As determined by the European Regulation on Data Protection EU 2016/679 of April 27 of the Parliament and the Council and of the national regulations in force LOPDGDD 3/2018, CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN, informs you that it fully complies with the current legislation on the protection of personal data, and with the confidentiality commitments of its activity.
CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN informs you of the existence of an information processing system, which it is the owner of, for the purposes of management, communication and information. The aforementioned system is described in the corresponding Treatment Activities Register of CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN.
SECURITY MEASURES AND LEVELS:
CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN, has adopted the necessary measures to guarantee the security of the information, as required by art. 32 of the RGPD, according to the nature of the personal data processed and the circumstances of the treatment, in order to avoid, as much as possible, loss, treatment or unauthorized access, thereby guaranteeing the confidentiality, integrity and availability of it.
AREA OF APPLICATION:
The security measures that CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN SPAIN has described in the Treatment Activities Register will be applied to the set of assets of the information treatment system in which the personal data is processed, in order to comply to the current legislation on data protection.
All the staff hired by SCLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN and its Treatment Managers, are obliged to comply with the aforementioned regulations, with special attention to their functions and obligations, including the duty of secrecy that will be duly determined by CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN.
Acceptance of these conditions requires to collect essential user data for the provision of their services, which will be requested through forms on the website. At the time of data collection, the user will be duly informed of their rights.
So that the information contained in our treatment system is always updated and does not contain errors, we ask our clients and users to notify us, as soon as possible, of the modifications and rectifications of their personal data.
EXERCISE OF RIGHTS:
To exercise the Rights of access, rectification, deletion and portability of your data, of limitation and opposition to its treatment, as well as not being subject to decisions based solely on the automated treatment of your data, when appropriate, you should contact CLUB DEPORTIVO DE PARACAIDISMO SKYDIVESPAIN, C / Virgen de los Reyes, 3. 41110- BOLLULLOS DE LA MITACION (SEVILLA), by written communication or by email to the address firstname.lastname@example.org, indicating the right you wish to exercise.
You also have the right to file a claim with the AEPD.
The user gives his consent so that CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN can make use of his personal data in order to provide a correct fulfillment of the contracted services.
Completion of the form included on the website or sending emails or other communications to CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN implies the express consent of the user to the inclusion of their personal data in their data processing system.
At the time of requesting this information, the client or user will be informed of the purpose for which the data is collected, the identity and address of CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN and the faculty of the user to exercise the rights of access, challenge, rectification, cancellation, suppression or opposition, portability, limitation of treatment and to file a claim with the AEPD.
ASSIGNMENT TO THIRD PARTIES:
CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN does not transfer personal data without the express consent of its owners, which must be granted each time.
CONFIDENTIALITY AND PROFESSIONAL SECRET:
The data collected in all private communications between CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN and users will be treated with absolute confidentiality, RT committing to the obligation of secrecy of personal data, its duty to keep them and take all necessary measures to avoid its alteration, loss and unauthorized treatment or access, in accordance with the provisions of current regulations.
In addition, information of any type that the parties exchange among themselves will also have the status of confidential. The visualization of data through the Internet will not imply direct access to them, except with the express consent of the owner for each occasion.
We recommend that the client does not provide any third party with their identification, password or reference numbers that RT could provide. Likewise, to guarantee that the protection of professional secrecy between RT and the user is preserved in all communications, the user must not reveal confidential information to third parties.
CHANGES IN THE SECURITY AND DATA PROTECTION POLICY:
CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN reserves the right to modify its security and data protection policy in order to adapt it to new legislation or jurisprudence, as well as those that may derive from existing type codes in the matter, or by strategic corporate decisions , with effect from the date of publication of said modification on the website of CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN.
The website www.skydivespain.com, is managed by CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN, with the following information: Skydive Spain Skydiving Sports Club, La Juliana Aerodrome, Ctra. A474 Bollullos de la Mitación – Aznalcazar s / n – Bollullos de la Mitación, 41110 (Seville) and with CIFG91715383.
The information processing system created is located at the registered office, which is established for the purposes of this Legal Notice, at CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN, C / Virgen de los Reyes, 3. 41110- BOLLULLOS DE LA MITACION (SEVILLA), under the supervision and control of CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN, which assumes responsibility for the adoption of security measures of a technical and organizational nature to protect the confidentiality and integrity of the information, in accordance with the provisions of the European Data Protection Regulation EU 2016/679 of April 27 of the Parliament and the Council and the rest of the current national regulations LOPDGDD 3/2018, and other applicable legislation.
CLUB DEPORTIVO DE PARACAIDISMO SKYDIVE SPAIN, commiting to the Law 34/2002, on Information Society Services and Electronic Commerce, informs you that the broad meaning of this Law includes the provision of information by this mean. In any case, it will be applicable the European Data Protection Regulation EU 2016/679 of April 27 of the Parliament and the Council and the rest of the current national regulations, especially in which refers to the obtaining of personal data, the information to the interested parties and the creation and maintenance of personal data files.
1. Processor only processes the Personal Data on behalf of Controller, subject to deviating legal obligations.
2. Processor processes data on behalf of Controller, in accordancEwith its instructions and under its responsibility and on the laid down in the Underlying Agreement (order confirmation).
3. Processor has no control over the purpose and means for the processing of the Personal Data and does not make decisions about use of the Personal Data and the provision to third parties.
4. Processor must ensure compliance with the conditions stated on pursuant to the GDPR and other regulations are imposed on the processing of Personal data.
5. Processor only provides access to the Personal Data to it employees insofar as this is necessary for the performance of the services on the ground of the Underlying Agreement.
6. Processor may only process the Personal Data outside the Netherlands with prior written consent of the Controller.
7. Processor will not provide or make available Personal Data to a third party unless on the basis of an express written order from Controller or on the order of a judicial or administrative authority, provided the Processor in that case is the Controller prior to the provision, but in any case within 24 hours of receipt to notify the Controller of such an order in this way enable one to have access to it against it legal remedy.
8. If the Processor is of the opinion that it is based on a legal obligation Personal data must be made available to an authorized person authority will not proceed to do so, except after notification to Controller. She will be Controller as soon as possible possibly notify in writing of the legal obligation and all provide relevantinformation that the Controller is reasonably aware of needs to take the necessary measures to determine whether provision can take place and, if so, under what conditions.
9. Processor must notify Controller of all requests regarding access to the Personal Data directly from have received a Data Subject. Processor indicates such a request only if the responsible Processor is instructed to do so in writing.
10. Processor handles all requests for information from Controller with regard to the processing of the Personal Data by Processor smoothly and properly finished, in accordance with a procedure set up for that purpose.
11. Processor may only, after the party mentioned in the recitals prior written permission from Controller engage a third party in the implementation of this Statement, subject to the conditions that the Data Controller states.
5. Obligation to report data leaks
Processor must process Controller without delay, but no later than 12hour after Processor has become aware of any security breach (of whatever nature) that (partly) relates to or may affect the processing of Personal Data, and will Processor in each provide information on the following:
1. the nature of the incident or infringement;
2. the (possibly) affected Personal Data;
3. The identified and anticipated effects of the infringement on the processing of the Personal Data and the persons involved; and
4. the measures that Processor has taken and will take to mitigate the negative effects of the infringement.
Processor acknowledges that Controller, under certain circumstances is required to report a security breach (of whatever nature) that (also) relates to or may relate to the Personal Data that Processor processes Report those involved and / or authorities. Such a report by The controller will never be a shortcoming in the fulfillment of this Statement or Underlying Agreement or otherwise as an unlawful act are considered. Processor will take all necessary measures to ensure the limit (possible) damage and Controller all possiblecooperate with reports to Data Subjects and / or authorities.
6. Security measures and inspection.
1. Processor shall take all appropriate technical and organizational measures Protect personal data against loss or any form of unlawful processing. These measures, guarantee an appropriate level of security having regard to the risks involved in the processing and the sensitive nature of the Personal Data that the Processor entails processing and can handle on request Controller will be provided.
2. Processor allows the Controller in consultation with the Processor inspect security measures by Processor or at the request of Controller the processor’s data processing facilities by a become the investigative body to be designated by the Controller inspected for the processing activities covered by this Statement(“The Inspectorate”). The Inspection is carried out by an investigative body, which is sent to the reasonable judgment of Controller neutral and expert is. Data controller ensures that the investigative body is obliged is to maintain the confidentiality of its findings towards third parties.
3. Controller will bear all costs, fees and expenses related pay with the Inspectorate, including reasonable ones made by Processor internal costs, unless the Inspectorate shows that the Processor has any obligation does not comply with this Statement or otherwise acts unlawfully.
4. The Controller will provide the Processor with a written request provide a copy of the Inspectorate’s report.
1. The Statement continues as long as the Processor as processor of Personal Data acts in the context of the data controller’s disposal set personal data for services, as is under the “considerations” recorded, and will not end until Processor no longerhas access to the personal data made available by the Controller.
2. Controller can inform Processor in writing request immediately all digital data made available to the Processor and delete other copies of Personal Data in writing Controller confirms that this has been performed.
8. Transfer of rights and obligations This Statement and the rights and obligations under this Statement may be extended by Processor cannot be transferred to third parties without the prior written permission from Controller.
9. Final provisions
1. The considerations are part of this Processor Statement.
2. If one or more provisions of this Statement are found to be invalid, the Statement will remain in effect for the rest. Parties will discuss the provisions that are not legally valid, in order to replace them to make an arrangement that is legally valid and that is as close as possible to the intent of the scheme to be replaced.
3. Dutch law applies to this Statement.
4. Any disputes arising from or related to this Statement will be settled first instance will be settled by the District Court of the Northern Netherlands, location Leeuwarden