SOLARMA SISTEMAS DE CONTROL Y SEGURIDAD PRIVACY POLICY

DETAILED INFORMATION ON DATA PROCESSING

1. Name and contact details of the Data Controller

Under the terms of the applicable data protection regulations and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the "GDPR"), and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, the "LOPDGDDD"), the Data Controller is:

2. Compliance with applicable regulations

SOLARMA has adapted its website to the GDPR and the LOPDGDD. To do so, it has implemented those policies, measures and technical and organisational procedures to guarantee and protect the confidentiality, integrity and availability of your personal data.

The transmission of data by the user of SOLARMA services (hereinafter, the "User") through the Web, is done on a voluntary basis and being informed prior to the treatment of the use and purposes thereof.

3. The principles we apply to your personal information

The data provided to SOLARMA by different means, online or offline contact forms or any other procedure used for the collection of your data, will be carried out in accordance with current data protection regulations, and for the sole purpose of providing the service you have been informed of.

In the processing of your personal data, we apply the following principles that comply with the requirements of the GDPR:

• The principles of lawfulness, fairness and transparency: We will always have a legal basis for processing your personal data for one or more specific purposes, which we will inform you about in advance in full transparency. SOLARMA hereby informs you that only the information necessary to achieve the purpose of the processing is collected, and only the data you have provided will be processed for the purpose(s) for which you were informed.
• The data minimisation principle: We will only ask you for data that is strictly necessary in relation to the stated purposes.
• The principle of limitation of the term of retention: Personal data shall be kept for the time strictly necessary to the end of the purpose for which they were collected, and as long as the cause that made the processing of these personal data legitimate is maintained. When the reason that legitimised the processing has ended, the personal data will be kept securely stored for the term of the statute of limitations for any actions that may arise from the relationship between the parties and/or the legally stipulated storage periods.
• Principle of integrity: Your data will be processed in such a way as to ensure adequate security of personal data and to guarantee confidentiality. You should be aware that we take all necessary precautions to prevent unauthorised access or misuse of data by third parties.
• Principle of confidentiality: SOLARMA, in its capacity as Data Controller, guarantees confidentiality in the processing of all personal data of the User to which it has access. As with any other person involved in any phase of the processing, the Data Controller is subject to the strictest professional confidentiality, with a special commitment to adopt the necessary levels of protection and measures, both strategy and organisational, to guarantee the security of personal data and to avoid its alteration, misuse, loss, theft, unauthorised processing or access.
• Accuracy of data: All information provided by the User to SOLARMA must be truthful, and the User will be solely responsible for any false or inaccurate statements made and the damages caused to SOLARMA or third parties.

SOLARMA reserves the right to exclude any User who has provided false information from the services, without prejudice to any other legal action that may be appropriate.

4. Processing of personal data

4.1. Collection and processing of personal data

In providing us with their data through the Website, online or offline forms or by any other means, the User guarantees that they are truthful, exact, complete and up to date, and shall be liable for any direct or indirect damage or harm that may be caused as a result of non-compliance with this obligation.

In the event that you provide SOLARMA third party data, the User must have the consent of the user and undertake to transfer the information contained in this clause, exempting SOLARMA from any liability in this regard. SOLARMA may, nevertheless, carry out checks to verify this fact, adopting the appropriate due diligence measures, in accordance with data protection regulations.

4.2. Purposes of processing

The purposes of the processing carried out by SOLARMA of the User's personal data are:

4.3. Data Category

In accordance with the aforementioned purposes, SOLARMA collects and processes the following categories of User data:

1. Contact details: Name, surname, company and email address.
2. We also use cookies to collect certain information related to the User's browsing habits. For more information on how we use cookies, please see our Cookie Policy.

With regard to enquiries made using the form available in the "CONTACT" section, please briefly state the reason for the enquiry. Please note that personal enquiries cannot be answered there, except for those strictly established by the legislation in force. Under no circumstances will the User communicate data of any special nature (such as, for example, health data, religious data, etc.). In the event of doing so, the User exempts SOLARMA from all liability. In the event that inappropriate queries or content are submitted, SOLARMA will remove them.

5. Data processing by third parties and transfer

Depending on the purposes for which personal data are collected, your personal data may be processed by:

• Authorised SOLARMA personnel or their representatives acting on their behalf, subject to the applicable data protection regulations in force.

• Grupo Solar Profit entities when this is strictly necessary to carry out the purposes of the informed data processing and internal administrative management. The entities that make up Grupo Solar Profit are: Solar Profit Energy Services S.L.; Ingenia Ambiental S.L.; SolarProfit Iberica, SLU; and Profithol, S.A.

• Administrations, Authorities and Public Bodies, including Courts and Tribunals, when so required by the applicable regulations.

• Third party external service providers that SOLARMA contracts and that have the status of data processor [IT service providers that process information, hosting servers, database support maintenance, software and applications]. This is only after we have taken steps to ensure that we can share such information in compliance with data protection regulations.

Si existe una venta, una fusión, consolidación, cambio en el control societario, transferencia sustancial de activos, reorganización o liquidación de SOLARMA, entonces, a nuestra discreción, podemos transferir, vender o asignar la información recabada en la Web a una o más partes relevantes.

6. Security measures

SOLARMA adopts the security levels required by the GDPR appropriate to the nature of the data that are processed at all times by its activity. In this sense, it uses encryption techniques that do not allow a third party to trace the identity of the User interacting with our services. Similarly, it may also carry out secure anonymisation strategies for the personal data it processes in order to carry out its activities. The strategy in a medium such as the Internet is not totally secure, and there may be fraudulent actions by third parties, although SOLARMA makes every effort to prevent such actions.

7. International data transfer

We do not disclose your personal data to third parties outside the European Economic Area. In the case of international data transfers, all appropriate technical and organisational measures shall be taken to ensure the security of the data.

8. The rights of data subjects and the exercise of these rights

In accordance with both the GDPR and the LOPDGDD, Users may exercise the following rights:

• Right of access: The User may ask SOLARMA if it is processing their data and, if so, request access.
• Right of rectification: The User may request rectification of the data if it is inaccurate or incomplete.
• The right to request the erasure of their data, where possible. However, as soon as the User exercises this right, all personal data linked to his/her account, as well as the information and content included in his/her profile, will be deleted and will remain stored until the end of the legally stipulated term. Likewise, in the event that the User exercises the right of deletion of the data necessary for SOLARMA to provide Website services, SOLARMA will be obliged to terminate its relationship with the User, proceeding to unsubscribe, without the right to any claim by it.
• Right to request the limitation of processing: In this case, we will only retain them for the exercise or defence of claims.
• Right to object to the processing: SOLARMA will stop processing personal data, with the exception of data that must continue to be processed for reasons of overriding legitimate interest or for the exercise or defence of possible claims.
• Right to data portability: In the event that the User wants their data to be processed by another data controller, SOLARMA will facilitate the transfer of their data to the new controller in the event that both have the necessary technical means to do so.
• The right not to be subject to a decision based solely on automated processing of their personal data.
• Right to revoke consent: If the User has given consent for a specific purpose, he or she may withdraw such consent at any time, without this affecting the lawfulness of the processing based on the consent prior to its withdrawal.
• Right to make a complaint with the Spanish Data Protection Agency: If you consider that a breach of data protection legislation has been committed with regard to the processing of your personal data (https://www.aepd.es/es)

To exercise your rights, you can use the remplates and forms available on the official website of the Spanish Data Protection Agency (https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos), and write to SOLARMA's registered office or send an email to dpo@solarprofit.es, REF: "Data Protection".

9. User Consent

The User declares to have read and accepted this Privacy Policy.

The User undertakes to indemnify SOLARMA against any possible claim, fine or sanction that it may be obliged to bear as a result of the User's failure to comply with the duty described in this paragraph.

10. Changes to the Privacy Policy

We will only use personal data in accordance with the Privacy Policy in effect at the time such data is collected.

SOLARMA reserves the right to modify this Privacy Policy at any time with effect from the date of publication of such changes on the Web, therefore it is recommended to visit it each time you access it. If at any time we decide to use personal data in a manner different from that stated at the time it was collected, this will be communicated to the User by email, where available to us. At this point, you will be given the option to consent to other uses or disclosures of the personal information you provided to us prior to the change in our Privacy Policy.

Should any clause of this Privacy Policy be annulled or considered null and void, the rest of the conditions shall not be affected, and shall remain fully valid and in force, in accordance with the applicable regulations in force at any given time.

11. Governing Law

The privacy of all information provided, both by the User through the different forms for requesting personal data, and that made available through the Website, is regulated by the data protection regulations in force, especially by the GDPR and the LOPDDGDD.

12. Cookies

Access to the website may involve the use of cookies. Cookies are small pieces of information that are stored on the browser used by each user so that the server remembers certain information that can be subsequently used. This information allows us to distinguish you as a specific user and to store your personal preferences, as well as strategic information about the use and operation of the Website.

Users who do not wish to enable cookies or who wish to be informed before they are stored on their devices can configure their own device to that effect. For more information, please see our Cookie Policy.