Information security policy

1. Commitment

JAVALI undertakes to protect the information processed on the CAIXA SEGURA platform, ensuring its confidentiality, integrity and availability, in line with good information security practices and the GDPR.

2. Objectives

• Minimising the risk of loss, alteration or improper access to data
• Guaranteeing continuity of service and protection against incidents
• Complying with legal and contractual requirements

3. Technical and organisational measures

• Encrypting data in transit and at rest
• Managing access by profile and need
• Automatic backups in a secure location
• Monitoring logs and critical access
• Regular infrastructure updates and security fixes
• Training technical teams in cybersecurity

4. Incident management

Any security incident will be reported to the Client in good time and dealt with in accordance with JAVALI's response plan, including:

• Containment and correction
• Communication to the person responsible for handling
• Recording and auditing the event

5. Continuous improvement

The security policy will be reviewed periodically and whenever there are significant changes to the platform or the legal framework.

Last updated: 29 September 2025