The Management / Governing Body of WonderBits Digital Solutions S.L. (hereinafter, the Data Controller) assumes the highest responsibility and commitment to the establishment, implementation, and maintenance of this Data Protection Policy, ensuring the continuous improvement of the organization in order to achieve excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation or GDPR), and with the applicable Spanish data protection laws (Organic Law, specific sectoral legislation, and related implementing provisions).

The Data Protection Policy of WonderBits Digital Solutions S.L. is based on the principle of proactive responsibility, under which the Data Controller is accountable for compliance with the regulatory and jurisprudential framework governing this Policy and must be able to demonstrate such compliance before the competent supervisory authorities.

In this regard, the Data Controller shall be governed by the following principles, which serve as a guide and reference framework for all personnel involved in the processing of personal data:

Principles

• Data protection by design:
  The Data Controller shall apply, both at the time of determining the means of processing and during the processing itself, appropriate technical and organizational measures—such as pseudonymization—designed to effectively implement data protection principles (such as data minimization) and integrate the necessary safeguards into the processing activities.

• Data protection by default:
  The Data Controller shall implement appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed.

• Data protection throughout the information lifecycle:
  Measures guaranteeing the protection of personal data shall be applied throughout the entire lifecycle of the information.

• Lawfulness, fairness, and transparency:
  Personal data shall be processed lawfully, fairly, and transparently in relation to the data subject.

• Purpose limitation:
  Personal data shall be collected for specified, explicit, and legitimate purposes and shall not be further processed in a manner incompatible with those purposes.

• Data minimization:
  Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

• Accuracy:
  Personal data shall be accurate and, where necessary, kept up to date. All reasonable measures shall be taken to ensure that inaccurate data are erased or rectified without delay.

• Storage limitation:
  Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed.

• Integrity and confidentiality:
  Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by means of appropriate technical or organizational measures.

• Information and training:
  A key element in ensuring the protection of personal data is the training and awareness of staff involved in data processing. Throughout the information lifecycle, all personnel with access to personal data shall receive adequate training and information regarding their obligations under data protection regulations.

The Data Protection Policy of WonderBits Digital Solutions S.L. is communicated to all personnel of the Data Controller and made available to all interested parties.

Consequently, this Policy involves all staff members of the Data Controller, who must be aware of it, understand it, and assume responsibility for its implementation. Each member of the organization is accountable for applying it, verifying compliance with the data protection rules relevant to their activity, and identifying and proposing improvement opportunities to achieve excellence in compliance.

This Policy shall be reviewed by the Management / Governing Body of WonderBits Digital Solutions S.L. as often as deemed necessary, in order to remain aligned at all times with current legislation on personal data protection.