GENERAL POLICY FOR THE PROTECTION OF PERSONAL DATA
To establish the general guidelines and conditions within MOVEAPPS SpA., that must be observed for the processing of personal data of its employees, former employees, and suppliers, in harmony with the rights of the data subjects, in accordance with current regulations regarding the protection of personal data.
The above, in order to ensure responsible processing of the personal data with which MOVEAPPS SpA., maintains or maintained a labor or commercial relationship.
This Personal Data Protection Policy applies to MOVEAPPS SpA., in its capacity as Data Controller of personal data, its directors, direct and indirect employees, as well as all natural or legal third parties to whom personal data of data subjects is transmitted, in accordance with Law No. 19,628.
III. PREVIOUS DEFINITIONS
- Personal data: Any information related to identified or identifiable natural persons.
- Sensitive data: Personal data related to the physical or moral characteristics of individuals or to facts or circumstances of their private life or intimacy, such as personal habits, racial origin, political ideologies and opinions, religious beliefs or convictions, physical or mental health, sexual orientation, gender identity and genetic and biomedical identity.
- Transfer of personal data: The transfer of such information from controller to controller.
- Consent: The voluntary, specific, informed and unambiguous expression of the data subject’s will to carry out the processing of their personal data. Consent must be given through an affirmative act that reflects a free, informed, unambiguous, and specific expression of its purpose.
- Registry or database: The organized set of personal data, whether automated or not and regardless of the form or modality of its creation or organization, that allows the data to be related to each other, as well as to perform all types of data processing.
- Data subject: The natural person to whom the personal data refers.
- Data processing: Any operation or set of operations or technical procedures, whether automated or not, that allow for the collection, storage, recording, organization, elaboration, selection, extraction, comparison, interconnection, disassociation, communication, transfer, transmission, or deletion of personal data, or their use in any other way.
- Data controller: The natural or legal person, private or public, who is responsible for deciding on the processing of personal data.
- Communication or transmission of personal data: The disclosure by the data controller, in any form, of personal data to persons other than the data subject to whom the data relates, without actually transferring them. The communications made by the data controller must contain accurate, complete and truthful information.
IV. GUIDING PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA.
- Principle of Lawfulness: Data must be processed in accordance with the law. This means that data can only be processed when there is legal authorization or the data subject consents to it, without prejudice to the exceptions established by Law No. 19,628.
- Principle of Purpose: The processing of personal data by the University must serve a legitimate purpose. This data must be processed only for the purposes for which it was provided by its owner. The specific purposes of processing personal data must be explicit and lawful. This principle assumes that personal data cannot be processed for purposes other than those informed at the time of collection, unless the data subject gives new consent, the data comes from publicly accessible sources, or the law requires it.
- Principle of Quality: Data must be accurate, and if necessary, complete and up-to-date, and not excessive in relation to the purposes of processing. This implies that reasonable measures must be taken to ensure that personal data that is inaccurate is rectified or deleted, and that only personal data that is necessary to achieve the purposes for which it was collected may be collected.
- Principle of Proportionality: Personal data processed must be limited to what is necessary in relation to the purposes of processing.
- Principle of Responsibility: Those who process personal data are legally responsible for complying with legal principles and obligations.
- Principle of Confidentiality: All MOVEAPPS personnel who interact in the processing of personal data and who have access to personal information are required to maintain the confidentiality of such information, whether it comes from or has been collected from non-public sources, as well as other data and information related to the database, an obligation that does not end after their activities in this field have ceased.
- Principle of Security: Adequate levels of security must be considered in the processing of personal data.
V. RIGHTS OF PERSONAL DATA SUBJECTS:
- Right of Access: The data subject may request from MOVEAPPS SpA. access to their personal data, confirmation as to whether their personal data is being processed, the purposes of such processing, and the identification of the individuals or organizations to which their data is regularly transmitted.
- Right of Rectification: The data subject may require in writing that MOVEAPPS SpA. modify any incomplete, outdated, erroneous, or inaccurate data. To do so, they must submit a written request verifying the circumstances and specifying the requested rectification.
- Right of Erasure: Every individual has the right to request that their data be deleted if it is no longer necessary for the purposes for which it was collected, if consent for its processing has been revoked, or if erasure is required by law. This is subject to legal exceptions.
- Right of Objection: This right allows the data subject to request that certain data processing not take place when their personal data has been provided voluntarily or is used for commercial communications.
The above is without prejudice to any other rights that may be established by law in favor of personal data subjects, which must be exercised in accordance with the procedures established by current regulations.
VI. DUTIES OF MOVEAPPS SpA. AND NATURAL PERSONS RESPONSIBLE FOR THE TREATMENT OF PERSONAL DATA UNDER LAW N°19.628.
- Duty of Confidentiality: The proper confidentiality regarding personal data concerning its owner must be maintained, unless they come from sources of public access or the owner has made them manifestly public. This duty shall subsist even after the relationship with the owner has concluded. MOVEAPPS SpA. shall adopt the necessary measures so that its employees who carry out operations related to the treatment of personal data under its responsibility fulfill the same duty. In this framework, MOVEAPPS SpA. includes in the employment contracts of its employees the obligation of confidentiality and reserve regarding the personal information to which they may have access, given the nature of the functions that its employees perform, elevating it to the status of an essential obligation. In this context, MOVEAPPS SpA. shall adopt the disciplinary measures that correspond in case of infringing this duty, without prejudice to the civil and/or criminal responsibility that may correspond.
This duty of secrecy does not prevent the communications or transfers that MOVEAPPS SpA. must make in accordance with the law or with the consent of the owner.
- Duty to Inform: The owner of personal data shall be informed about the purpose of the treatment of their personal data and the rights that they have.
- Duty of Security: This implies keeping the information under administrative, technical, and physical security conditions in order to protect them against any damage or unauthorized treatment, thus ensuring the confidentiality, integrity, and availability of the information.
- Duty to update information so that it is truthful.
- Duty to process requests made by the Owners of Personal Data, within the framework of the rights enshrined in this Policy and under Law N°19.628.
- Duty to process personal data in accordance with the purposes.
- Ensure that personal data is collected for specific, explicit, and lawful purposes, and that its processing is limited to the fulfillment of these purposes in accordance with this policy and current regulations.
The above, without prejudice to other obligations established by law.
VII. DATABASES AND THEIR PURPOSES
MOVEAPPS SpA., will only collect personal data that are relevant and limited to what is necessary in relation to the purposes for which they are processed, in accordance with the principles established in this General Policy.
VIII. COMMUNICATION OF PERSONAL DATA
The personal data held by MOVEAPPS SpA may be communicated to the following persons or entities:
- The owners of the personal data or their legal representatives.
- Public entities with legal competence to request them.
- Courts of Justice, to the extent that a court order requires their delivery.
- Other third parties authorized by the owner or the law.
IX. TREATMENT OF SENSITIVE DATA
The processing of sensitive personal data may only be carried out when authorized by law or when the owner of the data concerned gives their prior, free and informed consent for a specific treatment, without prejudice to the exceptions established by law.
Download here our “General Policy for the Protection of Personal Data”