Privacy Policy

SADES APARELLAJE S.L. (the "Company") is an Organization that engages in activities involving the processing of personal data, which gives it an important responsibility in designing and organizing procedures to ensure compliance with legal requirements in this area.

In exercising these responsibilities and in order to establish the general principles that should govern the processing of personal data within the Company, this Personal Data Protection Policy is approved, which is communicated to its Employees and made available to all its Stakeholders.

1. Purpose

The Personal Data Protection Policy is a proactive responsibility measure aimed at ensuring compliance with applicable legislation in this area and, in relation to this, respecting the right to honor and privacy in the processing of personal data of all individuals who interact with the Company.

In the development of this Personal Data Protection Policy, the principles governing data processing within the organization are established, as well as the procedures, organizational and security measures that individuals affected by this Policy commit to implement within their area of responsibility.

To this end, the Management will assign responsibilities to the personnel involved in data processing operations.

2. Scope of Application

This Personal Data Protection Policy will apply to the Company, its administrators, executives, and employees, as well as to all individuals who interact with it, including expressly service providers with access to data ("Data Processors").

3. Principles of Personal Data Processing

As a general principle, the Company will scrupulously comply with personal data protection legislation and must be able to demonstrate it ("proactive responsibility" principle), paying special attention to those processing activities that may pose a higher risk to the rights of the affected individuals ("risk-based approach" principle).

In relation to the above, SADES APARELLAJE S.L will ensure compliance with the following principles:

  • Lawfulness, fairness, transparency, and purpose limitation. Data processing must always be informed to the affected individual through clauses and other procedures; it will only be considered legitimate if there is consent for data processing (with special attention to minors' consent), or if it has other valid legitimacy and the purpose is in accordance with regulations.
  • Data minimization. Processed data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy. Data must be accurate and, if necessary, updated. In this regard, necessary measures will be taken to delete or rectify personal data that are inaccurate concerning the purposes for which they are processed without delay.
  • Storage limitation. Data will be kept in a way that allows the identification of the affected individuals for no longer than necessary for the purposes for which the data are processed.
  • Integrity and confidentiality. Data will be processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by applying appropriate technical or organizational measures.
  • Data transfers. The purchase or obtaining of personal data from illegitimate sources or in cases where such data have been collected or transferred in violation of the law or do not sufficiently guarantee their legitimate origin is prohibited.
  • Contracting service providers with access to data. Only service providers that offer sufficient guarantees to apply appropriate technical and security measures in data processing will be chosen for contracting. The proper Agreement in this regard will be documented with these third parties.
  • International data transfers. Any personal data processing subject to European Union regulations involving data transfers outside the European Economic Area must be carried out in strict compliance with the requirements established by applicable law.
  • Rights of the affected individuals. The Company will facilitate the exercise of the rights of access, rectification, deletion, restriction of processing, objection, and portability to the affected individuals by establishing internal procedures, particularly the models for their exercise that are necessary and appropriate, which must meet at least the applicable legal requirements in each case.
  • The Company will promote that the principles set out in this Personal Data Protection Policy are considered (i) in the design and implementation of all work procedures, (ii) in the products and services offered, (iii) in all contracts and obligations formalized or assumed, and (iv) in the implementation of systems and platforms that allow access to employees or third parties and/or the collection or processing of personal data.

4. Commitment of Employees

Employees are informed of this Policy and acknowledge that personal data is an asset of the Company. In this regard, they adhere to it and commit to the following:

  • Complete the data protection awareness training provided by the Company.
  • Apply the user-level security measures that apply to their job position, without prejudice to the responsibilities in their design and implementation that may be attributed to them based on their role within SADES APARELLAJE S.L.
  • Use the established formats for exercising the rights of the affected individuals and inform the Company immediately so that the response can be effectively implemented.
  • Inform the Company as soon as they become aware of any deviations from this Policy, particularly "personal data security breaches," using the established format for this purpose.

5. Control and Evaluation

An annual verification, evaluation, and assessment will be conducted, or whenever there are significant changes in data processing, to ensure the effectiveness of technical and organizational measures to guarantee the security of data processing.