DATA PROTECTION POLICY

Goya en España S.A.U., aware that the information handled in the company’s information systems and other assets, in its operations, production and maintenance work, is a highly valuable resource, has established an Information Security Management System (ISMS). This system has been defined in accordance with the requirements of the applicable regulations in force, in order to guarantee the continuity of the information systems and those assets considered critical, minimise the risk of damage and ensure compliance with the objectives set.

The objective of the Security Policy is to establish the necessary framework for action to protect information resources against threats, whether internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity and availability of information.

The effectiveness and implementation of the Information Security Management System is the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination and enforcement of this Security Policy. In its name and on its behalf, an Information Security Management System Manager has been appointed, who has sufficient authority to play an active role in the Information Security Management System, overseeing its implementation, development and maintenance.

The Information Security Committee with develop and approve the risk analysis methodology used in the Information Security Management System.

Every person whose activity could, directly or indirectly be affected by the requirements of the Information Security Management System, is strictly obliged to comply with the Security Policy.

At Goya en España S.A.U. all the necessary measures will be to comply with the applicable rules regarding information security, the security of buildings and facilities and the behaviour of employees when using computer systems. The measures necessary to guarantee information security by applying the rules, procedures and controls to ensure confidentiality, integrity, and availability of information are essential to:

  • Comply with the legislation in force regarding information systems.
  • Ensure the confidentiality of data processed by the COMPANY included in the scope of the ISMS.
  • Ensure the availability of information systems, in both services offered to clients and in internal management.
  • Ensure the ability to respond in emergency systems, re-establish critical services operations as quickly as possible.
  • Avoid undue alterations to information.
  • Promote awareness and training in information security.