Privacy Policies Qmatic • Extranet IDIADA • Extranet IDIADA

Basic Information regarding the processing of your Personal Data.

Data Controller

IDIADA AUTOMOTIVE TECHNOLOGY, S.A.

Registered Office: Street L'Albornar, S/N, Santa Oliva, (43710, Tarragona), España.

C.I.F. A43581610

Herinafter, “IDIADA”.

Main Purposes

(a) To manage the “request by appointment” service through the website https://extranet.idiada.com for the performance/management of all types of services by/with IDIADA and in order to access any of IDIADA's facilities and if applicable, for the management and sending of confirmation notices/appointment reminders by email and/or SMS, MMS or instant messaging services (e.g. WhatsApp), telephone contact or other equivalent electronic means, information and indications for access.

(b) Control and manage access to any of IDIADA's facilities, by any person internal or external to IDIADA for any type of existing or potential business and/or professional relationship, which is controlled by a security service and has restricted access areas.

(c) To manage the access and reception, to request by appointment, of all types of goods and transported goods, including specifically all types of vehicles, industrial and/or private.

(d) To cooperate with regulatory authorities and law enforcement agencies when necessary to comply with applicable legal obligations as set forth in Section 4 of this Privacy Policy.

(e) To Manage the appropriate follow-up of suggestions, queries and/or complaints about IDIADA's appointment services under the performance of telephone calls, postal mail or sending messages by email, SMS, MMS or instant messaging services (e.g. WhatsApp) or other equivalent electronic means.

Legal Basis.

(a) Execution of a contract to which the data subject is a party.

(b) Compliance with current legal obligations to which IDIADA is subject.

(d) Consent through the acceptance of this Privacy Policy at the time of requesting the appointment.

Personal Data:

Personal details: name and surname,
Contact Details: Address, Town, Postal Code, Autonomous Community, Country, e-mail, contact telephone number and province.
Other details: client internal reference, date and time of arrival and access to the facilities, estimated time of the visit.
In case of legal entities: name and surname, address, telephone number and contact details of the representative or contact person in the company, Town, Postal Code, Autonomous Community, Country, e-mail, and province.

Recipients:

Applus+ IDIADA Group companies and other service providers. You can consult a list of APPLUS Group entities through: www.applus.com/appluscompanies.

Law enforcement agencies, judges and courts, regulatory bodies, governmental authorities or other competent third parties.

International Transfers:

Your personal data might be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal data. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements based on the contractual clauses approved by the European Commission to ensure that your data is adequately protected.

Rights:

Among other, the right to access, rectify and erase the personal data, to object to the further processing of the personal data, and to withdraw consent.

In particular, you have the right to object to the processing of your personal data, at any time, on the basis of our legitimate interest.

You can exercise your rights by contacting Us at data_protection@idiada.com, enclosing a copy of your ID or equivalent identification document.

However, if you feel that we have not been able to help you with your complaint or query, you have the right to file a claim with the Spanish Data Protection Agency through its website www.agpd.es.

MORE INFORMATION.

We recommend that you read this information carefully.4

1. What personal data do We use

1.1 Personal Data We collect directly from you

1.2 Personal Data We collect from other sources

1.3 Personal Data you provide to us about third parties.

2. How we use your personal data and on what legal basis

3. What rights do you have over your Personal Data

4. How do We share your Personal Data and with whom

5. How do We protect your Personal Data

6. For how long do We store your Personal Data

7. International data transfers

8. Contact Us

9. Changes to this Privacy Policy

This Privacy Policy describes how IDIADA collects and processes personal data about you, how We use and protect this information, and your rights in relation to this information.

IDIADA will collect and subsequently process the personal data as the data controller. You may contact IDIADA ("We") through the channels provided and indicated in section 8 of this Policy.

This Privacy Policy applies to all personal data that we collect about you in connection with the management of the “request by appointment” service through the website the performance/management of all types of services by/with IDIADA and in order to access any of its facilities; to control and management of access to any of IDIADA's facilities, by any internal or external person of IDIADA for any type of existing or potential commercial and/or professional relationship, which is controlled by a security service and it has restricted access areas; to manage the access and reception by appointment, of all types of goods and transported goods, including specifically vehicles, industrial and/or private, by controlling the license plates of the same, or if applicable, assigning an internal reference number.

“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1. What personal data do We use

We collect your Personal Data from several different sources including information that you provide to us directly by contacting us through the contact form in this section of the Website; and/or through the “request by appointment” service available on our Website; and/or by completing and submitting the information request forms under the terms described below:

Please note that we must collect certain personal information as a matter of law, or as a consequence of the contractual and/or commercial relationship we have entered into with you. Refusal to provide such information may prevent or delay the fulfillment of such obligations. When collecting your personal data, we will inform you about the obligation to provide such data, as well as the consequences of not doing so.

1.1 Personal Data We collect directly from you

The categories of personal data that We collect directly from you include:

Personal details: name and surname, NIF,
Contact Details: Address, Town, Postal Code, Autonomous Community, Country, e-mail, contact telephone number and province.
Other details: client internal reference, date and time of arrival and access to the facilities, estimated time of the visit.
In case of legal entities: name and surname, address, telephone number and contact details of the representative or contact person in the company, Town, Postal Code, Autonomous Community, Country, e-mail, and province.
Information We collect automatically from you: further information about our use of Cookies and Tracking Technologies is available in our Cookies Policy.

1.2. Personal Data We collect from other sources

We may collect Personal Data from the Spanish Traffic Authority: name and surname, D.N.I., VIN number, vehicle registration number.

1.3. Personal Data about third parties.

Where you provide IDIADA with personal data such as contact information and/or vehicle registration number or about third parties, it is your direct responsibility to inform such individuals of their rights and to obtain their explicit consent, where necessary, to the processing (including transfers) of their personal data (including sensitive data), as it may be deemed necessary and in compliance with applicable local data protection laws, as set forth in this Privacy policy.

2. How We use your personal data and on what legal basis

We use and subsequently process personal data we collect about you on the following legal basis and for the purposes identified below:

(a) We will process your personal data in order to fulfilling our contractual relationship or potential contractual relationship and / or services with you and thus be able to perform:

(ii) To control and manage access to any of IDIADA's facilities, by any person internal or external to IDIADA for any type of existing or potential business and/or professional relationship, which is controlled by a security service and has restricted access areas.

(iii) To manage the access and reception, to request by appointment, of all types of goods and transported goods, including specifically all types of vehicles, industrial and/or private.

(iv) To Manage the appropriate follow-up of suggestions, queries and/or complaints about IDIADA's request by appointment service under the performance of telephone calls, postal mail or sending messages by email, SMS, MMS or instant messaging services (e.g. WhatsApp) or other equivalent electronic means.

(b) We will also process your personal data in order to ensure an optimum level of compliance with the applicable legal obligations to which IDIADA is subject, and cooperate with regulators and law enforcement bodies where necessary, in line with Section 4 of this Privacy Policy:

To disclose your personal data and other complementary information subject to requests received from authorities and/or bodies with compelling power, as required by the applicable laws or by law enforcement officers invested with such powers.

To manage and improve the provision of the inspection service in the future, under the realization of reminder notices of upcoming inspection and inspection due date by means of telephone calls, postal mail or sending SMS, MMS or instant messaging services (e.g. WhatsApp) or other equivalent electronic means.
To manage our Website;
To deal with your enquiries and requests;
To protect the security and/or integrity of our Website and IT infrastructure;
To understand how you use our services and to enable Us to improve and further develop the features, performance and support available on our Website, which may entail the provision of anonymous statistical information about our visitors (however, without it being used to identify any individual user);
As mentioned in Section 4 of this Privacy Policy, among other, for disclosures to any of our employees, officers, agents, business partners, affiliates of the Applus Group, who process the personal data for the purposes set forth in this Privacy Policy;
To allow third party service providers and vendors engaged by IDIADA to access the personal data in order to provide Us with the services required to fulfill the purposes set forth in this Privacy Policy;
For any disclosures to third parties required as part of due diligence processes in the context of corporate restructuring operations in which We may participate, in line with Section 4(d) of this Privacy Policy; and
In order to personalize and improve our appointment services through the Website;
In order to effectively manage the security of our facilities and control access to them.

Where IDIADA processes personal data in fulfillment of its own legitimate interests, it shall always balance such interests against the data subjects´ fundamental rights and freedoms, and implements robust safeguards in view of ensuring that their privacy is protected accordingly.

(d) We will process your personal data for the following purposes, provided that you have granted your prior consent:

For any other purpose disclosed to you at the time you provide Us with your personal data, to the extent that you have granted Us your prior consent to that particular processing

If We ask for your consent to process your personal data, you may withdraw your consent at any time by contacting Us at data_protection@idiada.com, enclosing a copy of your ID or equivalent identification document.

What rights do you have over your Personal Data

You have certain rights regarding your personal data, subject to local law. These include the following rights:

To know how We are processing your personal data and to access your personal data held by IDIADA and its affiliates, where applicable;
To request the rectification of inaccurate or incomplete personal data;
To request the erasure of your personal data when such data is no longer necessary for the initial purposes for which it has been initially collected, in accordance with applicable law;
To restrict our processing of your personal data, under certain circumstances (in which case We will only retain the personal data for the exercise and/or defense of IDIADA’s rights);
To object to our processing of your personal data, having regard to the given circumstances and for reasons related to their particular situation (in which case We will only retain the personal data for imperative legitimate reasons or the exercise and/or defense of IDIADA’s rights);

This includes the right to object, at any time, for reasons related to your particular situation, to our processing of your personal data based on our legitimate interests or those of a third party, in which case We will cease in processing your personal data unless We are able to rely on legitimate reasons to do so;

To request the portability of your personal data, which will allow you to obtain and reuse the personal data in a usable electronic format for your own purposes and across different services without hindrance to usability, including its transmission to another third party; and
To withdraw the consent you may have granted to a specific processing, at any time.

We encourage you to contact us to update or correct your information if it changes or if the personal data We hold about you is inaccurate.

IDIADA is committed to protecting your personal data as described in this policy, and as required by applicable laws. Should you have any queries or intention of requesting additional information on how to exercise your rights or to effectively submit such a request, feel free to contact Us at data_protection@idiada.com, enclosing a copy of your ID or equivalent identification document.

How do We share your Personal Data and with whom

IDIADA will be able to share your personal data with third parties under the following circumstances:

Service providers and business partners. We will allow our service providers and business partners that perform amongst others, web maintenance and other IT services, marketing and communication, accounting, finance, legal and audit and other business operations for us to access to your personal data. For example, We may partner with other companies to process secure payments, fulfill orders, optimize our services, send newsletters and marketing emails, support email and messaging services and analyze information.
Applus+ IDIADA group companies (both national and international): we will share certain information: (i) Related to your query or suggestion with other Applus+ IDIADA group companies to respond to it adequately (ii) To contact you with electronic newsletters and/or promotional e-mails relating to products and services offered by Us and/or other members of Applus+ IDIADA Group, as well as about events and news related to our activities (testing, inspection, engineering, certification and related services), through post, e-mail, mobile apps or other electronic equivalent means; and A list of companies within the Applus+ IDIADA group is available at: www.applus.com/appluscompanies.
Law enforcement agency, court, regulator, government authority or other third party with compelling authority. We will be able to share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Asset purchasers and amalgamation. We will share your personal data with any third party that purchases, or to which We transfer, all or substantially all of our assets and business or with whom we enter into an amalgamation, consolidation, merger or similar restructuring. Should such a sale or transfer occur, We will use reasonable efforts to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this Privacy Policy.

Because We operate as part of a global business, the recipients referred to above can be located outside the jurisdiction in which you are located (or in which we provide the services), including third countries outside the European Union ("EU") that are not regarded as providing an adequate level of protection of the personal data. Please refer to the "International Data Transfer" section below for more information.

How do We protect your Personal Data

We implement technical and organizational measures to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal data. We evaluate these measures on a regular basis to ensure the security of the processing.

For how long do We store your Personal Data

We will keep your personal data for as long as We have a relationship with you and for a period of five (5) years thereafter. Once our relationship with you has come to an end, We will retain your personal data for a period of time that enables Us to:

Maintain business records for analysis and/or audit purposes;
Comply with record retention requirements under the law;
Defend or bring any existing or potential legal claims; and
Deal with any complaints regarding the services.

We will delete your personal data when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, We will put in place appropriate measures to prevent any further processing or use of the data.

7. International Data Transfers

Your personal data will be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal data under European Union law.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected, on the basis of the relevant sets of standard contractual clauses approved by the European Commission available for consultation at (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en)

For more information on the appropriate safeguards in place, please contact us as indicated in Section 8 of this Policy.

8. Contact Us

IDIADA is the data controller in respect of the personal data we collect and process.

If you have questions or concerns regarding the way in which your personal data has been used, please contact data_protection@idiada.com.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that We have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of Spain (Agencia Española de Protección de Datos) using their website www.aepd.es

9. Changes to this Privacy Policy

You are entitled to request a copy of this Privacy Policy from us using the contact details set out above. This Privacy Policy will be subject to changes, as deemed necessary from time to time.

If We change this Privacy Policy, We will notify you of the changes. Where changes to the Privacy Policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, We will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. among other, to object to the processing).

Moreover, and to the extent that IDIADA’s relies on consent for the performance of any of its processing activities, We will make sure to request your consent where the aforementioned changes may have a substantial impact on the relevant processing before these changes are made effective.

UPDATED VERSION DATED JULY 21^ST, 2022.