NEW DATA PROTECTION LAW (GDPR)
The EU General Data Protection Regulation (GDPR) 2016/679, will be applied from May 25, 2018, and will replace the current directive and law of protection of personal data.
1. Information to data subjects
In the events promoted by BICLARIA in which it intends to make its registration, the consumer gives his data for the purpose:
-
Direct contact in situations of confirmation of reservations and cancellation of events;
-
Phone or social networking contact;
-
Email sending;
-
Emission of electronic invoice / receipt.
2. Exercise of the rights of data subjects
Data processing of minors under 13 years old can only be done with the authorization of their representatives.
In case of death of the consumer, there is the right to access, rectify or erase the personal contents of the same. This right must be exercised by someone the deceased person has appointed. If it does not exist, the right is exercised by the heirs.
3. Consent of the data subjects
When the consumer subscribes to the events promoted by BICLARIA, he expressly consents to the use of his personal data, in the general terms of the GDPR and in the parameters referenced by BICLARIA.
4. Sensitive data
The consumer may at any time request that the collected personal data be deleted.
5. Documentation and registration of treatment activities
The personal data of the consumer is recorded on an online platform "FareHarbor" and downloaded (in XLSX format) to a PC.
As soon as the data is no longer required in the provision of the proposed service, it will be erased.
6. Subcontracting contracts
There are no subcontracting agreements.
7. Data Protection Officer (DPO) / Functions
- Inform and advise the company on data protection compliance;
- Advise on the impact assessment of data protection;
- Monitor the compliance of data protection (train staff and carry out audits related to this area);
- Cooperate and act as a contact point with the supervisory authority (CNPD).
The BICLARIA is a micro-company. There is no compulsory designation of EPD.
8. Technical and organizational measures and treatment safety
The regulation requires a great deal of control of the risk associated with the possible theft of information. This risk control should be ensured by effective security measures that ensure confidentiality, data integrity and prevent accidental, unlawful destruction, loss, and alteration, or unauthorized disclosure / access of data.
To this end, passwords for access to the online registration platform "FareHarbor", social network facebook and email of the company will be replaced regularly.
9. Protection of data from conception and impact assessment
Future data processing projects will be rigorously evaluated in order to assess the impact on data protection. Appropriate measures shall be taken to mitigate such risks.
10. Notification of security breaches
All security breaches that result in a risk to the rights of right holders shall be communicated to the supervisory authority as well as to the data subject.