INFORMATION SECURITY AND DATA PROTECTION POLICY

MATRICES ALCÁNTARA S.L. is a legally established organization specialized in the manufacturing of stamped and welded metal parts, as well as in the design and production of dies. In order to achieve its objectives, the company relies on ICT systems (Information and Communication Technologies). Being fully aware of the importance and relevance of information security within the organization, we consider that these systems must be managed with due diligence, implementing appropriate measures to protect them against accidental or deliberate damage that may affect the availability, integrity, or confidentiality of the information processed or the services provided.

To defend against such threats, a strategy is required that adapts to changing environmental conditions in order to ensure the continuous delivery of services.

Senior Management and all personnel must apply the established measures, continuously monitor service performance levels, track and analyze reported vulnerabilities, and prepare effective responses to incidents in order to ensure service continuity.

Management is committed to ensuring that ICT security is integrated into all projects from their inception. To this end, information security systems are implemented based on strategy, applicable legislation, contracts, and agreements with third parties.

To guarantee the security of all information, Matrices Alcántara S.L. undertakes to:

  • Prevent, or at least minimize as much as possible, any negative impact on information or services caused by security incidents. For this purpose, minimum security measures are implemented, along with any additional controls identified through risk and threat assessments.

These controls, as well as the roles and responsibilities of all personnel regarding security, are clearly defined and documented. To ensure compliance with this policy, the organization will:

  • Authorize systems prior to going into operation.
  • Regularly assess security, including evaluations of routine configuration changes.
  • Request periodic reviews by third parties to obtain independent assessments.
  • Continuously monitor operations to detect anomalies in service performance levels and act accordingly.
  • Establish detection, analysis, and reporting mechanisms to inform responsible parties regularly and whenever significant deviations from predefined parameters occur.

In the event of incidents:

  • Establish mechanisms to respond effectively to security incidents.
  • Designate a point of contact for communications regarding incidents detected within the organization or related entities.
  • Ensure the availability of critical services and develop ICT continuity plans as part of the overall business continuity and recovery strategy.
  • Periodically review the proper functioning of the information security system.

With the implementation of the information security system, Matrices Alcántara S.L. aims to achieve the following objectives:

  1. Align information security with business strategy to support organizational objectives.
  2. Establish necessary measures to ensure information security.
  3. Define security policies for the proper protection of information.
  4. Monitor and report processes to ensure security.

Consequences of Non-Compliance

Matrices Alcántara S.L. has various mechanisms to respond to breaches of established policies and procedures (depending on the severity of the violation and the damage caused to the company):

  • Disciplinary proceedings may be initiated against the employee, with sanctions in accordance with labor legislation.
  • In cases of serious or very serious breaches, or repeated minor infractions, the violation may result in disciplinary dismissal.
  • If the company incurs any penalties, liabilities, or compensation payments as a result of an employee’s breach of these regulations, it may claim reimbursement from the employee for the amounts paid, as well as any associated damages and costs (provided that such actions are attributable to the employee’s bad faith).

Signed: José Vicente Alcántara Fenollosa
Museros (Valencia), July 10, 2025