Loading...

INFORMATION SECURITY POLICY

In accordance with the obligations established in:
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
• Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD)

 

  1. Purpose

The business activity of Helios RE Socimi, S.A. and its subsidiaries (hereinafter HLRE Socimi) is based on the processing of different types of data and information, which allows it to execute basic business operations. The systems, programs, communications infrastructures, files, databases, archives, etc. are the main asset of HLRE Socimi, such that their damage or loss would affect the performance of its operations and could jeopardise the continuity of HLRE Socimi.

The Information Security Policy defines and outlines the objectives and responsibilities of the various technical and organisational actions required to ensure information security, always complying with applicable legal regulations and directives, specific policies and defined procedures.

These actions are selected and implemented based on a risk analysis carried out and the balance between acceptable risk and cost of the measures.

Those responsible for the group’s information assets (detailed in the Risk Analysis) and the person in charge of Information Security and IT must define the security requirements, and identify and prioritise the importance of the different elements of the activity carried out, so that the most important and/or sensitive processes will receive greater protection.

It is the responsibility of the HLRE Socimi Management team (as this term is defined below) and the Area responsible for Information Security to encourage and support the implementation of the necessary technical and organisational measures that will minimise the potential risks the information is exposed to, in order to ensure the strategic objectives of the business are achieved.

The purpose of this Policy is to ensure an adequate protection of HLRE Socimi information through the following security principles:

  • Confidentiality: guarantee that the information is accessible only to those who are authorised.
  • Integrity: guarantee the accuracy and completeness of the information and its processing.
  • Availability: guarantee authorised users’ access to information and its associated assets when they need it.

These basic principles must be preserved and ensured in any of the forms that the information takes –electronic, printed, visual or spoken– and regardless of whether the information is processed in HLRE Socimi departments or not.

Similarly, the above principles must be considered in the following security areas:

  • Physical: Includes the security of the departments, installations, hardware systems, supports and any physical asset that processes or may process information.
  • Logical: Includes the protection of electronic communication and computer systems applications, networks and prototypes.
  • Political-corporate: Comprising security aspects related to the entity itself, internal rules, regulations and legal regulations.

 

  1. Declaration of Intent

The manager or external manager of HLRE Socimi, Grupo Lar Inversiones Inmobiliarias, and the directors responsible for the Company’s Information Security (all together, “Management”) are aware of the importance of Information Security for the company to ensure an optimal degree of competitiveness in the current market.

Thus, HLRE Socimi has developed this Information Security Policy and the corresponding procedures that guarantee the confidentiality, integrity and availability of the information.

The Management team has tried to define the most appropriate processes HLRE Socimi must carry out to improve their Information Security Systems with the opinion that it will result in greater efficiency in its production processes. On this basis, when the specific applications or solutions to the points contained in this document are detailed, it will be done from that perspective, in order to develop as much as possible all solutions that ensure HLRE Socimi information is more secure.

The final purpose of the comprehensively defined and developed system is to offer our clients the best service, improving our processes and scrupulously respect their legally established rights.

For all these reasons, the HLRE Socimi Management team would like to expressly note its knowledge and approval of the policies contained in this document, ensuring every employee understands it and adopts it as part of their job description.

For all this to be possible, and for the proper development of what is established herein, both at the beginning of the project and in its future maintenance, the necessary resources will be allocated.

 

  1. Information Security Policy

HLRE Socimi bases its activity on the processing of different types of data and information, which allows it to execute basic business operations. The systems, programs, communications infrastructures, files, databases, archives, etc. are the main asset of HLRE Socimi, such that their damage or loss would affect the performance of its operations and could jeopardise the continuity of HLRE Socimi. This Information Security Policy has been designed to ensure this does not happen; its main purposes are to:

  • Protect information assets (through controls/measures) against threats that may lead to security incidents.
  • Mitigate the effects of security incidents.
  • Establish an information and data classification system to protect critical information assets.
  • Define responsibilities in terms of information security, resulting in the corresponding organisational structure.
  • Develop a set of rules, standards and procedures applicable to management bodies, employees, partners, external service providers, etc.
  • Specify the effects of non-compliance with the Security Policy in the workplace.
  • Evaluate the risks affecting information assets to adopt the appropriate security measures/controls.
  • Verify the operation of security measures/controls through internal security audits carried out by independent auditors.
  • Train users in security management and information and communication technologies.
  • Protect people in the event of natural disasters, fires, floods, terrorist attacks, etc. through emergency plans.
  • Control information and data traffic through communications infrastructures or by sending optical, digital, paper, etc. data media.
  • Monitor data protection, intellectual property, employment, information society services, criminal, etc. legislation that affects HLRE Socimi information assets.
  • Protect HLRE Socimi intellectual capital, ensuring it is never disclosed or used unlawfully.
  • Obtain evidence to prove any security incidents and the identification of their perpetrator.
  • Reduce the possibilities of unavailability through the proper use of HLRE Socimi information assets.
  • Defend information assets against internal or external attacks so that they do not become security incidents.
  • Control the operation of security measures by knowing the number of incidents, their nature and effects.
  • Guarantee the security of information systems and take extreme precautions with external connections and access; for example, in the case of remote work, protecting devices with different tools that increase their security, and information access communications through the HLRE Socimi VPN connection installed in them.
  1. Changes to this Information Security Policy

This Information Security Policy was last updated in September 2025.

HLRE Socimi reserves the right to amend its Information Security Policy if there is a change in current legislation, case law or due to its own business criteria. If any changes are introduced to this policy, the new text will be published at this same address.