The new regulation (GDPR)
On 25 May 2018, the new European Union General Data Protection Regulation (GDPR) came into force. These regulations establish new, stricter rules on the collection, processing and safeguarding of personal data in companies operating in the EU that affect the management of their privacy.
・Purpose of the Processing: Personal data of workers, customers and suppliers will be treated in order to manage the commercial or employment relationship with Gonvarri Steel Services and to comply with the necessary labor, tax and administrative obligations, as well as the commitments acquired.
・Rights of the data subject: The tools to exercise the rights set out in the GDPR will be available to those interested.
・Security: The data will be kept in a secure way avoiding its alteration, loss, treatment or unauthorized access.
・Retention: The data will only be kept as long as they maintain the purpose for which they were collected. They will be removed after the stipulated storage period has elapsed.
Rights of the Data Subject
The rights of the data subject are those that can be exercised by any individual over the personal information held by Gonvarri Steel Services. In order to facilitate the way in which the data subject can exercise his/her rights in relation to the personal data shared with Gonvarri Steel Services, the following procedure, has been defined:
・What are the GDPR rights?
・Instructions for exercising them.
・Response times by Gonvarri Steel Services.
・Form and instructions for exercising GDPR rights as an data subject.
If you have any doubts about the procedure, please contact us at the following address: firstname.lastname@example.org
Security Incident Communication
One of the key points of the principles associated with Gonvarri Steel Services' privacy management is the security of personal data. In relation to this point, we want to make available the following channel of communication for security incidents, which fulfills the following purposes:
・Agile communication for employees, customers or suppliers of possible security incidents.
・To have a single channel of reception of incidents to give a quick response to them.
・Ease of reporting an incident, in order to continuously improve data security.
The information of the incident will arrive by email to the Privacy Officer and will initiate the protocols for its remediation, as well as the communication to the affected parties if this is necessary.
Access the above documentation by clicking here.