top of page

II. POLICY FOR THE PROTECTION OF PERSONAL DATA 08-01-2019 GEUKMAR CONSULTING S.L. (the "Company") is an Organization in which data processing activities of a personal nature occur, which gives it an important responsibility in the design and organization of procedures so that they are aligned with the legal compliance in this matter. In the exercise of these responsibilities and in order to establish the general principles that should govern the treatment of personal data in the Company, approves this Policy of protection of personal data, which notifies its employees and makes available of all its interest groups. 1. Purpose The Policy of protection of personal data is a measure of proactive responsibility that has the purpose of ensuring compliance with the applicable legislation in this matter and relation to it, respect for the right to honor and privacy in the treatment of the personal data of all the people that are related to the Company. In accordance with the provisions of this Personal Data Protection Policy, the Principles that govern the processing of data in the organization and, consequently, the procedures, and the organizational and security measures that the people affected by it, are established. This Policy is committed to implement in their area of ​​responsibility. To this end, the Directorate will assign the responsibilities to the personnel that participate in the data processing operations. 2. Scope of application This Policy of protection of personal data will be applicable to the Company, its administrators, managers and employees, as well as to all persons who are related to it, with the express inclusion of service providers with access to data ("Managers of the treatment") 3. Principles of the processing of personal data As a general principle, the Company will scrupulously comply with the legislation on the protection of personal data and must be able to prove it (Principle of "Proactive responsibility"), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of "risk approach"). In relation to the exposed GEUKMAR CONSULTING S.L. will ensure compliance with Page 5 of 90

Following Principles:
- Legality, loyalty, transparency and limitation of the purpose. The data processing
the affected party must always be informed, through clauses and other procedures; Y
It will only be considered legitimate if there is consent to the processing of data (with
special attention given to minors), or has another legitimacy
valid and the purpose of it is in accordance with regulations.
- Minimization of data. The data processed must be adequate, relevant and
limited to what is necessary in relation to the purposes of the treatment.
- Accuracy. The data must be accurate and, if necessary, updated. To this
respect, the necessary measures will be taken so that they are eliminated or rectified without
the personal data that are inaccurate with respect to the purposes of the
- Limitation of the conservation period. The data will be maintained in such a way that
allow identification of interested parties for no longer than necessary to
the purposes of the treatment.
- Integrity and Confidentiality. The data will be treated in such a way that it is guaranteed
adequate security of personal data, including protection against
unauthorized or illicit treatment and against loss, destruction or accidental damage,
through the application of appropriate technical or organizational measures.
- Data transfers. The purchase or obtaining of character data is prohibited
from illegitimate sources or in those cases in which such data have been
collected or assigned in contravention of the law or is not sufficiently guaranteed its legitimate
- Hiring of suppliers with access to data. Only they will be chosen for hiring
suppliers that offer sufficient guarantees to apply technical measures and
appropriate security in data processing. These third parties will document the
due Agreement in this regard.
- International data transfers. All processing of personal data
subject to European Union regulations that involve a transfer of data outside
of the European Economic Area must be carried out in strict compliance with
requirements established in the applicable law.
- Rights of those affected. The Company will provide those affected with the exercise of
rights of access, rectification, deletion, limitation of treatment, opposition and
portability, establishing internal procedures for this purpose, and in particular
models for its exercise that are necessary and timely, which should be
Pag. 6 of 90

satisfy, at least, the legal requirements applicable in each case.
The Company will promote that the principles contained in this Data Protection Policy of
personal character are taken into account (i) in the design and implementation of all the
work procedures, (ii) in the products and services offered (iii) in all contracts
and obligations that formalize or assume and (iv) in the implementation of how many systems and
platforms allow the access of employees or third parties and / or the collection or processing of data
of a personal nature
4. Commitment of workers
The workers are informed of this Policy and declare themselves aware that the
Personal information is an asset of the Company, and in this respect they adhere to
she, committing to the following:
- Carry out awareness training on Data Protection that the Company puts at its
- Apply security measures at the user level that apply to your job,
without prejudice to the responsibilities in its design and implementation that can be
could be attributed to him based on his role within GEUKMAR CONSULTING S.L ..
- Use the formats established for the exercise of Rights by the
affected and inform the Company immediately so that it can be
effective the answer.
- Inform the Company, as soon as it becomes aware, of deviations from the
established in this Policy, in particular "Data security breaches
personal ", using the format established for this purpose.
5. Control and evaluation
An annual verification, evaluation and evaluation will be carried out, or whenever there are changes
significant differences in data processing, the effectiveness of technical and organizational measures
to guarantee the safety of the treatment.

bottom of page