ORGANIC LAW ON PERSONAL DATA PROTECTION
SERVICE PROVISION CONTRACT WITH A WEB SITE COMPUTER MAINTENANCE COMPANY
The data controller has entrusted the data processor with the provision of the services detailed below:
- Design, development and maintenance of the Syltek Solutions software.
- Any other activity related to computer and/or web consultancy.
- For the correct provision of the services listed above, the data controller will provide the data processor with automated or non-automated files that contain personal data.
III. In compliance with Article 12 of Law 15/1999, of 13 December, the Personal Data Protection Act, both parties freely agree to regulate the access and processing of the personal data mentioned herein, in accordance with the following:
The files containing personal data placed at the disposal of the data processor are duly legalised and legitimised. Access by the former to the data of the data controller will not be considered as data communication, since it is indispensable for the provision of the services ordered.
Two.- PURPOSE OF THE PROCESSING
Access by the data processor to the personal data contained in the files of the data controller shall be solely and exclusively for the purposes listed in section I.
Three.- GUARANTEE AND DATA PROTECTION
In the processing of these personal data, the data controller and the data processor undertake to guarantee and protect the public liberties and fundamental rights of the natural persons concerned and, in particular, their honour and their family and personal privacy.
Four.- DELEGATION OF FUNCTIONS
The data controller facilitates and delegates its functions to the data processor so that it can carry out the contracted services.
Five.- OBLIGATIONS OF THE DATA CONTROLLER
- Compliance with all the technical and organisational measures necessary to guarantee the security of the personal data, preventing their alteration, loss, processing or unauthorised access.
- Inform the Spanish Data Protection Agency of the data processor’s existence and fulfil any rights of access, rectification, cancellation and opposition that may be directed to it.
- Inform the data processor of any variation that takes place in the personal data facilitated, so that said party is be able to update said data.
Six.- OBLIGATIONS OF THE DATA PROCESSOR
- Adopt the necessary technical and organisational measures, depending on the level of security of the data processed, established in Royal Decree 1720/2007, which guarantee the security of personal data and prevent their alteration, loss, processing or unauthorised access. The data controller reserves the right to carry out at any time the controls and audits it deems appropriate to verify effective compliance with the security measures required by law and the agreements regulated in this contract.
- Process the data in accordance with the data controller’s instructions, not using the data for purposes other than those agreed in the second agreement.
- Not transfer the data to third parties, or only for conservation, transfers to public administrations or private entities are exempted from this prohibition when necessary for the performance of contracted services or to establish legal provision.
- Maintain professional secrecy and strict confidentiality in relation to the personal data obtained during the processing and after its completion, being answerable to the data controller in the event of non-compliance, without prejudice to the responsibilities that may arise before the Spanish Data Protection Agency or before the interested party.
- Communicate and ensure its employees comply with the obligations established in the previous sections and specifically those relating to the duty of secrecy and the security measures implemented by the data controller.
In the event that the data processor uses the data for purposes other than those stipulated, communicates them or uses them in breach of the conditions of this contract, it shall also be considered to be the data controller and shall be personally liable for the infringements committed.
Eight.- RESCISSION, RESOLUTION AND TERMINATION
The rescission, termination or termination of the contractual relationship for the provision of services between the data controller and data processor will oblige the latter to maintain blocked the personal data provided by the former.
Once the time-limit established to cover legal responsibilities has elapsed, the personal data must be destroyed or returned to the data controller, along with any support or document containing any personal data.