The Management/Governing Body of COMPOSTELA CONGRESOS SL (hereinafter, the party responsible for processing), accepts maximum responsibility and commitment for the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the party responsible for the processing with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free circulation of this data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and Spanish personal data protection legislation (Organic Law, specific sector legislation and its implementing regulations).
COMPOSTELA CONGRESOS SL‘s Data Protection Policy is based on the principle of proactive responsibility, according to which the party responsible for the processing is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy, and is able to demonstrate this to the competent control authorities.
In this sense, the party responsible for the processing will be governed by the following principles that should serve all its staff as a guide and frame of reference in the processing of personal data:
- Protection of data from the design: when determining the processing means as well as at the time of processing, the party responsible for the processing will apply appropriate technical and organizational measures, such as pseudonymization, designed to effectively apply the principles of data protection, such as data minimization, and integrate the necessary guarantees in the processing.
- Default data protection: the party responsible for the processing will apply the appropriate technical and organizational measures in order to guarantee that, by default, only the personal data necessary for each of the specific purposes of the processing will be processed.
- Data protection in the information life cycle: the measures that guarantee personal data protection will be applicable during the entire life cycle of the information.
- Lawfulness, integrity and transparency: personal data will be processed in a lawful, fair and transparent manner with regard to the interested party.
- Limitation of the purpose: personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes.
- Minimization of data: personal data will be adequate, relevant and limited to what is necessary with regard to the purposes for which it is processed.
- Accuracy: the personal data will be accurate and, if necessary, updated; all reasonable measures will be taken to ensure that any inaccurate personal data, as regards the purposes for which the data is processed, is deleted or rectified without delay.
- Limitation of the conservation period: the personal data will be maintained in such a way that identification of the interested parties is allowed for no longer than necessary for the purposes of processing the personal data.
- Integrity and confidentiality: the personal data will be processed in such a way as to ensure adequate security of the data, including protection against unauthorized or illegal processing and loss, destruction or accidental damage, through the application of appropriate technical or organizational measures.
- Information and training: one of the key factors to guarantee the protection of personal data is the training and information provided to the staff involved in its processing. During the information life cycle, all staff with access to data will be properly trained and informed about their obligations regarding compliance with data protection regulations.
All the staff of the party responsible for the processing is informed about COMPOSTELA CONGRESOS SL‘s Data Protection Policy and it is made available to all interested parties.
As a result, this Data Protection Policy involves all the staff of the party responsible for the processing, who must know and accept it, considering it as their own, whereby each member is responsible for applying it and verifying the data protection rules applicable to their activity, as well as identifying and contributing the opportunities for improvement that he/she deems appropriate with the aim of achieving excellence as regards its compliance.
This Policy will be reviewed by the Management/Governing Body of COMPOSTELA CONGRESOS SL, as many times as deemed necessary, to adapt, at all times, to the current provisions on personal data protection.