In a technological world where IT and communications facilitate a new paradigm of productivity for distribution companies, PRIM S.A. (hereinafter PRIM or the Organisation) has a strong commitment to being competitive through its range of health products. Increasing digitalisation has made it essential to implement good security practices to meet the objective confidentiality, integrity, availability and legality goals related to all the information handled by the Organisation during its business processes.

Accordingly, the Organisation adheres to the following application guidelines within the framework of the Information Security Management System (ISMS):

• Confidentiality: The information handled by PRIM will solely be made known to authorised personnel, after identification, at the time and by the means enabled for said purpose.
• Integrity: The information handled by PRIM will be complete, accurate and valid, and its content will be provided by related parties without any type of manipulation.
• Availability: The information handled by PRIM will be accessible and usable by authorised and identified users at all times, guaranteeing that it shall remain as such in the event of any foreseen eventuality.
• Legality: PRIM will ensure compliance with all applicable legislation. Specifically, the regulations in force related to the processing of personal data.

Through this policy, the General Management assumes the responsibility to support and promote the establishment of the organisational, technical and controlling measures which are needed to comply with those security guidelines listed herein.

SI-PG-GE-01 Rev. No. 0 / July 2022