Privacy Policy

DEHESAS REUNIDAS SL is an organization that carries out personal data processing activities, which gives it an important responsibility in the design and organization of procedures so that they are aligned with legal compliance in this matter.

In exercising these responsibilities and with the aim of establishing the general principles that must govern the processing of personal data in the Company, it approves this Personal Data Protection Policy, which it notifies to its Employees and makes available to all its Interest Groups.

1. Purpose
The Personal Data Protection Policy is a proactive Responsibility measure that aims to ensure compliance with applicable legislation in this area and, in relation to this, respect for the right to honor and privacy in the processing of personal data of all persons who are related to the Company.

In accordance with the provisions of this Personal Data Protection Policy, the Principles governing data processing within the organization are established, along with the procedures, organizational measures, and security protocols that those affected by this Policy undertake to implement within their respective areas of responsibility. To this end, DEHESAS REUNIDAS SL, PI SAN ANTONIO PARC 22-23 CP 14240 BELMEZ (CÓRDOBA), will assign responsibilities to the personnel involved in data processing operations.

2. Scope of application
This Personal Data Protection Policy shall apply to the Company, its administrators, directors and employees, as well as to all persons who relate to it, including expressly service providers with access to data (“Data Processors”)

3. Principles of the processing of personal data
As a general principle, the Company will scrupulously comply with legislation on the protection of personal data and must be able to demonstrate it (Principle of "proactive responsibility"), paying special attention to those processing activities that may pose a greater risk to the rights of the data subjects (Principle of "risk approach").

In relation to the above, DEHESAS REUNIDAS SL will ensure compliance with the following Principles:
* Lawfulness, fairness, transparency, and purpose limitation. Data processing must always be communicated to the data subject through clauses and other procedures; and will only be considered lawful if there is consent for the data processing (with special attention to that given by minors), or if it has another valid legal basis and its purpose is in accordance with regulations.
* Data minimization. The data processed must be adequate, relevant, and limited to what is necessary in relation to the purposes of the processing.
* Accuracy. The data must be accurate and, where necessary, kept up to date. In this respect, the necessary measures will be taken to ensure that personal data that are inaccurate with regard to the purposes of the processing are erased or rectified without delay.
* Storage limitation. Data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
* Integrity and confidentiality. Data will be processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, through the application of appropriate technical and organizational measures.
* Data transfers. The purchase or acquisition of personal data from illegitimate sources is prohibited, as is the acquisition or transfer of data in violation of the law or where its legitimate origin is not sufficiently guaranteed.
* Contracting of suppliers with access to data. Only suppliers offering sufficient guarantees to implement appropriate technical and security measures in data processing will be selected for contracting. A formal agreement will be documented with these third parties in this regard.
* International data transfers. All processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in applicable law.
* Rights of data subjects. The Company will facilitate the exercise of the rights of access, rectification, erasure, limitation of processing, opposition and portability for those affected, establishing for this purpose the internal procedures, and in particular the models for their exercise that are necessary and appropriate, which must satisfy, at least, the legal requirements applicable in each case.

The Company will promote that the principles contained in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered, (iii) in all contracts and obligations that they formalize or assume, and (iv) in the implementation of all systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.

4. Employee Commitment
Employees are informed of this Policy and acknowledge that personal data is a Company asset. In this respect, they adhere to it and commit to the following:
* Completing the data protection awareness training provided by the Company.
* Applying the user-level security measures applicable to their job, without prejudice to any responsibilities for their design and implementation that may be assigned to them based on their role within DEHESAS REUNIDAS SL.
* Using the established forms for exercising data subjects' rights and informing the Company immediately so that a response can be provided.
* Informing the Company, as soon as they become aware of any deviations from this Policy, particularly "Personal Data Security Breaches," using the established form.

5. Control and evaluation
An annual verification, evaluation and assessment will be carried out, or whenever there are significant changes in data processing, of the effectiveness of the technical and organizational measures to ensure the security of the processing.