The Management / Governing Body of IAESTE SPAIN (hereinafter, the controller), assumes the maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, ensuring the continuous improvement of the controller with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and Spanish personal data protection regulations (Organic Law, specific sectoral legislation and its implementing rules).
IAESTE SPAIN’s Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy, and is able to demonstrate this to the competent control authorities.
In this regard, the controller shall be governed by the following principles which should serve as a guide and frame of reference for all its staff in the processing of personal data: