Cookies policy

1. Purpose, Objective and Scope

1.1. Purpose The following document details the necessary security features that must be taken into account for the proper management of cookie information.

1.2. Scope This policy includes the proper use of the information that is downloaded by the user client from the Protexa web portals. This document includes statements about: • Types of Cookies. • Cookies authorized for use on Protexa’s websites. • Administration of Cookies.

1.3. objective Establish rules and criteria that must be applied for the proper use of information, as well as the management and maintenance where information is stored and retrieved about the browsing habits of a user or their team and improve the service offered.

2. Document reference

x

3. Responsibilities

3.1. IT team

Adopt responsibility for the security practices established in this Guide for the administration of cookies. • Validate infrastructure requirements for application support.

3.2. Business process owners

Determine business and infrastructure requirements for applications.

3.3. Application Owners •

Implementation and support of commercial applications.

3.4. IT Infrastructure and Cybersecurity Manager

Keep this policy current. • Keep updated the list of approved software for cookie management. • Validate compliance with the guidelines and the use of cookies.

3.5. Employees / staff •

All Protexa personnel are responsible for the correct use of the information. • Use only previously identified or approved software and versions for use, and when an approved solution does not meet requirements, work with IT to identify an acceptable solution

3.6. Service Providers

• Comply with and periodically verify compliance with this Policy.

4. Description of the Policy

4.1. Cookies Management Policy

1. The IT Infrastructure and Cybersecurity Manager will maintain a list of approved software applications for general use of cookies downloaded from Protexa’s websites.

2. The types of cookies are: to. According to the entity, which manages the domain from which the cookies are sent and treats the data obtained, two types can be distinguished: own cookies and third-party cookies. b. Depending on the period of time, they remain stored in the client’s browser, and may be session cookies or persistent cookies. c. Depending on the purpose, for which the data obtained is processed: technical cookies, personalization cookies, analysis cookies, advertising cookies and behavioral advertising cookies.

3. Special exceptions can be made to this Policy for Web portals where the administration of cookies is not required to improve the user or customer experience. Exceptions are handled on a case-by-case basis by the IT Infrastructure and Cybersecurity Manager or his / her designee and documented.

4. All business critical functions must be compatible with standard business applications.

5. Open source applications are not allowed in Protexa.

4.2. Cookies log

1. In all cases, the IT Infrastructure and Cybersecurity department is required to have an up-to-date list of the software used to manage cookies, which is why the permitted ones on Protexa’s web portals are detailed below. .

2. The software must be registered in the name of Protexa and the department in which it will be used.

3. The IT team maintains a record of all Protexa software and will maintain a library of software cookies. The record must contain: o The title and the publisher of the cookie. o The date and source of the acquisition of the cookie. o The location of each facility, website, URL. o The existence and location of backup copies. o Details and duration of support arrangements for software updates. o Owner of the cookie. o Owner of the business process. o Benefits that the cookie provides for the business.

4.3. Cookie requirement 1. At the time of the acquisition of cookies, the foundations of future support and the expected useful life of the product will be established. It can be important to be confident that manufacturers will provide updates to correct any serious security vulnerabilities that are discovered in the future. 2. Access and storage controls must be taken into account for the adequate custody of the information.

4.4. Acceptance of Cookies 3. Protexa shows information about its Cookies Administration Policy and asks for the consent of its use. Given this information, it is possible to carry out the following actions: to. Accept cookies. This notice will not be displayed again when accessing any page of the portal during this session. b. Close. The notice is hidden on this page. c. Modify your settings. Modify your browser settings.

4.5. Cookie standardization

1. The use of cookies that monitors the activities of other people is subject to regulation.

2. On the Protexa web portals there are 5 types of cookies authorized for their administration.

A. Google Analytics: a web analytics service provided by Google, Inc., a Delaware company whose main office is at 1600 Amphitheater Parkway, Mountain View (California), CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files located on your computer, to help the website analyze how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be directly transmitted and filed by Google on servers in the United States. Google will use this information on our behalf in order to keep track of your use of the website, compiling reports on website activity and providing other services related to website activity and Internet use. Google may transmit said information to third parties when required by law, or when said third parties process the information on Google’s behalf. Google will not associate your IP address with any other data that Google has. You can reject the treatment of data or information by rejecting the use of cookies by selecting the appropriate configuration of your browser, however, you should know that if you do so, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of information about you by Google in the manner and for the purposes indicated above.

B. SwitchConcepts – Works with Google Analytics and LeadLander to serve ads. They keep track of which pages a user visits and monitor which countries they come from. Cookies are used in these processes. Both methods of data collection are of a non-personal nature. The data they collect is anonymous. More information in your privacy and cookies policy.

C. Google Adsense: Google, as a partner provider, uses cookies to serve ads on this website. Users can disable the use of the DART cookie through the Google ad and by accessing the privacy policy of the content network. Google uses partner advertising companies to serve ads when you visit our website. These companies may use the information they obtain from your visits to this and other websites (not including your name, address, email address, or phone number) to serve you advertisements about products and services of interest to you. For more information about this practice and your options to prevent these companies from using this information, click here.

D. Feedburner: The Website uses FeedBurner as a feed subscription manager, under this privacy policy and that of Google. The only purpose for which the data will be used will be to manage the user’s subscription to the feed, send updates to the Website and carry out statistical analysis of the use of the Website by users. The user subscribed via e-mail to the Website, can unsubscribe at any time by clicking on the link that appears at the end of each feed update message that he receives in his e-mail, by writing to / or FeedBurner, 20 W Kinzie , 9th Floor, Chicago IL USA 60610 or by exercising your rights of access, rectification, cancellation and opposition through communication addressed to the owner of the Website at the email address.

E. Chatbot: 4.6. Maintenance and Elimination of Browser Cookies 1. Clients who visit Protexa’s web portals have the functionality of restricting, blocking or deleting Protexa’s cookies or any other web page, using their browser. In each browser the operation is different, the ‘Help’ function will show you how to do it. to. Internet explorer b. FireFox c. Chrome d. Safari In addition, you can also manage the cookie store in your browser through tools such as the following: and. Ghostery F. Cookies Manager

5. Compliance

5.1. Disciplinary actions Non-compliance with policies can potentially lead to operational and security incidents that can destroy the integrity of Protexa’s IT systems and resources, damage company operations and reputation, or adversely affect company productivity. The prevention of such incidents is essential for the safety of the organization and of all people. Protexa personnel who do not comply with this Guide may be subject to disciplinary measures, up to and including termination of employment.

5.2. Exceptions All exceptions to security policies and controls must be formally documented and evaluated by the Security Risk Committee and approved by the Protexa CIO.

5.3. Definitions Description of Terms Cookies: Cookies are files that can be downloaded to the computer through web pages. They are tools that have an essential role for the provision of numerous services of the information society. Authorized Software: Software that is operated under the terms and conditions of the license duly acquired and in accordance with the purposes and objectives of Protexa. License: The right to use the software granted by the licensor to the licensee under the terms of the agreement. Open Source Software – Copyrighted software that meets the definition of open source (OSD), distributed with its source code in a readable format, developed openly and collaboratively by groups of developers. http://www.opensource.org/docs/osd

5.4. Audit and Control The audits should be planned and arranged with the parties involved to minimize the disruption of the IT operation at Protexa’s facilities. 5.5. Validity This document is valid from the date of approval and / or publication of the document on the Protexa ISMS portal. The owner of this document is the IT Security Manager, who must verify and, if necessary, update the document at least once a year.