THE CLIENT authorizes IMPARAGON SL (hereinafter, THE COMPANY) to access the information containing personal data for which THE CLIENT is responsible, in order to provide the services indicated in the corresponding contract. Specifically, for the execution of the services derived from the object of this assignment, THE CLIENT provides THE COMPANY with personal data for processing, exclusively for the purpose of carrying out the contracted services.
THE COMPANY undertakes to comply with all obligations that correspond to it as a data processor, in accordance with current data protection regulations, especially those established in Article 28 of the General Data Protection Regulation 2016/679 (GDPR) and any other applicable complementary regulations.
THE COMPANY will only process the data following THE CLIENT's express instructions, and will not apply or use the provided data for purposes other than those established in the service contract.
THE COMPANY guarantees the confidentiality of all information related to activities, organization, systems, internal operations, services, and any other data of THE CLIENT to which it has access, being subject to the duty of professional secrecy.
THE COMPANY undertakes not to disclose, transfer, assign, or communicate in any way the personal data, whether verbally, in writing, electronically, or physically, even for its conservation, to any third party (except for legally authorized transfers). It will only allow access to the data to personnel who need to know them for the proper provision of the contracted services.
When data subjects exercise their rights of access, rectification, deletion, opposition, limitation of processing, portability, and not to be subject to automated decisions before THE COMPANY, it must communicate it without undue delay to THE CLIENT, by email to the address provided by the latter. This communication must be made immediately and, in any case, no later than the next business day after receiving the request, along with any relevant information to resolve it.
THE COMPANY declares to have adopted all appropriate technical and organizational measures to ensure an adequate level of security to the risk, in accordance with Article 32 of the GDPR. Consequently, it applies all necessary security measures after a risk analysis associated with the processing of personal data.
Likewise, THE COMPANY will collaborate with THE CLIENT to ensure compliance with the obligations established in Articles 32 to 36 of the GDPR, in particular:
● THE COMPANY will communicate without undue delay to THE CLIENT any security breach of the data of which it becomes aware.
● It will carry out, if applicable, a data protection impact assessment, in accordance with Article 35 of the GDPR.
Once the contractual provision is completed, THE COMPANY will return to THE CLIENT, within a maximum period of one month, all documentation and supports containing personal data in its possession. If this is not possible, it will proceed to their immediate destruction, certifying in writing such return or destruction, unless a applicable regulation requires their conservation.
THE COMPANY will make available to THE CLIENT all necessary information to demonstrate compliance with its obligations according to Article 28 of the GDPR, as well as to allow and facilitate audits, including inspections, carried out by THE CLIENT or by another auditor authorized by it.
In general, subcontracting services that involve the processing of personal data is not authorized. If THE COMPANY needs to subcontract, it will inform THE CLIENT in advance, providing the identity of the subcontractor for its approval. The subcontractor will be obliged to comply with the same security measures established in this document.
Both parties are informed that their respective personal data will be processed by the other party as a data controller, for the purpose of maintaining the contractual relationship. These data are necessary, so if they are not provided, it will not be possible to establish or maintain the relationship.
The legal basis for the processing of personal data is the execution of the contract between the parties. The data will be kept for the duration of the contractual relationship and, once it has ended, for the time necessary to comply with legal obligations or until the interested party requests their deletion.
The parties undertake to implement the necessary technical and organizational measures to ensure the security of personal data, preventing its alteration, loss, unauthorized processing, or access, in accordance with current regulations.
Copyright © Imparagon. All rights reserved.
Join our talent network
Privacy and cookie policy
Legal notice