Adatkezelési szabályzat

Privacy policy according to Articles 13 and 14 of the GDPR

This document explains who is responsible for processing your data, for what purposes your personal data is processed, on what legal basis this is done, how we collect your data, why we collect it, how we use it, what rights you have and what measures we have taken to protect your privacy.

By providing us with your personal data through our communication channels (digital and physical) and by using our website, we assume that you have read and understood the following privacy policy. Matricería y Estampación F. Segura, SLU is responsible for complying with applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and, where applicable, the German Federal Data Protection Act (BDSG), and for processing your data lawfully, fairly, and transparently.

This privacy policy applies to the use of personal data of users who visit our website or use the services we offer.

If you have any questions or suggestions regarding the processing of your personal data, you can contact the data protection officer of Grupo Segura:

• From Germany
  privacy-fsegura-germany@protectumhumanum.de
• From Spain or other countries
  dpd@prodatvalencia.es

1. Who is the data controller within the meaning of the GDPR?

The data collected via the website or voluntarily provided to us – whether through simple browsing, contact forms, email or telephone – is processed by the data controller.

Controller (Art. 4 No. 7 GDPR):

• Identity: Matricería y Estampacion F. Segura, SLU
• Tax Identification Number (CIF): B97965396
• Postal address: Camino Viejo de Burjassot , S/N, 46100 Burjassot (Valencia), Spain
• Telephone: +34 963 465 090
• Email: rrhhsegura@fsegura.com
• URL: https://www.fsegura.com/
• Commercial Register: Registro Mercantil de Valencia, Tomo 8897, Libro 6183, Folio 216, Sección 8, Hoja V 109859

Contact details for the Data Protection Officer (Art. 37 ff. GDPR):

• From Germany: privacy-fsegura-germany@protectumhumanum.de
• From Spain or other countries: dpd@prodatvalencia.es

If you wish to report irregularities related to the protection of your personal data or your privacy, you can also use the whistleblower channel of Grupo Segura for this purpose.

Whistleblowing Channel

Personal data processed in connection with a report is processed by the respective Grupo Segura company to which the report is addressed. Grupo Segura is committed to protecting the privacy, security, and confidentiality of the data in accordance with applicable regulations (in particular the GDPR and relevant national whistleblower protection laws, e.g., the German Whistleblowing Protection Act – HinSchG). These principles apply to all personal data processed in connection with reports submitted through this channel.

2. When, why, by whom, how, for what purpose and for how long do we process your personal data?

2.1. When and why?

You can visit most of our website without providing any personal data. However, in certain cases, providing personal data is necessary in order to provide you with the electronic services you have requested.

If we need to collect personal data to provide you with a service, we process your data in accordance with this privacy policy and – where applicable – the specific privacy ­notice for the respective service. This explains in particular why, for what purpose, on what legal basis, how and for how long we process your personal data, and what security measures we take.

Whistleblower channel:

In the course of processing reports submitted via the whistleblower channel, Grupo Segura collects – where necessary – in particular the following personal data:

• Name and contact details of the informant (unless anonymous) and, if applicable, their position (e.g. employee).
• Name and other personal data of the persons mentioned in the notice (e.g., the accused, possible witnesses), insofar as these are provided (function, contact details, role in connection with the reported incident).
• Description of the suspected violation as well as circumstances and background of the reported incidents.

2.2. Who collects your data?

Your personal data is collected and processed by our company as the data controller or – where commissioned – by our data processors (Art. 28 GDPR). These service providers are contractually obligated to

• to process personal data only in accordance with our documented instructions,
• to take appropriate technical and organizational measures to protect the data,
• to maintain confidentiality and
• to comply with the requirements of the GDPR and, where applicable, the BDSG.

2.3 What are your data processed for?

The personal data we request from you or that is generated during your use of our services helps us to manage, provide and improve the services you request.

Examples:

• Processing inquiries that you address to us,
• Managing your participation in application processes,
• Sending electronic information (newsletters, product and service information), provided you have consented to this,
• Creation of anonymous statistics about the use of our website and services.

When you use our contact forms, we collect information such as your email address in order to answer your request.

When you subscribe to our newsletter, we need your email address to send it to you. You can unsubscribe at any time; we provide unsubscribe options in every email.

2.4. How do we process your data

We only collect the personal data that is necessary to achieve the respective purposes pursued (data minimization, Art. 5 para. 1 lit. c GDPR). The data will not be further processed in a manner incompatible with these purposes.

Your personal data will only be shared with third parties if this is necessary to fulfill the stated purposes or if another legal basis exists (e.g., legal obligation, consent). Access to your personal data is restricted to individuals who require it to perform their duties and are bound by confidentiality obligations.

We take appropriate technical and organizational measures to protect your data from accidental or unlawful loss, misuse, alteration, unauthorized access or disclosure.

2.5. How long do we keep your data?

We only store personal data for as long as it is necessary for the stated purposes or as required by legal retention obligations. The specific storage period may vary depending on the service or process. A summary table with typical storage periods can be found at the end of this document.

– Whistleblowing Channel:

Grupo Segura maintains a register of all received reports. These records and the personal data they contain are treated confidentially. They are retained only as long as necessary to process the report, to fulfill legal obligations, or to protect legitimate interests (e.g., defending against legal claims).

• Personal data in the whistleblower system is generally deleted or anonymized within a maximum of 3 months from receipt of the report, unless longer storage is legally required or necessary to document the proper functioning of the compliance/whistleblower system.
• Insofar as necessary for further investigation of the reported matter, relevant data may be stored outside the whistleblower system in separate case files for the duration of the investigation and beyond for the duration of the relevant limitation and retention periods.
• If it is decided not to pursue a lead, the information may be stored in anonymized form for documentation or statistical purposes.

3. For what purposes will we process your personal data?

– Customers:

We process customer data in particular for the following purposes:

1. Contract execution and service provision
   ; administration and processing of orders, deliveries and services, as well as customer support.
2. Contract and business relationship:
   offer preparation, contract management, invoicing, payment processing and ongoing communication.
3. Direct marketing (with consent):
   Sending information about products and services via electronic communication (e.g., email), provided you have given us your consent for this.
4. Profiling (no automated decision-making):
   A simple, non-automated customer profile is created based on the information you provide in order to offer you suitable products and services. No decisions are made that are based solely on automated processing and have legal effect (Art. 22 GDPR).

– Suppliers:

We process supplier data for the following purposes:

1. Management of business relationships and communication,
2. Order processing, goods receipt, inspection and payments,
3. Possibly sending information about our products and services.

– Contacts from the web or email:

We process the data of contact persons who reach us via the website, by email or by telephone, in particular for the following purposes:

1. Answering inquiries and requests for information,
2. Administration of the desired service or performance,
3. Sending information and, if applicable, advertising via electronic media, provided you have expressly consented to this,
4. Creation of a simple profile for better, interest-based targeting (without automated individual decisions).

– Social media contacts:

When you interact with us via our social media profiles (e.g. LinkedIn, Facebook, etc.), we process personal data for the following purposes:

1. Answering inquiries and messages,
2. Interaction with users and building a community,
3. Management of comments, „likes”, direct messages, etc. in accordance with the terms of use of the respective platform.

– Applicants:

When you apply to us, we process your personal data in particular for the following purposes:

1. Participation in current and future selection and recruitment processes,
2. Planning and conducting job interviews,
3. Assessment of your qualifications and suitability,
4. Your profile may be shared with companies within the Grupo Segura group or affiliated companies, as well as with temporary employment agencies with whom we cooperate – provided you have consented to this .

If your application is successful, your data will be transferred to our personnel management systems and used for the execution of the employment relationship.

– Participants in prize draws

We process the data of participants in prize draws for the following purposes:

1. Administration and execution of the prize draw,
2. Determination and publication of the winners (e.g. name, image if applicable, as provided for in the terms and conditions of participation),
3. Documentation of the prize handover.

Winners may be photographed or filmed; images and videos may be published on our website or other media, insofar as this is provided for in the terms and conditions of participation.

– Website users:

When you visit our website, the following data may be processed – depending on usage and browser settings:

• technical data (e.g. IP address, date and time of access, browser type, operating system),
• Usage data (e.g., pages visited, time spent on the site),
• Data that you enter yourself (e.g. in forms).

We use this information in particular for the following purposes:

1. Improving the user-friendliness and functionality of the website,
2. Conducting statistical analyses to optimize our business and marketing strategy,
3. Website performance analysis
4. Ensuring technical safety and fault diagnosis.

This data is usually processed anonymously or pseudonymously and is not assigned to specific individuals.

Data may be collected via cookies or similar technologies. Details can be found in our Cookie Policy .

-Web analytics and map services (e.g., Google Analytics, Google Maps)

Our website may integrate services such as Google Analytics and Google Maps. Depending on your settings, this may involve the transfer of data to third countries (especially the USA). We base these transfers on appropriate safeguards pursuant to Article 46 GDPR (e.g., standard contractual clauses) or an adequacy decision, where applicable, and take additional measures to protect your data where necessary. For details on the services used and the data processing by these providers, please refer to our cookie policy and the respective privacy policies of the providers.

-Features for sharing content and social features

Our portal may provide features for sharing content via third-party services (e.g., Facebook, X/Twitter). These providers may collect information about your browsing behavior. Your interactions are governed solely by the privacy policies of these third-party providers.

– Whistleblowing Channel:

We process personal data transmitted via the whistleblower channel exclusively for the following purpose:

• the receipt, review and processing of reports of actual or suspected violations of applicable laws, internal guidelines or codes of conduct,
• the conduct of internal investigations,
• the initiation of any necessary organizational, labor law or legal measures,
• fulfilling legal documentation and verification obligations, in particular according to the EU Whistleblower Directive and the relevant national implementing laws (e.g. German Whistleblower Protection Act).

The data will not be used for any other purpose.

4. On what legal basis do we process your data?

– Customers:

• Contract initiation and fulfillment
  Art. 6 para. 1 lit. b GDPR (performance of a contract or implementation of pre-contractual measures).
• Fulfillment of legal obligations
  Art. 6 para. 1 lit. c GDPR (e.g. commercial and tax law retention obligations).
• Direct marketing via email
  Art. 6 para. 1 lit. a GDPR (consent), possibly in conjunction with Art. 6 para. 1 lit. f GDPR and § 7 UWG (legitimate interest in direct marketing, insofar as legally permissible).

– Suppliers:

• Contract initiation and fulfillment
  Art. 6 para. 1 lit. b GDPR.
• Fulfillment of legal obligations
  Art. 6 para. 1 lit. c GDPR (e.g. documentation of transactions, tax obligations).

– Website/email contacts

• Responding to inquiries
  Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interest in processing inquiries).
• Newsletter / Advertising via email
  Art. 6 para. 1 lit. a GDPR (consent).
  Emails will only be sent if you have activated the corresponding checkbox or given your consent in another way.

– Social media contacts:

• Interaction via social media platforms
  Art. 6 para. 1 lit. f GDPR (legitimate interest in public relations, communication and community management) in conjunction with the terms of use and data protection of the respective platform operators.

– Applicants

• Application procedure
  Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and – where applicable – § 26 para. 1 BDSG (establishment of an employment relationship).
• Extended storage in applicant pool / transfer to affiliated companies or temporary employment agencies
  Art. 6 para. 1 lit. a GDPR (consent).

– Newsletter

• Sending the newsletter is
  based on Article 6 Paragraph 1 Letter a of the GDPR (consent to receive email information).
  You can withdraw your consent at any time with effect for the future, e.g., via the unsubscribe link in every email.

– Competitions

• Participation management
  Art. 6 para. 1 lit. b GDPR (contract/terms of participation).
• Publication of winners, pictures, etc.
  Art. 6 para. 1 lit. a GDPR (consent), insofar as this goes beyond what is necessary for carrying out the competition.

– Website usage, web analytics and cookies

• Necessary (technical) cookies
  Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure and functional website) or Art. 6 para. 1 lit. b GDPR (provision of the online service).
• Comfort, analysis and marketing cookies / tracking
  Art. 6 para. 1 lit. a GDPR (consent via the cookie banner).

– Whistleblowing channel

The processing of personal data within the whistleblower channel is based on:

• from Art. 6 para. 1 lit. c GDPR (fulfillment of legal obligations, e.g. from EU directives and national implementing laws such as the Whistleblower Protection Act),
• Article 6 paragraph 1 letter e GDPR in conjunction with the relevant special legal provisions, insofar as public interests are affected, and/or
• Article 6 paragraph 1 letter f GDPR (legitimate interest of Grupo Segura in the detection and prevention of legal violations, in compliance and in the prevention of damages and liability risks).

Automated decision-making within the meaning of Article 22 GDPR does not take place.

5. To whom will your personal data be disclosed?

In principle, your personal data will only be passed on to third parties if…

• if this is necessary to fulfill our contractual or legal obligations,
• if you have expressly consented or
• if there is a legal obligation to do so.

Typical recipients are:

• Authorities and public bodies (e.g. tax authorities), insofar as we are legally obliged to do so,
• Banks and payment service providers for processing payments,
• external service providers (data processors pursuant to Art. 28 GDPR), e.g. IT service providers, hosting providers, newsletter distribution service providers, applicant management service providers,
• Lawyers, tax advisors, auditors or similar professionals, insofar as this is necessary for advising on or defending legal claims.

– Whistleblowing channel:

Personal data from reports may be passed on to the following categories of recipients, insofar as this is necessary for processing the report:

• Operator/technical service provider of the reporting channel,
• Compliance officers (e.g., compliance officer, internal reporting office),
• authorized representatives of the management or other departments, insofar as their involvement is necessary,
• external investigators, lawyers, auditors or other consultants,
• Police, public prosecutor’s office, courts or regulatory authorities, if there is a legal obligation or a legitimate interest in doing so.

Personal data will only be transferred to countries outside the EU/EEA (third countries) if the specific requirements of Art. 44 et seq. GDPR are met (e.g. adequacy decision, standard contractual clauses, additional safeguards).

6. What security measures do we implement?

We have implemented appropriate technical and organizational measures to ensure a level of protection appropriate to the risk to your personal data (Art. 32 GDPR). These include, in particular, measures to:

• to prevent unauthorized access,
• to avoid unintentional loss or destruction,
• to prevent unauthorized disclosure or alteration,
• To ensure the availability and resilience of the systems.

These measures are regularly reviewed and adjusted as needed.

7. What rights do you have as a data subject?

Under the GDPR and – where applicable – the BDSG, you have the following rights in particular:

• Right of access (Art. 15 GDPR):
  You can request information about whether and which personal data we process about you.
• Right to rectification (Art. 16 GDPR):
  You can request the rectification of inaccurate or the completion of incomplete personal data.
• Right to erasure (Art. 17 GDPR):
  You can request the erasure of your personal data, provided that there is no legal reason for retention or other legal justification to the contrary.
• Right to restriction of processing (Art. 18 GDPR):
  In certain cases you can request the restriction of processing (e.g. if the accuracy of the data is contested).
• Right to data portability (Art. 20 GDPR):
  You can request that we provide you with the data you have provided in a structured, commonly used and machine-readable format or – where technically possible – transmit it to another controller.
• Right to object (Art. 21 GDPR):
  You can object to the processing of your personal data at any time on grounds relating to your particular situation, insofar as we base the processing on a legitimate interest. You can object to direct marketing at any time without giving reasons.
• Right to withdraw consent (Art. 7 para. 3 GDPR):
  You can withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out up to that point remains unaffected.

Exercising your rights:
To exercise your rights, you can contact the data controller or the data protection officer at any time (contact details can be found in section 1). If there is any doubt about your identity, we may request additional information for identification purposes (e.g., a copy of your ID).

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR):
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

• In Spain, the competent authority is in particular the Agencia Española de Protección de Datos (AEPD) .
• In Germany, you can contact the state data protection authority responsible for your federal state or the company’s headquarters.

8. How long do we store your data? – Overview of typical retention periods

As a general rule, we only store personal data for as long as necessary to fulfill the purposes for which it was collected, or as long as legal retention periods apply. If no such obligations exist, the data is deleted or anonymized.

The following is an example overview (the actual duration may vary depending on national law or circumstances):

* The deadlines mentioned are guidelines and may vary depending on national legislation, sector-specific obligations or the specific circumstances of the case.

After the retention period has expired, the data will be deleted, anonymized or its processing restricted („blocked”), unless legal or contractual obligations prevent deletion.