Security and Data Protection Policy of WORLD TALENT ADVERTISING AND COMMUNICATIONS S.L.

This report outlines the principles and security foundations by which WORLD TALENT ADVERTISING AND COMMUNICATIONS S.L. operates.

 

1. Introduction:

In our organization, we are committed to ensuring information security and personal data protection. This policy aims to establish the principles and guidelines to achieve a secure and protected environment for our information and the personal data we handle. The ISMS manager, with the approval of the senior management of WORLD TALENT ADVERTISING AND COMMUNICATIONS S.L., will establish and communicate an Information Security Policy (ISP) that reflects its commitment to information security in the systems that support HR Marketing services. The ISP must include:

2. Commitment Statement:

At WORLD TALENT ADVERTISING AND COMMUNICATIONS S.L., we are committed to ensuring the confidentiality, integrity, and availability of information in the systems that support our HR Marketing services. Information security is fundamental to providing a reliable service and protecting our clients’ assets.

We commit to maintaining the confidentiality, integrity, and availability of information and personal data. This means:

  • Confidentiality: We do not disclose confidential information to unauthorized persons. Everyone must protect confidential information and use it only for legitimate and authorized purposes.
  • Integrity: We ensure that information and personal data are not altered without authorization. We take measures to prevent unauthorized modifications and ensure that information is accurate and reliable.
  • Availability: We ensure that information and personal data are available when needed. This involves maintaining the necessary systems and resources in proper working order and taking measures to prevent unplanned interruptions.

3. Information Security Objectives:

Protection of Information Assets and Personal Data: We are all responsible for protecting information assets and personal data. This includes:

  • Proper use of systems and resources: We use the organization’s systems and resources securely and responsibly. We do not share passwords or allow unauthorized access to information and personal data.
  • Classification and labelling: We classify information according to its level of confidentiality and label it appropriately. This helps us protect and control access to information based on its sensitivity level.
  • Access control: We implement access control measures to ensure that only authorized individuals have access to information and personal data. This includes using strong passwords, multi-factor authentication, and role-based access restrictions.

4. Scope of the Information Security Policy: VOY POR AQ

The ISP covers all information security systems used in providing the company’s services. This includes:

a- Technological Systems: All systems, infrastructures, and applications used to store, process, or transmit information related to HR Marketing services.

b-Physical Infrastructure: Facilities, equipment, and physical access controls that protect stored systems and data.

c- Personnel: Employees and third parties interacting with information security systems and having access to HR Marketing service information.

d- Processes: Procedures and controls established to manage information security, including incident management, system monitoring and auditing, and change management.

5. Compliance Commitment:

We comply with all applicable laws and regulations related to information security and personal data protection. This includes compliance with privacy laws, data retention regulations, and security breach notification requirements.

We establish procedures for managing security incidents and responding to potential breaches. This allows us to act quickly to mitigate any negative impact on information security and personal data protection.

The ISMS manager, under the supervision of senior management, ensures that all employees and stakeholders are informed about and understand the ISP. This is achieved through:

a- Internal communication: The ISP is communicated clearly and effectively through various communication channels, such as emails, meetings, and intranet.

b- Training and awareness: Information security training and awareness are provided to all employees, including an understanding of policies, individual responsibilities, and best security practices.

c- Compliance and sanctions: Mechanisms are established to ensure compliance with the ISP, and consequences for non-compliance are defined, including possible disciplinary actions.

6. Information Security Policy Review:

The ISP will be periodically reviewed to assess its effectiveness and ongoing relevance. This includes:

a- Scheduled reviews: The ISMS manager, along with senior management, will establish a program of periodic ISP reviews to ensure that it remains relevant and appropriate as risks and requirements evolve.

b- Senior management participation: The ISP review will involve active participation from senior management.

 

Pedro García-Cano Salgado

Firma Pedro García-Cano

Chairman & CEO