Data Protection Policy

CERTIFICATE

I, Miguel Ángel Álvarez Díaz with DNI 43785122E data protection delegate certified by AEC certify that we have made the adaptation of the company to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

Among the measures carried out are the following:

• Registry of Activities. Determining the data processing carried out by the company, identifying the purpose and legal basis of the same.
• Risk Analysis. Once the processing operations carried out by the company have been defined, the level of risk of these must be analysed in order to determine whether they infringe the rights and freedoms of the users.
• Impact evaluation. Based on the risk analysis, an evaluation of the impact on data protection must be carried out, if necessary.
• Security measures. The security measures should be reviewed on the basis of the risks detected and periodic controls should be carried out to comply with the proactive responsibility.
• Security breaches. You should establish mechanisms and procedures for notification of security breaches. Communicate them within 72 hours to the AEPD.
• Deadlines and reviews. Review all documentation to ensure that it is operational and adapted to the RGPD and plan periodic reviews.
• Employee training. Training has been carried out in the RGPD and the functions and duties that must be carried out in relation to the protection of personal data in the workplace of all personnel have been determined.

A review has also been carried out of the compliance of the company’s corporate website with both personal data protection regulations and Law 34/2002 on Information Society Services and Electronic Commerce. Specifically, it has been revised:

• The website has an informative notice on the privacy of cookies.
• Legal Notice. Counting with the legal warning and the fulfillment of the duty of information that stipulates the LSSI.
• Privacy Policy. The website has a privacy policy adapted to the RGPD.
• Contact us. Before sending the form of contact data must accept the privacy policy.

  And for the record, I sign this in La Laguna, February 28, 2020.