As a general principle, the Company shall scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate this (Principle of “proactive responsibility”), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of “risk approach”). In relation to the above, SOTOCONSTRUCCIONES 5 PROYECTOS S.L. shall ensure compliance with the following Principles:

• Legality, loyalty, transparency and limitation of purpose. Data processing must always be informed to the affected person through clauses and other procedures; and it will only be considered legitimate if there is consent for the processing of data (with special attention to that given by minors), or it has another valid legitimation and the purpose is in accordance with the Regulations.
• Data minimization. The processed data must be adequate, relevant and limited to what is necessary in relation to the purposes of the treatment.
• Accuracy. The data must be accurate and, if necessary, updated. In this sense, the necessary measures will be taken to delete or rectify without delay the personal data that are inaccurate with respect to the purposes of the treatment.
• Limitation of the conservation period. The data will be kept in such a way as to allow the identification of the interested parties for no longer than is necessary for the purposes of the treatment.
• Integrity and Confidentiality. The data will be processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through the application of technical or organizational measures appropriate
• Data transfers. It is prohibited to purchase or obtain personal data from illegitimate sources or in those cases where these data have been collected or transferred in violation of the law or their legitimate origin is not sufficiently guaranteed.
• Hiring suppliers with access to data. Only suppliers who offer sufficient guarantees to apply appropriate technical and security measures in data processing will be chosen for contracting. With these third parties the due Agreement on this will be documented.
• International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.
• Rights of those affected. The Company will make it easier for those affected to exercise their rights of access, rectification, deletion, limitation of processing, opposition and portability, establishing for this purpose the internal procedures, and in particular the models for their exercise that are necessary and appropriate, which must satisfy, at least, the legal requirements applicable to each case.

The company will promote that the principles contained in this personal data protection policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all the contracts and obligations that they formalize or assume and (iv) in the implementation of all systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.