You have doubts?


Legal warnings | Policies Privacy | Contracts of services | RGPD | Policy of Quality

Information on the RGPD (General Regulation of Protection of Data)

Information on the RGPD (General Regulation of Protection of Data) and model of hiring of data processing for the services of lodging of CmarTone Europe SL, in future CmarTone

The following information that we facilitated to him is regarding the fulfillment of the effective legislation in the matter of personal data being of application if it tries to store files of personal data using our platform.

The Statutory law of Data processing of personal character (Statutory law 15/1999, of 13 of December – LOPD) regulates until the 25 of May the data processing of personal character establishing as objective “to guarantee and to protect, concerning the treatment of the personal data, the public liberties and the fundamental rights of the natural people, and especially of their honor and personal and familiar privacy.?

Regulation (the EU) 2016/679, from the European Parliament and the Council, from 27 of April (“General Regulation of Protection of Data? or “RGPD?), comes to regulate the data processing of personal character.

We detail next the points in which it can need information CmarTone, but considers that the law includes diverse additional aspects (right, obligations, safety measures, etc.) of fulfillment forced for the person in charge of the files of personal character data. For more information we requested to him consults the webpage of the Agency of Protection of Data and the Web of the European Commission with respect to the General Regulation of Protection of Data

Contract of data processing

If it stores personal character data in some of the services contracted CmarTone and is going to store them in our infrastructure, CmarTone would happen to be one of the ones in charge of the treatment. In this respect the RGPD establishes that the accomplishment of treatments on behalf of third parties will have to be regulated in a contract that will have to consist in writing or in some other form that allows to credit to its celebration and content, settling down specifically that the one in charge of the treatment will deal with the data according to the instructions the person in charge about the treatment, that will not apply them or will use with aim different from which appears in this contract, nor only will communicate them, not even for its conservation, to other people.

The contract of services of CmarTone as of the date of application of the Regulation, contemplates all the aspects necessary to regulate the contractual relation according to the RGPD, including the commitment of confidentiality and good use of the data, that is guaranteed and regulated in the conditions of the contract established when contracting the service with CmarTone.

As we indicated in contracts of services, section “Protection of data and personal data processing on behalf of third parties?, CmarTone is a situated company in Spain (to see data more ahead). Our servers, systems and facilities are in SPAIN, within the European Union (CPD in ZAMUDIO - BISCAY) and we realised all the data of data processings according to the RGPD, without resorting to other ones in charge, unless therefore he specifies himself in the supply or the particular contract of services.

Also, as much in the privacy policy as in contracts of services we informed that CmarTone has designated a delegate of protection of data with which can be put in touch through [email protected] email

However, if it wishes to separately sign a contract of data processing to the main contract can asks for the Contract model to us of Data processing for services of CmarTone lodging. It prints two copies, fírmelas and envínoslas via email to [email protected]

Safety measures

Since CmarTone only provides the technical infrastructure, and in the cases in which the administration also includes the service of the same, the safety measures provided by CmarTone are limited these functions, being excluded other aspects, out of the surroundings and service been in by CmarTone, and that the person in charge of the file has the obligation to fulfill.

Based on the services contracted by the Client, CmarTone takes responsibility to exclusively implant the following safety measures in the services of lodging in the terms that next are detailed, being responsibility of the client to determine if these measures adjust to the security level that needs (it can obtain more document data of analysis of Risks of the Agency of Protection of Data)

Functions and personnel dutieses: The CmarTone personnel has received the formation necessary to realise the management workings in its systems and has the norms and procedures to the accomplishment of the same and is conscious of the commitment of CmarTone with respect to the confidentiality and integrity of the data of the client. These functions do not include regarding the administration and the management that, according to the conditions of the contracted services, must realise the Client.

Registry of incidences: CmarTone will communicate the happened incidences that can affect to the information of the client.

Identification and authentication: CmarTone will maintain an up-to-date relation of users with authorized access to the administration and operation of its systems the management of passwords on the part of CmarTone does not include those proportionate ones to the Client for the access to the service, whose maintenance and control will be responsibility of the Client according to the stipulated thing in the conditions of the contracted service, as well as regarding propietary applications installed by the client.

Control of access: The CmarTone employees will only have authorized access to the necessary resources for the performance of their functions. The Client will have the responsibility to this end settle down the necessary control mechanisms of access with the tools destined in the contracted service, as well as regarding propietary applications installed by the client.

Control of physical access: The dependencies where the infrastructure through Web CmarTone is lodged serve are equipped with control of access and systems of monitoring and control to guarantee that the authorized personnel only accedes to the same.

Backup copies and capacity to recover the availability and access to the personal data of fast form in case of incident. CmarTone will realise backup copies of the information of the Client according to the backup copy model on watch that it has contracted. If it has not contracted any service of backup copies, these will not be carried out on the part of CmarTone. If the service of backup copies is including in the contracted service, they will be realised with the regularity that has engaged the client. It is responsibility of the client to establish the backup copy policy that needs and to contract CmarTone the services that need.

Registry of physical accesses: The control of physical access will have a registry that will allow to determine the user who acceded at a certain moment to the dependencies in which CmarTone lodges the infrastructure through which it gives service to the Client. The Client will have the responsibility to settle down the necessary mechanisms of access registry, with the tools destined to this end in the service contracted according to the stipulated thing in the decided conditions, as well as regarding propietary applications installed by the client.

Document of security

The norm establishes that the person in charge of the file is forced to the creation of a document of security with the description of the file, functions and personnel dutieses, structures of the file, and another series of data regarding the file.

At the time of writing up the mentioned document of security it agrees that it follows the guide provided by the Agency of protection of data.