Our clients own their data and we are committed to safeguard that data, complying fully with international and national laws on Data Protection.
The MANAGER OF DATA TREATMENT is OptimaSys Group Spain, a company dedicated to providing INFORMATION SERVICES and SOFTWARE and is responsible for the files and treatment of personal data, complying with the obligations established in the regulations of Protection of Personal Data.
OptimaSys has obtained and treats legitimately the personal data, without there being any limitation that is contrary to what is stipulated in this contract.
The RESPONSIBLE OF DATA TREATMENT is your company or business dedicated to real estate commercialisation, among other services of its corporate purpose.
Both parties declare to know and comply with the obligations established in the current legislation on Data Protection, nationally, European, United States of Amercia, South America, and Asia.
Between the parties there is a contractual relationship by which the MANAGER OF TREATMENT provides information technology and software services to manage real estate management, which includes the recording of personal data of individuals and companies which may involve processing personal data owned from the last latter. The access to this personal data is necessary for the provision of the service by the MANAGER OF DATA TREATMENT. For this reason, and in order to protect said data and comply with the requirements of the current regulations, both contracting parties sign this contract for the order of treatment, based on the following:
* The MANAGER OF DATA TREATMENT, during the provision of the Services, will process the data, whose ownership corresponds to the RESPONSIBLE OF DATA TREATMENT.
* The processing of personal data necessary for the provision of this service assumes that the RESPONSIBLE OF DATA TREATMENT makes available to the MANAGER OF DATA TREATMENT all the information that is necessary for such purposes and that will include, among others, basic contact data of the company's employees, as well as the data stored in the company's systems hosting data from clients and suppliers.
In any case, the ownership of these personal data will continue to correspond to the RESPONSIBLE OF DATA TREATMENT, who has obtained them legitimately, by virtue of informed consent and fulfilling all the requirements demanded by current regulations.
* This gives rise to an access to the data on behalf of a third party and not to a transfer or communication of personal data so that the person responsible for the treatment continues to have its uses and purposes under its control.
* The service will be provided by the MANAGER OF DATA TREATMENT, both in their own premises, as in the offices of the RESPONSIBLE OF DATA TREATMENT.
* In addition, the RESPONSIBLE OF DATA TREATMENT, if necessary, will provide remote access to equipment, supports and resources of the information system to facilitate the provision of services, with express prohibition to the MANAGER OF DATA TREATMENT to incorporate the data to systems different from those of the FILE RESPONSIBLE.
The MANAGER OF DATA TREATMENT and, where appropriate, all of its personnel are obliged to:
* Use personal data subject to treatment, or those collected for inclusion, only for the purpose of this assignment. In no case may you use the data for your own purposes or any other than those established.
* Treat the data according to the instructions The RESPONSIBLE OF DATA TREATMENT. If the controller considers that any of the instructions violates the data protection regulations, he will immediately inform the company.
* Not to disclose, transfer, assign or communicate in any other way the personal data, either verbally or in writing, by electronic means, paper or by means of computer access - even for its conservation - to any third party, except for the necessary assumptions to carry carried out the professional service requested and / or the authorisations that may have been granted. On the other hand, he may only allow access to the data to those employees who have the need to know them for the provision of the contracted services, with identical confidentiality and professional secrecy obligations.
Therefore, the data cannot be communicated to third parties, unless with the express authorisation of the RESPONSIBLE OF DATA TREATMENT, or in those cases legally admissible. And in the event that the person in charge must transfer personal data to a third party or to an international organisation, by virtue of the applicable European Union law, he will inform the RESPONSIBLE OF DATA TREATMENT of that legal requirement in advance, unless such Law prohibits it for important reasons of public interest.
* To have all of its personnel access the equipment and information systems owned by the RESPONSIBLE OF DATA TREATMENT, duly accredited, registered with social insurances and fully instructed regarding their security obligations and the consequences of non-compliance, ensuring knowledge and adequate compliance with the obligations that correspond to him under this contract and the current regulations on data protection by all employees, collaborators, both external and internal, and subcontractors.
Likewise, he must guarantee that the persons authorised to process personal data commit themselves, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed accordingly.
* Adopt any technical and organisational measures necessary to guarantee the security of the data to which it has access, as well as adopting at all times as many security measures are required by laws and regulations and in order to ensure confidentiality, secrecy, integrity and availability, avoid the alteration, access or unauthorised processing of such data. In this sense, both parties agree that measures must be implemented to pursue the following purposes:
- Guarantee the permanent confidentiality, integrity, availability and resilience of the treatment systems and services.
- Restore the availability and access to personal data quickly, in case of physical or technical incident.
- To verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organisational measures implemented to guarantee the safety of the Treatment.
- Pseudonominize and encrypt personal data, if applicable.
- Management of backup copies.
- Systems of identification and limitation of unauthorised access.
- Designation of a Delegate for Data Protection and communicate their identity and contact information to the RESPONSIBLE OF DATA TREATMENT.
- Carry out a record of treatment of activities on behalf of third parties.
* If, in spite of the security measures, a security breach occurs, the MANAGER OF DATA TREATMENT will notify the RESPONSIBLE OF DATA TREATMENT, without undue delay, and in any case before the maximum period of 72 hours and through any reliable means, of the violations of the security of the personal data in your charge that he has knowledge of, together with all the relevant information for the documentation and communication of the incident.
Specifically, the following information will be provided in a clear and simple language:
- Description of the nature of the breach of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and approximate number of records of personal data affected.
- The name and contact details of the data protection delegate or other contact point where more information can be obtained.
- Description of the possible consequences of the violation of the security of personal data.
- Description of the measures adopted or proposed to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
* Support the RESPONSIBLE OF DATA TREATMENT in carrying out the impact evaluations related to data protection, when appropriate, and in carrying out prior consultations with the supervisory authority, when appropriate.
* Make available to the RESPONSIBLE OF DATA TREATMENT all the necessary information to demonstrate compliance with its obligations, as well as for the performance of audits or inspections carried out by the person in charge or by another auditor authorised by him.
* Return any type of support that contains the data once the provision of services has ended, and proceed to remove them from any support, both physical and computing.
* The MANAGER OF DATA TREATMENT may not subcontract any of the services that are part of the object of this contract, except for the auxiliary services necessary for the normal functioning of the services of the person in charge.
If it is necessary to subcontract any treatment, this fact must be previously communicated and in writing to the RESPONSIBLE OF DATA TREATMENT, one week in advance, indicating the treatments that are intended to subcontract and clearly and unequivocally identifying the subcontractor company and its data. contact.
The subcontracting may be carried out if the RESPONSIBLE OF DATA TREATMENT does not manifest its opposition within the established term.
At the moment, the subcontractor, who will also have the status of person in charge of the treatment, is also obliged to fulfil the obligations established in this document for the person in charge of the treatment and the instructions dictated by the RESPONSIBLE OF DATA TREATMENT. Corresponding to the MANAGER OF DATA TREATMENT regulate the new relationship so that the new manager is subject to the same conditions (instructions, obligations, security measures...) and with the same formal requirements as he, in relation to the proper treatment of personal data and the guarantee of the rights of the people affected. In the case of non-compliance by the sub-manager, the MANAGER OF DATA TREATMENT will remain fully responsible to the RESPONSIBLE OF DATA TREATMENT with regard to compliance with obligations.
THE MANAGER OF DATA TREATMENT undertakes not to copy or reproduce the information provided by the RESPONSIBLE OF DATA TREATMENT, except when necessary for its treatment and in the terms provided in this contract.
* This Contract enters into force on the date of its signature and will be in force until the date of termination of the service provision relationship by THE PROCESSOR IN CHARGE in favor of the RESPONSIBLE OF DATA TREATMENT.
* THE MANAGER OF DATA TREATMENT undertakes to destroy or return the data provided by the RESPONSIBLE OF DATA TREATMENT upon termination of the services, including if applicable, the support where they exist. The return must involve the total deletion of the existing data in the equipment used by the person in charge.
However, the person in charge may keep a copy, with the data duly blocked, as long as responsibilities for the execution of the provision can be derived.
In addition, once destroyed, the manager must certify their destruction in writing and must deliver the certificate to the controller.
In this sense, the person in charge of the file may proceed to check the destruction of the transferred file, after the end of the service or, if necessary, demand formal communication in which he declares to have carried out the certificate, certifying said extreme.
* The obligations established for the MANAGER OF DATA TREATMENT in this document will also be mandatory for its employees and collaborators, both external and internal. For this reason, the person in charge of the treatment will answer to the person in charge of the file if such obligations are not fulfilled by such employees and subcontractors, as the case may be.
* In the event that THE MANAGER OF DATA TREATMENT allocates the data for purposes other than those foreseen in this contract, communicates them to third parties or uses them in breach of the stipulations of this contract, he shall be liable for any consequences that may arise from such behaviours, keep harmless the file responsible for any claim of third parties based on such breach.
* The MANAGER OF DATA TREATMENT guarantees full compliance with the above obligations of confidentiality and custody and will be solely responsible for any unauthorised disclosure of personal data to third parties, as well as any other breach of the stipulations contained in this Agreement, being, in his case, obliged to compensate of the damages and damages caused to the RESPONSIBLE OF DATA TREATMENT, directly or indirectly.
* Likewise, The MANAGER OF DATA TREATMENT shall be considered responsible for the processing of personal data, responding to any infractions that may have been incurred personally, in the event that the data is destined for another purpose, communicated or used in breach of the provisions of this Agreement. .
* Any notification made between the parties will be in writing and will be delivered personally or in any other way that certifies the reception by the notified party.
* In order to carry out the necessary communications throughout the term of this Contract, the persons and addresses indicated in the headings thereof are established.
* The non-requirement by any of the parties of any of their rights under this Contract shall not be considered as constituting a waiver of said rights in the future.
* The legal relationship that is established between the parties is governed by this single Contract. This Contract is the only valid one between the parties and substitutes any type of previous agreement or commitment about the same object, either written or verbal, and may only be modified by agreement signed by both parties.
* The present Contract and the relations between the parties do not constitute in any case a company, joint venture, agency, or work contract between the parties.
* The headings of the different clauses are for informational purposes only, and will not affect, qualify or extend the interpretation of this Contract.
* THE PERSON RESPONSIBLE FOR TREATMENT, may carry out checks on the premises of the MANAGER OF DATA TREATMENT to verify compliance with the obligations established in this contract.
* In matters not provided for in this Contract, as well as in the interpretation and resolution of conflicts that may arise between the parties as a consequence thereof, Spanish legislation shall apply.
* For the resolution of any dispute that may arise from this Contract, both parties will submit to the jurisdiction of the courts of Marbella expressly waiving any other jurisdiction that may correspond.
* This Contract shall be terminated for the general causes established in the Civil Code and the Commercial Code and, in particular, for breach of the obligations arising from this writing:
1. For the duration of its term (if applicable).
2. For the extinction or expiration of the provision of services that binds the parties.
3. For other causes provided by law.
4. In case of non-compliance by any of the parties with the obligations assumed in this contract, the other party may consider it entirely resolved, without notice or compensation of any kind, being sufficient to notify the opposing party of such termination, unless the breaching party remedies its breach to the satisfaction of the other within a period of 15 days from the request made in that regard.