Declaration of Commitment

Saphety’s declaration of commitment to the privacy and protection of personal data.

Our commitment

The protection of the privacy and personal data of all subjects who in any way are related to Saphety (customers, service users, employees, partners and others) is a key commitment for Saphety.
The processing of personal data is important for Saphety's activity, in particular, in the commercialization of its products and services, for the provision, monitoring and improvement of the quality of the services provided by Saphety, for the management of its human resources and for the fulfillment of the legal obligations to which it is subject, with the challenges associated with the processing of personal data for such purposes strongly influenced by technological, economic and social developments.
Saphety's commitment is to work every day to ensure the privacy and protection of the personal data for which we are responsible, in accordance with the applicable legislation.
This commitment is accomplished, namely, by adopting and implementing privacy policies and standards, including, for this purpose, our Privacy Policy as well as our Information Security Policy.
With this Declaration, we want to guarantee Saphety's commitment to the security, privacy, and protection of personal data and ensure that those who process personal data on Saphety's behalf are bound to act in accordance with the applicable principles.

Principles of the processing of personal data and the rights of the personal data subject

The processing of personal data by Saphety obeys the following fundamental principles:

- Principle of lawfulness of processing;
- Principle of purpose limitation;
- Principle of transparency principle;
- Principle of adequacy and minimization of personal data;
- Principle of 'Need to know';
- Principle of integrity and confidentiality;
- Principle of data protection, since its conception and by default.

In addition to complying with these applicable principles, Saphety is committed to ensure the respect for the rights of the Data Subjects, in particular, the right of access and information regarding the personal data processed by Saphety, the right to rectification, the right to eliminate, the right to data portability, the right to limit the processing, the right to withdraw consent, the right of opposition, the right not to be subject to individual automated decisions, including the definition of profiles, and the right to complain to the respective control authority.

A) Principle of lawfulness

Personal data will only be processed if and to the extent that it has the appropriate basis of lawfulness, namely: (i) when consent is given by the Personal Data Subject or when processing is necessary for (ii)
the execution of a contract where the Data Subject is a party thereto, (iii) the fulfillment of a legal obligation, or (iv) the purposes of the legitimate interests pursued by Saphety or a third party.

B) Principle of purpose limitation

The personal data will be processed exclusively for the purposes that determined its collection and will only be processed when legally allowed and providing the due information to the respective Personal Data Subject.

C) Principle of transparency

The Subjects of the Personal Data will be informed in a clear and concise manner regarding the relevant aspects related to the processing of their personal data, namely, regarding the purposes of processing and possible transmission to third parties.

D) Principle of adequacy and minimization of personal data

Only the appropriate, relevant and necessary personal data for the relevant purposes will be processed and for the period strictly necessary.

E) Principle of 'Need to know'

Only Saphety's employees and partners, whose functions require such access, will access and process the relevant personal data.

F) Principle of integrity and confidentiality

The personal data will be processed in a way that guarantees its security, namely, (i) against illegal or unauthorized access or disclosure, (ii) against unauthorized modification, loss or destruction of personal data or accidental loss of such personal data and (iii) ensure that personal data will be available when necessary and allowed.

G) Principle of data protection, since its conception and by default

Saphety’s products and services, maintenance and support systems, and procedures will be developed to protect your privacy and your personal data.

Personal data protection

Saphety is committed to respecting the best practices regarding data protection, it has adopted a policy and standards program to ensure the confidentiality, integrity and availability of the information handled by Saphety and is under its responsibility, which is shared with Saphety’s employees and partners.
Saphety's Information Security Policy establishes a broad set of technical and organizational measures in several security areas, including:

i) Safety measures, such as the use of firewalls and intrusion detection, the existence of a policy to access information and registration;

ii) Physical security measures, including an access control to Saphety's physical facilities, by employees, partners and visitors, as well as very restricted access to Saphety's essential technology infrastructures;

(iii) Other measures, such as masking, pseudonymization and anonymization of personal data, as well as a set of measures with the objective of fulfilling the principle of data protection since its conception and by default.
Saphety will ensure that its subcontractors and third parties will be bound by contractual obligations in order to comply with the applicable legislation in this field and with the security measures deemed appropriate by Saphety.
These obligations entail, in particular, that the respective subcontractor ensures that (i) the sharing of personal data complies with the applicable legislation, (ii) the transmission is made in a secure manner, and (iii) the subcontractors or third parties are contractually bound to respect their own applicable obligations of confidentiality, with the restriction to use the personal data for any other purpose, for their own benefit or for the benefit of a third party.

Compliance with information security policies, security standards and protection of personal data is subject to periodic review, complemented by a demanding information and training program given to Saphety’s employees and partners.