Direction / Board of Directors of The Night League (hereinafter, the controller), hereby acts with the utmost responsibility and commitment to set up, implement and upkeep this Data Protection Policy, ensuring the continuing improvement of the controller in order to achieve excellency regarding the compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and with Spanish Data Protection regulations (Act, specific sectoral legislation and their implementing rules).
Data Protection Policy of The Night League rests on the principle of accountability, according to which the controller shall be responsible for compliance with the regulatory and jurisprudential framework governing such Policy and able to demonstrate it before competent supervisory authorities.
In this sense, the controller shall be guided by the following principles, which should become the guide and reference framework on personal data processing for all their staff:
The controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing.
The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.
Measures ensuring personal data protection shall be applicable during the whole life cycle of the information.
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
One of the keys to ensuring personal data protection is the training of all staff involved in processing operations as well as the information provided to them. During the information life cycle, all staff who have access to personal data shall be properly trained and informed on their obligations regarding compliance with personal data regulations.
Data Protection Policy of The Night League shall be informed to all the staff of the controller and put at the disposal of all data subjects.
Consequently, this Personal Data Protection Policy involves all the staff of the controller, who shall both know and assume it, considering it as their own. Each staff member shall be responsible for implementing and verifying data protection measures applicable to their activity, as well as both identify and include any improvement opportunity they see fit for the purpose of achieving excellency with regard to its compliance.
This Policy shall be reviewed by Direction / Board of Directors of The Night League, as many times as it is necessary, in order to adjust it to the existing provisions on personal data protection.