S2M-group Data Protection Policy GDPR Compliance Statement – Dedication to Data Safety Standards S2M – Group Data Services & Software Holdings, S.L is a company acting worldwide. Due to our awareness of the importance of data protection standards as well as dedication to providing the Service of the highest quality to our Clients we, hereby, declare that as a Company we are dedicated to supporting European standards of data protection. This is a unilateral statement showing our Data Protection Policy and aspiration to fulfill requirements set forth by Regulation EU 2016/679 known as General Data Protection Regulation (GDPR). Hereby, this policy applies to data processing performed by S2M – Group Data Services & Software Holdings, S.L during the course of Contract performance as well as pre-contractual contact with Clients or processing on behalf of Clients. All terms and definitions concerning data processing as “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing”, “Processor”, and “Supervisory Authority” shall be understood in line with definitions provided by Regulation EU 2016/679 1) Aim and performance This document shall serve as a policy statement to present our approach towards data protection and our readiness to fulfil European standards. Our Company is aware of internal as well as external risks arising out of data processing is ready to devote its time and resources to minimize any risk. To achieve this aim, we appointed Data Protection Officer to monitor data flow within S2M – Group Data Services & Software Holdings, S.L. Furthermore, we are ready to provide our customers with Data Processing Addendum to ensure data safety standards. 2) Role of S2M – Group Data Services & Software Holdings, S.L S2M Group may perform its duties as a Controller or Processor. The Company acts as a Controller in following situations. Once processing personal data of its Clients. Such data are collected to complete Contract and establish a relation between Company and Client. Client’s data are also processed due to tax and financial obligations coming from the national legal system. Once processing personal data of its potential clients in the course of outbound activities. Such processing is limited to basic data necessary to establish marketing relation with potential customers. Furthermore, the Company is aware of all information obligation, the requirement to enable data deletion or correction and all further requirements concerning data safety. The Company acts as a Processor in following situations. Once processing personal data on behalf of and in line with requirements set forth by the Client in the Contract between the Company and a Client. In this case, our Client acts as a Controller because he or she is the one defining aim, purpose and extent of personal data processing. S2M Group provides a comprehensive service which shall support Client’s Marketing and Sale activities. 3) Data Protection Policy S2M – Group Data Services & Software Holdings, S.L declares that it shall not enable access to data by any third-party not being Company’s processor, sub-processor or contractor. Once acting as a Processor, S2M – Group Data Services & Software Holdings, S.L shall process personal data used for Marketing and Sale activities only to the extent and in line with guidelines included in the Contract with a Client. S2M – Group Data Services & Software Holdings, S.L dedicates itself to notify a Client about any data breach immediately after its discovery. S2M – Group Data Services & Software Holdings, S.L declares that it shall conduct periodical data safety overviews and assist Clients acting as Data Controller in Impact Assessment preparations. S2M – Group Data Services & Software Holdings, S.L dedicates to store data according to legality, accuracy and limitedness requirements. S2M – Group Data Services & Software Holdings, S.L decided to appoint Data Protection Officer to ensure high quality of Data Protection within the Company. Furthermore, all inquiries or questions concerning data processing shall be addressed to email@example.com. If you are Data Subject and S2M – Group Data Services & Software Holdings, S.L process your data you can always request data correction, deletion or return via firstname.lastname@example.org. Once choosing Processors and/or Sub-Processors, S2M – Group Data Services & Software Holdings, S.L reviewed Data Protection Policies of chosen companies to ensure data safety as far as third-parties are concerned. 4) Final Statement S2M – Group Data Services & Software Holdings, S.L is aware of importance arising out of data safety and is willing to cooperate in this regard that is why the Company is open to hear about any Client’s concerns and address them. In case of any dispute arising, we are open to participate in amicable dispute settlement or mediation as well as assist during Audits performed in our Client’s companies or offices once our Clients act as a Controller. Such help and assistance shall be limited to what is commercially justifiable from business as well as technical perspective.