SPF SPORT MANAGEMENT S.L.  (the "Company") is an Organization in which personal data processing activities take place, which gives it an important responsibility in the design and organization of procedures so that they are aligned with legal compliance in this matter.

In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, approves this Policy for the protection of personal data, which reports to its employees and makes available to all its stakeholders.

1. Purpose

The Personal Data Protection Policy is a proactive Responsibility measure that aims to ensure compliance with applicable legislation in this area and related to it, respect for the right to honor and privacy in the processing of personal data of all persons who relate to The Company.

In accordance with the provisions of this Personal Data Protection Policy, the Principles governing the processing of data in the organisation are established and, consequently, the procedures and organisational and security measures that the persons affected by this Policy undertake to implement in their area of responsibility.

To this end, Management will assign responsibilities to personnel who participate in the policies. data processing operations.

2. Scope of application

This Personal Data Protection Policy shall apply to the Company, its directors, officers and employees, as well as to all persons related to the Company, expressly including service providers with access to data ("Data Processors").

3. Principles for the processing of personal data

As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate this (Principle of "proactive responsibility"), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of "risk approach").

In relation to the above SPF SPORT MANAGEMENT S.L. will ensure compliance with the following principles:

- Lawfulness, loyalty, transparency and limitation of purpose. The treatment of data must always be informed to the affected, by means of clauses and other procedures; and it will only be considered legitimate if there is consent for the treatment of data (with special emphasis on the following attention to minors), or has another valid legitimacy and the purpose of the same is in accordance with the Regulations.

- Minimization of data. The data processed must be adequate, pertinent and limited to what is necessary in relation to the purposes of the processing.

- Accuracy. The data must be accurate and, if necessary, kept up to date. To this the necessary measures shall be taken to ensure that they are deleted or rectified without prejudice to the personal data that are inaccurate with respect to the purposes of the application. 

- Limitation of shelf life. The data shall be kept in such a way as to enable identification of data subjects for no longer than is necessary for the purposes of processing.

- Integrity and Confidentiality. Data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, through the application of appropriate technical or organisational measures.

- Transfers of data. The purchase or collection of character data is prohibited from illegitimate sources or in cases where such data have been collected by the obtained or assigned in contravention of the law or their legitimate provenance is not sufficiently guaranteed.

- Contracting suppliers with access to data. Only suppliers who offer sufficient guarantees to apply appropriate technical and security measures in the processing of data will be chosen for contracting. The appropriate agreement in this respect will be documented with these third parties.

- International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.

- Rights of those affected. The Company shall make it easier for those affected to exercise their rights of access, rectification, deletion, limitation of processing, opposition and portability by establishing internal procedures for this purpose, and in particular the following models for their exercise that are necessary and appropriate, which must be meet at least the legal requirements applicable in each case.

The Company will encourage the principles contained in this Personal Data Protection Policy to be taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered, (iii) in all contracts and obligations that they formalize or assume and (ii) in the implementation of any systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.

4. Commitment of workers

Employees are informed of this Policy and declare that they are aware that personal information is an asset of the Company, and in this respect adhere to it, committing to the following:

- Carry out the awareness training in Data Protection that the Company makes available to you.

- Apply the security measures at user level that apply to your workplace, without prejudice to the responsibilities in its design and implementation that may be attributed to you depending on your role within SPF SPORT MANAGEMENT S.L.

- Use the formats established for the exercise of rights by the employees and inform the Company immediately so that it can be made available to the public effective response.

- Inform the Company, as soon as it has knowledge, of deviations from the following established in this Policy, in particular of "Data Security Violations personal", using the format established for this purpose.

5. Monitoring and evaluation

There shall be an annual verification, evaluation and assessment, or whenever there are significant changes in data processing, of the effectiveness of the technical and organisational measures to ensure the security of the processing.