top of page

Legal warning

Regulatory Compliance Certificate


Certificate of Compliance with Regulation (EU) no. 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of the natural persons with regard to the processing of personal data and the free movement of these data (hereinafter GDPR); and the Organic Law 3/2018, of 5 December, Protection of Personal Data and guarantee of digital rights; and Law 34/2002, of July 11, on Services of the Information Society and electronic commerce (hereinafter LOPDGDD).


Allover Consultors, SL has provided its adaptation and design services for the Data Protection Program to the company: Coordinadora para o Estudo dos Mamíferos Mariños (CEMMA) with CIF: G15400500 and domiciled at; R/ Ceán, 2, 36350, Nigrán (Spain).


As a result of the foregoing, Allover Consultors, SL declares that:


—A risk assessment has been carried out. The detail of the risk scenarios detected and related tasks is available in a complete executive risk report.


—The Record of Treatment Activities has been generated, and all activities involving the processing of personal data have been documented, paying special attention to the categories of data classified as sensitive by the GDPR and in accordance with the requirements set forth in Art. .5 GDPR.


—Protocols have been generated with a description of the specific technical and organizational measures to be implemented by the Coordinator for the Study of Marine Mammals (CEMMA). As well as the advisable security measures, to guarantee the protection of personal data in carrying out
treatment activity.


—Procedures for the protection of the rights of interested parties and a register of technical incidents have been established, as well as a procedure to notify the AEPD of security violations or possible security breaches. In addition, the Coordinadora para o Estudo dos Mamíferos Marinos (CEMMA) has models to respond to requests for rights from interested parties.


—The personal data processors have been identified and ad hoc contract models have been generated that define and regulate the relationship with the data controller as required by Art.24 and 28 of the GDPR.


— The technological developments carried out by the Coordinadora para o Estudo dos Mamíferos Mariños (CEMMA) have been carried out based on privacy from the design and by default, established and regulated according to the provisions of Art. 25 and considering Art. 78 of the GDPR.


— In accordance with the provisions of Art.35.4 of Regulation (EU) no. 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons, an Impact Assessment (EIPD) has been carried out, when the development of the software treats health data, considered data of special categories according to the provisions of Article 9.1 of the GDPR, which entail a high risk for the rights and freedoms of natural persons according to the criteria established by the Article 29 Working Group, having to adopt additional security measures for such purposes .


—All the documentation is stored in a secure cloud environment where it is kept regularly updated with its corresponding version history that allows accrediting, in turn, a history of regulatory compliance.


Certified by:
Victor Climent Gomez de Orgaz
Lawyer ICAB 32518
DPO Aenor

bottom of page