Politica sulla privacy e sulla protezione dei dati
Documentazione
Badge informativo per l'area videosorvegliata
Clausole informative
Contratti con i responsabili del trattamento
Registro delle attività di trattamento
Allegato informativo
KOAN CONSULTING, SL - B82718545
C/ TOMILLO, 14 B
e-mail: info@koanconsulting.com
Finalità del trattamento: Sicurezza delle persone, dei beni e delle strutture
Soggetti interessati: persone che accedono o tentano di accedere alle strutture
Destinatari: Forze ed Enti di Sicurezza
Periodo di conservazione: 1 mese dalla raccolta
DOCUMENTAZIONE DA REVISIONARE
Il presente documento contiene le informative che dovranno essere inserite nei moduli di richiesta informazioni, le clausole contrattuali, in materia di protezione dei dati, da allegare a ciascuno dei contratti di fornitura di servizi che sottoscriverai con i responsabili del trattamento, il registro delle attività di trattamento ed un allegato con le linee guida per rispondere alle richieste di esercizio dei diritti in materia di protezione dei dati pervenute dagli interessati, le raccomandazioni sulle misure minime di sicurezza da adottare nell'organizzazione e le prescrizioni da seguire per un corretto trattamento delle immagini riprese dalle telecamere di videosorveglianza unitamente alle cartellone informativo per delimitare l'area di videosorveglianza, già compilato con i dati del responsabile del trattamento.
La documentazione generata è adattata alle informazioni fornite per ciascuno dei trattamenti selezionati al momento della compilazione della domanda.
TRATTAMENTO DATI DEI CLIENTI
Clausola informativa:
Il testo mostrato di seguito deve essere incluso in tutti i moduli che utilizzi per raccogliere i dati personali dei tuoi clienti, sia su carta che raccolti tramite un modulo web.
Dati del responsabile del trattamento:
Identità: KOAN CONSULTING, SL - NIF: B82718545
Indirizzo postale: C/ TOMILLO, 14 B
Telefono: 686497676 - E-mail: info@koanconsulting.com
“In KOAN CONSULTING, SL trattiamo le informazioni che ci fornisci per fornirti il servizio richiesto ed eseguire la fatturazione. I dati forniti saranno conservati per tutto il tempo in cui verrà mantenuto il rapporto commerciale o per il tempo necessario per adempiere agli obblighi di legge e far fronte alle possibili responsabilità che potrebbero derivare dall'adempimento dello scopo per il quale i dati sono stati raccolti. I dati non saranno ceduti a terzi tranne nei casi in cui sussista un obbligo legale. Hai il diritto di ottenere informazioni se presso KOAN CONSULTING, SL stiamo trattando i tuoi dati personali, in modo che tu possa esercitare i tuoi diritti di accesso, rettifica, cancellazione e portabilità dei dati e opposizione e limitazione al loro trattamento davanti a KOAN CONSULTING, SL, C/TOMILLO, 14 B o all'indirizzo email info@koanconsulting.com, allegando una copia del tuo documento d'identità o documento equipollente. Allo stesso modo, e soprattutto se ritieni di non aver ottenuto la piena soddisfazione nell'esercizio dei tuoi diritti, puoi presentare un reclamo all'autorità nazionale di controllo contattando per questi scopi l'Agenzia spagnola per la protezione dei dati, C/ Jorge Juan, 6 – 28001. . Madrid.
Allo stesso modo, chiediamo la tua autorizzazione per offrirti prodotti e servizi correlati a quelli contrattuali e per trattenerti come cliente.
SÌ
NO
ATTENZIONE: Tieni presente che, se il tuo cliente seleziona l'opzione NO, in nessun caso potrà inviarti pubblicità.
TRATTAMENTO DATI DEI CLIENTI
Clausola informativa:
Il testo mostrato di seguito deve essere incluso in tutti i moduli che utilizzi per raccogliere dati personali dai tuoi potenziali clienti, sia su carta che raccolti tramite un modulo web.
Dati del responsabile del trattamento:
Identità: KOAN CONSULTING, SL - NIF: B82718545
Indirizzo postale: C/ TOMILLO, 14 B
Telefono: 686497676 - E-mail: info@koanconsulting.com
“In KOAN CONSULTING, SL trattiamo le informazioni che ci fornisci per fornirti il servizio richiesto o inviare le informazioni richieste. I dati forniti saranno conservati finché non ci richiederai di cessare l'attività. I dati non saranno ceduti a terzi tranne nei casi in cui sussista un obbligo legale. Hai il diritto di ottenere informazioni se presso KOAN CONSULTING, SL stiamo trattando i tuoi dati personali, in modo che tu possa esercitare i tuoi diritti di accesso, rettifica, cancellazione e portabilità dei dati e opposizione e limitazione al loro trattamento davanti a KOAN CONSULTING, SL, C/TOMILLO, 14 B o all'indirizzo email info@koanconsulting.com, allegando una copia del tuo documento d'identità o documento equipollente. Allo stesso modo, e soprattutto se ritieni di non aver ottenuto la piena soddisfazione nell'esercizio dei tuoi diritti, puoi presentare un reclamo all'autorità nazionale di controllo contattando per questi scopi l'Agenzia spagnola per la protezione dei dati, C/ Jorge Juan, 6 – 28001. . Madrid.
Allo stesso modo, chiediamo la tua autorizzazione per inviarti pubblicità relativa ai nostri prodotti e servizi con qualsiasi mezzo (postale, e-mail o telefono) e invitarti ad eventi organizzati dalla società.
SÌ
NO
AVVISO: se acquisti dati personali da terze parti per pubblicizzare i loro prodotti e servizi, devi considerare se provengono da fonti accessibili al pubblico e se sono verificati rispetto all'elenco Robinson.
AVVISO: Ricorda che è necessario cancellare i dati quando è trascorso un periodo di tempo senza utilizzarli.
TRATTAMENTO DATI DEI CLIENTI
Clausola informativa:
Il testo riportato di seguito deve essere inserito in tutti i moduli che utilizzi per raccogliere i dati personali dai fornitori o nelle fatture che emetti.
Dati del responsabile del trattamento:
Identità: KOAN CONSULTING, SL - NIF: B82718545
Indirizzo postale: C/ TOMILLO, 14 B
Telefono: 686497676 - E-mail: info@koanconsulting.com
“In KOAN CONSULTING, SL elaboriamo le informazioni che ci fornisci per effettuare ordini e gestire la fatturazione dei prodotti e servizi contrattuali. I dati forniti saranno conservati per tutto il tempo in cui verrà mantenuto il rapporto commerciale o per il tempo necessario per adempiere agli obblighi di legge e far fronte alle possibili responsabilità che potrebbero derivare dall'adempimento dello scopo per il quale i dati sono stati raccolti. I dati non saranno ceduti a terzi tranne nei casi in cui sussista un obbligo legale. Hai il diritto di ottenere informazioni se presso KOAN CONSULTING, SL stiamo trattando i tuoi dati personali, in modo che tu possa esercitare i tuoi diritti di accesso, rettifica, cancellazione e portabilità dei dati e opposizione e limitazione al loro trattamento davanti a KOAN CONSULTING, SL, C/TOMILLO, 14 B o all'indirizzo email info@koanconsulting.com, allegando una copia del tuo documento d'identità o documento equipollente.
Allo stesso modo, e soprattutto se ritieni di non aver ottenuto la piena soddisfazione nell'esercizio dei tuoi diritti, puoi presentare un reclamo all'autorità nazionale di controllo contattando per questi scopi l'Agenzia spagnola per la protezione dei dati, C/ Jorge Juan, 6 – 28001. . Madrid."
SÌ
NO
AVVISO: Qualora i fornitori forniscano i propri dati attraverso un altro sistema, verrà chiesto loro di firmare un modulo datato contenente le informazioni di cui sopra.
AVVISO: Non dimenticare di firmare l'ultima pagina di ciascuno dei contratti ottenuti.
REGISTRO DELLE ATTIVITÀ DI TRATTAMENTO
Il responsabile del trattamento deve esaminare i dati registrati nelle sezioni dei Registri delle attività di trattamento generate e verificare che corrispondano alle circostanze esatte dei dati raccolti, alle comunicazioni effettuate e alle altre condizioni di ciascuno dei trattamenti.
Trattamento: Clienti
Trattamento: potenziali clienti
Trattamento: potenziali clienti
ESPOSIZIONE
INFORMAZIONI DI INTERESSE GENERALE
Il presente documento è stato predisposto per il trattamento dei dati personali a basso rischio, da cui consegue che non può essere utilizzato per il trattamento dei dati personali che includono dati personali relativi all'origine etnica o razziale, all'ideologia politica religiosa o filosofica, all'appartenenza sindacale, ai dati genetici e biometrici dati, dati sanitari e dati sull'orientamento sessuale delle persone, nonché qualsiasi altro trattamento di dati che comporti un rischio elevato per i diritti e le libertà delle persone.
L’articolo 5.1.f del Regolamento generale sulla protezione dei dati (di seguito, GDPR) determina la necessità di stabilire adeguate garanzie di sicurezza contro trattamenti non autorizzati o illeciti, perdita di dati personali, distruzione o danni accidentali. Ciò implica l'istituzione di misure tecniche e organizzative volte a garantire l'integrità e la riservatezza dei dati personali e la possibilità di dimostrare, come stabilito nell'articolo 5.2, che tali misure sono state messe in pratica (responsabilità proattiva).
Inoltre, deve stabilire meccanismi visibili, accessibili e semplici per l'esercizio dei diritti e definire procedure interne per garantire un'efficace attenzione alle richieste ricevute.
INFORMAZIONI DI INTERESSE GENERALE
The person responsible for the treatment will inform all workers about the procedure to address the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, reference to the Data Protection Officer if there is one, postal address , etc.) and taking into account the following:
Upon presentation of their national identity document or passport, the owners of personal data (interested parties) may exercise their rights of access, rectification, deletion, opposition, portability and limitation of processing. The exercise of rights is free.
The person responsible for the treatment must respond to the interested parties without undue delay and in a concise, transparent, intelligible manner, with clear and simple language and retain proof of compliance with the duty to respond to the requests for the exercise of rights made.
If the request is submitted by electronic means, the information will be provided by these means when possible, unless the interested party requests it to be otherwise.
Requests must be responded to within 1 month of receipt, and may be extended for another two months taking into account the complexity or number of requests, but in that case the interested party must be informed of the extension within one month from of receipt of the request, indicating the reasons for the delay.
RIGHT OF ACCESS: In the right of access, interested parties will be provided with a copy of the personal data available along with the purpose for which it has been collected, the identity of the recipients of the data, the expected conservation periods or the criteria used to determine it, the existence of the right to request the rectification or deletion of personal data as well as the limitation or opposition to its processing, the right to file a claim with the Spanish Data Protection Agency and if the data has not been been obtained from the interested party, any information available about its origin. The right to obtain a copy of the data cannot negatively affect the rights and freedoms of other interested parties.
• Form for exercising the right of access.
RIGHT OF RECTIFICATION: In the right of rectification, the data of the interested parties that are inaccurate or incomplete will be modified taking into account the purposes of the treatment. The interested party must indicate in the request what data it refers to and the correction to be made, providing, when necessary, documentation justifying the inaccuracy or incomplete nature of the data being processed. If the data has been communicated by the person responsible to other persons responsible, they must notify them of the rectification of this unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
• Form for exercising the right of rectification
RIGHT OF DELETION: In the right of deletion, the data of the interested parties will be deleted when they express their refusal to the treatment and there is no legal basis that prevents it, they are not necessary in relation to the purposes for which they were collected, they withdraw their consent. provided and there is no other legal basis that legitimizes the treatment or it is illicit. If the deletion results from the exercise of the interested party's right to object to the processing of their data for marketing purposes, the identifying data of the interested party may be kept in order to prevent future processing. If the data has been communicated by the person responsible to other persons responsible, they must notify them of its deletion unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
• Form for exercising the right of deletion
RIGHT OF OPPOSITION: In the right of opposition, when the interested parties express their refusal to the processing of their personal data to the person responsible, the latter will stop processing them as long as there is no legal obligation that prevents it. When the processing is based on a mission of public interest or on the legitimate interest of the person responsible, upon a request to exercise the right of opposition, the person responsible will stop processing the data unless compelling reasons are proven that prevail over the interests, rights and freedoms of the interested party or are necessary for the formulation, exercise or defense of claims. If the interested party objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
• Form for exerciting the right of opposition
RIGHT OF PORTABILITY: In the right of portability, if the processing is carried out by automated means and is based on consent or is carried out within the framework of a contract, interested parties may request to receive a copy of their personal data in a structured format, common use and machine reading. Likewise, they have the right to request that they be transmitted directly to a new person in charge, whose identity must be communicated, when technically possible.
• Form for exerciting the right of portabilitys.
RIGHT OF LIMITATION TO PROCESSING: In the right of limitation of processing, interested parties may request the suspension of the processing of their data to challenge its accuracy while the person responsible carries out the necessary verifications or in the event that the processing is carried out based on the interest legitimate of the person responsible or in compliance with a mission of public interest, while verifying whether these reasons prevail over the interests, rights and freedoms of the interested party. The interested party may also request the conservation of the data if they consider that the processing is unlawful and, instead of deletion, request the limitation of the processing, or if the data controller no longer needs them for the purposes for which they were collected, the interested party You need them for the formulation, exercise or defense of claims. The fact that the processing of the interested party's data is limited must be clearly stated in the controller's systems. If the data has been communicated by the controller to other controllers, they must notify them of the limitation of their processing unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
• Form for the exerciting the right of limitaion to processingo.
If the interested party's request is not processed, the person responsible for the treatment will inform them, without delay and no later than one month after receiving it, of the reasons for their failure to act and of the possibility of submitting a claim to the Agency. Spanish Data Protection and to exercise judicial actions
MISURE DI SICUREZZA
Depending on the type of processing that you revealed when you completed this form, the minimum security measures that you should take into account are the following:
INFORMATION THAT SHOULD BE KNOWN BY ALL STAFF WITH ACCESS TO PERSONAL DATA
All personnel with access to personal data must be aware of their obligations in relation to the processing of personal data and will be informed about these obligations. The minimum information that will be known to all staff will be the following:
DUTY OF CONFIDENTIALITY AND SECRET
Access by unauthorized persons to personal data must be prevented. To this end, it will be avoided to leave personal data exposed to third parties (unattended electronic screens, paper documents in public access areas, media with personal data, etc.). This consideration includes the screens used to display images from the video surveillance system. When you are absent from the workplace, the screen will be locked or the session will be closed.
Paper documents and electronic media will be stored in a secure place (closets or rooms with restricted access) 24 hours a day.
Documents or electronic media (CDs, pen drives, hard drives, etc.) with personal data will not be discarded without guaranteeing their effective destruction.
No personal data or any other personal information will be communicated to third parties, paying special attention to not disclosing protected personal data during telephone consultations, emails, etc.
The duty of secrecy and confidentiality persists even when the worker's employment relationship with the company ends.
PERSONAL DATA SECURITY VIOLATIONS
When security violations of personal data occur, such as theft or improper access to personal data, the Spanish Data Protection Agency will be notified within 72 hours about said security violations, including all information necessary to clarify the facts that gave rise to improper access to personal data. The notification will be made by electronic means through the electronic headquarters of the Spanish Data Protection Agency at the address https://sedeagpd.gob.es/sede-electronica-web/.
ID
When the same computer or device is used for the processing of personal data and personal use purposes, it is recommended to have several different profiles or users for each of the purposes. Professional and personal uses of the computer should be kept separate.
It is recommended to have profiles with administration rights for installation and system configuration and users without privileges or administration rights for access to personal data. This measure will prevent access privileges from being obtained or the operating system modified in the event of a cybersecurity attack.
The existence of passwords will be guaranteed for access to personal data stored in electronic systems. The password will have at least 8 characters, a mix of numbers and letters.
When personal data is accessed by different people, for each person with access to personal data, there will be a specific username and password (unambiguous identification).
The confidentiality of passwords must be guaranteed, preventing them from being exposed to third parties. For password management you can consult the guide of privacity and security in internet of the Spanish Data Protection Agency and the National Cybersecurity Institute. In no case will passwords be shared or left written down in a common place and access by people other than the user.
Below are the minimum technical measures to guarantee the safeguarding of personal data:
UPDATING COMPUTERS AND DEVICES: The devices and computers used for the storage and processing of personal data must be kept up to date as much as possible.
MALWARE: The computers and devices where the automated processing of personal data is carried out will have an antivirus system that guarantees, to the extent possible, the theft and destruction of personal information and data. The antivirus system must be updated periodically.
FIREWALL OR FIREWALL: To avoid improper remote access to personal data, efforts will be made to guarantee the existence of an activated and correctly configured firewall on those computers and devices in which the storage and/or processing of personal data is carried out.
DATA ENCRYPTION: When it is necessary to extract personal data outside the premises where its processing is carried out, whether by physical means or by electronic means, the possibility of using an encryption method must be considered to guarantee the confidentiality of the data. personal in case of improper access to information.
BACKUP: Periodically a backup copy will be made on a second medium different from the one used for daily work. The copy will be stored in a safe place, different from where the computer with the original files is located, in order to allow the recovery of personal data in the event of loss of information.
The security measures will be reviewed periodically; the review may be carried out by automatic mechanisms (software or computer programs) or manually. Consider that any computer security incident that has happened to anyone you know could happen to you, and prepare against it.
If you want more information or technical guidance to guarantee the security of personal data and the information your company processes, the National Cybersecurity Institute (INCIBE) on its website www.incibe.es, puts at your disposal tools with a business focus in its section «Protege tu empresa» where, among other services, it has: formationn with a videogame, for incident response and interactive videos sectorial formation:
-
Too many tools to help the company improve its cybersecurity, including politics for the employer, technical staff and the employee, a catalog of companies and security solutions and a risk analysis tool.
-
thematic dossiers complemented with videos and infographics and other resources guides for the entrepreneur.
In addition, INCIBE, through the Internet User Security Office, also makes available free computer tools and additional information that may be useful for your company or professional activity.
CATTURA DI IMMAGINI CON TELECAMERE E SCOPO DI SICUREZZA
VIDEO SORVEGLIANZA)
The image of a person, to the extent that it identifies them or can identify them, constitutes personal data that can be processed for various purposes. Although the most common is to use cameras to guarantee the safety of people, goods and facilities, they can also be used for other purposes such as controlling the work performance of workers. Below are the basic guidelines to respect so that the processing of images obtained from video surveillance cameras complies with data protection regulations. However, it is recommended to consult the Guide on the use of video cameras for security and other purposes for a more exhaustive knowledge of the obligations that this type of treatment entails
LOCATION OF THE CAMERAS: The capture of images in areas intended for workers' rest will be avoided, as well as the capture of public roads if exterior cameras are used, only allowing the capture of the minimum extension essential to preserve the safety of the people, goods and facilities
LOCATION OF MONITORS: The monitors where the images from the cameras are displayed will be located in a restricted access space so that they are not accessible to third parties. Only authorized personnel will have access to the recorded images.
CONSERVATION OF IMAGES: Images will be stored for a maximum period of one month, with the exception of images that prove the commission of acts that threaten the integrity of people, property and facilities. In that case, the images must be made available to the competent authority within 72 hours of becoming aware of the existence of the recording.
DUTY OF INFORMATION: Information will be given about the existence of the cameras and image recording by means of an informative badge placed in a sufficiently visible place where, at least, the identity of the person responsible and the possibility of the interested parties to exercise their rights in this matter are identified. of data protection. The pictogram itself may also include a connection code or internet address in which this information is displayed. There are models of both the pictogram and the text on the Agency's website.
LABOR CONTROL: When the cameras are going to be used for the purpose of labor control as provided for in article 20.3 of the Workers' Statute, the worker and their union representatives will be informed by any means that guarantees the receipt of information about the control measures established by the employer with express indication of the purpose of labor control of the images captured by the cameras.
RIGHT OF ACCESS TO IMAGES: To comply with the right of access of the interested parties to the recordings of the video surveillance system, a recent photograph and the National Identity Document of the interested party will be requested to verify their identity, as well as details of the date and time to which the right of access refers. The interested party will not be provided direct access to the images from the cameras in which third party images are shown. If it is not possible for the interested party to view the images without showing third-party images, a document will be provided confirming or denying the existence of images of the interested party