1.Personal data protection policy
This Personal Data Protection Policy shall apply to all Systems and/or Files containing Personal Data that are subject to Processing by DoMobility S.L. considered as responsible and/or in charge of the processing of Personal Data.
In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data DoMobility S.L. has approved this Policy for the protection of personal data.
The purpose of the Personal Data Protection Policy is to ensure respect for the right to honor and privacy in the processing of personal data of all persons related to DoMobility S.L. and, in particular, compliance with the applicable legislation in this area in each of the countries in which the organization operates.
1.2 Scope of Application
This Personal Data Protection Policy shall apply to DoMobility, S.L., its administrators, managers and employees, as well as to all persons related to the companies belonging to it.
Persons acting as representatives of DoMobility S.L. in companies and entities shall observe the provisions of this Personal Data Protection Policy and shall promote, as far as possible, the application of its principles in those companies and entities in which they represent DoMobility S.L.
In development of the provisions of this Personal Data Protection Policy, DoMoibility S.L., together with its Data Protection Officer, will develop an internal regulation for the global management of data protection, which will be implemented by the Security Manager and will be mandatory for all managers and employees of DoMobility S.L.
The Data Protection Officer shall be responsible for ensuring that the internal regulations, practices and procedures are in accordance with the applicable data protection regulations in each case and shall disseminate and inform of the developments and new regulations in this area.
The Security Manager shall be responsible for implementing in the information systems, those controls and computer developments appropriate to ensure compliance with internal regulations on global management of data protection and shall ensure that such developments are updated at all times to ensure compliance.
2. Principles of personal data processing
The principles governing the Personal Data Protection Policy are as follows:
a) General Principles:
DoMobility S.L. will scrupulously comply with the legislation on protection of personal data in each country.
In addition, it will ensure compliance with the principle of data quality, which means that personal data will only be collected and processed when they are adequate, relevant and not excessive in relation to the scope and purposes for which they are collected or processed, which must be specific and legitimate, except in cases where applicable law provides otherwise.
DoMobility S.L. will ensure that the personal data collected are truthful and accurate.
DoMobility S.L. will promote that the principles contained in this Policy for the protection of personal data are taken into account:
(i) in the design and implementation of all procedures established by the organization itself,
(ii) in the products and services offered by them,
(iii) in all contracts and obligations entered into or assumed by them, and
(iv) in the implementation of all systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.
b) Principles Regarding the Collection and Processing of Data:
To the extent required by applicable law, in the processes of collection and processing of personal data of shareholders, employees, customers, visitors and suppliers, the Company shall provide express, precise and unequivocal information, at least, about the existence of such process, the identity of those responsible for data processing and the purpose of data collection in accordance with the applicable regulations and the Privacy Management System.
Where required by applicable law, the consent of the data subjects must be obtained prior to collecting or processing their data.
DoMobility S.L. will not collect or process personal data relating to ideology, religion, beliefs, racial or ethnic origin, or sexual orientation, unless the collection of such data is required by applicable law, in which case they will be collected and processed in accordance with the provisions of that law.
c) Principles on Security and Confidentiality Measures:
DoMobility S.L. will design, implement, execute and maintain all organizational and technical security measures necessary to ensure that the collection and processing of data is carried out in compliance with the legally required standards.
Unless otherwise provided by applicable law:
(i) the data collected and processed by DoMobility S.L. must be kept with the utmost confidentiality and secrecy, and may not be used for purposes other than those that justified and allowed its collection and may not be communicated or disclosed to third parties outside the cases permitted by applicable law in each case, and
(ii) data must be deleted when they are no longer necessary or relevant for the purposes for which they were collected.
d) Principles on Data Disclosure:
It is forbidden to purchase or obtain personal data from illegitimate sources or in those cases where such data have been collected or transferred in contravention of the law or where their legitimate origin is not sufficiently guaranteed.
e) Principles on the Contracting of Data Processors:
Prior to contracting any service provider that accesses personal data that are the responsibility of DoMobility S.L. as well as during the term of the contractual relationship, the entity itself will verify that the service provider meets the necessary guarantees and complies with the security measures required in each jurisdiction.
f) International Data Transfers:
Any processing of personal data subject to European Union law involving a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements of the applicable law in the jurisdiction of origin.
g) Principles on the Rights of Affected Parties:
DoMobility S.L. will allow those affected to exercise their rights of access, rectification, deletion, opposition, limitation of processing, data portability and not to be subject to automated individualized decisions, which are applicable in each jurisdiction, establishing for this purpose the internal procedures that are necessary and appropriate, which must meet at least the legal requirements applicable in each case.
3. Control and evaluation
It is the responsibility of the Data Protection Officer to supervise the application of the provisions of this Policy for the protection of personal data by DoMobility S.L.
The Data Protection Officer will evaluate, at least once a year, the compliance and effectiveness of this Personal Data Protection Policy and will report the result to DoMobility S.L., or to the management to which it is attached at all times.