LONE PINE BUSINESS DEVELOPMENTS S.L. (hereinafter, “the Company”) carries out activities involving the processing of personal data, which entails significant responsibility in the design and organisation of procedures to ensure compliance with the applicable legal framework.
In exercising these responsibilities, and in order to establish the general principles governing the processing of personal data within the Company, this Personal Data Protection Policy is hereby approved, communicated to all Employees, and made available to all stakeholders.
1. Purpose
This Personal Data Protection Policy constitutes a measure of proactive responsibility intended to ensure compliance with the applicable legislation in this area and, in doing so, to guarantee respect for the right to honour and privacy in the processing of the personal data of all individuals who engage with the Company.
In developing this Policy, the principles governing data processing within the organisation are established, together with the corresponding procedures and organisational and security measures that all individuals subject to this Policy are required to implement within their scope of responsibility.
For this purpose, Management shall assign responsibilities to the personnel involved in data processing activities.
2. Scope of Application
This Personal Data Protection Policy shall apply to the Company, its directors, officers, and employees, as well as to all persons having any relationship with it, including, in particular, service providers with access to data (“Data Processors”).
3. Principles Governing the Processing of Personal Data
As a general principle, the Company shall strictly comply with data protection legislation and must be able to demonstrate such compliance (principle of accountability), paying particular attention to processing activities that may present higher risks to the rights and freedoms of data subjects (risk-based approach).
In accordance with the above, LONE PINE BUSINESS DEVELOPMENTS S.L. shall ensure compliance with the following principles:
- Lawfulness, fairness, transparency, and purpose limitation. Data processing shall always be communicated to the data subject by means of suitable clauses and other procedures, and shall only be considered lawful if based on valid consent (with special attention to consent provided by minors) or another lawful basis, and if the purpose is consistent with applicable legislation.
- Data minimisation. Data processed must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy. Data must be accurate and, where necessary, kept up to date. Appropriate measures shall be adopted to ensure that inaccurate personal data are erased or rectified without delay in relation to the purposes of processing.
- Storage limitation. Data shall be retained in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Integrity and confidentiality. Data shall be processed in a manner ensuring appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, through the application of suitable technical or organisational measures.
- Data disclosures. The purchase or acquisition of personal data from illegitimate sources, or in cases where such data have been collected or disclosed unlawfully or without sufficient guarantees of legitimate origin, is strictly prohibited.
- Engagement of service providers with access to data. Only providers offering sufficient guarantees of implementing appropriate technical and organisational measures to ensure lawful processing of data shall be selected. The corresponding Data Processing Agreement shall be duly documented with each third party.
- International data transfers. Any processing of personal data subject to European Union law that involves a transfer of data outside the European Economic Area shall be carried out in strict compliance with the requirements established by the applicable legislation.
- Rights of data subjects. The Company shall facilitate the exercise of data subjects’ rights of access, rectification, erasure, restriction of processing, objection, and data portability. To this end, internal procedures and specific templates shall be established to enable the exercise of these rights, ensuring compliance with at least the minimum legal requirements applicable in each case.
The Company shall promote the integration of the principles contained in this Personal Data Protection Policy into:
(i) the design and implementation of all work procedures;
(ii) the products and services it offers;
(iii) all contracts and commitments it formalises or assumes; and
(iv) the deployment of any systems and platforms enabling access by employees or third parties and/or the collection or processing of personal data.
4. Employees’ Commitment
Employees are informed of this Policy and acknowledge that personal information constitutes an asset of the Company. Accordingly, they adhere to this Policy and commit to:
- Undertake the data protection awareness training made available by the Company.
- Apply the user-level security measures applicable to their position, without prejudice to any design and implementation responsibilities that may be assigned to them according to their role within LONE PINE BUSINESS DEVELOPMENTS S.L.
- Use the established templates for the exercise of data subjects’ rights and promptly inform the Company in order to enable an effective response.
- Notify the Company immediately upon becoming aware of any deviation from the provisions of this Policy, particularly in the event of personal data security breaches, using the designated reporting format.
5. Control and Evaluation
An annual verification, assessment, and evaluation — or whenever significant changes occur in data processing activities — shall be conducted to determine the effectiveness of the technical and organisational measures in place to ensure the security of processing.
LONE PINE BUSINESS DEVELOPMENTS S.L.