The management board/governing body of MOLINA O´ROURKE,
S.L. (hereinafter referred to as the “data controller”) assumes full
responsibility for and provides its full commitment to drafting, implementing
and maintaining this Data Protection Policy, ensuring continuous improvement on
the part of the data controller with a view to achieving excellence in
compliance with Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such data repealing
Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1,
04-05-2016) and with Spanish legislation on the protection of personal data
(Spanish Organic Law, specific sector legislation and the implementing
The MOLINA O´ROURKE, S.L. Data Protection
Policy is based on the principle of proactive responsibility, according
to which the data controller is responsible for ensuring compliance with the
regulatory framework and case law that governs the Policy, and is able to prove
this before the competent supervisory authorities.
The data controller is governed by the following
principles that should serve as a guide and frame of reference for all of its
staff, with regard to the protection personal data:
- Data Protection by design: when
determining the means of processing and during processing itself, the data
controller shall apply appropriate technical and organisational measures, such
as pseudonymisation, designed to effectively implement the principles of data
protection, such as processing the minimum amount of data required and
incorporating the necessary guarantees into the processing.
- Data protection by default: the data
controller shall apply appropriate technical and organisational measures with a
view to ensuring that, by default, only personal data necessary for each
specific purpose of processing is processed.
- Data protection in the data life cycle:
measures to ensure that personal data is protected must be applied during the
complete life cycle of the data.
- Lawfulness, fairness and transparency:
the personal data must be processed in a lawful, fair and transparent manner in
relation to the data subject.
- Purpose limitation: personal data must be
collected for specific, explicit and legitimate purposes only, and must not be
subsequently processed in any way that is incompatible with those purposes.
- Data minimisation: personal data must be
adequate, relevant and restricted to what is necessary for the purposes for
which it is processed.
- Accuracy: personal data must be accurate
and updated where necessary; all reasonable steps must be taken to ensure that
personal data which is inaccurate with regard to the purposes for which it is
processed is rectified or erased without delay.
- Limiting the retention period: personal
data must not be stored in any way that allows the data subject to be
identified for any no longer than is necessary for the purposes of the
processing of personal data.
- Integrity and confidentiality: personal
data must be processed in such a way as to ensure adequate security of the
personal data, including protection against unauthorised or unlawful
processing, loss, destruction and accidental damage, by applying appropriate
technical and organisational measures.
- Information and training: one of the keys
to ensuring the protection of personal data is providing training and
information to staff involved in processing the data. During the life cycle of
the data, all staff with access to the data must be properly trained on and
informed about their obligations in terms of compliance with data protection
The MOLINA O´ROURKE, S.L. Data Protection Policy is
distributed to all staff under the authority of the data controller and made
available to anyone interested.
Consequently, the present Data Protection Policy involves
all staff under the authority of the data controller, who must be familiar with
the policy and take ownership of it; every single one of them is responsible
for applying and verifying data protection regulations in their course of their
work, as well as identifying and creating opportunities for improvement as
appropriate with a view to achieving excellence in compliance.
This policy will be reviewed by the management
board/governing body of MOLINA O´ROURKE, S.L. as often as necessary to
ensure compliance with the provisions in force on the protection of personal