The Management / Governing Body of Fundación BcD (hereinafter, the data controller), accepts the maximum liability for and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the data controller with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and with the Spanish regulations on the protection of personal data (Organic Law, specific sectorial legislation and its implementing rules).

The Data Protection Policy of Fundación BcD is based on the principle of proactive liability, according to which the data controller is liable for compliance with the regulatory and jurisprudential framework which governs this Policy, and is capable of demonstrating it before the competent control authorities.

In this respect, the data controller shall be governed by the following principles, which must serve as a guideline and framework of reference for all of its personnel in the processing of personal data:

• Data protection from design: the data controller shall apply, both at the time of determining the processing means and at the time of the actual processing, appropriate technical and organizational measures, such as pseudonymization, conceived to effectively apply the principles of data protection, such as the minimization of data, and to integrate the necessary guarantees into the processing.
• Data protection by default: the data controller shall apply the appropriate technical and organizational measures with a view to guaranteeing that, by default, only the personal data which are necessary for each of the specific purposes of the processing shall be subject to processing.
• Data protection in the life cycle of the information: the measures which guarantee the protection of the personal data shall be applicable throughout the entire life cycle of the information.
• Lawfulness, fairness and transparency: the personal data shall be processed in a lawful, fair and transparent manner in relation to the individual.
• Limitation of the purpose: the personal data shall be collected for specific, explicit and legitimate purposes, and shall not be processed subsequently in a manner incompatible with these purposes.
• Minimization of data: the personal data shall be adequate, relevant and limited to that necessary in relation to the purposes for which they are processed.
• Accuracy: the personal data shall be accurate and, if necessary, updated; all reasonable measures shall be adopted to ensure the deletion or rectification without delay of the personal data which are inaccurate in relation to the purposes for which they are processed.
• Limitation of the storage time limit: the personal data shall be maintained in such a way that allows the identification of the individuals for no more time than that necessary for the purposes of the processing of the personal data.
• Integrity and confidentiality: the personal data shall be processed in such a way that adequate security of the personal data is guaranteed, including protection against unauthorized or illegal processing and against their loss, destruction or accidental damage, by applying appropriate technical or organizational measures.
• Information and training: one of the keys to guaranteeing the protection of personal data is the training and information which are provided to the personnel involved in their processing. During the life cycle of the information, all of the personnel with access to the data shall be conveniently trained and informed about their obligations in relation to compliance with data protection regulations.

The Data Protection Policy of Fundación BcD is communicated to all of the personnel of the data controller and made available to all of the interested parties.

Consequently, this Data Protection Policy involves all of the personnel of the data controller, who must know it and accept it, identifying with it, each member being responsible for applying it and for checking the data protection rules applicable to their activity, and for identifying and contributing the improvement opportunities that they consider to be appropriate with the aim of achieving excellence in relation to its fulfilment.

This Policy shall be revised by the Management / Governing Body of Fundación BcD, however many times it is considered necessary, in order to adapt it, at all times, to the personal data protection provisions in force.