PRIVACY POLICY

INTRODUCTION

SICOR SECURITY EL CORTE INGLÉS, S.L. DGP 3247 (hereinafter SICOR SECURITY) aims at the strictest compliance with the regulations applicable to it and, therefore, marks as a fundamental element its correct adaptation to the regulations on the protection of personal data. Therefore, and in application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter the General Data Protection Regulation or "GDPR"), as well as the implementing regulations that may derive from it, we want to inform you about certain aspects relating to the processing of your data that we will carry out as a result of your browsing on our website.

At SICOR SECURITY we are committed to ensuring that your personal information is protected and not misused.

In this document we explain who the data controller is, the purpose for which your personal information will be processed, the legitimacy for the processing, how we collect it, why we collect it, how we use it, the rights you have and also explain the processes we have put in place to protect your privacy.

By providing us with your personal information and use our websites (www.sicorsalarmas.com and www.gruposicor.com), we understand that you have read and understood the terms relating to the protection of personal data protection information that are exposed. SICOR SECURITY assumes responsibility for complying with current legislation on national and European data protection, and aim to treat your data in a lawful, fair and transparent.

WHO IS RESPONSIBLE FOR THE TREATMENT?

SICOR SECURITY EL CORTE INGLÉS, S.L. is responsible for the processing. This means that we have determined the objectives or purposes and established the necessary means in the treatment to protect your personal data that you provide us through the forms and subscription newsletters that exist on this website, as well as the data collected through the cookies we use.

TAX IDENTIFICATION NUMBER: B84128032

Registered Office: C/ Maestro Alonso No 24. 28028 MADRID

e-mail: dpd@gruposicor.com Tfno: (+34) 902 11 12 14

Registry Data: Madrid Mercantile Register: Volume 519, Section 8a, Page M-9.880, Entry 1.

Security Company Authorized by the Ministry of Interior, Registered in the National Register of Private Security with the No DGP 3247

If you have any queries, comments or concerns, or would like to make a suggestion about how we use personal information, you can send an email to the SICOR GROUP 's Data Protection Delegate at dpd@gruposicor.com.

HOW DO WE COLLECT INFORMATION ABOUT YOU?

The data we process in SICOR SECURITY have been provided directly by you, through the various forms you have completed while browsing through our website, such as the request for information and / or contact with any of our sales agents, among others, as well as the use of cookies we use on our website.

In any case, at the time of collection you will be informed of the data controller, the purpose of processing, the recipients of the information, as well as how to exercise your rights under current legislation on data protection. The user of this website guarantees the authenticity and veracity of all data entered in the various forms, being your responsibility to update the information provided, so that it reflects your actual situation. Therefore, you will be responsible for the inaccuracy or lack of veracity of the information you provide at all times.

FOR WHAT PURPOSE DO WE COLLECT YOUR PERSONAL INFORMATION?

Depending on the services or functionalities that you want to enjoy at any given time, we will need to process some data or others, which in general will be, depending on the case, the following:

• Identification data (e.g. your name and surname)
• Contact details (e.g. telephone, email, postal address)

Depending on how you interact with our websites (www.gruposicor.com and www.sicoralarmas.com), we will treat your personal data for different purposes. The table below details the different purposes for which your data may be processed depending on the relationship you have with SICOR SECURITY and its legal basis:

PURPOSE	ADDITIONAL INFORMATION	LEGITIMIZING BASIS
Register as a customer on our website: If you decide to register as a customer on our website, we need to treat your data to identify and authenticate you as a customer of the same and give you access to its various services or features that are available to you as a registered customer.	Conditions of Use	Execution of contract: The legitimacy of this treatment is given by the need for the execution of the terms governing the conditions and use of our website (art. 6.1.b of the RGPD). In other words, in order for you to register as a user on the website, we need to process your personal data, otherwise we would not be able to manage your digital registration.
Utility "Calculator": Simulate an indicative budget. This purpose includes the processing of your data, mainly to contact you and arrange a visit to carry out an analysis of the real needs you require, and to be able to present you with a firm offer.	Conditions of Use	Execution of Contract: the legitimacy of this treatment is given by the need to apply at your request pre-contractual measures, (art. 6.1.b of the RGPD). In other words, in order for us to simulate a quote and contact you to arrange a visit to the home where you plan to install the alarm system, we need to process your personal data, otherwise we would not be able to process your request.
Contact: Attend to requests or requests you make to SICOR SECURITY through the channels available, trying the personal data that are strictly necessary to manage or resolve your request or request.	This information will be sent by the different means of contact (electronic and non-electronic): postal address, e-mail, and mobile phone among others. If you use the telephone channel, the call may be recorded to attend to your request and guarantee its quality.	Legitimate Interest: We consider that we have a legitimate interest in responding to the requests or queries you submit to us through the various existing contact channels (art. 6.1.f of the RGPD). We understand that the processing of your data is also beneficial to you in that it allows us to serve you properly and resolve queries and doubts that we raise. Execution of Contract: When you contact SICOR SECURITY, for the management of incidents related to the installation of the alarm system or its operation (service purchased), the treatment is necessary for the execution of the alarm contract (art. 6.1.b of the RGPD). Legal Obligation: When your request is related to the exercise of the rights about which we inform you in its corresponding section, of this Privacy Policy, or claims related to the contracted service, what legitimizes us to treat your data is the fulfillment of legal obligations on our part, (Royal Legislative Decree 1/2007 approving the revised text of the General Law for the Defense of Consumers and Users, Regulation (EU) 2016/679 of the European Parliament and of the Council, and The Organic Law 3/2018 on Data Protection and Guarantees of Digital Rights).
Work with us: The purpose of the treatment is to analyze whether the data provided in your resume fits the profile required in our company, becoming part of potential candidates, and enter the selection process of human resources.	Whenever a user wishes to send us his Curriculum Vitae, he will be asked for his express consent through the enabled box, enabled for this purpose.	Express consent: If you are interested in sending us your Curriculum Vitae, the legitimacy for the processing of your data is given by the express consent that we request. In other words, in order for you to enter a selection process, we need to process your personal data, otherwise we would not be able to receive your Curriculum Vitae (art. 6.1.a RGPD).
Management and analysis of web browsing: If you browse our website, we inform you that we will process your browsing data for analytical and statistical purposes, i.e. to understand how users interact on our website, to detect and implement improvements in it.	LOPD Report We process the information to allow and facilitate your access to and browsing of our digital media. For example, to offer you the version of the website that best suits the characteristics of the device you choose to access our website, your language, among others. Likewise, prior to your consent, we will analyse your browsing in order to adapt to your needs. The information we collect includes the Internet protocol (IP) address of the device you are using, the browser you are using, your operating system, the date and time of access, the Internet address of the website through which you accessed our websites. You can consult our cookies policy.	Execution of Contract: The execution of the contract applies exclusively to strictly necessary cookies (mandatory cookies). Express consent: Express consent applies to all other cookies (optional cookies).

We remind you that, at any time, you may revoke your consent freely and free of charge by contacting our Data Protection Officer.

Information we collect from your visit to the website and/or the SICOR App

We collect and store limited personal information and anonymous aggregate statistics from all users who visit our website or have downloaded our App, either because you actively provide us with such information or are simply browsing our websites.

We use this information to know the loading time of our website/App, how they are used, the number of visits to the different sections and the type of information that most attracts visitors. It also helps to identify if the web/App is working correctly, and to detect faults or errors in the operation, to be able to solve them and to improve the performance of our web/App, to offer a better service to all users.

This information is collected through cookies, for more information see the Cookies Policy. We remind you that this policy contains a link to the cookie configurator, so that you can change your cookie settings at any time.

SOCIAL DIVISIONS

It is increasingly common to use social networks and in this sense SICOR SECURITY is present in most of them, and is another way to contact you.

The information we collect through social media sometimes includes personal information that is available online and to the public. We always ensure that all information we use is properly attributed to its source or is anonymised.

These social networks will likely have their own privacy policies that explain how they use and share your personal information. We encourage you to carefully review their privacy policies before using these social networks to make sure you are comfortable with how your personal information is collected and shared.

Data processed

We process your Customer data linked to your registration as defined below:

• Registration data: this represents personal and demographic information about you (so-called master data), which you provide to us when you register on our website/App to obtain your digital customer account. Your profile data includes, for example: your first and last name, ID number, your contact details, date of birth and gender.
  The required information is usually your first name, first surname, mobile phone number, your email address and your password. Your email address and password will later become your login details.
  For the use of limited paid or personalised services, other information, such as your date of birth, may be required.
  You can change certain information in your profile at any time and even complete it, for example, by adding your postal address or updating it after a change of residence.
• Contact details: When you contact us, we collect your contact details. These may include your name, postal addresses, telephone numbers, and email addresses, as well as details of your social media profiles (for example, we obtain your Facebook ID, if you contact us via Facebook).
• Contract data: When you sign up for a service we collect information about you through the execution of the contract. The contract may include the following information, depending on the type of security service contracted:
  • Name and Surname
  • D.N.I.
  • Postal address
  • Details of the contracted service pack
  • Details of the bank debit (SEPA mandate) or details of the direct debit on the El Corte Inglés Purchasing Card.
  • Contract number
  • Details of operational contact persons (name and surname, type of relationship and contact telephone numbers)
  • Type of relationship with contact persons.
  • Sketch of the installation.
• Service data: When the security systems are in operation, we record all events that occur, such as alarm signals, openings, sabotage, assistance, and user position, and all recorded data becomes part of the customer's history.
• Data relating to the use of the website and the App: When you interact with our applications, we collect information that tells us what content, topics or services you are interested in, downloads of additional information, access via links, problems that we detect in the use of the tools and even your location if you have specifically authorised it. The use of this information is regulated in the Cookies policy.
• Communication response data: We analyse the performance of commercial campaigns carried out through e-mails, to find out how our customers interact with the e-mails they receive. This information helps us to know the opening rate, the rate of clicks on a link included in the email, as well as the rate of customers contacted.
• Geolocation data: For certain purposes, such as cyber-escort or telecare, we collect information about the current location of your device when you use our services. In the event that you enable geolocation services on your device for the SICOR App, website or other online service, we will process the location data that your device identifies and provides us with in order to provide you with location-based services (for example, in the Telecare service, we can find out where the relative or person is moving around inside or outside the home, and send you alerts or warnings).
  If it is essential for any of the services we provide to activate geolocation and this is disabled, the mobile device will notify you to activate it, otherwise you will not be able to receive this service.
  SICOR may create movement profiles based on this data in order to define habits or rules of behaviour, and you will have access to them in order to know them and protect your loved ones.

TO WHOM MAY WE DISCLOSE YOUR PERSONAL INFORMATION?

Your data is not communicated to third party companies except those that provide services to SICOR GROUP companies (third parties) for the proper execution of the purposes indicated in this Privacy Policy, and to provide you with the services we offer, always under our express instructions. Likewise, it is not foreseen that International Transfers of your Data will be carried out.

These third parties only have access to the personal information they need to perform these services. They are required to maintain the confidentiality of your personal information and may not use it in any manner other than as we have requested, namely:

• Information technology service providers.
• Suppliers and partners of security services and installation of alarms.
• Logistics, transport and goods handling service providers.
• Cleaning service providers.
• Temporary employment agencies.
• Special employment centres.

In all cases, SICOR SECURITY assumes responsibility for the personal information you provide us, and we ask those companies with whom we share your personal information to apply the same degree of protection of information that we do. Also, your personal information will be available to public administrations, judges and courts, for the attention of the possible responsibilities arising from the treatment.

LINKS TO THIRD PARTY WEBSITES

In the event that we provide links to websites that are not operated or controlled by SICOR SECURITY, you will be promptly informed as SICOR SECURITY has no control over such sites nor are we responsible for the content of such sites, nor do we have control over how third parties collect and use your personal information.

These websites should have their own privacy policies, which explain how they use and share your personal information. We recommend that you carefully review the privacy policies before using these websites to ensure that you are happy with how your personal information is collected and shared.

HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?

We only store your personal information to the extent that we need it in order to use it for the purpose for which it is collected and the legal basis for processing it in accordance with applicable law.

The storage period of your data will depend on the purposes for which we process them. The table below details the retention periods for each of the different purposes:

PURPOSE	CONSERVATION PERIOD INFORMATION
Registration as a customer on our website and/or App: If you decide to register as a customer, we need to process your data to identify and authenticate you as a customer and give you access to the different services or functionalities available to you as a registered customer. These services include the following: remotely controlling the security system, accessing images and recordings, connecting or disconnecting the security system, consulting invoices, receiving alerts and notifications, requesting technical or medical assistance and assistance for theft, accessing remote assistance services, as well as cyber escort services.	We process your data for as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to delete and/or limit the processing of your data. In particular, your data will not be kept for a period exceeding six years from the end of our contractual relationship, in accordance with Art. 30 of the Commercial Code, with the exception of images and, where appropriate, sounds, which are captured by security systems that will be kept for a maximum period of 30 days, as provided for in Art. 22.3 of Organic Law 3/2018, of December 3, 2018, on the Protection of Personal Data and the Guarantee of Digital Rights. 22.3 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights. Notwithstanding the foregoing, in the event that there are indications of criminal acts or an ongoing procedural procedure in relation to you, your data may be kept for the necessary time until a final judicial decision is obtained, being at the disposal of the State Security Forces and Corps, as well as judges and courts.
Calculator" utility: Simulate an indicative estimate. This purpose includes the processing of your data, mainly to contact you and arrange a visit to carry out an analysis of the real needs you require, and to be able to present you with a firm offer.	We treat your data for the time necessary to manage and prepare your budget, in the same will indicate the period of conservation tending to various criteria.
Contact: To deal with the requests or requests you make to SICOR through the available channels, processing the personal data that are strictly necessary to manage or resolve your request or request.	We will process your data for as long as it is necessary to fulfill your request.
Work with us: The purpose of the treatment is to analyze whether the data provided in your resume fits the profile required in our company, becoming part of potential candidates, and enter the selection process of human resources.	We will process your data for as long as necessary to carry out the selection process. You will be informed of the retention periods or criteria at the time we previously inform you of the purpose and request your consent.
Management and analysis of web browsing: If you browse our website/App we will store and evaluate information about your recent visits to our site and how you navigate through the different sections of the site in order to analyse and understand how users use our website/App and to make it more intuitive. We will also keep a record of the sections or services you have read or consulted and use this information to personalise the advertising we show you according to your interests.	We will process your data for the period of time indicated in our Cookie Policy.

In certain cases, we will keep your information properly blocked, without giving it any use, while it may be necessary for the exercise or defence of claims or may derive some kind of judicial, legal or contractual liability from its processing, which must be attended to and for which its recovery is necessary.

WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

Data protection regulations allow you to exercise your rights of access, rectification, opposition, deletion, limitation of processing, portability and not to be subject to individualized decisions before SICOR SECURITY.

These rights are characterized by the following:

• It is free of charge
• If the requests are manifestly unfounded or excessive (e.g. repetitive nature) SICOR SECURITY will be able to:
  • Charge a fee proportional to the administrative costs incurred.
  • Refusing to act

• Applications must be responded to within one month, although, taking into account the complexity and number of applications, the deadline may be extended for a further two months.
• SICOR SECURITY is obliged to inform you about the means to exercise these rights. These means must be accessible and this right cannot be denied for the sole reason that you choose another means.
• If the application is submitted by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.
• If SICOR SECURITY does not act on the request, it will inform you within one month at the latest, of the reasons for its failure to act and the possibility to complain to a Control Authority.
• You can exercise your rights directly or through your legal representative.

Below, we explain what your rights are:

• The right of access allows you to address SICOR SECURITY to know whether or not it is processing your personal data.
• The right of rectification means that you can obtain rectification of your personal data that is inaccurate without undue delay from SICOR SECURITY. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of an additional declaration. In your request you should indicate which data you are referring to and the correction to be made. In addition, where necessary, your request must be accompanied by documentation justifying the inaccuracy or incompleteness of your data.
• The right to objectas the name implies, assumes that you can oppose the SICOR SECURITY process your personal data in the following cases:
  • Where they are processed on the basis of a public interest mission or legitimate interest, including profiling.
  • When the purpose of the processing is direct marketing, including also the aforementioned profiling.
• The right of suppression you will be able to exercise it before SICOR SECURITY requesting the deletion of your personal data when any of the following circumstances apply:
  • If your personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed.
  • If the processing of your personal data has been based on the consent you gave to SICOR SECURITY, and you withdraw the same, provided that such treatment is not based on another cause that legitimizes it.
  • SICOR SECURITY 's processing is based on legitimate interest or the fulfilment of a public interest mission, and no other reasons have prevailed to legitimize the processing of your data.

To have your personal data used for direct marketing, including profiling in connection with such marketing.

▪ If your personal data has been processed unlawfully.

However, this right is not unlimited, so that it may be feasible not to proceed with erasure when processing is necessary for the exercise of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of public powers vested in the controller, for reasons of public interest, in the field of public health, for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes, or for the formulation, exercise or defence of claims.

SICOR SECURITY will be obliged to block your data when it proceeds to its rectification or deletion.

The blocking of the data consists of the identification and reservation of the data, adopting technical and organisational measures to prevent its processing, including its visualisation, except for making the data available to the judges and courts, the Public Prosecutor's Office or the competent Public Administrations, in particular the data protection authorities, for the demand of possible responsibilities derived from the processing and only for the period of limitation of the same.

After this period has elapsed, the data must be destroyed.

• The right to limitation of the processing consists in obtaining the limitation of the processing of your data carried out by SICOR SECURITYHowever, there are two ways of exercising this right: You can request the suspension of the processing of your data:
  • When you challenge the accuracy of your personal data, for a period of time that allows the data controller to verify it.
  • When you have objected to the processing of your personal data that SICOR SECURITY performs on the basis of legitimate interest or public interest mission, while SICOR SECURITY verifies whether these reasons prevail over yours.
  • Ask SICOR SECURITY to keep your data:
  • When the processing is unlawful and we have objected to the deletion of your data and you request the restriction of its use instead.
  • When SICOR SECURITY no longer needs the personal data for the purposes of processing, but you need them for the formulation, exercise or defense of claims.
• The right to portability: The purpose of this new right is to further strengthen control over your personal data, so that when processing is carried out by automated means, you receive your personal data in a structured, commonly used, machine-readable and interoperable format, and you can transmit it to another data controller, provided that the processing is legitimate on the basis of consent or in the context of the performance of a contract.
• However, this right, by its very nature, cannot apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In order to exercise your rights SICOR SECURITY offers you the following means

• By means of a written and signed request addressed to the Data Protection Delegate of SICOR GROUP, calle Maestro Alonso 24 - Local 28; 28028, MADRID, enclosing a photocopy of the ID card, document or any other data that reliably proves the identity of the applicant.
• By means of a written and signed request addressed to the e-mail address of the Data Protection Delegate of the SICOR GROUP, dpd@gruposicor.com, attaching a photocopy of the ID card, document or any other data that reliably proves the identity of the applicant.

You can file a complaint with the Spanish Data Protection Agency, especially when you are not satisfied with the response to the exercise of their rights, for more details you can consult the website www.aepd.es

HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

At SICOR SECURITY we are committed to protecting your personal information. We use appropriate technical and organizational measures to protect your personal information and privacy and we review these measures periodically. We protect your personal information by using a combination of physical, computer and logical security controls, including access controls that restrict and manage the way in which your personal information and personal data is processed, administered and managed. We also ensure that our employees are properly trained to protect your personal information. Our procedures indicate that we may ask you for proof of identity before we share your personal information with you.

In keeping with our guarantee of security and confidentiality, we are especially interested in providing you with the highest level of security and protecting the confidentiality of the personal information you provide to us.

MODIFICATIONS TO THE PRIVACY POLICY

We will review and update the data protection information when there are changes in the law or in any of the procedures for handling your personal information.