PRIVACY AND PERSONAL DATA PROCESSING POLICIES

WASLA ASSOCIATION (hereinafter “WASLA”), by virtue of the Charter of fundamental

rights of the European Union, article 8 and the Federal Data Protection Act of 30 June
2017, through which provisions are established for the protection of personal data, notifies
the Holders of Personal Data processed in any way by WASLA through academic,
scientific and research events organized and / or developed by the WASLA
ASSOCIATION, this policy for processing of information (the "Policy").

The main purpose of this Policy is to inform the Holders of Personal Data of the rights that
are due to them, the procedures and mechanisms provided by WASLA to put into effect
those rights of the Holders, and to inform them of the scope and purpose of the processing
to which the Personal Data will be submitted in case the Holder grants his express, prior
and informed authorization.

WASLA is committed to the compliance of the aforementioned regulation and the

protection of the rights of individuals, and informs its stakeholders that it adopts the
following policies on the collection, processing and use of personal data.

1. LEGAL FRAMEWORK

- Basic Law for the Federal Republic of Germany, articles 1 and 2.

- Charter of fundamental rights of the European Union, article 8

- General Data Protection Regulation (Regulation (EU) 2016/679)

- Federal Data Protection Act of 30 June 2017 (implementing the GDPR) ('BDSG')

2. DEFINITIONS

In accordance with current legislation on the matter, the following definitions are
established, which will be applied and implemented taking into account the criteria for
interpretation that guarantee a systematic and comprehensive application, and in line with
technological advances, technological neutrality and other principles and premises that
govern the fundamental rights that encircle, orbit and surround the right of habeas data
and protection of personal data.

a) Personal data: means any information relating to an identified or identifiable

natural person (‘data subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural or
social identity of that natural person.
b) Processing: means any operation or set of operations which is performed on
personal data or on sets of personal data, whether or not by automated means,
such as collection, recording, organization, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction, erasure or
destruction;
c) Restriction of processing: means the marking of stored personal data with the
aim of limiting their processing in the future
d) Authorization: Prior, express and informed consent of the holder to carry out the
Processing of personal data.
e) Authorized: Refers to all persons who, under the responsibility of the Company or
the persons in charge, may conduct Personal Data Processing.
f) Privacy notice: Verbal, written or sent communication through any current
technological means issued by the Responsible party, or by any third party
designated by him/her, for the purposes, addressed to the Holder for his/her
Personal Data Processing, through which he/she will be notified about the current
policies of Personal Data Processing that will be applicable, the way to access
those policies and the purposes of the processing that will be given to the personal
data provided.
g) Database: Organized set of personal data that is subject of processing.
h) Personal datum: Any information linked, or that may be associated, to one or
more specific or specifiable natural persons.
 i) Private datum: It is the datum that due to its private or confidential nature, is only
relevant to the Holder.
j) Sensitive datum (data): Sensitive data is understood as those that affect the
privacy of the Holder or whose improper use may result in discrimination towards
the Holder, such as those that reveal racial or ethnic origin, political orientation,
religious or philosophical beliefs, membership to Unions, social, human right
organizations, or that promote the interests of any political party or that guarantee
the rights and guarantees of opposition political parties, as well as data related to
health, sex life and, biometric data, among others; the capture of still or moving
image, fingerprints, photographs, iris image, voice, facial or palm recognition, etc.
k) Person in charge of the processing: Natural or legal person, public or private,
who by himself or in association with others, performs the processing of personal
data on behalf of the person responsible for the processing.
l) Person responsible for the processing: Natural or legal person, public or
private, who by himself or in association with others, decides on the database and /
or the processing of the data.
m) Holder: Natural person whose personal data are processed.
n) Processing: Any operation or set of operations on personal data, such as
collection, storage, use, circulation or deletion thereof.

And the complementary definitions of article 3 of the General Data Protection

Regulation (Regulation (EU) 2016/679)

3. PRINCIPLES:

WASLA will define its Personal Data Processing Policy in accordance with the following
principles.

- Principle of finality: The Processing of Personal Data shall be in line with a legitimate
purpose in accordance with the General Data Protection Regulation (Regulation (EU)
2016/679) and the complementary law, which must be informed to the Holder.
- Principle of freedom: The processing can only be practiced with prior, express and
informed consent of the Holder. Personal Data may not be obtained or disclosed without
prior consent, or in the absence of a legal or judicial mandate that discontinues consent.

- Principle of veracity or quality: The information subject to Processing must be truthful,

complete, exact, updated, verifiable and understandable. The processing of partial,
incomplete, fractionated or misleading data is prohibited.

- Principle of Transparency: The Processing must guarantee the right of the holder to
obtain, at any time and without restrictions, information about the existence of data
concerning him/her.

- Principle of access and restricted circulation: Personal data, except public

information, may not be available on the Internet or other mass media, unless the access
is technically controllable to offer knowledge restricted only to the Holder(s) or third parties
authorized under the Law.

- Principle of security: Information subject to Processing must be handled with the

necessary technical, human and administrative measures to grant security to the records
avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

- Principle of confidentiality: All persons involved in the Processing of Personal Data are
obliged to guarantee the reservation of the information, even after ending their relationship
with any of the tasks that the processing comprises, and may only supply or communicate
Personal Data when this corresponds to the development of the activities expressly
authorized in the Law.

4. PROCESSING AND PURPOSES

ALAPP will conduct the Processing of Personal Data for the fulfillment of the activities of
its corporate purpose, in conformity with the provisions of the General Data Protection
Regulation (Regulation (EU) 2016/679)
 and other complementary provisions. The Processing may be conducted through
electronic, physical, automated means and / or using any known or to be known digital
means, which may vary depending on the way of collecting information.

The processing of the personal data of any person with whom WASLA had established or
established a relationship, permanently or occasionally, will be conducted within the legal
framework that regulates the matter and by virtue of its condition of academic and cultural
association.

4.1. The Personal Data processed by WASLA must be submitted strictly and only for the
purposes indicated below. Likewise, the persons in charge or third parties who have
access to the Personal Data by virtue of Law or contract, will maintain the Processing
within the following purposes:

(i) The proper development of its corporate purpose, including the use of data for the
execution of its activities;

(ii) Validate the information in compliance with the legal requirement of knowledge of the
user applicable to WASLA;

(iii) Properly provide high quality training and education services for multidisciplinary
professionals;

(iv) For the development of market research, statistics, etc., that allow WASLA's
competitiveness;

(v) To address in an efficient and timely manner the health and / or emergency
requirements that might arise during the provision of the service;

(vi) For the development of advertising campaigns, promotional material, etc., on social
networks and the media.

(vii) Manage all the information necessary to comply with WASLA's tax obligations and,
business, corporate and accounting records.
(viii) Comply with WASLA's internal processes in terms of administration of suppliers and
contractors.

(ix) The transmission of data to third parties with whom contracts have been concluded for
this purpose, for commercial, administrative, marketing and / or operational purposes
including, but not limited to, the issuance of ID cards, personalized certificates and
certifications to third parties, in accordance with the existing legal provisions.

(x) Keep and process, by computer or other means, any type of information related to the
patient's health status with the purpose of providing relevant services and products.

(xi) Security and improvement of service and the experience of the Holder through any
application, social network and / or web portal used by WASLA.

(xii) All other purposes determined by those responsible for Personal Data collection for its
due processing and which are communicated to the Holders at the time of collecting them.

4.2. Processing of sensitive data. Data categorized as sensitive may be used and
processed when:

(i) The Holder has given his/her explicit authorization for such processing, except in cases
where said authorization is not required by law.

(ii) The Processing is necessary to safeguard the vital interest of the holder and in case
he/she is deprived of his/her physical or legal capacities. In such events, legal
representatives must grant the authorization.

(iii) The Processing has a historical, statistical or scientific purpose. In this event,
measures leading to suppression of the identity of the Holders must be adopted.

4.3. Data Processing of children and adolescents: The Processing must ensure the
respect for the prevailing rights of minors. The Processing of personal data of minors is
proscribed, except for those data that are of a public nature. It is the duty of the State and
educational entities of all kinds to provide information and train legal representatives and
guardians on the potential risks that minors face in case of improper processing of their
personal data, and provide knowledge about the responsible and safe use, by the children
and adolescents, of their personal data, their right to privacy and the protection of their
personal information and that of others.

Consequently, WASLA will be strict in the handling of the personal data of all under-aged
users or visitors, and will only collect and process personal data of those children whose
parents, and / or guardians in charge, have expressed explicitly and in writing their
authorization for the purposes indicated in the respective privacy notice.

First Paragraph: The Personal Data provided by the Holder will be processed and used
only for the purposes set forth herein, and for a period counted from the moment the
authorization was granted until the period WASLA determines to be effective.

Second Paragraph: The information provided by the Holder may be shared with
agencies, bodies responsible for the information, service providers, commercial allies, their
allies, and third parties in general that provide services to WASLA or to third parties on
behalf of or at WASLA’s expense.

Third Paragraph: WASLA guarantees that the mechanisms through which it makes use
of Personal Data are safe and confidential, since they have IT security mechanisms and
suitable technological means to ensure that they are stored in such a way that unwanted
access is prevented by third parties.

5. OBLIGATIONS OF WASLA ASSOCIATION

As the party responsible for the Processing of Data, WASLA agrees with the Holders of
Personal Data to:

a) Guarantee the Holder of the information, at all times, the full and effective exercise of
the right of habeas data;

b) Keep and process by computer or other means, any type of information related to the
business, in order to provide the relevant services and products;
c) Request and keep a copy of the respective authorization granted by the holder for the
processing of personal data;

d) Duly inform the holder about the purpose of the collection and the holder's rights under
the authorization granted;

e) Keep the information under the necessary security conditions in order to prevent its
adulteration, loss, consultation, use or unauthorized or fraudulent access;

f) Timely update the information, considering this way all news concerning the owner's
data;

g) Rectify the information when it is incorrect;

h) Process the enquiries and claims formulated in the terms indicated by the current
WASLA’s Personal Data Processing Policy;

i) Inform the Holder, at his/her request, about the use given to his/her data;

j) Inform the data protection authority when there are violations of the security codes and
when the administration of the information of the Holders is at risk;

k) Comply with the instructions and requirements issued by the with the Federal
Commissioner for Data Protection and Freedom of Information ('BfDI') and the various
supervisory authorities of the Länder.

l) Refrain from circulating information that is being contested by the Holder and whose
blocking has been ordered by the with the Federal Commissioner for Data Protection and
Freedom of Information ('BfDI') and the various supervisory authorities of the Länder;

m) Use only data whose processing is previously authorized according to the provisions of
the General Data Protection Regulation (Regulation (EU) 2016/679);

n) Inform through any electronic means the new mechanisms implemented so that the
Holders of the information make their rights effective, as well as any modification to the
Personal Data Processing Policy;
o) To ensure the proper use of the personal data of children and adolescents, in those
cases in which the processing of their data is authorized by their representative;

p) Other legal and contractual obligations.

6. RIGHTS OF THE PERSONAL DATA HOLDER

In accordance with laws currently in force, the Personal Data Holders have the following
rights:

a) Know, update and rectify their Personal Data before WASLA or those in charge of
the processing. This right may be exercised, among others, against partial,
inaccurate, incomplete, fractionated, misleading data, or data whose Processing is
expressly prohibited or not authorized;
b) Request proof of the Authorization granted to WASLA, unless the Law indicates
that said Authorization is not necessary;
c) Submit requests to WASLA or the person/entity in charge of the Processing
regarding the use that has been given to their Personal Data, and that they provide
such information to them;
d) Submit complaints the Federal Commissioner for Data Protection and Freedom of
Information ('BfDI') and the various supervisory authorities of the Länder for
violations of the Law.
e) Revoke their Authorization and / or request the deletion of their Personal Data from
the Institute's databases when the Federal Commissioner for Data Protection and
Freedom of Information ('BfDI') and the various supervisory authorities of the
Länder has determined, by means of a definitive administrative act, that the
Processing of the institute or the person/entity in charge of the processing has
engaged in conducts contrary to the Law or when there is no legal or contractual
obligation to keep the Personal Datum in the database of the responsible
person/entity.
 f) Request access and gain access, free of charge, to their Personal Data that have
been processed in accordance with article 15 of the General Data Protection
Regulation (Regulation (EU) 2016/679)
g) Know the modifications to the terms of this Policy efficiently and in advance of the
implementation of the new modifications or, failing that, of the new information
processing policy.
h) Have easy access to the text of this Policy and its modifications.
i) Access, in an easy and simple way, to the Personal Data that are under the control
of WASLA to effectively exercise the rights that the Law grants Holders.
j) Know the unit in charge or the person empowered by WASLA before whom they
can submit complaints, queries, claims and any other request about their Personal
Data. The Holders may exercise their rights under the Law and conduct the
procedures established in this Policy, by presenting their national ID card or
original identification document. Minors may exercise their rights in person, or
through their parents or guardians who represent them before WASLA. Likewise,
the rights of the Holder may be exercised by the successors who can prove such
status, the representative and / or the attorney-in-fact of the holder with the
appropriate documentation.

7. AUTHORIZATION AND CONSENT.

The collection, storage, use, circulation or suppression of personal data by WASLA,

requires the free, prior, express and informed consent of the Holder thereof. In compliance
with current legislation, WASLA has adopted the following mechanisms to obtain
authorization or ratification from the Holder of Personal Data:

7.1 Means and manifestations to grant the Authorization.

The Authorization may be granted in a physical or electronic document, text message,

Internet, websites, in any other format that guarantees its subsequent consultation, or
through an appropriate technical or technological mechanism that allows to express or
obtain the consent of the Holder, whereby it can be unequivocally concluded that if a
Holder's conduct had not taken place, the data would have never been collected and
stored in the database.

For the purposes, Authorization is understood as that given through technological

mechanisms such as, but not limited to, a "click" of acceptance of our Terms and
Conditions and the Personal Data Processing Policy, when entering the data for sending
emails or "Newsletter"; completing forms on the site http://wasla.madeineuromed.com/ and
/ or by subscribing through third-party applications such as, but not limited to, Facebook,
Instagram or LinkedIn.

With this procedure of Agreed Authorization, it is expressly guaranteed that the Personal
Data Holder knows and accepts that WASLA will collect, store, use, clean, analyze,
circulate, transmit, transfer, update or delete, according to the Law, the information for the
purposes for which it is informed prior to granting the authorization, and for the purpose
contained on this document.

The Authorization requested by WASLA will establish as a minimum:

(i) The complete identification of the person from whom Personal Data are
collected;
(ii) The Authorization referred to in numeral 6.1;
(iii) The purpose of the Processing of Personal Data, and;
(iv) The rights of access, correction, update or deletion of the Personal Data
provided by the Holder thereof.

7.2 Proof of Authorization.

WASLA will use its current mechanisms and will implement and adopt the necessary and
tending actions to keep suitable technical or technological records or mechanisms of when
and how it obtained authorization from the holders of personal data for their Processing.
To comply with the foregoing, paper files or electronic repositories can be created directly
or through third parties contracted for such purpose.
 7.3 Privacy Notice. General information on data processing
For the data collected, an email will be sent to all persons of whom WASLA has Personal
Data informing them about the implementation of WASLA’s Personal Data Processing
Policy and how to exercise their rights.

In accordance with the law, the Privacy Notice is the physical, electronic, or in some other
format, document known, or to be known, that is made available to the Holder for the
processing of his/her personal data. Through this document, the Holder is provided with
the information regarding the existence of the policies of information processing that will be
applicable, the way to access said policies and the characteristics of the processing that is
to be given to personal data.

7.4 Scope and content of the Privacy Notice.

The Privacy Notice, as a minimum, must contain the following information:

1. the purposes of the processing,

2. the rights of data subjects with regard to the processing of their personal data to
access, rectification, erasure and restriction of processing,

3. the names and contact details of the controller and the data protection officer,

4. the right to lodge a complaint with the Federal Commissioner, and

5. the contact details of the Federal Commissioner.

8. RESPONSIBLE AREA AND PROCEDURE FOR THE EXERCISE OF THE

HOLDER’S RIGHTS

The Holder, his representative, his successor or his attorney-in-fact may present, at any
time, queries, requests and / or claims before WASLA to know, update, rectify, request the
deletion of his Personal Data and / or revoke the authorization. For this reason, it is the
responsibility of the entire team of direct and indirect WASLA workers, without exception,
to comply with the Information Processing Policy, and especially with due attention to the
requests, complaints and claims that the Holder submits to the company for this concept.

To exercise his/her rights, the Holder or whoever acts on his/her behalf and
representation, may submit requests, complaints and / or claims before ALAPP by the
following means:

(i) Email to: xxxx@xxxxxxx.xxx

(ii) Landline: + (3X) XXX XX XX X

Written communication by electronic means through the website

http://wasla.madeineuromed.com/

The area responsible for the management and Processing of the Databases, as the case
may be, will always be the person in charge of the customer service department, who will
be in charge of handling the requests, complaints and claims filed by the Holder in
exercise of his rights. Whatever means used, the person in charge will keep proof of the
query and its response.

The attention of a query, request, complaint or claim, in writing, by email, electronic

means, phone or verbally, will be handled according to the following procedure:

8.1 Consultation

When the main request is a query, that is, to consult personal information of the Holder
that resides in the WASLA Databases, the procedure will be as established here:

(i) The query will be formulated by filling out the WASLA formats for Petitions, complaints
and claims available on the website or by email: : xxxx@xxxxxxx.xxx

(ii) Once the query has been received, a response must be sent to the Holder, whatever it
may be, within ten (10) business days following the date when the query was received.

(iii) If it is not possible to answer the consultation within the aforementioned period, the
Holder must be notified, explaining the reasons for the delay and indicating the date on
which the consultation will be responded, which may not exceed five (5) business days
following the expiration of the first term.

8.2 Claim

When the main request is a claim, that is, when the Holder considers that the information
contained in the WASLA Databases should be subject to correction, updating or deletion,
or when he/she notices the breach of any of the duties contained in the Federal Data
Protection Act of 30 June 2017 (implementing the GDPR by WASLA, the procedure will be
as established here:

(i) The claim will be lodged through a request addressed to the person Responsible or in
charge of the Information, with the Holder's identification number, the description of the
events that give rise to the claim, the address and the documents considered necessary.

(ii) If the claim is incomplete, the Holder, or whoever acts as him, will be required within
five (5) business days after receipt of the claim to correct errors.

(iii) If, after two (2) months from the date of the correction request, the Holder or whoever
acts as him, does not submit the requested information, it will be understood that the claim
has been withdrawn.

(iv) Once a claim is received with full requirements, it must be included in the databases in
a term not exceeding two (2) business days, identifying it as "claim in process" and the
reason for it. Such label must be kept until a decision is made on the claim.

(v) If, after two (2) months from the date of the correction request, the Holder or whoever
acts as him, does not submit the requested information, it will be understood that the claim
has been withdrawn.

(vi) The maximum deadline to respond to the claim will be fifteen (15) business days
counted from the next day after it is received. When it is not possible to respond the claim
within this term, the interested party will be informed of the reasons for the delay and the
date on which his claim will be responded, which may not exceed eight (8) business days
following the expiration of the term.
(vii) In the event that WASLA receives a claim and is not competent to resolve it, WASLA
will transfer the claim to whom it may concern, to the extent possible, within a maximum
term of two (2) business days and will inform the interested party of the situation.

(viii) When the request is made by a person other than the Holder and it is not proven that
the person acts on his/her behalf, the request shall be deemed as not filed.

9. RECTIFICATION, UPDATE AND DELETION OF PERSONAL DATA:

As established in the provisions of numeral 8 above, WASLA will rectify, update or delete,
at the Holder’s request, any type of information according to the procedure and the terms
indicated in the previous article. In the case of rectification and / or update, the proposed
corrections must be duly substantiated.

Paragraph: The information Holder will have the right, at all times, to request the total or
partial deletion of his/her Personal Data and for this the procedure, established in point 8
above, will be followed. WASLA can only deny the deletion when:

i) The Holder has the legal and / or contractual duty to remain in the database;

ii) The deletion of the data hinders ongoing judicial or administrative proceedings, and;

iii) In all other cases referred to in section 57 and 58 of the Federal Data Protection Act of
30 June 2017 (implementing the GDPR), when appropriate.

10. INFORMATION SECURITY MEASURES

WASLA will adopt the technical, human and administrative measures that are necessary
to grant security to the records, avoiding their adulteration, loss, consultation, or
unauthorized or fraudulent access or use; these measures will respond to the minimum
requirements of the legislation in force.
 11. AUTHORIZATION OF COMMUNICATIONS THROUGH EMAIL AND / OR
SOCIAL NETWORKS

With the collection and due processing of personal data, WASLA will use its electronic
means such as the website, applications, social networks and / or any electronic means to
send communications to its members and / or anyone who participates in its events. The
information may contain, but is not limited to, services, research, projects, programs,
publications and academic events conducted by WASLA.

12. DESIGNATION OF THE RESPONSIBLE PERSON

WASLA designates the customer service department, or whoever is acting on its behalf, to
fulfill the function of protecting Personal Data, as well as to process the requests of the
Holders, for the exercise of the rights of access, consultation, rectification, update, deletion
and revocation referred to the Federal Data Protection Act of 30 June 2017 (implementing
the GDPR), all other norms that regulate or complement them and the Personal Data
Processing Policy.

13. VALIDITY

This Policy is effective as of [date]. Personal Data that are stored, used or transmitted will
remain in our Database, based on the criteria of temporality and necessity, for as long as
necessary, for the purposes mentioned in this Policy for which they were collected.

Databases in which personal data will be recorded shall be valid for a period equal to the
time that the information is kept and used for the purposes described in this policy. Once
these purposes are fulfilled and, as long as there is no legal or contractual duty to retain
your information, your data will be removed from our databases.

Sincerely,
WASLA ASSOCIATION -