Tienes disponible la política de privacidad en español aquí.
This Privacy Policy is also available in Spanish over here.
This document outlines our data protection policy in line with the European General Data Protection Regulation (GDPR).
1.1 The General Data Protection Regulation (GDPR) protects the ‘rights and freedoms’ of a living nature person in regard to their personal data, its processing and storage.
1.2 Some definitions used in this document are taken directly from the GDPR:
Personal data — any information relating to an identified or identifiable living natural person either directly or indirectly related, such as name, ID numbers, location coordinates, etc. or characteristics like physical, mental, cultural descriptions and so on.
Data controller — responsible party, either jointly or alone, involved in determining the purposes for having and processing personal data.
Data subject — any living nature person whose personal data is obtained by a data controller.
2.1 The stakeholders of intraHouse Spain SL and intraHouse.Agency are committed to complying with all relevant laws in accordance with the GDPR.
2.2 Compliance with the GDPR is described within the sections of this policy along with associated processes and procedures.
2.3 The GDPR and this policy apply to all of intraHouse.Agency’s personal data processing functions, including those performed on customers, clients, employees, suppliers and partners and any other personal data the organisation processes from any source.
2.4 intraHouse.Agency has established objectives for data protection and privacy which are detailed in the sections below.
2.5 intraHouse.Agency’s Data Protect Officer (DPO) is responsible for any changes to intraHouse.Agency’s activities related to its data protection practices.
2.6 This policy applies to all Employees/Staff and outsourced suppliers. Any breach of this policy will be dealt with by intraHouse.Agency’s DPO, and in cases where the matter is criminal, the appropriate authorities will be notified.
2.7 Any third parties working with or on behalf of intraHouse.Agency, and who have access to personal data, will be expected to have read, understood and to comply with this Data Protection Policy.
3.1 intraHouse.Agency is a data controller and/or data processor under the GDPR.
3.2 Top Management and all those in managerial or supervisory roles throughout intraHouse.Agency are responsible for developing best practices within intraHouse.Agency in regard to data protection.
3.3 Our DPO is a member of intraHouse’s senior management team, and is accountable to the CEO of intraHouse and the director of intraHouse.Agency for the management of personal data within intraHouse and intraHouse.Agency for ensuring the compliance with data protection laws and best practices which includes:
3.4 Our DPO has a daily responsibility for intraHouse.Agency compliance with the GDPR with the support of other intraHouse, intraHouse Spain SL and intraHouse.Agency managers in relation to their personal data processing that takes place within their area of responsibility.
3.5 Our DPO has the duty to perform procedures such as Right to be Forgotten as well our staff’s primary contact for help in any areas related to data protection compliance.
3.6 Compliance with the GDPR is the responsibility of all intraHouse.Agency stakeholders.
3.7 intraHouse.Agency’s Staff is subject to periodic training in matters relating to data processing.
3.8 Staff have the obligation to provide intraHouse accurate and up-to-date personal information about themselves.
4.1 intraHouse.Agency’s policies and procedures are designed for compliance with the guidelines of Article 5 of the GDPR, in short to process personal data lawfully, fairly and transparently. Where applicable, to provide the data subject a minimum of information which includes:
4.2 Personal data can only be collected for specific and legitimate purposes and will not be used for purposes other than stated.
4.3 Personal data must be restricted to what is necessary for processing
4.4 Personal data maintenance considerations:
4.5 In form submission by the data subject, the personal data therein must be kept only as long as is necessary for secure processing.
4.6 When assessing appropriate technical measures for controlling or processing personal data operations, the DPO will consider the following:
5.1 intraHouse.Agency recognizes the rights of the data subject as expressed in the GDPR and intends to fully support the data subjects in exercising these rights as they pertain to their personal data that is under the control of intraHouse.Agency or being processed by intraHouse.Agency.
6.1 intraHouse.Agency understands a data subject’s ‘consent’ to mean that, upon the data subject being fully informed of the intended personal data processing operation, it has been freely given by a clear affirmative and mindful action and signifies agreement to the policies, terms and conditions that apply.
6.2 The data subject can withdraw his or her consent at any time by request to the DPO or, where applicable, use a service intended for that purpose.
6.3 Consent cannot be inferred from non-response to a communication, and where applicable, intraHouse.Agency will be able to demonstrate that consent was obtained for a personal data processing operation.
7.1 All personal data should be accessible only to those who are authorized to use it, and access may only be granted by the DPO to intraHouse.Agency staff, or 3rd party entities (under the constraint of a confidentiality agreement), with just cause. As such all personal data should be treated appropriately:
7.2 intraHouse.Agency staff must take care to keep unauthorized personnel from viewing screens displaying personal data and follow other related security rules.
7.3 Physical materials displaying personal data may not be left where they can be accessed by unauthorised personnel, and may not be removed from business premises without explicit authorisation by the DPO.
8.1 All formal requests, such as from an official law enforcement agency, to provide personal data must be supported by appropriate paperwork and all such disclosures must be specifically authorised by the DPO.
9.1 intraHouse.Agency shall not keep personal data beyond a period necessary for its original purpose(s).
9.2 intraHouse.Agency may store data for longer periods if the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes provided that doing so will also safeguards the rights and freedoms of the data subjects.
9.3 The retention period for each information asset will be set out in intraHouse.Agency’s Information Asset Register (IAR).
9.4 Personal data must be disposed of securely and in accordance with GDPR.
10.1 All exports of personal data from within the European Economic Area (EEA) to third countries (non-EEA countries) are unlawful unless there is an appropriate level of protection for the rights of the data subjects. The transfer of personal data outside of the EEA is prohibited unless one or more of these specified safeguards, or exceptions, apply:
Exceptions:
11.1 intraHouse.Agency has established the IAR in order to manage its personal data inventory as well as the life cycle of its information assets as determined by:
11.2 By means of the IAR, all intraHouse.Agency management is aware of any risks associated with the processing of particular types of personal data, and can act accordingly in order to best safeguard the freedoms and rights of data subjects.