Establishes Mediatel Data approach to compliance with data protection laws.
It does not replace any specific data protection requirements that might apply to a business unit or function. This Policy describes how Personal Data will be Processed to meet Mediatel Data protection standards and to comply with privacy laws and regulations.
Our principles as Controler:
Mediatel Data will ensure that all Processing is carried out in accordance with applicable laws.
Mediatel Data will inform and explain to individuals, at the time when their Personal Data is collected, how their Personal Data will be Processed.
Mediatel Data will only obtain and Process Personal Data for those purposes which are known to the individual or which are based on an actual collaboration and are relevant to Mediatel Data.
Mediatel Data will only Process Personal Data for specified, explicit and legitimate purposes and not further Process that information in a manner that is incompatible with those purposes, unless such further Processing is consistent with the applicable law of the country in which the Personal Data was collected.
Mediatel Data will only keep Personal Data for as long as is necessary for the purposes for which it is collected and further Processed.
Mediatel Data will implement appropriate technical and organizational measures to ensure a level of security of Personal Data that is appropriate to the risk to the rights and freedoms of individuals.
Mediatel Data will comply with data security breach notification requirements as required under applicable law.
Mediatel Data will adhere to the Data Subject rights procedure and will respond to any requests from individuals to access their Personal Data in accordance with applicable law.
Mediatel Data will also deal with requests to rectify or erase inaccurate or incomplete Personal Data, or to cease Processing Personal Data in accordance with the Data Subject rights procedure.
Mediatel Data will not transfer Personal Data to third parties outside Europe.
Mediatel Data will allow customers to opt-out of receiving marketing information.
Our principles as Processor / Empowered Person/ Provider:
Lawfulness of Processing
Mediatel Data will ensure that all Processing is carried out in accordance with applicable laws.
Mediatel Data will cooperate and assist a Data Controller to comply with its obligations under applicable data protection laws.
Fairness and Transparency
Mediatel Data will assist a Data Controller to comply with the requirement to inform and explain to individuals how their Personal Data will be Processed in accordance with applicable laws.
Purpose Limitation
Mediatel Data will only Process Personal Data on behalf of, and in accordance with, the instructions of a Data Controller.
Data Minimization and Accuracy
Mediatel Data will assist a Data Controller to keep the Personal Data accurate and up to date.
Limited Retention of Personal Data
Mediatel Data will only keep Personal Data for as long as is necessary under the terms of the contract or other legally binding document with a Data Controller.
Security and Confidentiality
Mediatel Data will implement appropriate technical and organizational measures to safeguard Personal Data processed on behalf of a Data Controller.
Mediatel Data will notify a Data Controller without undue delay of any security breach affecting the Personal Data that is being Processed on behalf of a Data Controller in accordance with the terms of the contract or other legally binding document with that Data Controller.
Mediatel Data will comply with the requirements of a Data Controller regarding the appointment of any sub-processor.
Rights of Individuals
Mediatel Data will assist Data Controllers to comply with their duty to respect the rights of individuals based on the existing collaboration - contract.
Organizational Technical Measures
Mediatel Data takes measures to safely dispose of Personal Data and property (eg equipment) containing Personal Data, taking into account the available technology on the market. All computers/ equipment used have anti-virus programs and other security systems to prevent security incidents, access to customer data is through a secure, pass-lock network for workstations;
Mediatel Data is limiting Personnel Access to Personal Data: Mediatel Data has taken reasonable steps to ensure that the staff assigned to each operations meets the legal requirements for performing the activities and has granted the minimum level (s) of Access to Data with Personal Character, which are necessary to fulfill the necessary duties in order to implement the Mediatel Data obligations, according to the contracts in force;
Mediatel Data staff has been properly trained in the proper processing of Personal Data and security measures as the new GDPR regulation requires; staff are subject to written privacy obligations with respect to Personal Data and process Personal Data only in accordance with their instructions and secure access provided by them;
Mediatel Datal undertakes to maintain access register for all physical access levels in the premises, as well as logical logs to the equipment that manages Personal Data. Visitors will be registered at the entrance and exit of the Mediatel Data location which also has all the security measures applied. During the stay at the location, they will be permanently accompanied by the employees;
Mediatel Data will strictly access the information provided by our clients, strictly according to its instructions and purpose;
Mediatel Data will only provide the services stipulated in the parent contract for the Mediatel Data software product, for any additional action requested or which infringes the GDPR regulations, we reserve the right to refuse, not to act;
Mediatel Data reserves the right to change, modify or update this Policy at any time, according to the current law applied.
Please review it frequently for any updates.
The EU general data protection regulation 2016/679 (GDPR) will take effect starting from 25 May 2018.
