Política de privacidad y protección de datos
Documentación
Tarjeta informativa para zona de videovigilancia
Cláusulas informativas
Contratos con encargados del tratamiento de datos
Registro de actividades de tratamiento.
Anexo informativo
KOAN CONSULTING, S.L. - B82718545
C/ TOMILLO, 14B
correo electrónico: info@koanconsulting.com
Finalidad del tratamiento: Seguridad de personas, bienes e instalaciones
Interesados: Personas que acceden o intentan acceder a las instalaciones
Destinatarios: Fuerzas y Cuerpos de Seguridad
Plazo de conservación: 1 mes desde la recogida
DOCUMENTACIÓN A REVISAR
Este documento contiene las cláusulas informativas que deben incluirse en los formularios de solicitud de información, las cláusulas contractuales, en materia de protección de datos, que se adjuntarán a cada uno de los contratos de prestación de servicios que firme con los encargados del tratamiento, el registro de actividades de tratamiento y un anexo. con las pautas para dar respuesta a las solicitudes de ejercicio de derechos de protección de datos recibidas de los interesados, recomendaciones sobre las medidas mínimas de seguridad que deben implementarse en la organización y los requisitos a seguir para el correcto tratamiento de las imágenes captadas por las cámaras de videovigilancia junto con las Cartel informativo para delimitar la zona de videovigilancia, ya cumplimentado con los datos del responsable del tratamiento.
La documentación generada se adapta a la información proporcionada para cada uno de los tratamientos que seleccionaste al completar la solicitud.
TRATAMIENTO DE DATOS DEL CLIENTE
Cláusula informativa:
El texto que se muestra a continuación debe incluirse en todos los formularios que utilice para recopilar datos personales de sus clientes, ya sea en papel o recopilados a través de un formulario web.
Datos del responsable del tratamiento:
Identidad: KOAN CONSULTING, SL - NIF: B82718545
Dirección postal: C/ TOMILLO, 14B
Teléfono: 686497676 - Correo electrónico: info@koanconsulting.com
“En KOAN CONSULTING, SL tratamos la información que nos facilitas con el fin de prestarte el servicio solicitado y realizar tu facturación. Los datos proporcionados se conservarán mientras se mantenga la relación comercial o durante el tiempo necesario para cumplir con las obligaciones legales y atender las posibles responsabilidades que puedan derivarse del cumplimiento de la finalidad para la que fueron recabados. Los datos no se cederán a terceros salvo en los casos en que exista obligación legal. Usted tiene derecho a obtener información sobre si en KOAN CONSULTING, SL estamos tratando sus datos personales, por lo que puede ejercer sus derechos de acceso, rectificación, supresión y portabilidad de los datos y oposición y limitación a su tratamiento ante KOAN CONSULTING, SL, C/ TOMILLO, 14 B o en la dirección de correo electrónico info@koanconsulting.com, adjuntando copia de su DNI o documento equivalente. Asimismo, y especialmente si considera que no ha obtenido la plena satisfacción en el ejercicio de sus derechos, podrá presentar una reclamación ante la autoridad nacional de control dirigiéndose a la Agencia Española de Protección de Datos, C/ Jorge Juan, 6 – 28001 a estos efectos. . Madrid.
Asimismo, solicitamos su autorización para ofrecerle productos y servicios relacionados con los contratados y fidelizarle como cliente.”
SÍ
NO
AVISO: Debes tener en cuenta que, si tu cliente marca la opción NO, bajo ningún concepto podrá enviarte publicidad.
TRATAMIENTO DE DATOS DEL CLIENTE
Cláusula informativa:
El texto que se muestra a continuación debe incluirse en todos los formularios que utilice para recopilar datos personales de sus clientes potenciales, ya sea en papel o recopilados a través de un formulario web.
Datos del responsable del tratamiento:
Identidad: KOAN CONSULTING, SL - NIF: B82718545
Dirección postal: C/ TOMILLO, 14B
Teléfono: 686497676 - Correo electrónico: info@koanconsulting.com
“En KOAN CONSULTING, SL tratamos la información que nos facilitas con el fin de prestarte el servicio solicitado o enviarte la información solicitada. Los datos proporcionados se conservarán mientras no nos solicite el cese de la actividad. Los datos no se cederán a terceros salvo en los casos en que exista obligación legal. Usted tiene derecho a obtener información sobre si en KOAN CONSULTING, SL estamos tratando sus datos personales, por lo que puede ejercer sus derechos de acceso, rectificación, supresión y portabilidad de los datos y oposición y limitación a su tratamiento ante KOAN CONSULTING, SL, C/ TOMILLO, 14 B o en la dirección de correo electrónico info@koanconsulting.com, adjuntando copia de su DNI o documento equivalente. Asimismo, y especialmente si considera que no ha obtenido la plena satisfacción en el ejercicio de sus derechos, podrá presentar una reclamación ante la autoridad nacional de control dirigiéndose a la Agencia Española de Protección de Datos, C/ Jorge Juan, 6 – 28001 a estos efectos. . Madrid.
Asimismo, solicitamos su autorización para enviarle publicidad relacionada con nuestros productos y servicios por cualquier medio (postal, correo electrónico o teléfono) e invitarle a eventos organizados por la empresa.”
SÍ
NO
AVISO: Si compra datos personales de terceros para publicitar sus productos y servicios, debe tener en cuenta si provienen de fuentes de acceso público y están verificados con la lista Robinson.
AVISO: Recuerda que deberás eliminar los datos cuando haya pasado un periodo de tiempo sin utilizarlos.
TRATAMIENTO DE DATOS DEL CLIENTE
Cláusula informativa:
El texto que se muestra a continuación debe incluirse en todos los formularios que utilice para recopilar datos personales de proveedores o en las facturas que emita.
Datos del responsable del tratamiento:
Identidad: KOAN CONSULTING, SL - NIF: B82718545
Dirección postal: C/ TOMILLO, 14B
Teléfono: 686497676 - Correo electrónico: info@koanconsulting.com
“En KOAN CONSULTING, SL tratamos la información que nos facilitas con el fin de realizar pedidos y gestionar la facturación de los productos y servicios contratados. Los datos proporcionados se conservarán mientras se mantenga la relación comercial o durante el tiempo necesario para cumplir con las obligaciones legales y atender las posibles responsabilidades que puedan derivarse del cumplimiento de la finalidad para la que fueron recabados. Los datos no se cederán a terceros salvo en los casos en que exista obligación legal. Usted tiene derecho a obtener información sobre si en KOAN CONSULTING, SL estamos tratando sus datos personales, por lo que puede ejercer sus derechos de acceso, rectificación, supresión y portabilidad de los datos y oposición y limitación a su tratamiento ante KOAN CONSULTING, SL, C/ TOMILLO, 14 B o en la dirección de correo electrónico info@koanconsulting.com, adjuntando copia de su DNI o documento equivalente.
Asimismo, y especialmente si considera que no ha obtenido la plena satisfacción en el ejercicio de sus derechos, podrá presentar una reclamación ante la autoridad nacional de control dirigiéndose a la Agencia Española de Protección de Datos, C/ Jorge Juan, 6 – 28001 a estos efectos. . Madrid."
SÍ
NO
AVISO: Si los proveedores proporcionan sus datos a través de otro sistema, se les solicitará que firmen un formulario fechado que contiene la información anterior.
AVISO: No olvides firmar la última página de cada uno de los contratos que se hayan obtenido.
REGISTRO DE ACTIVIDADES DE TRATAMIENTO
El responsable del tratamiento deberá revisar los datos registrados en los apartados de los Registros de Actividades de Tratamiento generados y comprobar que se corresponden con las circunstancias exactas de los datos recabados, las comunicaciones realizadas y demás condiciones de cada uno de los tratamientos.
Tratamiento: Clientes
Tratamiento: Clientes Potenciales
Tratamiento: Clientes Potenciales
ANEXO
INFORMACIÓN DE INTERÉS GENERAL
Este documento ha sido diseñado para el tratamiento de datos personales de bajo riesgo, de lo que se desprende que no puede ser utilizado para tratamientos de datos personales que incluyan datos personales relacionados con origen étnico o racial, ideología política religiosa o filosófica, afiliación sindical, datos genéticos y biométricos. datos, datos de salud y datos sobre la orientación sexual de las personas, así como cualquier otro tratamiento de datos que suponga un riesgo elevado para los derechos y libertades de las personas.
El artículo 5.1.f del Reglamento General de Protección de Datos (en adelante, RGPD) determina la necesidad de establecer garantías de seguridad adecuadas contra tratamientos no autorizados o ilícitos, pérdida de datos personales, destrucción o daño accidental. Esto implica el establecimiento de medidas técnicas y organizativas encaminadas a garantizar la integridad y confidencialidad de los datos personales y la posibilidad de demostrar, tal y como establece el artículo 5.2, que dichas medidas se han puesto en práctica (responsabilidad proactiva).
Además, deberá establecer mecanismos visibles, accesibles y sencillos para el ejercicio de los derechos y haber definido procedimientos internos para garantizar la atención efectiva de las solicitudes recibidas.
INFORMACIÓN DE INTERÉS GENERAL
The person responsible for the treatment will inform all workers about the procedure to address the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, reference to the Data Protection Officer if there is one, postal address , etc.) and taking into account the following:
Upon presentation of their national identity document or passport, the owners of personal data (interested parties) may exercise their rights of access, rectification, deletion, opposition, portability and limitation of processing. The exercise of rights is free.
The person responsible for the treatment must respond to the interested parties without undue delay and in a concise, transparent, intelligible manner, with clear and simple language and retain proof of compliance with the duty to respond to the requests for the exercise of rights made.
If the request is submitted by electronic means, the information will be provided by these means when possible, unless the interested party requests it to be otherwise.
Requests must be responded to within 1 month of receipt, and may be extended for another two months taking into account the complexity or number of requests, but in that case the interested party must be informed of the extension within one month from of receipt of the request, indicating the reasons for the delay.
RIGHT OF ACCESS: In the right of access, interested parties will be provided with a copy of the personal data available along with the purpose for which it has been collected, the identity of the recipients of the data, the expected conservation periods or the criteria used to determine it, the existence of the right to request the rectification or deletion of personal data as well as the limitation or opposition to its processing, the right to file a claim with the Spanish Data Protection Agency and if the data has not been been obtained from the interested party, any information available about its origin. The right to obtain a copy of the data cannot negatively affect the rights and freedoms of other interested parties.
• Form for exercising the right of access.
RIGHT OF RECTIFICATION: In the right of rectification, the data of the interested parties that are inaccurate or incomplete will be modified taking into account the purposes of the treatment. The interested party must indicate in the request what data it refers to and the correction to be made, providing, when necessary, documentation justifying the inaccuracy or incomplete nature of the data being processed. If the data has been communicated by the person responsible to other persons responsible, they must notify them of the rectification of this unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
• Form for exercising the right of rectification
RIGHT OF DELETION: In the right of deletion, the data of the interested parties will be deleted when they express their refusal to the treatment and there is no legal basis that prevents it, they are not necessary in relation to the purposes for which they were collected, they withdraw their consent. provided and there is no other legal basis that legitimizes the treatment or it is illicit. If the deletion results from the exercise of the interested party's right to object to the processing of their data for marketing purposes, the identifying data of the interested party may be kept in order to prevent future processing. If the data has been communicated by the person responsible to other persons responsible, they must notify them of its deletion unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
• Form for exercising the right of deletion
RIGHT OF OPPOSITION: In the right of opposition, when the interested parties express their refusal to the processing of their personal data to the person responsible, the latter will stop processing them as long as there is no legal obligation that prevents it. When the processing is based on a mission of public interest or on the legitimate interest of the person responsible, upon a request to exercise the right of opposition, the person responsible will stop processing the data unless compelling reasons are proven that prevail over the interests, rights and freedoms of the interested party or are necessary for the formulation, exercise or defense of claims. If the interested party objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
• Form for exerciting the right of opposition
RIGHT OF PORTABILITY: In the right of portability, if the processing is carried out by automated means and is based on consent or is carried out within the framework of a contract, interested parties may request to receive a copy of their personal data in a structured format, common use and machine reading. Likewise, they have the right to request that they be transmitted directly to a new person in charge, whose identity must be communicated, when technically possible.
• Form for exerciting the right of portabilitys.
RIGHT OF LIMITATION TO PROCESSING: In the right of limitation of processing, interested parties may request the suspension of the processing of their data to challenge its accuracy while the person responsible carries out the necessary verifications or in the event that the processing is carried out based on the interest legitimate of the person responsible or in compliance with a mission of public interest, while verifying whether these reasons prevail over the interests, rights and freedoms of the interested party. The interested party may also request the conservation of the data if they consider that the processing is unlawful and, instead of deletion, request the limitation of the processing, or if the data controller no longer needs them for the purposes for which they were collected, the interested party You need them for the formulation, exercise or defense of claims. The fact that the processing of the interested party's data is limited must be clearly stated in the controller's systems. If the data has been communicated by the controller to other controllers, they must notify them of the limitation of their processing unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
• Form for the exerciting the right of limitaion to processingo.
If the interested party's request is not processed, the person responsible for the treatment will inform them, without delay and no later than one month after receiving it, of the reasons for their failure to act and of the possibility of submitting a claim to the Agency. Spanish Data Protection and to exercise judicial actions
MEDIDAS DE SEGURIDAD
Depending on the type of processing that you revealed when you completed this form, the minimum security measures that you should take into account are the following:
INFORMATION THAT SHOULD BE KNOWN BY ALL STAFF WITH ACCESS TO PERSONAL DATA
All personnel with access to personal data must be aware of their obligations in relation to the processing of personal data and will be informed about these obligations. The minimum information that will be known to all staff will be the following:
DUTY OF CONFIDENTIALITY AND SECRET
Access by unauthorized persons to personal data must be prevented. To this end, it will be avoided to leave personal data exposed to third parties (unattended electronic screens, paper documents in public access areas, media with personal data, etc.). This consideration includes the screens used to display images from the video surveillance system. When you are absent from the workplace, the screen will be locked or the session will be closed.
Paper documents and electronic media will be stored in a secure place (closets or rooms with restricted access) 24 hours a day.
Documents or electronic media (CDs, pen drives, hard drives, etc.) with personal data will not be discarded without guaranteeing their effective destruction.
No personal data or any other personal information will be communicated to third parties, paying special attention to not disclosing protected personal data during telephone consultations, emails, etc.
The duty of secrecy and confidentiality persists even when the worker's employment relationship with the company ends.
PERSONAL DATA SECURITY VIOLATIONS
When security violations of personal data occur, such as theft or improper access to personal data, the Spanish Data Protection Agency will be notified within 72 hours about said security violations, including all information necessary to clarify the facts that gave rise to improper access to personal data. The notification will be made by electronic means through the electronic headquarters of the Spanish Data Protection Agency at the address https://sedeagpd.gob.es/sede-electronica-web/.
ID
When the same computer or device is used for the processing of personal data and personal use purposes, it is recommended to have several different profiles or users for each of the purposes. Professional and personal uses of the computer should be kept separate.
It is recommended to have profiles with administration rights for installation and system configuration and users without privileges or administration rights for access to personal data. This measure will prevent access privileges from being obtained or the operating system modified in the event of a cybersecurity attack.
The existence of passwords will be guaranteed for access to personal data stored in electronic systems. The password will have at least 8 characters, a mix of numbers and letters.
When personal data is accessed by different people, for each person with access to personal data, there will be a specific username and password (unambiguous identification).
The confidentiality of passwords must be guaranteed, preventing them from being exposed to third parties. For password management you can consult the guide of privacity and security in internet of the Spanish Data Protection Agency and the National Cybersecurity Institute. In no case will passwords be shared or left written down in a common place and access by people other than the user.
Below are the minimum technical measures to guarantee the safeguarding of personal data:
UPDATING COMPUTERS AND DEVICES: The devices and computers used for the storage and processing of personal data must be kept up to date as much as possible.
MALWARE: The computers and devices where the automated processing of personal data is carried out will have an antivirus system that guarantees, to the extent possible, the theft and destruction of personal information and data. The antivirus system must be updated periodically.
FIREWALL OR FIREWALL: To avoid improper remote access to personal data, efforts will be made to guarantee the existence of an activated and correctly configured firewall on those computers and devices in which the storage and/or processing of personal data is carried out.
DATA ENCRYPTION: When it is necessary to extract personal data outside the premises where its processing is carried out, whether by physical means or by electronic means, the possibility of using an encryption method must be considered to guarantee the confidentiality of the data. personal in case of improper access to information.
BACKUP: Periodically a backup copy will be made on a second medium different from the one used for daily work. The copy will be stored in a safe place, different from where the computer with the original files is located, in order to allow the recovery of personal data in the event of loss of information.
The security measures will be reviewed periodically; the review may be carried out by automatic mechanisms (software or computer programs) or manually. Consider that any computer security incident that has happened to anyone you know could happen to you, and prepare against it.
If you want more information or technical guidance to guarantee the security of personal data and the information your company processes, the National Cybersecurity Institute (INCIBE) on its website www.incibe.es, puts at your disposal tools with a business focus in its section «Protege tu empresa» where, among other services, it has: formationn with a videogame, for incident response and interactive videos sectorial formation:
-
Too many tools to help the company improve its cybersecurity, including politics for the employer, technical staff and the employee, a catalog of companies and security solutions and a risk analysis tool.
-
thematic dossiers complemented with videos and infographics and other resources guides for the entrepreneur.
In addition, INCIBE, through the Internet User Security Office, also makes available free computer tools and additional information that may be useful for your company or professional activity.
CAPTURA DE IMÁGENES CON CÁMARAS Y FINALIDAD DE SEGURIDAD
VIDEO VIGILANCIA)
The image of a person, to the extent that it identifies them or can identify them, constitutes personal data that can be processed for various purposes. Although the most common is to use cameras to guarantee the safety of people, goods and facilities, they can also be used for other purposes such as controlling the work performance of workers. Below are the basic guidelines to respect so that the processing of images obtained from video surveillance cameras complies with data protection regulations. However, it is recommended to consult the Guide on the use of video cameras for security and other purposes for a more exhaustive knowledge of the obligations that this type of treatment entails
LOCATION OF THE CAMERAS: The capture of images in areas intended for workers' rest will be avoided, as well as the capture of public roads if exterior cameras are used, only allowing the capture of the minimum extension essential to preserve the safety of the people, goods and facilities
LOCATION OF MONITORS: The monitors where the images from the cameras are displayed will be located in a restricted access space so that they are not accessible to third parties. Only authorized personnel will have access to the recorded images.
CONSERVATION OF IMAGES: Images will be stored for a maximum period of one month, with the exception of images that prove the commission of acts that threaten the integrity of people, property and facilities. In that case, the images must be made available to the competent authority within 72 hours of becoming aware of the existence of the recording.
DUTY OF INFORMATION: Information will be given about the existence of the cameras and image recording by means of an informative badge placed in a sufficiently visible place where, at least, the identity of the person responsible and the possibility of the interested parties to exercise their rights in this matter are identified. of data protection. The pictogram itself may also include a connection code or internet address in which this information is displayed. There are models of both the pictogram and the text on the Agency's website.
LABOR CONTROL: When the cameras are going to be used for the purpose of labor control as provided for in article 20.3 of the Workers' Statute, the worker and their union representatives will be informed by any means that guarantees the receipt of information about the control measures established by the employer with express indication of the purpose of labor control of the images captured by the cameras.
RIGHT OF ACCESS TO IMAGES: To comply with the right of access of the interested parties to the recordings of the video surveillance system, a recent photograph and the National Identity Document of the interested party will be requested to verify their identity, as well as details of the date and time to which the right of access refers. The interested party will not be provided direct access to the images from the cameras in which third party images are shown. If it is not possible for the interested party to view the images without showing third-party images, a document will be provided confirming or denying the existence of images of the interested party