Privacy Policy

Purpose and scope of application

Noatum is committed to complying with the rules of protection of personal data that affect all processing activities for which it is controller or processor. This Privacy Policy establishes the general guidelines that are observed in such compliance.

This Noatum Privacy Policy is mandatory for all its employees and internal or external collaborators who have access to personal data.

The Privacy Policy is approved by the Security Committee and the management of Noatum, who establishes in this way the basic guidelines to be followed within the organization, while giving their consent and support to the whole in an explicit way.

Principles

Noatum processes personal data under its responsibility in accordance with the following principles:

Technical and organizational security measures

Noatum will process personal data under its responsibility considering the state of the art, the costs of application, and the nature, scope, context and purposes of the processing it carries out, as well as the possible risks of variable likelihood and severity for the rights and freedoms of natural persons.

In assessing the adequacy of the level of security, it shall be considered of the risks presented by the processing of data, in particular because of accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication of or access to such data.

Record of processing activities

Noatum will keep an up-to-date record of the processing activities with personal data for which it is controller or processor, which will include at least the following information:

Risk analysis and impact assessment.

A risk analysis shall be carried out before any processing of personal data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as risks of varying likelihood and severity for the rights and freedoms of natural persons.

Appropriate technical and organizational measures shall be implemented to ensure a level of security appropriate to the risk.

Noatum will carry out an impact assessment of the processing activities on the protection of personal data when the analysis carried out is likely that the processing would pose a significant risk to the rights and freedoms of individuals. If necessary, it will consult and request authorization to carry out the processing of personal data from the corresponding supervisory authority.

In the event of a personal data breach, Noatum shall notify the competent supervisory authority without undue delay and, if possible, no later than 72 hours after it became aware of it, unless such a security breach is unlikely to constitute a risk to the rights and freedoms of natural persons.

Noatum will take the appropriate measures for the communication without undue delay to the data subjects who may have been affected by the breach of security of personal data, when it is likely that it entails a high risk to their rights and freedoms.

Noatum will document any personal data breach, including the facts related to it, its effects and the corrective measures taken.

Attention to rights exercise.

Noatum has established the necessary procedures to meet possible requests for the exercise of rights from the owners of personal data that are under its responsibility.

Relationships with third parties

Noatum has established the necessary controls to ensure that, in its relations with third parties, whether customers or suppliers, the regulations on the protection of personal data are observed.

Audit

Noatum carries out periodic audits aimed at verifying, evaluating and assessing the effectiveness of technical and organizational measures to ensure compliance with the processing of personal data carried out under its responsibility.

Contact

You can contact the Information Security Department – Privacy Office of Noatum:

Torre Auditori – Planta 13

Passeig de la Zona Franca nº111

08038 Barcelona

Phone – (+34) 932987777

Email – dpo@noatum.com