FERRIMAX, S.A. Management (hereafter the data controller), assumes the greatest responsability and compromiso with the establishment, the implementation and maintenance of this Data Protection Policy, ensuring the continuous improvement of the data controller in order to reach the excellence concerning the Regulation (EU) 2016/679 of the European Parliament and Council, dated April 27, 2016, related to the protection of physical people concerning the personal data protection and the free movement of these ones and repealing Directive 95/46/CE (data protection general regulation) (DOUE L 119/1, 04-05-2016), and the Spanish standard about personal data protection (Organic Law, sector specific legislation and its development standards).

FERRIMAX, S.A. data protection policy lies on the proactive responsibility according to which the data controller is responsible for the compliance of the jurisprudential and regulatory framework that controls this Policy, and is able to prove it to the competent supervisory authorities.

In this sense, the data controller will follow the following principles that have to be as a guide and reference framework concerning the personal data protection for all the staff:

1. Data protection from the design: the data controller will apply, when he decides about the treatment and when he treats them), suitable technical and organizational measures, like the pseudonymization, designed to apply effectively the principles of the data protection, like the minimization of datas, and to integrate the necessary guarantees in the treatment.

2. Data protection by default: the data controller will apply the suitable technical and organizational measures in order to guarantee that, by default, only the necessary personal data will be the object of the treatment.

3. Data protection in the information life cycle: the measures that guarantee the protection of personal data will be applied for the whole information life cycle.

4. Legality, loyalty and transparency: the personal data will be legally, loyally and transparently treated in accordance with the party concerned.

5. Purpose limitation: the personal data will be collected for specific, explicit and legitimate purposes, and will not be treated lately in an incompatible way with this purpose.

6. Data minimization: the personal data will be appropriate, relevant and limited to what is essential concerning with the purposes why they are treated for.

7. Accuracy: the personal data will be exact and, if necessary, updated; all the measures will be taken to delete or modify the inexact ones quickly.

8. Limitation of the storage period: the personal data will be maintained in a way that the identification of the concerned people is possible for no more time tan the due time for the purposes of the personal data treatment.

9. Integrity and confidentiality: the personal data will be treated in a way that the appropriate security of the personal data is ensured, including the protection against an unauthorized or illegal treatment and against its loss, destruction or accidental damage, through the application of technical and organizational measures.

10. Information and training: one of the keys to ensure the personal data protection is the training and information given to the staff involved in their treatment. During the life cycle of the information, the staff having access to the data will be properly trained and informed about its obligations concerning the respect of the data protection.

FERRIMAX, S.A. Data Protection Policy is communicated to the staff of the data controller and made available to all the involved parties.

As a consequence, the present Data Policy involves all the staff of the data controller, who has to know and assume it, considering it his, each member being responsible to apply it and to check the data protection standards applicable according to his activity, as well as to identify and bring the opportunities to improve that he may consider appropriate, with the purpose to reach the excellence concerning its fulfilment.

This Policy will be checked by FERRIMAX, S.A. management as many times as it is necessary, to be adapted at any time to the current provisions concerning the personal data protection.