PRIVACY POLICY AND PERSONAL DATA PROTECTION

This Privacy Policy and Personal Data Protection is an integral part of the Terms of Use of the website located at the URL www.gruposermicro.com

The Client or Candidate (hereinafter the “User”), by providing SUMINISTROS, IMPORTACIONES Y MANTENIMIENTOS ELECTRÓNICOS, S.A.U. (hereinafter SERMICRO or GRUPO SERMICRO) with their personal data through the electronic forms on the Website or contact section, and, if applicable, by ticking the corresponding acceptance box, expressly consents that GRUPO SERMICRO may process these data under the terms of this Privacy Policy and Personal Data Protection clause and for the purposes expressed herein.

GRUPO SERMICRO is aware of the importance of personal data, ensuring all Users that we strive for the proper treatment and privacy of such data, strictly complying with the provisions of the Legal System, and in the terms that we explain below:

In compliance with the General Data Protection Regulation (EU) 2016/679, of May 25, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, we inform that there is an automated processing of personal data activities, solely to facilitate the management of this Website’s activity, the management of the services offered through it, and, if applicable, the management, development, and fulfillment of the contractual relationship that the User establishes with GRUPO SERMICRO. Likewise, GRUPO SERMICRO will process the data provided to manage queries made through the Website, which may be included in manual or automated files for such use.

GRUPO SERMICRO is, for the purposes of the Law, the Data Controller.

The processing activities are registered in the Company’s Data Protection Policy and have the legally established security measures (technical and organizational measures that prevent alteration, loss, unauthorized processing, or access to data, as appropriate).

The provision of personal data requested by GRUPO SERMICRO is mandatory for certain services offered on the Website. If the User does not provide the requested personal data or does not accept this Privacy Policy and Data Protection, they will not be able to acquire the offered products. Similarly, the provision of data requested by GRUPO SERMICRO is mandatory to assess applications for job positions offered on the Website. If the candidate does not provide personal data or does not accept this Privacy Policy and Data Protection, their application cannot be considered.

All personal data provided to us will be incorporated into our aforementioned activity register.

The Management of GRUPO SERMICRO is responsible for formulating the strategy and approving the Company’s corporate Policies, as well as organizing internal control systems. In exercising these responsibilities, and to establish the general principles governing the processing of personal data, the following points are outlined:

1. Purpose: The personal data protection policy establishes the principles and common guidelines that should govern GRUPO SERMICRO in personal data protection matters, ensuring compliance with applicable legislation. In particular, the personal data protection policy aims to guarantee the right to data protection for all individuals associated with the company, ensuring respect for the right to honor and privacy in processing various types of personal data from different sources and for different purposes based on its business activity.
2. Evaluation: The Security Officer will evaluate the compliance and effectiveness of this personal data protection policy at least once a year and report the results to the management responsible for these functions at any given time.
3. This personal data protection policy was initially approved by the Administrator on May 15, 2018.
4. By accepting this Privacy Policy and Data Protection, the User guarantees the accuracy, validity, and authenticity of the personal data provided and commits to keeping them duly updated.

The User releases GRUPO SERMICRO from liability for any damage or harm they may suffer as a result of errors, defects, or omissions in the information provided to GRUPO SERMICRO.

GRUPO SERMICRO commits to fulfilling its obligation of professional secrecy concerning the personal data received through the Website and treating them confidentially.

The User expressly agrees that GRUPO SERMICRO may transfer personal data as, occasionally, we use other companies to provide some of our services. For this, they require access to our Users’ personal data. GRUPO SERMICRO may provide the information submitted through the Website to third parties related to or dependent on it or to service providers, to achieve such services, for the purposes and with the application of the security measures provided in the GDPR.

To facilitate navigation on the Website, GRUPO SERMICRO will use cookies or other similar functionality files. For more information about Cookies, Users are advised to read https://gruposermicro.com/politica-de-cookies/.

5. Principles of personal data processing The principles governing the personal data protection policy are as follows:
6. a) General principles: GRUPO SERMICRO will scrupulously comply with the legislation of its jurisdiction concerning data protection, applicable based on the personal data processing carried out and determined by binding rules or agreements adopted within the company. GRUPO SERMICRO will promote that the principles set out in this personal data protection policy are considered.
7. 1. (i) in the design and implementation of all procedures involving personal data processing,

      (ii) in the products and services offered by it,

      (iii) in all contracts and obligations formalized with individuals, and (iv) in the implementation of systems and platforms that allow employees or third parties to access personal data and/or collect or process such data.

1. b) Principles related to personal data processing:
2. 1. (i) Principles of legitimacy, lawfulness, and fairness in personal data processing. Personal data processing will be fair, legitimate, and lawful under applicable legislation. In this sense, personal data must be collected for one or more specific and legitimate purposes under applicable legislation. Where required by applicable law, the consent of data subjects must be obtained before collecting their data. Likewise, when required by law, the purposes of personal data processing will be explicit and determined at the time of collection.

      In particular, GRUPO SERMICRO will not collect or process personal data related to racial or ethnic origin, political ideology, beliefs, religious or philosophical convictions, life or sexual orientation, union membership, health, or genetic or biometric data aimed at uniquely identifying a person, unless the collection of such data is necessary, legitimate, and required or permitted by applicable law, in which case they will be collected and processed as provided therein.

      (ii) Principle of minimization. Only personal data that are strictly necessary and appropriate for the purpose for which they are collected or processed will be subject to processing.

      (iii) Purpose limitation principle: data collected for specified, explicit, and legitimate purposes, and not processed further in a manner incompatible with those purposes.

      (iv) Principle of accuracy. Personal data must be accurate and kept up to date. Otherwise, they must be deleted or rectified.

      (v) Principle of storage limitation. Personal data will not be kept longer than necessary to achieve the purpose for which they are processed, except in legally provided cases.

      (vi) Principles of integrity and confidentiality. Personal data protection policy. In processing personal data, adequate security must be ensured through technical or organizational measures that protect them from unauthorized or unlawful processing and prevent their loss, destruction, or accidental damage. Personal data collected and processed by GRUPO SERMICRO must be kept with the utmost confidentiality and secrecy, not being used for purposes other than those that justified and allowed their collection, nor communicated or transferred to third parties outside the cases permitted by applicable law.

      (vii) Principle of proactive responsibility (accountability). GRUPO SERMICRO will be responsible for complying with the principles stipulated in this personal data protection policy and those required by applicable legislation and must be able to demonstrate this when required by applicable law. GRUPO SERMICRO must conduct a risk assessment of the processing they carry out to determine the measures to be applied to ensure personal data are processed according to legal requirements. Where required by law, the risks that new products, services, or information systems may pose to personal data protection must be assessed beforehand, and necessary measures must be adopted to eliminate or mitigate them. GRUPO SERMICRO must maintain a record of activities describing the personal data processing carried out within their activities. If an incident occurs that causes the destruction, loss, or accidental or unlawful alteration of personal data, or unauthorized communication or access to such data, internal protocols established by the Security Officer and those established by applicable law must be followed. Such incidents must be documented, and measures will be taken to resolve and mitigate potential adverse effects for data subjects. Where provided by law

      (viii) Principles of transparency and information. The processing of personal data shall be transparent in relation to the data subject, providing information about the processing of their data in a clear and accessible manner, as required by applicable law. In order to ensure fair and transparent processing, the data controller, GRUPO SERMICRO, shall inform the affected or interested parties whose data is intended to be collected of the circumstances relating to the processing in accordance with applicable law.

      (ix) Acquisition or obtaining of personal data. The acquisition or obtaining of personal data from illegitimate sources, sources that do not sufficiently guarantee their legitimate origin, or sources whose data has been collected or transferred in contravention of the law is prohibited.

      (x) Engagement of data processors. Prior to engaging any service provider who accesses personal data for which GRUPO SERMICRO is responsible, as well as during the term of the contractual relationship, such providers must take necessary measures to ensure and, where legally required, demonstrate that the processing of data by the data processor complies with applicable regulations.

      (xi) International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must comply strictly with the requirements established by applicable law in the originating jurisdiction. Likewise, business partners or subsidiaries located outside the European Union must comply with the requirements for international transfers of personal data that are applicable in their jurisdiction, if any.

      (xii) Rights of data subjects. GRUPO SERMICRO must allow data subjects to exercise their rights of access, rectification, erasure (right to be forgotten), restriction of processing, data portability, and objection that are applicable in each jurisdiction, establishing internal procedures as necessary to meet, at least, the applicable legal requirements in each case.

6. Implementation: In accordance with this Policy on the Protection of Personal Data, the Corporate Security Directorate, together with the Legal Services of the company, will develop and maintain updated internal regulations for global data protection management, which will be implemented by the Security Manager and will be mandatory for all directors and employees of the Company. Likewise, the Manager will establish internal procedures to develop the principles outlined in this policy.
7. Control and evaluation: It is the responsibility of the Security Manager to supervise compliance with the provisions of this Policy on the Protection of Personal Data by the Group. To verify compliance with this Policy, periodic audits will be conducted by internal or external auditors.

Any User may exercise their rights of Access, Rectification, Erasure (Right to be Forgotten), Restriction of Processing, Data Portability, and Objection by postal mail to GRUPO SERMICRO located at Calle Pradillo 48-50, 28002 Madrid, Spain, or by sending an email to privacidad@sermicro.com with the reference in the subject line: “Data Protection,” including along with the request a copy of their ID card or official identity document.

Based on all the aforementioned, the following provides a schematic overview of the general aspects of the protection of your personal data carried out by GRUPO SERMICRO:

© GRUPO SERMICRO 2024