.
  • Data minimisation. Data processed must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy. Data shall be accurate and, where necessary, kept up to date. Every reasonable step shall be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
  • Limitation of the retention period. Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality. The data shall be processed in a manner that ensures an adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by the implementation of appropriate technical or organisational measures.
  • Data assignments. The purchase or obtaining of personal data from illegitimate sources or in cases where such data has been collected or assigned in contravention of the law or its legitimate origin is not sufficiently guaranteed is prohibited.
  • Procurement of suppliers with data access. Suppliers will only be selected for procurement if they offer sufficient guarantees for the application of appropriate technical and security measures in data processing. The appropriate agreement will be documented with these third parties.
  • International data transfers. All processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.
  • Rights of data subjects. The Company shall facilitate data subjects' exercise of their rights to access, rectification, erasure, restriction of processing, objection, and data portability, establishing internal procedures for this purpose, and in particular, the necessary and appropriate forms for their exercise, which shall meet, at a minimum, the applicable legal requirements in each case.
  • The Company shall promote that the principles set out in this personal data protection policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered, (iii) in all contracts and obligations formalised or entered into, and (iv) in the implementation of any systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.

I. PERSONAL DATA PROTECTION POLICY

EUROETIQUETAS S.L. (the “Company”) is an organisation that carries out personal data processing activities, entailing significant responsibility in the design and organisation of procedures to ensure compliance with the relevant legislation.
In the exercise of these responsibilities and with the aim of establishing the general principles that must govern the processing of personal data within the Company, it approves this Personal Data Protection Policy, which it notifies to its Employees and makes available to all its Stakeholders.

1. Purpose
The Personal Data Protection Policy is a proactive measure of responsibility aimed at ensuring compliance with applicable legislation in this matter and, in relation to it, respect for the right to honour and privacy in the processing of personal data of all individuals who interact with The Company.
In accordance with the provisions of this Personal Data Protection Policy, the Principles governing data processing within the organisation are established, and consequently, the procedures, and the organisational and security measures that persons affected by this Policy undertake to implement within their area of responsibility.
To this end, the Management shall assign responsibilities to the staff involved in data processing operations.

2. Scope of application
This Personal Data Protection Policy shall apply to the Company, its directors, managers and employees, as well as to all persons who relate to it, including, specifically, service providers with access to data (“Data Processors”).

3. Principles of the processing of personal data
As a general principle, the Company shall scrupulously comply with personal data protection legislation and must be able to demonstrate this (principle of «proactive responsibility»), paying special attention to processing that may pose a higher risk to the rights of data subjects (principle of «risk-based approach»).
In relation to the above, EUROETIQUETAS S.L. will ensure compliance with the following

Principles

  • Lawfulness, loyalty, transparency and purpose limitation. Data processing must always be communicated to the data subject, through clauses and other procedures; and will only be considered lawful if there is consent for data processing (with special attention to that given by minors), or if it has another valid legal basis and its purpose is in accordance with Regulations.
  • Data minimisation. Data processed must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy. Data shall be accurate and, where necessary, kept up to date. Every reasonable step shall be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
  • Limitation of the retention period. Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality. The data shall be processed in a manner that ensures an adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by the implementation of appropriate technical or organisational measures.
  • Data assignments. The purchase or obtaining of personal data from illegitimate sources or in cases where such data has been collected or assigned in contravention of the law or its legitimate origin is not sufficiently guaranteed is prohibited.
  • Procurement of suppliers with data access. Suppliers will only be selected for procurement if they offer sufficient guarantees for the application of appropriate technical and security measures in data processing. The appropriate agreement will be documented with these third parties.
  • International data transfers. All processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.
  • Rights of data subjects. The Company shall facilitate data subjects' exercise of their rights to access, rectification, erasure, restriction of processing, objection, and data portability, establishing internal procedures for this purpose, and in particular, the necessary and appropriate forms for their exercise, which shall meet, at a minimum, the applicable legal requirements in each case.
  • The Company shall promote that the principles set out in this personal data protection policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered, (iii) in all contracts and obligations formalised or entered into, and (iv) in the implementation of any systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.

4. Commitment to workers

  • Employees are informed of this Policy and acknowledge that personal information is the property of the Company and in this regard, they adhere to it, committing to the following:

  • Please complete the Data Protection awareness training provided by the Company.
  • Apply the user-level security measures that apply to your job role, without prejudice to the responsibilities in their design and implementation that may be attributed to you depending on your role within EUROETIQUETAS S.L..
  • Use the established formats for the exercise of Rights by affected parties and inform the Company immediately so that the response can be implemented.
  • Inform the Company, as soon as you become aware of any deviations from this Policy, particularly “Personal data security breaches”, using the established format for this purpose.

 

5. Control and evaluation
An annual review, assessment, and evaluation, or whenever there are significant changes in data processing, shall be carried out on the effectiveness of the technical and organisational measures to ensure the security of the processing.

Address: Mª Antonia García