Rights of data subjects.
The companies of the Group must allow the interested parties to exercise the rights that apply in each location, establishing, for this purpose, the internal procedures that are necessary to satisfy, at least, the legal requirements applicable in each case. SOFTTEK also undertakes to respect at least the following rights:
- Right of access. The right of the data subject to obtain information on whether his/her own personal data is being processed, the categories of data being processed, the purpose of the processing, information available on the origin of the data when the data has not been originally received from the data subject, the period of data retention and any communications made or planned to be made.
- Right of Rectification. The right of the data subject to correct or modify any personal data that is found to be inaccurate or incomplete. The applicant's application must indicate what data it refers to and the correction to be made. It must include, where necessary, the documentation that justifies the inaccuracy or incompleteness of the data being processed.
- Right of erasure. The right of the owner to delete their data when the following circumstances occur:
- Personal data is not necessary for the processing that is carried out.
- The data subject withdraws consent for the processing of the data, if no other legitimate purpose (legal relationship or contract, legitimate interest, legal obligation) applies.
- When the personal data of the owners has been unlawfully processed by SOFTTEK.
- The data subject objects to the processing for profiling, based on a legitimate interest.
- Right to restriction of processing: The right of the data subject to restrict the processing of SOFTTEK data when:
- The owner contests the accuracy of his/her personal data, for a period of time that allows the accuracy of the same to be verified, or
- Where the processing is unlawful, but the owner objects to the deletion of the personal data, he or she may request that the processing be restricted, or
- Where they are no longer necessary for processing, the data subject may request a limited erasure in order to use the data to lodge a complaint, or
- Where the data subject objects to a profiling process based on legitimate interest.
- Right to data portability. The right of the data subject to receive the data provided, in a structured and commonly used format, data that has been obtained with express consent or in a contract, and which is processed by automated means. In addition, the owner may authorize the data to be transmitted directly to another party, if this is technically possible.
- The right not to be subject to a decision based solely on automated processing. The right of the data subject not to be subject to a decision, with legal effects, based solely on automated processing, including profiling.
- Right to object to data processing. The right of the owner to prevent the processing of their personal data or to cease in the event that consent will not be necessary for the processing because the legitimate basis is legitimate interest, or when the data is used for direct marketing.
- Right to be forgotten. The right of the data subject to request the deletion of his/her data made public by SOFTTEK and to delete any link to them. This right means that the data has been published on the internet, social networks, blogs and/or comments.
The properties common to all these rights are:
- Very personal rights: This means that they can only be exercised by the owner of the data, by their legal representative, in the case of minors or people with disabilities, or by their voluntary representative specifically designated to exercise any of these rights. Therefore, SOFTTEK will deny the exercise of these rights if they are requested by a person who is not the owner of the data or who does not adequately certify that they are acting on behalf of the owner.
- Independent rights: this means that it is not necessary to exercise any of them previously in order to exercise another, each one is exercised separately and independently.
- Obligations: SOFTTEK undertakes to facilitate the exercise of these rights to those affected and to respond to their request within the legally established deadlines, regardless of the procedure used by the interested party and even if the person responsible for the file does not have personal data of the data subject, this person must be able to support the response to the requester.
- Procedure: The exercise of these rights must be carried out through simple and free procedures (whenever possible) that SOFTTEK must make available to the interested parties.
- Complaints before the Supervisory Authority: In the event that a request for entitlement cannot be met, SOFTTEK must communicate the reasons for not acting and will inform of the possibility of filing a complaint with the Supervisory Authority if applicable. This notification must be made within the deadlines established by the legislation of the country where the claim is filed or, in cases where no deadlines are established, at most one month from the receipt of the request.