Information on EU Regulation 2016/679 on the Protection of Personal Data.
In accordance with current legislation on the Protection of Personal Data when having contracted our Employee Portal platform and other remote access services, we proceed to inform about the service below:
The purpose of the EU Regulation 2016/679 on Data Protection is to establish the rules relating to the protection of natural persons with regard to the processing of personal data and the rules relating to the free circulation of such data, as well as to protect the fundamental rights and freedoms of natural persons and, in particular, their right to the protection of personal data.
Therefore, it is a question of providing information regarding the obligations that exist on the part of GM INTEGRA RRHH, having contracted our Employee Portal platform, although it is noted that there are other obligations that the File Manager must comply with and You can obtain more information through the website of the Data Protection Agency, www.agpd.es
By contracting and storing personal data on our Employee Portal platform or with respect to the HR services that you may have contracted, GM INTEGRA RRHH, becomes the person in charge of the processing of said personal data.
Specifically, the legislation establishes:
¨When a treatment is going to be carried out on behalf of a person responsible for the treatment, this will only choose a manager who offers sufficient guarantees to apply appropriate technical and organizational measures, so that the treatment is in accordance with the requirements of this Regulation and guarantees protection of the rights of the interested party
The treatment by the person in charge will be governed by a contract or other legal act in accordance with the law of the Union or of the Member States, which binds the person in charge with the person in charge and establishes the object, duration, nature and purpose of the treatment, the type of personal data and categories of interested parties, and the obligations and rights of the person in charge. On the other hand, if a processor violates these Regulations when determining the purposes and means of processing, he will be considered responsible for the processing with respect to said processing. ¨
This commitment to confidentiality and good use of the data is guaranteed and regulated both in the conditions of the contract established when contracting the service with GM INTEGRA RRHH and with respect to the guarantee provided by being certified in ISO 27001 for Information Security. However, you can sign a data treatment contract separately from the main contract by downloading the Data Treatment Contract model. Print two copies, sign them and send them by post to GM INTEGRA RRHH, we will return your copy signed by a legal representative of our company.
Registration of the file in the Data Protection Agency:
Until May 25, 2018, one of the obligations established in the current legislation on data protection, is to proceed to declare the files with personal data before the Data Protection Agency (APD).
To make this registration you will need to fill in the data in section 4 (TREATMENT MANAGER), taking into account that only the data of one of those in charge of the treatment will be entered in said section and the Data Protection Agency recommends that the name of the person in charge of processing data that may involve a longer duration in time or greater risks depending on the type of data processed.
After May 25, 2018, the aforementioned registration will not be mandatory, but on the part of the person responsible for the treatment as well as the person in charge of treatment, a record of all the categories of treatment activities carried out on behalf of a person in charge will be kept that contains:
the name and contact details of the person in charge or managers and of each manager on behalf of whom the manager acts, and, where appropriate, the representative of the manager or manager, and the data protection officer;
the categories of processing carried out on behalf of each controller;
Until the entry into force of EU Regulation 2016/679 on Protection, security measures were established in Royal Decree 1720/2007, of December 21, which approves the Regulations for the development of the Organic Law of December 13, protection of personal data. As of May 2018, GM INTEGRA RRHH will proceed to establish the precise technical and organizational measures, taking into account the principle of proactivity and design based on risk.
As GM INTEGRA RRHH processor, the security measures provided are limited to those contractually established by the person responsible for the file.
In any case, GM INTEGRA RRHH has obtained from the APPLUS entity the ISO 27001: 2015 certification of the Information Security Management System (ISMS) implemented in its data center in Barcelona, Madrid and Manresa. In this way, the high level of security and the commitment of GM INTEGRA RRHH to guarantee the confidentiality, integrity and availability of the data stored in these facilities is recognized.
Information security and compliance with current legislation at all times in terms of data protection are of vital importance for GM INTEGRA RRHH, being observed in each and every one of its sections.
Security is a crucial aspect in the Employee Portal platform as well as in HR management and therefore the privacy of users and the responsible use of the information provided is guaranteed.
En función de los servicios que sean contratados por el Cliente, atendiendo a lo establecido en el contrato mercantil de prestación de servicios GM INTEGRA RRHH, se responsabiliza de implantar las siguientes medidas de seguridad en los servicios proporcionados en los términos que a continuación se detallan:
The infrastructure that provides the service is currently in the GM Integra RRHH Datacenter in Manresa (Barcelona), which complies with the highest security standards to guarantee the quality of the service.
We have the most demanding features in terms of physical security, access control, component redundancy, monitoring and 24 × 7 availability.
Encryption. GM Integra RRHH uses an encryption system for data transit. The data is protected by applying the SSL protocol. Certificates issued by organizations recognized by almost all browsers are used for encryption.
Data Protection. The management is carried out under the requirements demanded by the EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which Directive 95/46 / EC (General Data Protection Regulation) is repealed.
Depending on the services that are contracted by the Client, in accordance with the provisions of the commercial contract for the provision of services, GM INTEGRA RRHH is responsible for implementing the following security measures in the services provided under the terms detailed below:
EU Regulation 2016/679 disappears the concept of Security Document that until now had been used to collect the data processing methodology and security measures.
Referred Security Document has been replaced by the General Data Protection Policy and the Information Security policy. These policies will be those that describe those technical and organizational measures that guarantee a level of security appropriate to the risk.
The regulations establish that the person responsible for the file is obliged to create a security document with the description of the file, functions and obligations of the staff, structure of the file, and other data related to the file.
When drafting said security measures, the existing guides in the Data Protection Agency could be used, as well as those related to the Impact Assessment.