The management board / governing body of MURCIA REGISTER HOUSES, SL (hereinafter referred to as the “data controller”), assumes full responsibility for and provides its full commitment to drafting, implementing and maintaining this Data Protection Policy, ensuring continuous improvement on the part of the data controller with a view to achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016) and with Spanish legislation on the protection of personal data (Spanish Organic Law, specific sector legislation and the implementing regulations).
The MURCIA REGISTER HOUSES, SL Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for ensuring compliance with the regulatory framework and the established precedent that governs the Policy, and is able to prove this before the competent supervisory authorities. To that effect, the data controller is governed by the following principles that should serve as a guide and frame of reference for all of its employees, with regard to the protection of personal data:
- Data protection by design: when determining the means of processing as well as while the processing itself, the data controller shall apply appropriate technical and organisational measures, such as pseudonymisation, designed to effectively implement the principles of data protection, such as processing the minimum amount of data required, and incorporating the necessary guarantees into the processing.
- Data protection by default: the data controller shall apply appropriate technical and organisational measures with a view to ensuring that, by default, only the personal data which is necessary for each specific purpose of processing is processed.
- Data protection in the data life cycle: measures to ensure that personal data is protected shall be applied during the complete life cycle of the data.
- Lawfulness, fairness and transparency: the personal data shall be processed in a lawful, fair and transparent manner with regard to the person concerned.
- Purpose limitation: the personal data shall be collected for specific, explicit and legitimate purposes only, and shall not be subsequently processed in any way that is incompatible with those purposes.
- Data minimisation: the personal data must be adequate, relevant and restricted to what is necessary for the purposes for which it is processed.
- Accuracy: the personal data must be accurate and updated where necessary; all reasonable steps must be taken to ensure that personal data which is inaccurate with regard to the purposes for which it is processed is rectified or erased without any delay.
- Storage limitation: the personal data must not be stored in any way that allows the data subject to be identified for any longer than is necessary for the purposes of the personal data processing.
- Integrity and confidentiality: the personal data must be processed in such a way that ensures adequate security of the personal data, including protection against unauthorised or unlawful processing, loss, destruction and accidental damage, by applying appropriate technical and organisational measures.
- Information and training: one of the keys to ensuring the protection of personal data is providing training and information to the employees involved in processing the data. During the life cycle of the data, all employees with access to the data must be properly trained on and informed about their obligations in terms of compliance with the regulation on personal data protection.
The MURCIA REGISTER HOUSES, SL Data Protection Policy is distributed to all the employees under the authority of the data controller and is made available to all interested parties.
Consequently, this Data Protection Policy involves all the employees under the authority of the data controller, who are required to be familiar with the policy and take ownership of it; every single one of them is responsible for applying and verifying data protection regulations in the course of their work, as well as identifying and creating appropriate opportunities for improvement with a view to achieving excellence in compliance.
This Policy will be reviewed by the management board / governing body of PINATAR URBANA, SL as often as necessary to ensure compliance with the provisions in force on the protection of personal data.