I. PERSONAL DATA PROTECTION POLICY
RH BUGGY C.B. (the „Company“) is an organization in which data processing
activities of a personal nature take place, which gives it an important responsibility
in the design and organization of procedures so that they are aligned with legal
compliance in this matter. In the exercise of these responsibilities and in order to
establish the general principles that should govern the processing of personal data
in the Company, approves this Policy of protection of personal data, which notifies
its employees and makes available of all its interest groups.

2. Purpose

The Policy of protection of personal data is a measure of proactive responsibility
that has the purpose of ensuring compliance with the applicable legislation in this
matter and relation to it, respect for the right to honor and privacy in the treatment
of data of a personal nature of all the people who are related to The Company. In
accordance with the provisions of this Personal Data Protection Policy, the Principles
that govern the data processing in the organization and, consequently, the
procedures, and the organizational and security measures that the people affected
by it, are established. This Policy is committed to implement in their area of
responsibility. To this end, the Directorate will assign the responsibilities to the
personnel that participate in the data processing operations.

2. Area of Application

This Policy of protection of personal data will apply to the Company, its
administrators, managers and employees, as well as to all persons who are related
to it, with the express inclusion of service providers with access to data (“ Managers
of the treatment „)

3. Principles of the processing of personal data

As a general principle, The Company will scrupulously comply with the legislation on
the protection of personal data and must be able to demonstrate it (Principle of
„proactive liability“), paying special attention to those treatments that may pose a
greater risk to the rights of those afected (Principle of „risk approach“).
In relation to the exposed RH BUGGY C.B. will ensure compliance with the following
Principles:
• Legality, loyalty, transparency and limitation of the purpose. The data
processing should always be informed to the affected party, through clauses
and other procedures; and it will only be considered legitimate if there is
consent to the processing of data (with special attention to the one provided
by minors), or has another valid legitimation and the purpose thereof is in
accordance with the Regulations.
• Data minimization. The data processed must be adequate, relevant and
limited to what is necessary in relation to the purposes of the treatment.
• Accuracy. The data must be accurate and, if necessary, updated. In this
regard, the necessary measures will be taken so that personal data that are
inaccurate with respect to the purposes of the processing are deleted or
rectified without delay.
• Limitation of the conservation period. The data will be maintained in such a
way as to allow the identification of the interested parties for no longer than
necessary for the purposes of the treatment.
• Integrity and Confidentiality. The data will be treated in such a way as to
guarantee an adequate security of the personal data, including the protection
against the unauthorized or illicit treatment and against its loss, destruction
or accidental damage, through the application of the appropriate technical or
organizational measures.
• Data transfers. It is forbidden to purchase or obtain personal data from
illegitimate sources or in those cases in which said data has been collected or
transferred in contravention of the law or its legitimate origin is not
sufficiently guaranteed.
• Hiring of suppliers with access to data. Only suppliers that offer sufficient
guarantees to apply appropriate technical and security measures in data
processing will be selected for hiring. With these third parties will be
documented due agreement in this regard.
• International data transfers. Any processing of personal data subject to
European Union regulations that involve a transfer of data outside the
European Economic Area must be carried out in strict compliance with the
requirements established in the applicable law.
• Rights of those affected. The Company will provide those affected with the
exercise of the rights of access, rectification, deletion, limitation of treatment,
opposition and portability, establishing for this purpose the internal
procedures, and in particular the models for their exercise that are necessary
and timely, which must meet, at least, the legal requirements applicable in
each case.
The Company will promote that the principles contained in this Policy of protection
of personal data are taken into account (i) in the design and implementation of all
work procedures, (ii) in the products and services ofered (iii) in all the contracts
and obligations that they formalize or assume and (iv) in the implementation of any
systems and platforms that allow the access of employees or third parties and / or
the collection or processing of personal data.

4. Commitment of workers

The workers are informed of this Policy and they are aware that the personal
information is an asset of the Company, and in this respect they adhere to it,
committing to the following:
• Carry out awareness training on data protection that the Company puts at your
disposal.
• Apply security measures at the user level that apply to their job, without
prejudice to the design and implementation responsibilities that could be attributed
to them based on their role within RH BUGGY C.B ..
• Use the established formats for the exercise of Rights by those affected and
inform the Company immediately so that the response can be made effective.
• Inform the Company, as soon as it becomes aware, of deviations from the
provisions of this Policy, in particular of „Personal data security breaches“, using the
format established for this purpose.

5. Control and evaluation

An annual verification, evaluation and evaluation will be carried out, or whenever
there are significant changes in data processing, the efectiveness of technical and
organizational measures to ensure the safety of the treatment.

RH BUGGY C.B.