Commitment to Data Protecction

Our commitment to personal data protection: “Informed people and protected data”

The Management / Governing Body of BUSBAC SERVEIS S.L. (hereinafter, the data controller) assumes the highest level of responsibility and commitment to the establishment, implementation, and maintenance of this Data Protection Policy, ensuring the continuous improvement of the data controller with the aim of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as the Spanish legislation on personal data protection (Organic Law, specific sectoral regulations, and their implementing rules).

The Data Protection Policy of BUSBAC SERVEIS S.L. is based on the principle of proactive responsibility, whereby the data controller is accountable for compliance with the legal and regulatory framework governing this Policy and must be able to demonstrate such compliance to the competent supervisory authorities.

Accordingly, the data controller will adhere to the following principles, which should serve as a guide and reference framework for all staff involved in the processing of personal data:

1. Data protection by design: the data controller shall implement, both when determining the means of processing and during processing itself, appropriate technical and organizational measures — such as pseudonymization — designed to effectively apply data protection principles, such as data minimization, and to integrate the necessary safeguards into processing.

2. Data protection by default: appropriate technical and organizational measures will be applied to ensure that, by default, only the personal data necessary for each specific processing purpose are processed.

3. Data protection throughout the information lifecycle: the measures ensuring the protection of personal data will apply throughout the entire information lifecycle.

4. Lawfulness, fairness, and transparency: personal data shall be processed lawfully, fairly, and transparently in relation to the data subject.

5. Purpose limitation: personal data shall be collected for specified, explicit, and legitimate purposes and shall not be further processed in a manner incompatible with those purposes.

6. Data minimization: personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

7. Accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that inaccurate data are erased or rectified without delay.

8. Storage limitation: personal data shall be kept in a form that permits identification of data subjects for no longer than necessary for the purposes for which the data are processed.

9. Integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by means of appropriate technical and organizational measures.

10. Information and training: one of the keys to ensuring the protection of personal data is the training and awareness of the staff involved in data processing. Throughout the information lifecycle, all personnel with access to data shall receive adequate training and information regarding their data protection obligations.

The Data Protection Policy of BUSBAC SERVEIS S.L. is communicated to all staff of the data controller and made available to all interested parties.

Consequently, this Data Protection Policy involves all personnel of the data controller, who must be familiar with it, accept it, and consider it their own. Each member of staff is responsible for applying it, verifying compliance with data protection rules relevant to their work, and identifying or suggesting improvements to ensure excellence in compliance.

This Policy shall be reviewed by the Management / Governing Body of BUSBAC SERVEIS S.L. as often as necessary to ensure that it remains aligned at all times with the current legal provisions on personal data protection.