The purpose of this Information Security Policy is to protect the information assets of the company FAL Calzados de Seguridad, S.A.

The objectives of the information security policy are as follows:

• Information is protected against losses in terms of availability, confidentiality and integrity.

• Information is protected against unauthorised access.

• The requirements of the security business, legal and regulatory requirements, contractual security obligations and all other requirements to which the organisation subscribes are met.

• Security incidents are appropriately reported and processed.

• Checks are made to ensure adhesion to the Security Policy, alignment with the organisation's risk management strategy and the establishment of risk assessment criteria.

• The Information Security Manager is responsible for maintaining this policy and its procedures and for providing support for its implementation.

• Each employee is required to comply with this Policy and its procedures as applicable to their position.

• It is the policy of FAL Calzados de Seguridad, S.A. to implement, maintain, monitor and continually improve its Information Security Management System (ISMS).

• This policy has been approved by the senior management of FAL Calzados de Seguridad, S.A., and it will be reviewed on an annual basis.