Through this Policy, we inform you of the use of cookies on its website https://www.nucleoo.com information on the processing of personal data and the possibility of setting those cookies from third parties that can be used on the page.
What are cookies?
Cookies are small data files that websites install on your device to, for example, enable its operation, analyse how you reach us and your navigation on our site and improve your experience on future visits. When you browse this website, session cookies and persistent cookies are used, which in turn can be your own cookies or the third parties’.
Type of cookies
Cookies are divided into several types of classifications: by who uses them, by their duration and by the purpose of their use.
By who owns them, they are classified as:
-
Own Cookies: Those that we send to your device or terminal from our website.
-
Third-party cookies: those sent to your device or terminal from a domain or a website that is not managed by us, but by another entity that processes the data obtained through cookies.
By their duration they are classified in:
-
Session Cookies: session cookies are cookies designed to collect and store data while you access a website. They are usually used to store information that you only want to keep for the provision of the service requested by you on one occasion.
-
Persistent cookies: these are types of cookies in which the data continues to be stored on the device and can be accessed and processed for a period defined by the responsible for the cookie, which can range from a few minutes to several years.
For the purpose, they are classified as follows:
-
Functional/technical cookies: these allow the user to navigate through a web page, platform or application and the use of the different options or services that exist in it.
-
Analysis cookies: these are cookies which, when handled by us or by third parties, allow us to quantify the number of users and to measure and statistically analyse the use made of our website by the users. For this purpose, we analyse the navigation on our website in order to improve the products or services we offer.
Use of cookies
Our site uses its own and third-party cookies:
Own Cookies:
-
Functional/technical cookies: required for the correct display of the website and to ensure the correct functioning of the site. They allow you to browse our website and use the different options or services it has. With them we can, for example, control the traffic and communication of data, and use safety elements during your navigation.
| Domain | Cookie Name | Duration | Purpose | Type |
| nucleoo.com | cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary” | Necessary |
| nucleoo.com | cookielawinfo-checkbox-non-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Non Necessary” | Necessary |
| nucleoo.com | pll_language | 1 year | Polylang uses a cookie to remember the language selected by the user when he comes back to visit again the website | Functional |
Third Party Cookies:
These are cookies managed and controlled by third parties, with the purpose of providing functionalities, navigation analysis, personalization of navigation and searches.
-
Functional/technical cookies: they allow you to navigate through our page, using the different options or services we offer you, such as watching videos or sharing contents through social networks.
| Third Party Owner | Information on use and purpose |
| Google Inc. | https://www.google.es/intl/es/policies/privacy/ |
| Youtube | https://www.google.es/intl/es/policies/privacy/ |
| http://es.linkedin.com/legal/privacy-policy |
-
Analytical Cookies: Analytical cookies from the Google Analytics Service are used to analyse the behaviour of users in an aggregate and anonymous way, including the number of visitors to the website and to different internal pages, the origin of the visit, the day and the time. The IP address anonymisation has been activated on the website, and Google will only use the information to evaluate the use of the website, compiling activity reports, but may not be used to combine other data available to the Google Analytics service or Google.
| Domain | Name | Duration | Purpose | Type |
| nucleoo.com | _ga | 2 years | Records a unique identification that is used to generate statistical data about how the visitor uses the website | Analytics |
| nucleoo.com | _gid | 1 day | Records a unique identification that is used to generate statistical data about how the visitor uses the website | Analytics |
| nucleoo.com | _gat_gtag_UA | Session | Registers user identification | Analytics |
Analytical cookies from third parties installed from a domain other than www.nucleoo.com:
| Third Party Owner | Information on use and purpose |
| Google Analytics | http://www.google.com/analytics/tos.html |
| Youtube | https://www.google.es/intl/es/policies/privacy/ |
| http://es.linkedin.com/legal/privacy-policy |
| Name | Domain | Purpose | Expiration | Provider |
| li_fat_id | Various, first party domain | Member indirect identifier for Members for conversion tracking, retargeting, analytics | 30 days |
We use LinkedIn to show you relevant offers on the platform, which match your interests and use of our website. We use cookies for this, which are placed when you come to our website via LinkedIn. We share information with LinkedIn about your use of our website, which may then recognize you as a LinkedIn user. You may then see a Nucleoo ad when using LinkedIn in the future.
We use Hojar user tracking tool to understand a user’s behaviour when using the web portal, including (among other things) a user’s preferred pages, journeys between pages, the device type used to access the portal and other browser information. This information is all anonymised and helps us understand the portal’s usage so we can improve it content and performance.
| Domain | Name | Duration | Purpose | Type |
| nucleoo.com | _hjAbsoluteSessionInProgress | 30 min | This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie. | Tracking |
| nucleoo.com | _hjIncludedInPageviewSample | 30 min | This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels | Session |
| nucleoo.com | _hjIncludedInSessionSample | 30 min | This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site’s daily session limit | Tracking |
| nucleoo.com | _hjSession_ | 30 min | This ensures that subsequent requests within the session window will be attributed to the same Hotjar session | Session |
| nucleoo.com | _hjSessionUser_ | 1 year | It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID | Session |
| nucleoo.com | _hjFirstSeen | 30 min | This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions | Session |
| nucleoo.com | __hssc | 30 min | This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp | Targeting |
| nucleoo.com | __hssrc | Session | It is set to 1 and used to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session | Targeting |
| nucleoo.com | _hstc | 6 months | It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session) | Targeting |
| nucleoo.com | hubspotutk | 6 months | Tracks the identity of a visitor. It is passed to HubSpot in form submissions and is used when eliminating duplicate contacts | Targeting |
Settings of Cookies
You can decide whether or not to accept Cookies. One way you can do this is through your internet browser’s settings. To find our more information about Cookies, including information about how to manage and delete Cookies, please visit https://ico.org.uk/for-the-public/online/cookies/ or http://www.allaboutcookies.org/. To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. If you have any queries regarding this Cookie Policy, please contact us at info@nucleoo.com.
We thank you for visiting us. We want your site experience to be as good as possible.
To access our services you declare that you have the legal capacity to act according to your national law. The access and navigation on the website or the use of the services of the same imply the express and complete acceptance of these and each one of these General Conditions, including both the Particular Conditions fixed for certain promotions as the Privacy and Cookies Policy, relative to the purposes of the treatments of the data that you provide us. Please, read them carefully.
1.- Legal Information
In compliance with Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce, the identification data of the holder of the Website are:
BI4 GROUP SPAIN, S.L. (d.b.a. ‘nucleoo’)
Calle Gran Vía de Colón, 21, 3A
18001 Granada (Spain)
B86913365
Data recorded in the Mercantile Registry of Granada, at Tomes 31943, File No. 211, Inscription 1st, Sheet M-574882
For any questions or queries, you can contact us through:
Telephone: +34 958 198 003
Email address: info@nucleoo.com
The access to the User implies the express acceptance of the present General Conditions of Use, which may be modified or replaced by its owner at any time and without prior notice.
2.- General Conditions of Use
The following General Conditions regulate the use and access to the Website whose purpose is to be the gateway to Nucleoo offering information, services and content via Website. Through the Website, the User has access to information on specific products and services, tools and applications.
The User agrees to make an appropriate use of the contents, services, applications and tools that are accessible, subject to the Law and these General Conditions of Use and the Particular Conditions that may be established for access to certain services and applications, respecting the others Users of the same at all times.
In case of a total or partial default by the User, Nucleoo reserves the right to deny access to it without prior notice to the User.
3.- General Obligations of the User
The User is expressly obligated to:
-
Do not take any action intended to harm, block, damage, disable, temporarily or permanently overload the functionalities, tools, contents and / or infrastructure of the website, in a way that prevents its normal use.
-
Guard and maintain he confidentiality of the access keys associated with your User name, being responsible for the use of such personal and non-transferable access keys by third parties.
-
Do not introduce or make insulting or slanderous content, both of other Users and third parties.
-
Not to use any of the materials and information contained in this Website for unlawful purposes and expressly prohibited in these General Conditions of Use, as well as the particular conditions that are established for certain applications and / or utilities and that are contrary to the rights and interests of Nucleoo, its users and / or third parties.
-
Do not offer or distribute products and services, or advertise or unsolicited commercial communications to other Users and visitors of Nucleoo
The User will be liable for all damages and losses of any nature that Nucleoo or any third party may suffer as a result of a breach of any of the obligations to which it is subjected by these “General Conditions of Use” or the law in relation to the access and / or use of the Website.
4.- Intellectual and Industrial Property
The website, the pages it comprises and the information or elements contained therein (including texts, documents, photographs, drawings, graphic representations, among others), as well as logotypes, trademarks, trade names or other distinctive signs are protected by intellectual or industrial property rights, of which Nucleoo is owner or holds authorization for its use and public communication of the legitimate owners of the same.
The User undertakes to use the contents diligently and correctly, according to the law, morality and public order. Nucleoo authorizes the User to view the information contained in this Website, as well as to make private reproductions (simple activity of downloading and storage in their computer systems), provided that the elements are intended for personal use only. In no case shall this means an authorization or license on the property rights of Nucleoo or the legitimate owners thereof.
The User is not authorized to proceed to the distribution, modification, transfer or public communication of the information contained in this Web in any form and for whatever purpose.
5.- Links
Links to third party sites or websites have been established solely as a utility to the User. Nucleoo is not responsible for the same or its content in any case.
Nucleoo does not assume any responsibility derived from the existence of links between the contents of this Site and contents located outside the same or any other mention of contents external to this Site. Such links or mentions are for informational purposes only and do not imply the support, approval, marketing or relationship between Nucleoo and the persons or entities that author and / or manage such content or holders of the sites where they are.
It is necessary to require the express and written authorization of the portal owners to make links with the Website.
6.- Responsibility
Nucleoo does not guarantee the continued access or the correct visualization, downloading or usefulness of the elements and information contained in the Website. These elements may be impeded, hindered or interrupted by factors or circumstances beyond control or outside our control, nor of those that are produced by the existence of computer viruses on the Internet.
Nucleoo does not assumes any liability for damages, losses, claims or expenses, produced by:
(i) Interference, interruptions, failures, omissions, delays, blockages or disconnections caused by errors in telecommunication lines and networks or by any other cause beyond the control of Nucleoo;
(ii) Illegitimate intrusion through the use of malicious programs and by any means of communication, such as computer viruses or any other;
(iii) Misuse or improper use of the Website;
(iv) Security or navigation errors caused by a malfunction of the browser or by the use of non-updated versions.
Nucleoo does not take responsibility or in any case will respond to users and third parties for acts of any third party outside Nucleoo which entails or may lead to the accomplishment of unfair competition and illicit publicity or infringement of intellectual and industrial property rights, business secrets, contractual commitments of any kind, rights to honor, personal privacy and Family and image rights, property rights and any other nature belonging to a third party due to the transmission, dissemination, storage, availability, reception, obtaining or access to the contents.
7.- Personal Data Protection Policy
All the policy for the processing of personal data can be found in the Privacy Policy. It is part of these General Conditions but we have put in a separate document: Privacy Policy.
8.- Special note for children under the age of 14
We do not collect personal data from children under the age of 14. If you are under 14 years of age, you must not be able to browse the internet nor transmit personal data. If you are not sure about anything in this section, ask for help from your parents or guardians.
9.- Legislation
This Legal Notice and its terms and conditions will be governed and interpreted in accordance with the Spanish Legislation. The User consent that the competent Courts to resolve any legal action derived or related to these Conditions or the Website by default are the Courts of Madrid. It is understood that this consent is given by accessing the Website or obtaining the status of registered user.
If any clause or section of these General Conditions, which is not essential for the existence of the same, is declared null or inapplicable, the validity of the remaining clauses will not be affected.
SECURITY AND QUALITY MANAGEMENT
Information Security Management System ISO 27001 Certification Quality Management System ISO 9001 Certification
Nucleoo Information Security and Quality Management Systems are certified under the compliance with the requirements of ISO/IEC 27001 & ISO 9001
Nucleoo regards Information Security and Quality management as key assets within its business model strategy, where technology plays a leading role in providing the most advanced and efficient security services and solutions on the market, and thus providing our customers a high added value.
The ISO 27001 and ISO 9001 certifications offer our customers, as well as our suppliers and employees, an even greater guarantee in the processing of information and data, reducing the risks of fraud, loss or any other type of information leak.
Information is safeguarded in terms of:
-
Confidentiality: Information is not revealed or disclosed to unauthorized individuals, entities or processes.
-
Integrity: Protect the accuracy and completeness of information and the methods that are used to process and manage it.
-
Availability: Guaranteed access and use of the information and the systems of its treatment by the individuals, entities or authorized processes when it is required.
In order to ensure that the information security is managed correctly by Nucleoo, we have created and are making use of a systematic process, which is documented and is known throughout the organization and constitutes the Information Security Management System (ISMS) and the Quality Management System (QMS).
This policy establishes a structure for defining objectives. Nucleoo’s management commits to adhering to the relevant regulations and continuously enhancing our management systems.
With these certifications, Nucleoo offers a greater commitment to the quality and security of information for all the services we provide.
The Privacy Policy is part of the General Conditions that govern this Website.
Version 1 24th March 2018
Who is responsible for the processing of your data?
BI4 GROUP SPAIN S.L. (d.b.a. ‘nucleoo’)
Tax ID No.: B86913365
Address: Calle Gran Vía de Colón, 21, 3A, 18001, Granada (Spain).
Tel.: +34 958 198 003
Email: info@nucleoo.com
You can contact us in any way to communicate with us. We reserve the right to modify or adapt this Privacy Policy at any time. You are advised to review it, and if you have registered and you access your account or profile, you will be informed of any changes.
WEB OR E-MAIL CONTACTS
What data do we gather through the Web?
We can process your IP address, what operating system or browser you use, and even the length of your visit, anonymously.
If you provide us with information in the contact form, you will identify yourself so as to be contacted, if necessary.
-
Answering your questions, applications or requests.
-
Managing the requested service, answering your application, or processing your request.
-
Information by electronic means, which relates to your request.
-
Commercial or events information by electronic means, provided that there is express authorization.
-
Performing analysis and improvements on the Web, about our products and services. Improving our commercial strategy.
What is the legal basis for processing your data?
The acceptance and consent of the interested party: In the cases where it is necessary to fill in a form and click on the “submit” button to make a request, completing the form and submitting it will necessarily imply that you have been informed and have expressly given your consent to the content of the clause annexed to said form or acceptance of the privacy policy. All our forms show the symbol * when data are obligatory. If you do not complete these fields, or do not tick the acceptance checkbox for the privacy policy, sending the information will not be allowed. The following formula is usually shown: “I have read and agree with the Privacy policy of Nucleoo.”
NEWSLETTER CONTACTS
What data do we collect through the newsletter?
You can subscribe to the Newsletter on the Web, if you provide us with an e-mail address, to which the Newsletter will be sent.
We will only store your e-mail in our database, and then we will send you e-mails periodically, until you request cancellation, or we stop sending e-mails.
You will always have the option to cancel your subscription, in any communication.
For what purposes do we process your personal data?
-
Managing the requested service.
-
Information by electronic means, which relates to your request.
-
Commercial or events information by electronic means, provided that there is express authorization.
-
Performing analysis and improvements in mailing, to improve our business strategy.
What is the legal basis for processing your data?
Acceptance and consent of the interested party: In the cases where you subscribe, you must accept by ticking a checkbox and then click on the “submit” button. This will necessarily imply that you have been informed and have expressly granted your consent to receiving the newsletter.
If you do not tick the acceptance checkbox for the privacy policy, sending of the information will not be allowed. The following formula is usually shown: “I have read and agree with the Privacy policy of Nucleoo.”
QUALITY SURVEY
For what purposes do we process your personal data?
-
Assessing the degree of quality in the service provided
-
Improving the services offered, under compliance with the ISO
What is the legal basis for processing your data?
The legal basis is the express consent of the respondent.
PROVIDERS
For what purposes do we process your personal data?
-
Information by electronic means, that relates to your request.
-
Commercial or events information by electronic means, provided that there is express authorization.
-
Managing the administrative, communications and logistics services performed by the person in charge.
-
Billing.
-
Making any transactions as appropriate.
-
Billing and declaration of any taxes as appropriate.
-
Control and debt recovery management.
What is the legal basis for processing your data?
The legal basis is the acceptance of a contractual relationship, or otherwise your consent when you contact us or offer us your products by any means.
SOCIAL NETWORK CONTACTS
For what purposes do we process your personal data?
-
Answering your questions, applications or requests.
-
Managing the requested service, answering your application, or processing your request.
-
Connecting with you and creating a community of followers.
What is the legal basis for processing your data?
The acceptance of a contractual relationship in the environment of the social network in question, and in accordance with its Privacy policies.
Facebook http://www.facebook.com/policy.php?ref=pf
Instagram https://help.instagram.com/155833707900388
Twitter http://twitter.com/privacy
Linkedin http://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Pinterest https://about.pinterest.com/es/privacy-policy
Google* http://www.google.com/intl/es/policies/privacy/
*(Google+ and Youtube)
JOB SEEKERS
What personal data do we use and for what purpose do we treat them?
-
All the personal data provided by the candidate are included in the files owned by Bi4 GROUP SPAIN SL (d.b.a. ‘nucleoo’) for the purpose of organization of selection processes for hiring employees, giving you an appointment for job interviews or/and assessing you as a candidate in the different selection processes in which you have registered or in which the company considers that your profile fits.
-
If you tick the checkbox for acceptance of the privacy policy, you give us your consent to pass your job application on to the entities that make up the group of companies in order for you to be included in their personnel selection processes. If you do not check the acceptance policy of the privacy policy, the information will not be submitted.
The data provided will be kept until the award of a position, at most 1 year or until you freely communicate us your right to access them, modify inaccurate data or deletion / cancellation.
What is the legal basis for processing your data?
The legal basis is your unequivocal consent, when you send us your CV.
Do we include third-party personal data?
No. As a general rule we only process data sent by their owners. If you supply us with third-party data, before you do so you must inform such third party and ask for its consent; otherwise, you hold us harmless for non-compliance with this requirement.
And children’s data?
We do not process data about children under 14 years of age. Therefore, please refrain from supplying such data if you are not that age or, as the case may be, from supplying data about third parties who are not that age. Nucleoo declines any responsibility for non-compliance with this provision.
Do we make electronic communications?
-
They are made only to deal with your application if electronic communication is one of the means of communication you have supplied us with.
-
If we make any commercial communications, it will be because they have been previously and expressly authorized by you.
What security measures do we apply?
You can keep your mind at rest: We have adopted an optimal level of protection for the Personal Data that we handle, and we have installed all the means and technical measures at our disposal according to the state of technology to avoid personal data loss, misuse, alteration, unauthorized access and theft.
Who will your data be transferred to?
Your data will not be transferred to third parties, unless there is a legal obligation to do so. Specifically, your data will be communicated to the Inland. Revenue and to banks and financial entities for collection for the service provided or product acquired and to those in charge of data processing, as necessary to perform the agreement.
In the event of purchase or payment, if you choose an application, platform, bank card, or another on-line service, your data will be transferred to that platform or will be processed in its environment, always with the utmost security.
When we let them know, the web development and maintenance company, or the hosting company, will have access to our web. These companies will have signed a service provision agreement that obliges them to uphold the same privacy standards as we do.
When US applications are used, any international data transfer will adhere to the Privacy Shield agreement, which guarantees that US software companies comply with European data protection policies as regards privacy.
Your rights
-
To know if we are processing your data or not.
-
To access your personal data.
-
To request rectification of your data if they are wrong.
-
To request suppression of your data if they are no longer necessary for the purposes for which they were collected or if you withdraw the consent you gave us.
-
To request limited processing of your data, in certain situations, in which case we will keep them only in accordance with the regulations in force.
-
To port your data, which you will be supplied with in a structured, commonly used or mechanical reading form. If you prefer, we can send them to the new manager you designate. This is valid only in certain cases.
-
To file a claim with the Spanish Data Protection Agency or competent control authority, if you feel that we have not treated you properly.
-
To withdraw your consent for any processing for which you gave our consent, at any time.
If any of your data changes, we will be grateful if you let us know, so as to keep them updated.
Would you like a form to exercise your rights?
-
We have forms for you to exercise your rights. You can apply for them by e-mail or if you prefer you can use the forms prepared by the Spanish Data Protection Agency or third parties.
-
These forms must be electronically signed or accompanied with photocopy of your ID document.
-
If someone represents you, you must attach copy of their ID document, or they must sign with their electronic signature.
-
Forms can be submitted in person at or sent by letter or by mail to the address of the person in charge indicated at the beginning of this text.
How long do we take to reply to the exercise of your rights?
It depends on the right, but at the most a month after your request and two months if the issue is very complex and we notify you that we need more time.
Do we process cookies?
If we use cookies that are not the necessary ones, you may consult the Cookies policy.
How long do we keep your personal data?
-
Your personal data are kept for as long as you have a relation with us.
-
Once that relation is terminated, the personal data processed for each purpose will be kept for the legally established periods, including the period within which a judge or a court may request them, the lapse period for legal actions being taken into account.
-
Processed data will be kept for as long as the legal deadlines referred to above do not expire, if there is a legal obligation to keep them, or, if there is no legal deadline, until the interested party requests to have such data suppressed or the consent given by such interested party is withdrawn.
-
We will keep all information and communications about your purchase or the provision of our service for as long as the guarantees over products or services are valid, so as to deal with possible claims.
-
For each data treatment or type of data, we provide you with a specific period, which you can consult in the following table:
| File | Document | Preservation |
| Curriculums | Until the award of a vacancy, max 1 year or until you freely communicate us your right to access them, modify inaccurate data or deletion / cancellation. | |
| Marketing | Databases or web visitors. | During the treatment of the data. |
| Suppliers | Invoices | 10 years. |
| Contracts | 5 years. | |
| Legal | Intellectual and Industrial Property Documents. Contracts and agreements. | 5 years. |
| Permits, licenses, certificates. | 6 years from the expiration day of the permit, license or certificate. | |
| Confidentiality and non-competition agreements. | Always the term of the obligation or confidentiality. | |
| LOPD | Treatment of personal data, if different from the treatment notified to the Spanish Data Protection Agency (AEPD) | 3 years. |
| Personal data of employees stored in the network, computers and communication equipment used by them, access controls and internal management / administration systems. | 5 years. |
Introduction
Information security is the protection of information against a wide range of security threats in order to guarantee business continuity, minimize business risks and maximize the return on investments and business opportunities.
The Management of Bi4 Group Spain is aware of the importance of identifying and protecting its information assets, avoiding the disclosure, modification and unauthorized destruction of all information related to our customers, employees, knowledge base, manuals, documents, cases, the source codes, strategies, management and other concepts; committing to develop, implement, maintain and continuously improve the Information Security Management System (ISMS).
The Management wants to affirm its support, approval and the assignment of the necessary resources for its execution, urging that it is distributed to all the staff with the associated documentation so that they know and comply with the requirements.
Area of Application
This Security Policy affects the Information Systems managed by Bi4 Group Spain, that should be carried out on a compulsory basis by all the personnel of the organization. In the same way, it should be applicable to all the collaborating entities that use the information and the systems owned by Bi4 Group Spain.
The Information Security Policy uses as reference the criteria of the International Standard ISO/IEC 27001 and adopts the necessary precautions to guarantee the level of security required by the current legal framework with regards to the information security, especially in relation to the Personal Data Protection (Law 3/2018 of 5 December on Personal Data Protection and GDPR).
Scope
The scope of this Security Policy applies to the development of the platforms within the environment managed by Bi4 Group and it does not apply to the developments within the environment managed by our customers.
Goal
The main goal of this Security Policy is to establish an action model that allows us to develop a company culture, the process and making decisions in Bi4 Group Spain as well as making sure that the information security and the confidentiality of the Personal Data is protected and consistent:
-
Confidentiality: Make sure that only authorised people can access the information and the systems.
-
Integrity: Ensure the accuracy of the information and protection of the systems against any changes, losses or destruction, whether accidental or fraudulent.
-
Availability: Ensure that the information and the systems can be used as required and on time.
The above mentioned parameters are essential for compliance with the current legislation relating to the information security and the provision of quality service.
Our company management values the importance of availability and confidentiality of its information as its main criteria for risk estimations and even more for its clients. Thus, it commits to develop, implement, maintain and constantly improve its Information Security Management System (ISMS) with the aim of continuous improvement of the way we provide our services and how we treat the information of our clients. Therefore, the policy of Bi4 Group Spain is the following:
-
To establish the objectives with relation to the Information Security annually.
-
To fulfill the legal, contractual and business requirements.
-
To carry out the training and the Information Security awareness activities for all the personnel.
-
To develop the analysis process, management and risk assessment for the information assets.
-
To establish the control objectives and the corresponding controls to mitigate the detected risks.
-
To establish employee responsibility in relation to:
-
Reporting security violations.
-
Preserving the confidentiality, integrity and availability of information assets in compliance with the current policy.
-
Complying with the policies and the inherent procedures to the Information Security Management System.
-
Responsibilities
The Security Manager will be directly in charge of the maintenance of this policy, providing his guidance and advice for its implementation and corrections in case of a failure of its compliance.
System Policy Management
The present Information Security Policy will always be aligned with the company General Policy and with the other internal management systems, such as the quality and the environmental policies.
The basis for the deployment of procedures and compliance with the principles of information security resides in the adequate awareness of all the users, both internal and external.
Therefore, the necessary training and awareness actions must be undertaken in order to reduce the IT security risks related to the lack of knowledge or inappropriate use.
Last update: September 2022