Codefunnels (the “Company”) carries out all its activities with the aim to serve the needs and expectations of its customers in the most efficient and safe way, being committed to complying with the applicable legislation and regulations, as well as the industry’s best practices and standards.

Safety and information security is of paramount concern in all the decisions our Company makes and we ensure that this Policy is rigorously applied within all Company departments. All Company staff (employees, managers, contractors and suppliers) are required to comply with these standards, in addition to procedures listed in other manuals and any relevant statutory regulations.

The physical security of the facilities, personnel, documents, software, and vulnerable materials is ensured by the Company in accordance with the relevant policies and procedures.

The competent Information Security Officer and each Company Department is responsible for the appropriate training of the staff so that they are able to use in the safest and most efficient way the assets of the Company that are available to them to carry out their work.

Risk assessment is a continuous effort and takes into account all elements of Company’s mission, weaknesses, risks, impact of potential risks, single point failures, method of quantification and risk assessment, ways to reduce impact through application of mitigation measures.

Specifications for the supply of new or the expansion of existing systems also include security requirements depending on the mission they perform or are about to perform.

Access to the corporate network, as well as the devices that are interconnected to it is controlled. The corporate network is protected against malware. Files that contain security features against malicious software are updated frequently and automatically. The system protects, among other things, servers, workstations, and remote computers. A centrally controlled system protects the internal network from the Internet. The Company has a Business Continuity Plan and maintains its applicability.

Finally, the Company is committed to achieving the security objectives and continuous improvement of the Information Security Management System.