Privacy, Security and Sustainability Policy

1. General Commitment

AP Interactive Solutions S.L. will establish and maintain an integrated policy that ensures respect for personal data privacy, information and systems security, and environmental protection, aligned with international standards, current legislation, and best management practices.

2. Privacy and Data Protection

AP Interactive Solutions S.L. will comply with:

• Regulation (EU) 2016/679 (GDPR) on personal data protection
• Organic Law 3/2018 (LOPDGDD) on data protection and digital rights guarantees
• Guidelines of the Spanish Data Protection Agency (AEPD)

Applicable Principles

• Personal data will be collected for legitimate, explicit, and limited purposes, and processed lawfully, transparently, and securely
• The principle of minimization will be applied, collecting only the necessary data
• The rights of access, rectification, erasure, objection, restriction, and portability will be guaranteed
• Appropriate technical and organizational measures will be implemented, in accordance with ISO/IEC 27701 (privacy extension of ISO/IEC 27001)
• Users will be informed about cookies and tracking technologies in line with the ePrivacy Directive and applicable national regulations

3. Information Security

AP Interactive Solutions S.L. will maintain a strong commitment to the protection of information and associated systems, in accordance with:

• ISO/IEC 27001 (Information Security Management)
• National Security Framework (ENS) in its basic category, applicable to technology services that may interoperate with the public sector
• NIS2 Directive (EU 2022/2555) on cyber resilience and the security of networks and information systems
• Best practices in governance, risk, and compliance (GRC)

Applicable Principles

• Confidentiality, integrity, availability, and traceability of information will be preserved
• Risk-based cybersecurity measures will be applied, including access control, encryption, monitoring, and incident management
• Awareness and continuous security training for employees and collaborators will be promoted
• A Business Continuity and Recovery Plan aligned with ISO 22301 will be in place

4. Environment and Sustainability

AP Interactive Solutions S.L. will commit to operating responsibly with the environment, in accordance with:

• ISO 14001 (Environmental Management)
• Regulation (EC) 1221/2009 EMAS (EU Eco-Management and Audit Scheme)
• Spanish legislation on sustainability and waste management (Law 7/2022 on waste and contaminated soil for a circular economy)
• EU Green Deal and the 2030 Agenda guidelines on sustainable development

Applicable Principles

• Promote energy efficiency and the responsible use of resources
• Encourage the use of sustainable cloud infrastructures with providers certifying their efficiency (e.g., ISO 14001, ISO 50001)
• Minimize the digital carbon footprint of the website through sustainable design practices and the use of renewable energy in hosting
• Properly manage electronic waste in collaboration with certified providers, complying with Royal Decree 110/2015 on WEEE

5. Compliance, Review, and Continuous Improvement

• This policy will be reviewed annually or whenever regulatory, technological, or organizational changes occur
• AP Interactive Solutions S.L. will promote continuous improvement of its processes in terms of privacy, security, and sustainability
• Mechanisms for contact and complaints will be made available to stakeholders to exercise their rights and submit queries

6. Contact for Exercising Rights

To exercise your rights regarding data protection, information security, or sustainability, you can contact us through:

7. Supervisory Authority

You have the right to file a complaint with the Spanish Data Protection Agency (AEPD) if you believe we have not handled your personal data properly.

8. Reference Standards and Certifications