Indra is aware of the importance of correctly processing personal data, and in fact this is a critical matter for the company.
Indra's privacy and data protection policy establishes the company's privacy management objectives. The application of this policy is mandatory for all Group companies and subsidiaries, including all operations performed on personal data.
All employees and third parties that have a relationship with Indra must comply with the policy. It also applies to all information systems and facilities for processing and storing personal data, not only the internal ones belonging to the company but also the systems used in operations and projects which the company executes for its customers.
The privacy and data protection policy is a tool for ensuring the security of personal data and preventing their alteration, loss, or unauthorized processing and access.
Indra established a privacy and data protection office in 2010 and in 2017 the company adapted its privacy and data protection policy to the requirements of EU regulation 679/2016 (GDPR). The current version of this Policy was approved by the Board of Directors on March 27, 2023.
The Information Security Department, with the CISO at its helm, is responsible for ensuring the implementation of the most effective controls and procedures to minimize the privacy and information security risks to which the company is exposed. Periodically, and at least once a year, the CISO and the DPO report independently to the Audit and Compliance Committee (ACC) and the Risk Coordination Unit (RCU).
This way of respecting the company's privacy principles is also applicable to possible information requests by Governments or Administrations dependent on them. In the event of any type of information request by this kind of entity that affects people's privacy, We must attend it respecting the principles established in Indra's Privacy Policy and in strict compliance with current regulations.