Security & Data Protection at Altares Group
At the Altares Group, we understand the immense responsibility that comes with providing our services and ultimately handling data. Being available for our customers and partners is at the core of our operations. Our commitment to robust security and privacy practices is reflected in every stage of our work—from data collection and processing, to storage and distribution.
- Compliance with Regulations and Standards
- We comply with all relevant European Union data protection legislation, including the General Data Protection Regulation (GDPR).
- Our security program aligns with internationally recognized standards (e.g., ISO 27001) to ensure consistent and continual improvement in our information security management.
- We take into account the regulations that may apply to our customers such as DORA and NISv2 to adapt our security posture.
- Secure Infrastructure and Technical Controls
- Encryption: We use industry-standard encryption for data both at rest and in transit, safeguarding information from unauthorized access.
- Access Controls: Robust access management protocols ensure only authorized personnel can view or modify sensitive data.
- Network Security: Firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) help defend our network perimeter.
- Continuous Monitoring: We regularly monitor our systems to detect unusual activities or threats in real time.
- Risk Management and Incident Response
- Risk Assessments: We conduct formal risk assessments on a regular basis to identify vulnerabilities and prioritize mitigation efforts.
- Incident Response Plan: Our documented incident response process enables swift action and clear communication in the event of a security incident.
- Business Continuity: We maintain backups and disaster recovery procedures to quickly restore critical operations if unexpected disruptions occur.
- Third-Party Vendors and Partners
- We carefully vet our service providers to ensure they meet or exceed our security standards.
- We maintain clear contractual agreements and carry out regular audits of third-party security practices.
- Ongoing Security Awareness
- Employee Training: Our employees undergo mandatory cybersecurity and privacy awareness training, ensuring they understand their responsibility to protect sensitive data.
- Internal Policies: Robust internal security policies govern the handling, storage, and transmission of all forms of data.
- Culture of Security: Our leadership and staff all share the commitment to maintaining and continuously improving our security posture.
- Transparency and Accountability
- Clear Communication: We commit to being transparent about our data handling practices and welcome inquiries from customers, partners, and regulators.
- Continuous Improvement: Our security strategy evolves to address emerging threats and integrate leading practices.
In order to get in-depth information about our security management, you can access to our Trust Center which will provide you with details and allow you to request access to confidential information after validation.
