Personal Data Protection Policy
1. Purpose
This Policy establishes the principles and guidelines governing the processing of personal data at Pekata (trade name of Reloting, S.L., NIF B19932771), in compliance with Regulation (EU) 2016/679 and Organic Law 3/2018. It guarantees the right to data protection of all natural persons who interact with the Company, ensuring respect for the right to honour and privacy.
2. Scope of application
The Policy applies to the Company and to all persons who interact with it.
3. General principles regarding the processing of personal data
The Company will comply with the applicable data protection legislation. It will promote the implementation of the principles of this Policy in:
- Procedures involving the processing of personal data.
- Products and services offered.
- Contracts and obligations with natural persons.
- Systems and platforms for access to personal data.
4. Basic principles regarding the processing of personal data
1. Legitimacy, lawfulness and fairness
The processing of personal data will be legitimate, lawful and fair, in accordance with the applicable legislation. Data will be collected for specific and legitimate purposes, with consent where the law so requires. The Company will not process sensitive data (ethnic origin, political ideology, religious beliefs, sexual orientation, health, genetic or biometric data) except where it is necessary, legitimate and legally permitted.
2. Minimization
Only data strictly necessary and appropriate for the established purpose will be processed.
3. Accuracy
Data must be accurate and kept up to date; if not, it must be erased or rectified.
4. Storage limitation
Data will not be kept beyond the period necessary to achieve its purpose, except where the law provides otherwise.
5. Integrity and confidentiality
Appropriate security will be guaranteed by means of technical or organizational measures to protect against unauthorized processing, loss, destruction or accidental damage. Data will be kept confidentially without transferring it to third parties beyond the permitted cases.
6. Accountability
The Company will be responsible for complying with the stipulated principles and demonstrating this when so required by law. It will assess risks, keep a record of activities, document security incidents and appoint Data Protection Officers when mandatory.
7. Transparency and information
The processing will be transparent, providing understandable and accessible information about the data when the law so requires.
8. Acquisition or obtaining of data
The acquisition of data from illegitimate sources or from sources that do not guarantee its legitimate origin is prohibited.
9. Engagement of data processors
Before engaging a provider with access to data, the Company will ensure that the processing complies with the applicable regulations.
10. International data transfers
Any transfer outside the European Economic Area must strictly comply with the European data protection requirements.
11. Rights of data subjects
The Company will allow the exercise of the rights of access, rectification, erasure, restriction of processing, portability and objection, establishing the necessary internal procedures.
5. Implementation
The Management of the Company, with the external legal advice that may be necessary, will develop and keep up to date the internal data protection procedures, which are mandatory for the entire team. It will also implement in the information systems the appropriate technical controls to ensure regulatory compliance, keeping them up to date.
6. Monitoring and evaluation
The Management of the Company will oversee compliance with this Policy and will periodically review its effectiveness, adapting it when the processing carried out, the applicable regulations or the criteria of the supervisory authorities change.