Personal Data
    Security Policy

    JGC S.A. is committed in ensuring the protection of personal data that processes, in accordance with the principles of ISO 27001 and the General Data Protection Regulation (GDPR). This policy outlines the measures the company takes to safeguard the confidentiality, integrity, and availability of personal data.

    Purpose of the Policy

    1. Define the principles and procedures for processing personal data.
    2. Ensure the company’s compliance with legal and regulatory requirements.
    3. Protect the rights of individuals regarding their personal data.

    This policy applies to all employees, partners, and third parties who manage or process personal data on behalf of JGC S.A., covering both electronic and physical formats.

    Fundamental Principles

    1. Lawfulness, transparency, and fairness: Data is processed fairly and transparently.
    2. Purpose limitation: Data is collected for specific and legitimate purposes.
    3. Data minimization: Only necessary data is collected for the purpose.
    4. Accuracy: Data is kept accurate and up to date.
    5. Storage limitation: Data is retained only for the required period.
    6. Integrity and confidentiality: Data is protected from unauthorized access, loss, or destruction.

    Responsibilities

    • Data Protection Officer (DPO): Oversees compliance with ISO 27001 and GDPR.
    • Management: Ensures all employees are informed and compliant with the policy.
    • Employees: Obliged to handle data in accordance with the policy.

    Data Protection Measures

    • Access control policy restricting access to authorized personnel only.
    • Regular staff training on data security and GDPR.
    • Regular security system updates and maintenance.
    • Restricted physical access to premises where data is stored.
    • Installation of surveillance systems.

    In Case of a Breach

    1. Incident identification and recording.
    2. Immediate notification of the DPO.
    3. Investigation of cause and extent.
    4. Notification of authorities and affected data subjects if required.
    5. Implementation of corrective security measures.

    The policy is reviewed regularly, at least once a year, to ensure compliance with legislative changes or ISO 27001 requirements.

    The Administration is committed to the implementation of this policy.

    15/01/2025
    THE MANAGEMENT