Information and data security policy
Management, and all the staff of the Eurome S.r.l., operating in the field of commercialization of information technology and solutions in the field of office automation, as well as technical support and maintenance of HW equipment, is committed to the protection of its information assets in order to preserve its competitive advantage, profitability, legal, regulatory and contractual compliance and, at the same time, is committed to ensuring the confidentiality, integrity, availability and resilience of the personal data processed by the Organization, in order to guarantee the rights and freedoms of the data subjects, as well as the resulting positive image return in the marketplace that the adoption of serious privacy protection for its customers is capable of generating.
Requirements for the security of information and personal data are consistent with the overall objectives and operating procedures of the Organization. The Information Security Management System (ISMS) and the adopted Personal Data Protection Organizational Model are the means by which information is shared, proper operations are carried out, and information-related risks are reduced to acceptable levels.
Eurome S.r.l. ‘s strategic plans and its risk management framework provide the framework for identifying, analyzing, assessing, and controlling information-related risks. The definition of roles and responsibilities, as well as the specific identification of the processing carried out on personal data and the related analysis of the risks to which the same may be subject, constitute the context in which the Organizational Model has been implemented and is kept dynamically updated, according to the continuous evolution of the context itself. The Risk Assessment and Treatment Document and the Statement of Applicability (SOA) define how information-related risks are kept under control.
Additional key elements for this policy represent business continuity, data backup procedures, protection from malware and intrusion, system access control, and reporting mechanisms when information security issues arise. Control indicators for each of these areas are defined in System documentation and supported by specific procedures.
All stakeholders belonging to the Organization and any stakeholders, considered within the perimeter defined in the scope of application of the System, as well as those responsible outside the Organization who process personal data on behalf of the Data Controllers and autonomous Data Controllers with whom the Company has decided to share some of its processing, assume behaviors in accordance with what is indicated in this Policy, the Organizational Model and the Information Security Management System that implements it. All human resources and personnel involved in the processing of personal data are subject to formal appointment and receive necessary and appropriate training in this regard.
The ISMS and the Organizational Model are subject to continuous and systematic reviews and improvements, and Eurome S.r.l. is constantly engaged in effective maintenance of the relevant certification, based on the UNI CEI EN ISO/IEC 27001:2017 standard and compliance with the requirements of the EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data.
This policy is periodically reviewed to consider any changes in the risk assessment and, consequently, in the related treatment plan.
Rome, February 12, 2025
Management
