| 15 October 2009
In what concerns the fulfillment of the in force legislation as for personal information, and if you try to store files of personal information using our platform, we provide to you the following information related to the service that has contracted with Occentus Network.
The Organic Law of Protection of Information of personal character (Organic Law 15/1999, of December 13 - LOPD) regulates the data processing of personal character and has as aim "guarantee and protect, regarding the treatment of the personal information, the public freedoms and the fundamental rights of the natural persons, and specially of their honor and personal and familiar intimacy".
We will mention exclusively the points in which you can need information of Occentus Network, but bear in mind that the law includes diverse additional aspects (rights, obligations, safety measures, etc.) of obliged fulfillment for the person in charge of the files of information of personal character. For more information consult in the web page of the Protection Agency of Information.
Also they can be of your interest the legal services that we offer you in collaboration with PRODAT, consulting leader in Protection of Information in Spain.
Contract of data processing
If you stores information of personal character in our infrastructure, Occentus Network would happen to be one of the managers of the treatment, and the own LOPD establishes that:
The accomplishment of treatments at the expense of third will have to be regulated in a contract that will have to consist in writing or in someone other one forms which allows to credit its celebration and content, being established expressly that the manager of the treatment only will treat the information in conformity with the instructions of the person in charge of the treatment, who neither will apply or use them with purpose different from the one that appears in the above mentioned contract, that will not even communicate them, not even for their conservation, to other persons.
This commitment of confidentiality and good use of the information already is contemplated and guaranteed in the condiciones generales de contratación established on having contracted the service with Occentus Network.
Inscription of the file in the Protection Agency of Information:
As it describes the LOPD they must declare the files with personal information before the Protection Agency of Information (APD).
To realize the above mentioned inscription you will need to refill the information of the paragraph 4 (MANAGER OF TREATMENT), bearing in mind that only will record in the above mentioned paragraph the information of one of the managers of the treatment and the Protection Agency of Information recommends that one should make consist the denomination of the manager who realizes the data processing that could involve a major duration in the time or major risks according to the type the quantity of treated information.
In the case that Occentus Network is the manager of principal treatment they will have to refill the following information:
Medidas de seguridad
The Royal decree 1720/2007, of December 21, by which there is approved the Regulation of development of the Organic Law of December 13, of protection of information of personal character, establishes that depending on the type of personal handled information certain measures of safety will have to be fulfilled.
Provided that Occentus Network provides only the technical infrastructure, and in the cases in which the service includes the administration of the same one, the safety measures provided by Occentus Network limit themselves to these functions, being excluded other aspects, out of the environment and the service given by Occentus Network, and that the person in charge of the file has the obligation to expire.
Depending on those services that are contracted by the Client as the principal contract reflects, Occentus Network takes responsibility of implanting the following measures of safety in the services of housing exclusively in the terms that later are detailed:
- Functions and obligations of the personnel: The personnel of administration and Occentus Network's system operation has received the necessary training to realize the labors of management in the implied systems, has the procedure and procedures for the accomplishment of the same ones and is conscious of Occentus Network's commitment in the relative thing to the confidentiality and integrity of the information of the client. These functions do not include the relative ones to the administration and management that, according to the conditions of the contracted services, the Client should realize.
- Record of incidents: Occentus Network will communicate the happened incidents that could concern the information of the client, indicating the type of incident, the moment in which it has taken place, the person who realizes the notification, whom one communicates and the effects that should stem from the same one.
- Identification and authentication: Occentus Network will support a relation updated of users with access authorized to the administration and operation of the systems of information, existing a procedure of assignment, distribution and storage of passwords of access that guarantees your confidentiality and integrity, implanting mechanisms for the identification of unequivocal and personalized form of these users. Likewise, will be indicated the access authorized for each of the users, besides the list of personnel with authorization to grant, to alter or to annul the access authorized on information and resources relative to the service given by Occentus Network. The management of passwords does not include those provided to the Client for the access to the service, which maintenance and control will be a responsibility of the Client according to the stipulated in the conditions of the contracted service, as well as the relative ones to propietary applications installed by the client.
- Control of access: The personnel of Occentus Network will have access authorized only to the resources necessary for the performance of their functions of administration and operation. The Client will have the responsibility of establishing the necessary mechanisms of control of access with the tools destined for such an purpose in the service contracted according to the stipulated in the conditions of the contracted service, as well as the relative ones to propietary applications installed by the client.
- Control of physical access: The dependences where there stays the infrastructure that gives the service are equipped with control of access and systems of monitoring and control to guarantee that only he/she accedes to the same ones the authorized personnel.
- Management of supports: Occentus Network realizes the management and inventory of the supports delivered by the Client or resultant of the accomplishment of copies of support. Likewise Occentus Network has well-established measures for the destruction and waste of supports. The exit of these supports out of Occentus Network's places is realized always and when previous authorization of the client exists. The Client will perform responsible for the information that, obtained across the network with authorized access, is stored in own supports.
- Copies of support and recovery: Occentus Network will realize safety copies of the information of the Client according to the model of service of contracted Backup. If the service of backup is included in the service the safety copies they will be realized by a weekly or minor periodicity, and there are realized from time to time checks of these copies.
- Audit: Occentus Network will provide the necessary information to the clients for the accomplishment of audits on the part of the own personnel of the Client or for the third one, always and when it does not suppose unreasonable distortions in the development for Occentus Network of its ordinary activity and such information or document have relation with the works or in charge services and with the files of which the Client was to title.
- Record of accesses: The control of physical access will have a record that there will allow to determine the user who acceded in a certain moment to the dependences. The Client will have the responsibility of establishing the necessary mechanisms of record of access, with the tools destined for such an purpose in the service contracted according to the stipulated in the approved conditions, as well as the relative ones to propietary applications installed by the client.
Safety document
The regulation establishes that the person in charge of the file is obliged to the creation of a safety document with the description of the file, functions and obligations of the personnel, structure of the file, and another series of information relative to the file.
At the moment of writing the mentioned document of safety it suits to be still the guide provided by the Protection Agency of information
We offer you this information in collaboration with PRODAT, consulting leader in Protection of Information in Spain.
