ZENNIO PRIVACY POLICY FOR Z70 Introduction Zennio Avance y Tecnología S.L. ('Zennio' or 'we/us') is committed to protecting the privacy of all users of our Website, App and Services ('You/r', the 'User'). This Privacy Policy explains our practices regarding the use of personal data collected and processed through the part of our website (www.zennio.com) dedicated to the Z70 and the App 'Z70 Remote' and is part of our Terms of Service. 1. DATA CONTROLLER The entity responsible for your data is Zennio Avance y Tecnología S.L., with Tax Number B45586724, domiciled in Río Jarama, 132. Nave P-8.11, 45007, Toledo, España. All communications regarding the processing of your personal data shall be directed to info@zennio.com. 2. PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE USE IT 2.1 Data collected in our App - Connecting the Z70 Device and the Z70 Remote Control App. In order to connect your device, we collect and process the following data about you: device ID, location, IP, device description, connexion code, screen use, connections with other device and user accounts, and device configuration. - App users. When people create a user account, we will automatically collect the following information: user name, email address, password and profile picture. 2.2 Data collected in our Z70 website - Web users. When people access our website without being registered, we will automatically collect the following information: user name, email address, password and profile picture. It is important that the personal data we have about you is accurate and current. You are responsible for the accuracy of the information you provide to us and you are expected to update the information you provide to us. 2.3 Data use General. We use your personal data to: - Create your profile. - Detect and solve errors. - Provide our service of remote control. - Perform an internal analysis of operations and users to improve our service according to the preferences of the Users using the app and the Z70 Device. This analysis is anonymous. - Comply with the legal, administrative or judicial obligations to which we are subject. 3. LEGAL BASIS The legal basis of our processing of personal data are the following: - For registered and non-registered users, the processing of data is necessary to perform the contract in order to provide them with our remote control service. - Registered users also provide us their express consent to process their data, when signing up in the platform accepting this Privacy Policy. In certain circumstances, we may process your data in accordance with this policy to comply with a legal or regulatory obligation to which we are subject. 4. DATA DISCLOSURE We treat your personal data confidentially in accordance with the applicable legislation. Unless stated otherwise, your personal data will not be provided to third parties. Specifically, we disclose your data as follows: - We can give access to your personal data to our service providers under contracts for the provision of services in favour of the company. Among the others, Amazon Web Services which servers are located in Ireland. We require that all third parties respect the security of your personal data and treat them in accordance with the law. We do not allow our external service providers to use your personal data for their own purposes and we only allow them to process your personal data for specific purposes and in accordance with our instructions. - We can make the personal data available to any company interested in buying or buying the Company or a part of your business and, consequently, give access to any national or international auditors to carry out their 'due diligence'. - We can make the data available to the authorities to investigate suspicions of fraud, harassment or other violations of any law, rule or regulation, or the policies of the website. 6. DATA RETENTION We only keep your personal data for as long as it is necessary to fulfil the purposes for which we have collected them, even to comply with legal, accounting or information requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, if we can achieve those purposes through other means and the applicable legal requirements. 7. SECURITY MEASURES We implement security measures and personal data protection schemes as required by law to maintain the confidentiality and integrity of your data and protection against unauthorised access, modification or destruction. 8. YOUR RIGHTS You have rights under data protection laws in relation to your personal data. Specifically, you have the right to: - Request access to your personal data (commonly known as a 'data subject access request'). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. - Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. - Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. - Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. - Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. - Request the transfer of your personal data to you or to a third party (right to data portability). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. - Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. The aforementioned rights may be effective by contacting us at info@zennio.com. You also have the right to make any complaint to the competent authority, in this case the Spanish Data Protection Agency (Agencia Española de Protección de Datos), C/. Jorge Juan, 6, 28001 Madrid, Spain. 9. GENERAL We reserve the right to amend the terms of this Privacy Policy and will notify you by providing a clear notice of these changes by email or on our Website, and in this Privacy Policy. If you continue to use our Services after such update, you will be deemed to accept the new terms. If you do not accept the update, please terminate your account or notify us and we will terminate your Account and remove any of your personal data (except as required to be maintained for legal purposes), and you will not be able to continue to use our Services. Unless a specific local regulation sets forth to the contrary, the Privacy Policy is governed by the laws of Spain. Version 1: 1st of October 2019