Data Protection Policy
I. Basic information regarding data protection
II. Data protection policy
The Corporate Management and the Governing Body of Pacha Merchandise, S.L. (hereinafter, the “data processing controller”), assume the utmost responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing ongoing improvement by the data controller with the objective of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation” or “GDPR”) (OJEU L 119/1, 04-05-2016), and with Spanish personal data protection legislation (Organic Law on Data Protection, specific industry legislation and implementing regulations).
The Data Protection Policy of Pacha Merchandise, S.L. is based on the proactive responsibility principle, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy and is able to demonstrate it to the relevant supervising authorities.
In this regard, the data controller will be governed by the following principles that must be used by all its personnel as a guide and frame of reference in personal data processing:
- Data protection by design: the data controller will implement, both at the time of determining the means of processing and at the time of the processing, appropriate technical and organizational measures, such as pseudonymization, designed to effectively apply data protection principles such as data minimization, and integrate the necessary guarantees in the processing.
- Data protection by default: the data controller will apply the appropriate technical and organizational measures in order to guarantee that, by default, only the personal data necessary for each of the specific purposes of the processing will be processed.
- Data protection in the information lifecycle: the measures that guarantee personal data protection will be applicable during the entire lifecycle of the information.
- Lawfulness, fairness and transparency: personal data will be processed in a manner that is lawful, fair and transparent for the interested party.
- Restriction of purpose: personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes.
- Data minimization: personal data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy: personal data will be accurate and, if necessary, updated; all reasonable measures will be taken so that personal data that are inaccurate with respect to the purposes for which they are processed are deleted or rectified without delay.
- Restriction of the conservation period: the personal data will be kept in a way that allows the identification of the interested parties for no more time than is necessary for the purposes of personal data processing.
- Integrity and confidentiality: personal data will be treated in such a way as to ensure the adequate security of personal data, including protection against unauthorized or illegal treatment and against loss, destruction or accidental damage thereof, through the implementation of the appropriate technical or organizational measures.
- Information and training: one of the keys to guarantee the protection of personal data is the training and information provided to the personnel involved in their processing. During the information life cycle, all personnel with access to data will be properly trained and informed about their obligations in relation to compliance with data protection regulations.
The Data Protection Policy of Pacha Merchandise, S.L. is communicated to all the personnel of the data controller and made available to all interested parties.
As a consequence, this Data Protection Policy involves all the personnel of the data controller, who must have knowledge of it and agree to it, considering it as their own, with each member responsible for implementing it and verifying the data protection rules applicable to his/her activity, as well as identifying and contributing to whatever opportunities for improvement he/she considers appropriate with the aim of achieving excellence in compliance.
This Policy will be reviewed by the Corporate Legal Department of Pacha Merchandise, S.L., under the supervision of the Company’s Corporate Management and the Governing Body, as many times as deemed necessary, to bring it in line, at all times, with current personal data protection provisions.