S2M-group Data Protection Policy GDPR Compliance Statement – Dedication to Data Safety Standards S2M-group Data Services & Software Holding, S.L. is a company acting worldwide. Due to our awareness of the importance of data protection standards as well as dedication to providing the Service of the highest quality to our Clients we, hereby, declare that as a Company we are dedicated to supporting European standards of data protection. This is a unilateral statement showing our Data Protection Policy and aspiration to fulfill requirements set forth by Regulation EU 2016/679 known as General Data Protection Regulation (GDPR). Hereby, this policy applies to data processing performed by S2M-group Data Services & Software Holding, S.L. during the course of Contract performance as well as pre-contractual contact with Clients or processing on behalf of Clients. All terms and definitions concerning data processing as “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing”, “Processor”, and “Supervisory Authority” shall be understood in line with definitions provided by Regulation EU 2016/679 1. Aim and performance This document shall serve as a policy statement to present our approach towards data protection and our readiness to fulfil European standards. Our Company is aware of internal as well as external risks arising out of data processing is ready to devote its time and resources to minimize any risk. To achieve this aim, we appointed Data Protection Officer to monitor data flow within S2M-group Data Services & Software Holding, S.L. Furthermore, we are ready to provide our customers with Data Processing Addendum to ensure data safety standards. 2. Role of S2M-group Data Services & Software Holding, S.L. S2M-group may perform its duties as a Controller or Processor. The Company acts as a Controller in following situations. Once processing personal data of its Clients. Such data are collected to complete Contract and establish a relation between Company and Client. Client’s data are also processed due to tax and financial obligations coming from the national legal system. Once processing personal data of its potential clients in the course of outbound activities. Such processing is limited to basic data necessary to establish marketing relation with potential customers. Furthermore, the Company is aware of all information obligation, the requirement to enable data deletion or correction and all further requirements concerning data safety. The Company acts as a Processor in following situations. Once processing personal data on behalf of and in line with requirements set forth by the Client in the Contract between the Company and a Client. In this case, our Client acts as a Controller because he or she is the one defining aim, purpose and extent of personal data processing. S2M-group provides a comprehensive service which shall support Client’s Marketing and Sale activities. 3. Individual Rights If your data is processed by S2M–group either as a data controller or data processor, we are dedicated to respect those rights and, if possible, proceed with your request concerning data processing, notify controller or provide an explanation why some actions shall be understood as impossible. Mentioned individual rights are as follows. Right of delete data In certain circumstances, you have the right to erasure of personal information held about you, although this may be qualified where e.g. it is necessary for that information to be retained for record-keeping purposes or compliance with our obligations. This may include if you remain a customer for whom we need to provide services, or if you wish us to no longer contact you for marketing purposes. In this case, we may need to retain some of your details securely in order to facilitate this request by, for example, keeping you on a “do not contact” or suppression list. In such circumstances, data processing shall be limited to the minimum which is necessary. Right of Rectification You have the right to have your personal information rectified if it is inaccurate or incomplete. Right to Object You have the right to request that we stop processing your personal information for marketing purposes and can request that we stop processing your personal information for other purposes based on our legitimate interests. In some cases, we may be able to prove that we have compelling legal grounds to continue processing of your data. In such circumstances, we will try to provide you with a comprehensive explanation of why we are obliged to remain in a possession of your personal data. Right to Restrict Data Processing You may have the right to request that we restrict the processing of your personal information (e.g. where you believe that the personal information we hold about you is inaccurate or unlawfully held). Return of Personal Data You may have the right to be provided with your personal information in a structured, machine-readable and commonly used format and to request that we transfer the personal information provided by you to another data controller. Right to withdraw consent Once data processing is based upon consent, you have the right to withdraw it at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. 4. Data Protection Policy S2M-group Data Services & Software Holding, S.L. declares that it shall not enable access to data by any third-party not being Company’s processor, sub-processor or contractor. Once acting as a Processor, S2M-group Data Services & Software Holding, S.L. shall process personal data used for Marketing and Sale activities only to the extent and in line with guidelines included in the Contract with a Client. S2M-group Data Services & Software Holding, S.L. dedicates itself to notify a Client about any data breach immediately after its discovery. S2M-group Data Services & Software Holding, S.L. declares that it shall conduct periodical data safety overviews and assist Clients acting as Data Controller in Impact Assessment preparations. S2M-group Data Services & Software Holding, S.L. dedicates to store data according to legality, accuracy and limitedness requirements. S2M-group Data Services & Software Holding, S.L. decided to appoint Data Protection Officer to ensure high quality of Data Protection within the Company. Furthermore, all inquiries or questions concerning data processing shall be addressed to firstname.lastname@example.org. If you are Data Subject and S2M-group Data Services & Software Holding, S.L. process your data you can always request data correction, deletion or return via email@example.com. All requests concerning data deletion, rectification, processing restriction, data return (data portability), consent withdrawal or any other related to data processing shall be addressed within 30 days by S2M–group. Once choosing Processors and/or Sub-Processors, S2M-group Data Services & Software Holding, S.L. reviewed Data Protection Policies of chosen companies to ensure data safety as far as third-parties are concerned. 4. Final Statement S2M-group Data Services & Software Holding, S.L. is aware of importance arising out of data safety and is willing to cooperate in this regard that is why the Company is open to hear about any Client’s concerns and address them. In case of any dispute arising, we are open to participate in amicable dispute settlement or mediation as well as assist during Audits performed in our Client’s companies or offices once our Clients act as a Controller. Such help and assistance shall be limited to what is commercially justifiable from business as well as technical perspective.