1. Who are we?

NIALUM is an online platform that offers management and communication services for alumni of educational centers. Our web address is: https://www.nialum.com. NIALUM is a trademark of Netalink España 4.0, S.L. (hereinafter, "Nialum" or the "Company"), which is the creator of this website, as well as responsible for the processing of personal data that the user shares with us. The following is the general information of the Company: - Identity: Netalink España 4.0, S.L. - Address: Ramón y Cajal 5, 28100 Alcobendas, Madrid. NIF: B16812984 - Email: nialum@nialum.com Nialum has designated a Data Protection Delegate in its organization. If you want to make a query regarding the processing of your personal data, you can contact through the email indicated above.

2. What personal data do we collect and why do we collect it?

Registered user data If you register as a user on our platform, we will collect the following personal data: - Name and surname - Email - Educational center to which you belong or belonged - Year of completion of your studies - Profession and employment sector - City and country of residence - Profile photo - Social networks - Interests and preferences We use this data to: - Create and manage your user account - Offer you the platform services, such as searching for former colleagues, participation in events, requesting information, etc. - Send you communications related to the platform, such as news, news, surveys, etc. - Perform statistical and satisfaction analysis on the use of the platform and the services offered - Comply with our legal and tax obligations Web visitor data If you visit our website, we will collect the following personal data: - IP address - Browser type and operating system - Pages visited and time spent - Origin and destination of the visit - Cookies We use this data to: - Improve the browsing experience and the functioning of the web - Customize the content and advertising we show you - Perform statistical and audience analysis on the traffic and behavior of visitors to the web - Prevent and detect possible fraud, attacks or vulnerabilities in the web - Comply with our legal and fiscal obligations.

3. How do we obtain your personal data?

We obtain your personal data in the following ways: - When you register as a user in any Educational Center that uses our software creating its own platform, you provide us with your personal data voluntarily and expressly - When you visit our website, we collect your personal data automatically and anonymously, through the use of cookies and other similar technologies - When you contact us by any means, such as email, telephone, social networks, etc., you provide us with your personal data voluntarily and expressly - When you contact us by any means, such as email, telephone, social networks, etc., you provide us with your personal data voluntarily and expressly - When you contact us by any means, such as email, telephone, social networks, etc., you provide us with your personal data voluntarily and expressly.

With whom do we share your personal data?

We share your personal data with the following entities: - The educational center to which you belong or belonged, which acts as responsible for the processing of your personal data, and that hires us as data processor to offer you the services of the platform. - External service providers that collaborate with us, such as web hosting companies, sending emails, web analytics, online advertising, etc., that act as processors of your personal data, and that provide us with the tools and resources necessary for the operation of the platform and the website, Competent authorities, such as public bodies, judges, courts, etc., that may require access to your personal data for legal or judicial reasons.

5. How do we protect your personal data?

At Nialum we take the security of your personal data very seriously, and we implement appropriate technical and organizational measures to protect it from any loss, unauthorized access, use, modification or disclosure. Some of these measures are: - Encryption of communications and data using secure protocols (SSL/TLS) - Control of restricted and verified access to personal data - Training and awareness of staff on good data protection practices - Regular review and updating of security systems and policies - Auditing and monitoring of external service providers accessing personal data

6. Where do we store your personal data?

In general, data is stored within the European Union (EU). However, in the event that the processing of your data involves an international transfer of data outside the European Economic Area (EEA), Nialum undertakes to implement the necessary security measures to ensure an adequate level of safeguarding of such transfers, by means of data processor contracts and, where appropriate, will ensure that they offer an adequate level of protection, either because they have Binding Corporate Rules (BCR) or because we have subscribed to the European Commission's model clauses. For more information on service providers, please contact us at the following e-mail address: legal@nialum.com

7. What rights do you have over your personal data and how can you exercise them?

You can send your communications and exercise your rights by sending a request to the following email address legal@nialum.com. Under the GDPR you can request: - Right of information: you can request information about personal data held about you; - Right of rectification: you can communicate any changes to your personal data; - Right to erasure and to be forgotten: you can request the prior blocking or deletion of personal data; - Right to restriction of processing: this is to restrict the processing of your personal data. - Right to data portability: in some cases, you can request a copy of the personal data in a structured, commonly used and machine-readable format for transmission to another data controller. - Right to object and automated individual decision-making: you can request not to make decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect the data subject. In some cases, the request may be denied if you request the deletion of data necessary for compliance with legal obligations. Also, if you have a complaint about data processing, you may file a complaint with the competent data protection authority (Agencia Española de Protección de Datos or "AEPD").

8. What principles govern the processing of your personal data?

NIALUM’s Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for complying with the regulatory and jurisprudential framework that governs said Policy, and is capable of demonstrating this to the competent control authorities. In this regard, the data controller shall be governed by the following principles that should serve as a guide and frame of reference for all its personnel in the processing of personal data: Data protection by design: The data controller will apply, both at the time of determining the means of processing and at the time of the processing itself, appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and integrate the necessary guarantees into the processing. Data protection by default: The data controller will apply appropriate technical and organizational measures to ensure that, by default, only the personal data necessary for each of the specific purposes of the processing are processed. Data protection throughout the information lifecycle: Measures that ensure the protection of personal data will be applicable throughout the complete lifecycle of the information. Lawfulness, fairness, and transparency: Personal data will be processed in a lawful, fair, and transparent manner in relation to the data subject. Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes, and will not be further processed in a manner that is incompatible with those purposes. Data minimization: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. Accuracy: Personal data will be accurate and, where necessary, kept up to date; all reasonable steps will be taken to ensure that personal data that are inaccurate with respect to the purposes for which they are processed are erased or rectified without delay.

Storage limitation: Personal data will be kept in a manner that allows the identification of the data subjects for no longer than necessary for the purposes of processing the personal data. Integrity and confidentiality: Personal data will be processed in such a way that ensures adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by implementing appropriate technical or organizational measures. Information and training: One of the keys to ensuring the protection of personal data is the training and information provided to the personnel involved in the processing of the data. Throughout the information lifecycle, all personnel with access to the data will be properly trained and informed about their obligations in relation to compliance with data protection regulations. Lawfulness, fairness, and transparency: Personal data will be processed in a lawful, fair, and transparent manner in relation to the data subject. Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes, and will not be further processed in a manner that is incompatible with those purposes. Data minimization: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. Accuracy: Personal data will be accurate and, where necessary, kept up to date; all reasonable steps will be taken to ensure that personal data that are inaccurate with respect to the purposes for which they are processed are erased or rectified without delay. Storage limitation: Personal data will be kept in a manner that allows the identification of the data subjects for no longer than necessary for the purposes of processing the personal data. Integrity and confidentiality: Personal data will be processed in such a way that ensures adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by implementing appropriate technical or organizational measures. Information and training: One of the keys to ensuring the protection of personal data is the training and information provided to the personnel involved in the processing of the data. Throughout the information lifecycle, all personnel with access to the data will be properly trained and informed about their obligations in relation to compliance with data protection regulations.

9. Communication, commitment and review of the Data Protection Policy.

The Data Protection Policy of NIALUM is communicated to all staff responsible for the treatment and made available to all interested parties. Consequently, this Data Protection Policy involves all staff of the controller, who must know it and assume it, considering it as their own, each member being responsible for applying it and verifying the data protection rules applicable to their activity, as well as identify and provide opportunities for improvement as appropriate in order to achieve excellence in relation to compliance. This Policy will be reviewed by the Management / Governing Body of NETALINK ESPAÑA 4.0 (NIALUM), as many times as deemed necessary, to adapt, at all times, to the provisions in force regarding the protection of personal data.

Contact Nialum