This Data Protection Policy outlines how DEDOMENA ARTIFICIAL INTELLIGENCE, S.L. ensures the protection of personal data in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and other relevant legislation.
Our commitment to data protection is fundamental to our operations. We implement comprehensive measures to safeguard personal data and ensure compliance with all legal requirements.
Data Protection Principles
DEDOMENA adheres to the following core data protection principles in all our processing activities:
Lawfulness, Fairness, and Transparency
All data processing is conducted legally, fairly, and in a transparent manner.
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes only.
Data Minimization
We only collect data that is necessary for the intended purposes.
Accuracy
We ensure that personal data is accurate and kept up to date.
Storage Limitation
Data is kept only as long as necessary for the specified purposes.
Integrity and Confidentiality
We process data securely, protecting against unauthorized access and damage.
Accountability
We are responsible for demonstrating compliance with these principles.
Roles and Responsibilities
DEDOMENA has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation. The DPO serves as the point of contact for data protection inquiries and cooperation with supervisory authorities.
All employees who handle personal data must:
- Complete mandatory data protection training
- Comply with this policy and related procedures
- Report any data protection concerns immediately
- Process data only as authorized
Data Subject Rights
We respect and facilitate the exercise of data subject rights. Under applicable data protection laws, data subjects have the right to:
- →Access: Obtain confirmation and copies of their personal data
- →Rectification: Request correction of inaccurate or incomplete data
- →Erasure: Request deletion of their data ('right to be forgotten')
- →Restriction: Limit processing in certain circumstances
- →Portability: Receive data in a structured, machine-readable format
- →Objection: Object to processing based on legitimate interests
- →Automated Decision-Making: Not be subject to solely automated decisions
Data Security Measures
DEDOMENA implements a comprehensive set of technical and organizational measures to ensure the security of personal data:
- Encryption: Data is encrypted at rest and in transit using industry-standard protocols
- Access Controls: Strict authentication and authorization mechanisms
- Regular Audits: Continuous security assessments and penetration testing
- Secure Disposal: Proper procedures for data deletion when no longer needed
- Employee Training: Regular data protection awareness programs
- Incident Response: Documented procedures for handling security incidents
International Data Transfers
When transferring personal data outside the European Economic Area (EEA), DEDOMENA ensures that appropriate safeguards are in place. These may include:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognizing the level of protection in third countries
- Binding Corporate Rules (BCRs) for intra-group transfers
- Certification mechanisms and codes of conduct
Data Breach Response
In the event of a personal data breach, DEDOMENA has established procedures to ensure rapid and effective response:
Notification to Authority: We notify the supervisory authority within 72 hours of becoming aware of a breach
Notification to Data Subjects: We inform affected individuals without undue delay when the breach poses high risk
Documentation: All breaches are documented regardless of whether notification is required