1.- Purpose and scope
This Policy is applicable to all the companies listed below and which are part of Grupo SGEL (hereafter SGEL).
Sociedad General Española de Librería, S.A. (SGEL)
Sociedad de Inversión y Gestión de Mercancías y Artículos, S.A. (SIGMA)
Zona Europea de Negocios de Distribución Internacional y Servicios S.L. (ZENDIS)
Distribuciones Grana 2007 S.L.
AELIA Retail España S.A.
DistriRueda 2011 SLU
Celeritas Transporte S.L
SGEL considers information to be one of its most important assets. Therefore, the technical and organizational security measures needed to protect information from the threats and vulnerabilities that may affect it have been adopted to prevent the loss of, destruction of, misuse of, alteration of, unauthorized access to or theft of the Information processed by the company.
SGEL considers it has a fundamental duty to guarantee everyone the right to the privacy, confidentiality and protection of their personal data, having accepted the formal commitment to protect this right and to document the means of collection, processing and transfer of this private information. At the same time, in the course of its activity, it is subject to the obligations imposed by the current legislation covering this matter as well as the obligations related to the intellectual property rights that the regulations give to the owners of the software and other products covered by intellectual property rights that the company uses in its activity.
This Information Privacy and Use of IT Tools Policy constitutes a commitment to protect the confidentiality of all the information that the company keeps, collects, processes or communicates, and of compliance with the current legislation on personal data protection, intellectual property or any other matter related to the use and processing of information and electronic communications.
It contains and describes certain measures, without prejudice to others that may be adopted, intended to implement that commitment.
The company will ensure compliance with this policy and will consider any violation of it as a breach of contractual good faith.
2.- Confidentiality and reliability of the information
PFor the company, all the information stored in its systems and in the corporate network is confidential, and since it explicitly considers all the information handled within the company to be its property, it is especially aware of and, therefore, obliged to demand a duty of confidentiality and proper use from each and every one of the users who handle the data, applications, IT tools and any other information assets belonging to SGEL.
SGEL forbids, unless explicitly authorized, the copying, disclosure or transmission of any confidential information to third parties or to company employees and users who are not authorized to access it.
All the information handled by SGEL in the course of its activity, including specially restricted information such as SGEL’s industrial or commercial secrets, will be considered to be confidential information, as well as, but not limited to, any other information listed below:
The commercial purchase and sale terms and conditions.
The information derived from the processes used to service our customers, publishers and suppliers.
Data processed by SGEL that is considered as personal data according to the current Spanish regulations.
The customer, user, subscriber, employee, marketing plan and sales databases and any other material that is part of the company’s industrial or commercial strategy.
Information related to projects for partnership with, agreement with or purchase of companies, be these in our sector, as well as information on the development of new lines of business and the arrangements made to achieve them.
Procedures, methods, source code, calculation algorithms and any other documentation associated with business processes.
In order to maintain the reliability of the confidential information processed and managed by SGEL, technical and organizational measures will be established to ensure compliance with current regulations and to prevent incorrect, abusive or illegal practices or damage that may lead to the loss, spread, misuse, transformation or destruction of any of the information assets owned by SGEL.
3.- Confidentiality and duty of secrecy
The confidential information managed by SGEL includes processed personal data. The processing of this data entails a series of obligations for both the company and for the personnel who access that data while carrying out of their functions, according to the current Spanish regulations.
The right to the protection of personal data is recognized as a fundamental right in the Spanish legal system and is regulated under the “Ley Orgánica” (Organic Law) 15/1999, dated 13th December, on the Protection of Personal Data (LOPD) and in the Regulations which are its application, approved by “Real Decreto” (Royal Decree) 1720/2007 of 21 December (RLOPD). SGEL is subject to a constant process of adaptation and adjustment, both legal and technical, to the provisions of these regulations. Moreover, article 10 of the LOPD sets out that all persons involved in any phase of the processing of personal data are bound to apply professional secrecy to them.
According to this article, all workers who in the performance of their functions access personal data for which SGEL is responsible, are subject to a duty of confidentiality and professional secrecy with respect to such data and the duty not to disclose, release or otherwise, directly or indirectly, make them available to third parties, in whole or in part, whatever the medium in which the information is held, obligations that remain in force even after the termination of their relationship with SGEL.
Failure to comply with these obligations may lead to serious damage to the company, including, among others, the imposition of the penalties provided for in the LOPD, and that failure may also give rise to the criminal liability defined in “Titulo X del Libro II del vigente Código Penal” (Title X of Book II of the current Penal Code), and SGEL reserves the right to pass the corresponding civil and/or criminal actions on to those workers who fail to comply with the obligations shown.
In compliance with the provisions of Article 89.2 of the RLOPD, this Information Privacy and Use of IT Tools Policy, informs the worker of all the rules and obligations that affect the performance of their functions and of the consequences which may result from non-compliance with them.
4.- Security measures in place
This Privacy and Use of IT Tools, equipment, applications, Internet and E-mail Policy, which SGEL makes available to all employees and service providers for the performance of their work or commercial duties, requires the adoption of certain measures with the aim of preserving the confidentiality of the information, avoiding abuse in its use, avoiding damage that may affect the company’s assets and avoiding legal offenses related to the legislation involved, including the current legislation on personal data protection or intellectual property regulations covering the use of software for acts of piracy involving the illegal copying of proprietary software and other intellectual property-protected products that the company has licensed.
The following rules on the responsible use of computers, applications, e-mail and Internet browsing are aimed at facilitating communication and optimizing the use of electronic transmissions and are, therefore, intended to help avoid errors and bad practice in the use of this technology.
I.- General rules on the use of personal computers and peripherals, the use of applications and access to company Information.
SGEL’s computer resources, including networks and connections, should not be used for purposes other than those intended, which are those related to the performance of the activity that the user exercises for the company in fulfillment of their work obligations.
In order to prevent unauthorized access to confidential information or the improper use of the terminals, the user must take appropriate measures to prevent third parties from accessing these terminals, properly guarding their access codes and blocking their work position when they leave it.
The user takes on the duty of secrecy for the personalized access passwords that are assigned to them, and is responsible for their care and periodic updating. All passwords and access codes provided to them are considered personal, non-transferable and secret and, therefore, the user is responsible for any type of access to the network carried out using them. Should there be reason to suspect that the confidentiality of the keys may have been compromised, the company’s Systems Department should be informed immediately.
Regarding the use of printers and the copying of documents, all users should use due care and confidentiality in respect of the various reports that they print or copy, and they should accept responsibility for their care while using them.
Users must not connect to any of SGEL’s computer resources any communication equipment that makes it possible to connect to the corporate network, nor connect to the SGEL network through means other than those defined and administered by the company’s Systems Department.
In order to preserve the confidentiality of information, SGEL explicitly forbids the use of software other than that authorized and supplied by the company’s Systems Department. Therefore, the user will be personally liable for damage and loss that may be caused by the use of programs other than those previously mentioned and especially in those cases where programs are used without their corresponding licenses.
At the same time, SGEL explicitly forbids the copying, communication or transmission of information processed by the company and held in the applications, equipment, systems or files, automated or not, which the user accesses for the performance of their functions, except for the normal use for which that information is intended. It is worth reminding people of the duty of confidentiality and secrecy that the current regulations require of all those who process personal data. Therefore, any action using the systems that might compromise their stability or the information stored in them should be avoided, and the Systems Department’s officers duly informed of the faults detected.
For security reasons and in consideration of the use of the lines, downloading files should only be done for work purposes. However, given the rights protected by intellectual property regulations, SGEL is not responsible, under any circumstances, for the violation of these rights as a result of the unlawful downloading and use of any product used on the company’s computer terminals that have not been supplied by the company. To this end, and in view of the commitment made, SGEL manages and keeps up to date a register of applications used under a license to use in each of the terminals, areas and departments.
II.- Conditions of use of the Internet and Email
The company provides those employees it consider opportune the tools and applications necessary to access the Internet and to send communications via email, and expects these employees to use these tools responsibly and non-abusively.
The email account is personal and non-transferable, and unauthorized third parties are not allowed to make use of it. The actions carried out using a user account are the responsibility of that user. For security and monitoring reasons, SGEL registers the electronic connections made from its corporate accounts, a monitoring that is limited to the address, date and time of the communication and is always carried out preserving the personal privacy and fundamental rights of all users.
III. Rules on the use of professional contact data
Where it is necessary to collect and manage the contact data of customers and suppliers, this information may only concern the professional field and should be limited to the given name(s) and family name(s) of the contact person, their role or position held in the company and their professional contact details (Postal or electronic address, telephone number and fax number).
SGEL will not be responsible for any information on these contact persons beyond that indicated. Should a worker collect or process additional data, they will do so privately and under their sole responsibility.
The contact data of customers and suppliers cannot be used for any purpose other than maintaining the business relationship of such contacts to SGEL.
These standards apply to any contact list or database prepared by SGEL staff on both paper and computer media.
Last update: March 2015