Privacy Policy:

In this Privacy Policy you will find all the relevant information on the data processing carried out by LIDERA SOLUCIONES SL, (hereinafter “LIDERA”), for the group of clients and those interested in products and services marketed by this entity.

PLEASE TAKE A FEW MINUTES TO READ OUR PRIVACY POLICY , IT WILL NOT TAKE YOU LONG. WITH IT WE WANT TO EXPLAIN IN A SIMPLE, CLEAR AND TRANSPARENT WAY HOW WE TREAT AND PROTECT YOUR PERSONAL INFORMATION AND YOUR RIGHTS. YOUR SECURITY AND THAT OF YOUR PERSONAL DATA IS FUNDAMENTAL FOR LEIDERA AND WE TAKE THEIR ADEQUATE PROTECTION VERY SERIOUSLY.

WHO IS THIS POLICY ADDRESSED AND APPLIES TO?

 This policy applies to all users of the Website, whether or not they are clients of LIDERA (hereinafter, interchangeably, “the user” or “the users”) who are considered natural persons. And it is that, by personal data, we refer to all information about an identified or identifiable natural person.

This Website is aimed at users over 14 years of age, its use being prohibited to minors of this age and the registration, which could be offered in it, to those under 18 years of age.

Minors under 14 years of age must previously obtain permission from their parents, guardians or legal representatives, who will be considered responsible for the acts carried out by minors under their care, in accordance with current regulations.

TREATMENT INFORMATION

According to the provisions of the General Data Protection Regulation of the EU (hereinafter GDPR), of April 27, 2016, the user must receive timely and specific information from the person responsible for the treatment and the uses and purposes thereof.

For this, the following information is indicated:

IF YOU BROWSE OR USE OUR WEB PLATFORM, WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

Company name: Lidera Soluciones SL

CIF: B36981470

Address : Avda. de Peinador nº 60 – 1st floor – Mos (Pontevedra)

Responsible for Data Protection : rgpd@liderasoluciones.com

WHAT KIND OF DATA DO WE PROCESS?

The processing of your data is necessary to give you access to the contents and/or functionalities of our Website or, if you require it, to be able to send you the information or provide you with the services provided through it. In this regard, we maintain a firm commitment to treat your personal data in a legitimate and coherent manner in accordance with the legal principles and obligations set forth in the current personal data protection regulations.

When you browse through our Website and, in particular, when you interact, you provide us with data directly, for example, when you fill in any form or request provided online in accordance with the treatment purposes indicated in each case (for example, the information form).

The data you provide us is in relation to such forms. We will always request the data that is adequate, pertinent and limited to what is necessary with respect to the aforementioned purposes of treatment (principle of minimization of personal data):

• Personal identifying data (for example, your name and surname).
• Personal contact data (for example, email, address).
•  

Personal data associated with customer management.

• Personal data associated with registration (for example, access data through user verification and access code).
• Data related to the Complaint Channel , if used.

In the same way, when you browse our Website you should be aware of the cookies that are installed on your terminal or device, since this implies the processing of your personal data according to the type of cookies reported and their specific purposes (see cookie policy). . If you accept our cookie policy, analytical cookies will be used that involve the processing of personal data associated with your browsing profile for analytical and/or statistical purposes. It should be noted that continuing to browse our Website, with prior information on our legal data processing policies

personal, will imply that you unequivocally accept the cookies that are served, although you can configure the use of such analytical cookies at any time as indicated in said cookie policy.

In the same way, browsing our Website, IP connection data may be collected from the device or equipment used and that is provided through the browser that you use to connect to a Website. The purpose of an IP address is to make connection to the network possible, to ensure that the identification of each device is unique and thus prevent errors, fraud, etc. LIDERA will not use the IP address of your computer equipment or device for any treatment related to your personal data or to identify you or associate your browsing data.

FOR WHAT PURPOSES DO WE USE YOUR DATA?

Our Website is maintained and updated with the utmost responsibility on the part of LIDERA. The personal data that you provide us will be processed for the purpose specifically stipulated in this privacy policy and for the purpose for which they were collected in the different data forms provided in it. In this sense, the personal data that you provide us with your consent, as well as those that you provide us during the business/contractual relationship, may be processed, as described in the contract between the parties.

LIDERA processes your data for the following purposes:

Enable you to browse our Website, thereby allowing you access to the information and content provided therein.

Respond to and manage your queries and requests.

Send you all the necessary information in relation to the characteristics of the product or service that you have requested.

If you accept it, or there is sufficient legal basis for it, send you information and advertising about offers, products, services, promotions, gifts and campaigns around our products and services.

Properly provide customer service.

Carry out quality control on our products and services by carrying out possible opinion surveys.

In case you have accepted the cookies policy, for the development of the purposes associated with the different types of cookies informed through it, in particular, those of an analytical type (browsing/user profile), carry out such analysis and statistics

associated with browsing the Website in order to improve our services and the quality of their provision. At any time, if you wish, you can configure the use of analytical cookies, holding a right to revoke your consent regarding the purposes associated with these cookies. We inform you that the revocation of your consent to the processing of your data regarding certain types of cookies such as session or technical cookies may prevent you from browsing our Website (see cookie policy) .

Adopt as many protection measures as are applicable in accordance with the

current regulations, including the possible anonymization of your personal data by applying, for this, the appropriate techniques available for this purpose. Therefore, in this area, anonymization and pseudonymization treatments may also be carried out for the best protection of your personal data.

Apply the relevant security, technical or organizational measures on your data

with a focus on the existing risk at all times.

   If applicable, attend to complaints submitted through the External Ethics and Complaint Channel provided by LIDERA.

In general, comply with the regulations applicable to LIDERA according to the sector of activity that belongs to it, including actions aimed at detecting fraud and the prevention of crimes or illegal actions.

What happens if you provide us with data from third parties?

If you provide us with Personal Data from third parties, you guarantee that you have informed them about the purposes and the way in which we need to process your personal data.

How do we collect your data?

• When you contact LIDERA directly, for example through the Website or through the different telephone service lines, in order to request information about our products or services.
• When you participate in our marketing campaigns, through the Website or physically at events, product presentations, participating in any promotion or sweepstakes.
• When with your express authorization, third parties communicate your data to us

WHAT DO WE BASED ON TO PROCESS YOUR DATA LEGITIMATELY?

When the legitimate basis for the processing of your personal data is your consent, we remind you that you have the right to revoke it at any time in a simple and free way by writing to us at rgpd@liderasoluciones.com.

FOR HOW LONG DO WE KEEP YOUR DATA?

In any case, and without prejudice to the foregoing, the user is also informed of the following:

• Our data retention periods are based on business needs, it will be kept for the time necessary to fulfill the purpose for which it was collected, unless a longer retention period is legally permitted or required.
• In accordance with the current regulations on the protection of personal data, in everything that concerns the correct treatment of personal information by

LIDERA, this entity may also keep the information securely for three years from its collection/capture (limitation periods for infringements in this area).

• Regarding the time of conservation of cookies, the user is recommended to consult our cookie policy .

• In general, when the personal data is no longer necessary for the processing purposes for which it was collected, it will be blocked, remaining available only to the competent authorities for the possible debugging of legal responsibilities during the processing of these data. , always in accordance with the applicable regulations, and cannot be used for purposes other than these. After the corresponding legal deadlines in case of blocking, such personal data will be deleted as provided by the applicable regulations, and may also, if applicable, be safely anonymized by LIDERA (anonymized/non-personal data).

WHAT CONSEQUENCES DOES NOT PROVIDE US WITH YOUR DATA HAVE?

We try to request or apply the minimum and essential data to carry out the processing of personal data that we carry out in full development of our object and social purposes. All this in accordance with the principles contained in the applicable regulations.

However, the failure to provide your personal data could make it impossible for:

• you can navigate our website correctly (non-acceptance of technical or session cookies);
• Process your specific request or request (for example, due to the lack or insufficient completion of the corresponding form or request).

In any case, the information and personal data that you provide us, according to each case, must in any case be:

• Sufficient, although adjusted, limited and proportionate to the legitimate purposes of treatment reported in each case, with the utmost respect for the principles of purpose limitation and data minimization

• Accurate, updated and truthful, in order to be able to adequately verify the identity, capacity and, where appropriate, representation, as well as to be able to adjust, in each case, the data processing that is carried out to your specific needs and your situation. this in attention to the principle of accuracy of personal data.

Users will be fully responsible for the data and personal information that they provide to LIDERA within the framework of the platform and, where appropriate, for the services that they require or contract from us.

DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?

 In general, we do not share your data with third parties, nor do we sell or offer it to them, although it is possible that in order to fulfill the purposes indicated in this Privacy Policy we may communicate your minimum personal data to collaborating companies that provide us with support in the services we offer, for example (not limited or exclusive):

• Detection and prevention entities
• Technological service providers (storage, security and maintenance).
• Suppliers and collaborators of services related to marketing and

These companies that provide us with other types of services, only have access to the personal information they need to carry out said services and are required to keep the personal information they can access confidential, and may not use it in any other way than that that we have requested.

For compliance with legal and regulatory obligations, your data will be communicated to (not limited or exclusive):

• Public administrations.
• Judges, courts and security forces, for the attention of the possible responsibilities arising from the treatment, in their respective competences at the request of the same.

Due to the efficiency of the service, some service provider may be located in territories outside the European Economic Area that do not provide a level of data protection comparable to that of the European Union, such as the United States. In such cases, we inform you that we transfer your data with adequate guarantees and always keeping the security of your data, these service providers being certified in Privacy Shield.

If you wish to consult the certification of the providers in the United States, you can consult them at the following link: https://www.privacyshield.gov/welcome

Likewise, LIDERA has various managers for the processing of personal data under its control, allowing access to them, as trusted providers, and to the extent that it is strictly necessary for the provision of the services contracted with them. Such data processors operate under a service contract in the terms, conditions and guarantees contained in article 28 of the GDPR, LIDERA carrying out the corresponding controls, inspections and audits in this area to verify that such data processors strictly comply with the contracts signed for this purpose and the applicable regulations.

Finally, you are informed that your data may be transferred to the competent authorities and organizations depending on the applicable legislation in each case.

ARE INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA MADE?

In general, your data will not be communicated to entities outside the European Economic Area without your express consent, except:

• In cases where a mandatory rule allows such communication, in such cases we will inform you whenever possible of the purposes of said communication.
• In the case of contracting the Support and Maintenance services of the Spiga+ computer application, international data transfers may be made to the entity LIDERA AMERICA SAS with Identification Number NIT 901048398-1 and address at Cra 21# 102-46 Bogotá (Colombia ).

Lidera America SAS is an entity 100% owned by Lidera Soluciones SL

The international transfer of data is carried out with the sole purpose of attending to the maintenance services of the Spiga+ application and the appropriate guarantees are adopted to protect your information.

The relationship between Lidera Soluciones SL and Lidera America SAS is subject to a service contract under article 47 “Binding Rules”. If you want more information, please send an email to rgpd@liderasoluciones.com requesting additional information on international data transfer.

Notwithstanding the foregoing, our cookies policy informs about the existence of possible international transfers of personal data, in relation to the services provided by certain companies (third-party cookies). All these international transfers are fully guaranteed according to the applicable regulations, in the case of entities included in the list of certified entities under the Privacy Shield, https://www.privacyshield.gov/welcome , (see cookie policy).

WHAT RIGHTS DO YOU HAVE AND HOW CAN YOU EXERCISE THEM?

We promise to respect the confidentiality of your personal data and guarantee the exercise of your rights. You can exercise them at no cost by writing an email to the only email address, rgpd@liderasoluciones.com, simply indicating the reason for your request and the right you are requesting to exercise, indicating in the email subject “Request exercise of rights”.

In the same way, you can also direct the request to the postal address, Avda. de Peinador nº 60 – 1st floor – Vigo (Pontevedra) Spain, indicating the reference “Request exercise of rights” and likewise, the reason for your request and the right you request to exercise.

In order to correctly identify you and guarantee the security of your data (for example, to prevent identity theft), we request that you send us a copy of a document proving your identity; DNI, NIE or passport.

In particular, regardless of the purpose or legal basis for which we process your data, you have the right to:

• You have the right to access your personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes that were
• In certain circumstances, you may request the limitation of the processing of your data, in which case we will only keep it for the exercise or defense of
• In certain circumstances and for reasons related to your particular situation, you may oppose the processing of your data. We will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible
• Right to the portability of your data
• Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or affects you
• You will have the right to withdraw your consent at any time. The withdrawal of consent will not affect the legality of the treatment carried out by LIDERA based on your consent prior to its withdrawal.
• Right to file a claim with the Control Authority (Spanish Data Protection Agency), if you consider that the treatment does not comply with the RGPD or due to the possible breach of the regulations on data protection, whose information is found in this link: http://www.agpd.es .

We recommend that before filing any complaint or claim with the Spanish Agency for Data Protection (AEPD), you contact us in order to analyze the specific situation that corresponds and try, where appropriate, to find an effective and friendly solution.

The exercise by you of these rights is subject to certain exceptions for reasons of general interest, such as the prevention or detection of crimes or for our own interests, such as maintaining the confidentiality of legal advice. If you exercise any of these rights, we will verify that you are really authorized to do so, and we will respond to you within one month (according to the GDPR), and this period may be extended for another two months if necessary, taking into account the complexity and number of requests.

WHAT SECURITY DO WE PROVIDE TO YOUR PERSONAL DATA?

LIDERA undertakes to comply with its obligation of secrecy, the duty to keep it and adopt the necessary technical and organizational measures to guarantee the security of personal data and prevent its alteration, loss, treatment or unauthorized access.

The information provided by the user is considered confidential, and may not be used for other purposes than those related to the services contracted with LIDERA.

Third parties that collaborate with LIDERA and that have some type of intervention in the services provided, are committed not to disclose or make use of the information they have accessed.

All our suppliers, who act as Data Processors, operate under a service contract under the terms, conditions and guarantees contained in article 28 of the GDPR.

Although in data transmissions over the Internet or from a website it is not possible to guarantee absolute protection against intrusions, both we and our subcontractors and business partners make every effort to maintain the physical, electronic and procedural protection measures with which which guarantee the protection of your data in accordance with the applicable legal requirements in this matter.

The measures we use include:

a) Physical:

• “Clean tables” policy.
• shredder for
• Fireproof cabinets with specific locks.
• classified documents and
• Protected workplaces with access by key, with impossibility of access to unauthorized persons.
• Procedures for the use of supports outside the

b) Logics:

• Limit access to your data only to those people who need to know them in view of the tasks that
• As a general rule, transfer data in encrypted format
• Store the most sensitive data (such as credit card data) only in format
• Install perimeter protection systems for computer infrastructures (“firewalls”) to prevent unauthorized access, for example “hackers”.
• Regularly monitor access to computer systems to detect and stop any improper use of personal data.
• Commercial transactions are carried out in a secure server environment under protocol
• original software and
• Computer equipment with access by username and unique password and
• encryption of
• Backup and restore capability.
• Procedures for the use of automated devices, registration of incidents and use of supports outside the office.
• User blocked when not in use, screensaver with password lock.

In those cases in which we have provided you (or you have chosen) a password that allows you to access certain parts of our websites or any other portal, application or service under our control, you are responsible for keeping it secret and for complying with all other security procedures that we notify you of.

We recommend some of the precautions that we advise you should take to guarantee the security of your personal data:

• Do not provide anyone with your username or password.
• Do not write it down in easily accessible places: computer,
• Always use our security system
• Always disconnect the browser session after having accessed a security zone or having entered the user or password into the system.

c) Formative:

Training in LIDERA, in terms of data protection, cybersecurity and related matters is continuous.

Security measures are reviewed periodically, both manually and through specific software.

VALIDITY AND MODIFICATION OF THE PRIVACY POLICY

This policy is in force since May 2, 2019.

LIDERA reserves the right to modify this policy, to adapt it to future legislative, doctrinal or jurisprudential developments that result from application, or for technical, operational, commercial, corporate and business reasons, informing you previously and reasonably of the changes that occur when this is possible. In any case, it is recommended that, each time you access this platform, you read this policy in detail, since any modification will be published through it.

Likewise, LIDERA may inform you personally and in advance of the changes projected in this policy, before its entry into force, provided that this will be technically and reasonably

possible, in particular, when you are considered a registered user or are a client of LIDERA.

COMPETENCE AND APPLICABLE JURISDICTION

In general, any controversy and conflict will be preferably submitted by the parties to their knowledge in order to seek a friendly and mutually agreed solution using, for these purposes, the channel and email provided in this policy.

If it is not possible, taking into account the criteria contained in the GDPR for determining the competence of the leading or main authority in order to know any conflict, controversy or claim regarding this privacy policy, at At least, in administrative proceedings, it is reported that such authority will be the Spanish Agency for Data Protection (AEPD), and must comply, in any case, with the provisions of article 56 of the GDPR. With regard to the right to effective judicial protection against LIDERA in these cases, the provisions of article 79.2 of the GDPR will also apply, and the corresponding action may be brought before the Judges and Courts of the City of Madrid to the extent that that the responsible entity is a company located in Spain.