Data protection

HIGH IDENTITY BUILDINGS, S.L. (the “Company”) is an organization in which there are activities of processing of personal data, which gives it an important responsibility in the design and organization of procedures so that they are aligned with legal compliance in this area.

In the exercise of these responsibilities and in order to establish the general principles that must govern the processing of personal data in the Company, approves this

Personal Data Protection Policy, which notifies your Employees and makes available to all your Stakeholders.

1. Purpose

The Personal Data Protection Policy is a proactive liability measure that aims to ensure compliance with and relationship to applicable legislation in this area, respect for the right to honor and privacy in the processing of personal data of all persons associated with The Company.

In accordance with the provisions of this Policy on the Protection of Personal Data, the Principles governing the processing of data in the organization and, accordingly, the procedures, and the organizational and security measures that the persons affected by this Policy undertake to implement in their area of responsibility.

To this end, the Directorate will assign responsibilities to the personnel involved in the data processing operations.

2. Scope of application

This Personal Data Protection Policy shall apply to the Company, its directors, directors and employees, as well as to all persons associated with it, including expressly service providers with access to data (“Persons responsible for processing”).

3. Principles for the processing of personal data

As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate this (Principle of «proactive responsibility»), paying particular attention to those treatments that may pose a greater risk to the rights of those affected (Principle of «risk approach»).

HIGH IDENTITY BUILDINGS, S.L. will ensure compliance with the following principles:

  • Lawfulness, fairness, transparency and purpose limitation. The processing of data must always be informed to the data subject, through clauses and other procedures; and it will only be considered legitimate if there is consent to the processing of data (with special attention to that provided by minors), or has another valid legitimacy and the purpose of it is in accordance with Regulations.
  • Data minimization. The data processed must be adequate, relevant and limited to what is necessary for the purposes of the processing.
  • Accuracy. The data shall be accurate and, if necessary, up-to-date. In this regard, the necessary measures shall be taken to ensure that personal data which are inaccurate with regard to the purposes of the processing are deleted or rectified without delay.
  • Limitation of the storage period. The data shall be kept in such a way as to permit identification of the data subjects for no longer than is necessary for the purposes of the processing.
  • Integrity and Confidentiality. The data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by the application of appropriate technical or organizational measures.
  • Data transfers. It is prohibited to purchase or obtain personal data from illegitimate sources or in cases where such data has been collected or transferred in contravention of the law or where their legitimate provenance is not sufficiently guaranteed.
  • Procurement of suppliers with access to data. Only suppliers offering sufficient guarantees to implement appropriate technical and security measures in the processing of data shall be selected for recruitment. With these third parties, the appropriate Agreement will be documented in this regard.
  • International data transfers. Any processing of personal data subject to European Union legislation involving a transfer of data outside the European Economic Area shall be carried out in strict compliance with the requirements laid down in the applicable law.
  • Rights of those affected. The Company shall facilitate to those affected the exercise of the rights of access, rectification, erasure, limitation of processing, opposition and portability, establishing for this purpose the internal procedures, and in particular the necessary and appropriate models for its exercise, which shall satisfy at least the applicable legal requirements in each case.

The Company will promote that the principles contained in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all contracts and obligations that they formalize or assume and (iv) in the implementation of as many systems and platforms as allow the access of employees or third parties and/or the collection or processing of personal data.

4. Commitment of workers

Employees are informed of this Policy and declare themselves aware that personal information is an asset of the Company, and in this respect, they adhere to it, committing themselves to the following:

  • Carry out the awareness training in Data Protection that the Company makes available to you.
  • Apply the security measures at the user level that apply to your workplace, without prejudice to the responsibilities in its design and implementation that can be attributed to its role within HIGH IDENTITY BUILDINGS, S.L.
  • Use the established formats for the exercise of rights by those affected and inform the Company immediately so that the response can be made effective.
  • Inform the Company, as soon as it becomes aware, of deviations from the provisions of this Policy, in particular “Violations of security of personal data”, using the format established for this purpose.

5. Monitoring and evaluation

The effectiveness of the technical and organizational measures to ensure the security of the processing shall be verified, assessed and assessed annually or whenever there are significant changes in the processing.

If you have any questions or queries about the Data Protection Policy, you can contact us by sending an email to