1.- POLICY ON THE PROTECTION OF PERSONAL DATA
Worldwide Payment Systems S.A.U. dba as Onyx CenterSource (“the Entity”) has a policy on the protection of personal data subject to Organic Law 15/1999 of 13th December 1999 on the Protection of Data of a Personal Nature (Ley Orgánica de Protección de Datos de Carácter Personal) (BOE [Official Gazette] 14.12.1999) and Regulations governing Organic Law implementation which in turn is a restatement of the European Community law, together within its implementing and supplementary legislation. The standards of protection for personal data under this legislation are of the highest order.
1. By this notice the Entity informs persons who have contracted its services, are intermediaries, or receive outputs from contracted services (hereinafter "Users") about its web site payments.onyxcentersource.com and its policy for the protection of personal data (hereinafter "the Personal Data") so that these Users are free to decide whether they wish to provide Onyx with any Personal Data which they may be asked for, or which may be necessary in order to carry out the services, or which may be obtained from the Users through subscription, registration or simply by using the services.
2. The Entity reserves the right to change its present policy so that it conforms to any changes in legislative or other legal requirements and in industry practices or advancements in information technology. If any such changes are made the Entity will announce the new policy on this site with sufficient notice to enable the Users to be properly conversant with them.
3. Certain services provided may contain particular conditions with specific provisions relating to the protection of Personal Data.
4. Any Personal Data obtained will be processed and incorporated into the appropriate registries which is responsible for and maintains. With this end in mind, will provide User with the appropriate resources to enable them to access this notice about the company’s data protection policy and any other relevant information through which they can give their consent to process their Personal Data.
5. The only reason for the collection and computerised processing of Personal Data is to ensure that the services provided are adequate; to enable the exchange of necessary information between Users; to ensure the maintenance, if appropriate, of any contractual relationship which may be entered into with the Entity ; to facilitate the handling, administration, provision, expansion and improvement of the services used by the Users, or to ensure that these services meet the preferences and requirements of the Users; to study how the services are received by the Users; to design new services in relation to the existing services; and to deal with messages and communications between the Entity and the Users in relation to the services, through both traditional and electronic means.
6. The Entity has met the legally required levels of security for the protection of Personal Data and has installed all the technical measures with diligence and the current state of the technology permit in order to avoid the loss, improper use, alteration, unauthorised accessing and theft. However, the User does agree that Internet security measures are not impregnable and secondly that they themselves must maintain the required levels of diligence in terms of their responsibility for looking after their own information, logins, passwords, access to data and services provided including its web portal and their responsibility for the information obtained as a result of or through the services provided.
7. For security and crime prevention reasons, the Entity may record for a limited period of time, some of the information or messages arising in the course of the activities and services which it provides through its web portals. However, in the interests of protecting the right to privacy, the Entity will not be liable if any of the contents or messages posted should turn out to be criminal or unlawful. In the event that the Entity becomes aware, either by itself or through a User, of the criminal or unlawful contents of any information, the Entity will remove it immediately, without prejudice to any legal actions which might follow or arise. For these purposes the Entity is acting solely as a distributor of information and messages.
8. The Entity will not provide the Users’ Personal Data to third parties or to any other company whether or not it is located within the European Community or abroad, except when necessary to complete the contracted services.
9. As a result of Spanish Legislation, the data of the contact personnel working at the Customer’s company are not considered Personal Data to be protected.
10. In cases where the Users provide third-parties’ Personal Data related to the bookings, such as name and surname of a guest, to be processed within the contracted services, the Entity shall act in the name of the Users, and shall meet the following requirements as set forth in art. 12 of the Spanish Legislation on Protection of Data of a Personal Nature.
- The Entity shall only process this data on the instructions of the Users, who are the controllers of the data.
- The Entity shall not apply or use this data for any purpose other than that provided herein in the context necessary to complete the contracted services.
- The Entity shall not disclose the data, even for their conservation, to other persons except when necessary to complete the contracted services
- The Entity has implemented the basic security measures contemplated in the Royal Decree 1720/2007, of June 11, passing the Regulations for Security Measures of automated systems containing Personal Data.
- Data will be destroyed when it is no longer necessary for the purpose it was received and once the resulting Statutes of Limitation for Liabilities are no longer in effect.