When managing Personal Data as Data Controller, the SJL
Group (San Jose Lopez) and the Staff of the SJL Group agree that Personal Data will be:
– Processed by the SJL
Group in a lawful, fair and transparent manner with regard to the Data Subject (“lawfulness, loyalty, transparency”);
– Collected for specified, explicit and legitimate purposes, and that they will not be further processed in a manner incompatible with those purposes (“purpose limitation”);
– True and, if necessary, kept up to date; all reasonable measures must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
– Processed in such a way as to ensure adequate security of Personal Data, including protection against unauthorised or unlawful processing and against loss, destruction or damage caused by accident, using appropriate technical or organisational measures (“integrity and confidentiality”); – Stored in a form that allows the identification of the Data subjects for no longer than is necessary for the purposes for which they are processed; Personal Data may be stored for longer periods of time if they are processed exclusively for archiving purposes in accordance with the applicable regulations on prescription.

Security and confidentiality
Group takes reasonable precautions to protect Personal Data against destruction or loss, alteration, disclosure or unauthorized, accidental or unlawful access. These precautions include technical, physical and organisational security measures, such as measures to prevent unauthorised access. The applicable measures remain confidential, but are duly documented in the information technology and risk management policies adopted by the SJL Group.

Transfer of Personal Data
Group processes and will oblige Third Parties to process Personal Data in appropriate jurisdictions in accordance with the provisions of the applicable data protection law(s). If the Processing involves a transfer of Personal Data to a country outside the European Union that is not covered by one of the exceptions provided for by applicable data protection laws, the SJL Group undertakes to secure the transfer by means of contractual clauses.

Contact, Questions & Complaints

In order to exercise your rights, express a concern, raise a question, make a complaint or obtain more information about the Processing of your Personal Data by the SJL
Group, you can send an e-mail to the following address:, attaching valid proof of identity (unless the Person concerned is employed by the SJL Group). The SJL
Group undertakes to respond to your request within a reasonable time, which will not exceed 3 months, depending on the complexity of the request and/or the number of requests it receives.

Changes to this Policy
Group may amend this Data Privacy Policy from time to time to reflect its current privacy practices. When we amend this statement, we will revise the “update” date at the top of this document. We encourage you to review this Privacy Policy regularly to keep yourself informed of how the SJL Group protects your Personal Data.