Loyal Guru is a global company dedicated to the development of a customer data platform for food and fashion retailers to improve the way they interact with their customers. We bring the power of big data, analytics, and personalized omnichannel campaigns to promote loyalty marketing.

Proximity, quality of service and results orientation are our hallmarks. Thus, being aware of the importance of information security, and in line with the path our own company has taken, Loyal Guru is establishing an Information Security Management System in accordance with the requirements of the ISO/IEC 27001:2013 standard to identify, evaluate and minimise the risks to which your information and that of your customers is exposed, as well as how to guarantee compliance with the established objectives.

The main aim of this Security Policy is to establish an action model to develop a company culture at Loyal Guru and a way of working and making decisions, as well as ensuring that information security and respect for personal data are a constant, via the following:

  • Preserving the confidentiality of our clients’ information, and preventing disclosure and access by unauthorised persons.
  • Maintaining the integrity of our clients’ information, ensuring its accuracy and preventing its deterioration.
  • Ensuring the availability of our clients’ information in all media and whenever necessary.

Especially valued and established by Management, and the main criterion for estimating risk, is the assessment of the availability and confidentiality of its information and even more that of its clients. Thus, it undertakes to develop, implement, maintain and continuously improve its Information Security Management System (ISMS), and continuously improve the way it provides its services and processes information from its clients. The following therefore are part of the Loyal Guru S.L. policy:

  • Information Security objectives are established annually.
  • Legal, contractual and business requirements are met.
  • Information Security process training and awareness-raising activities are carried out for all personnel.
  • A process of analysis, management and treatment of risk for information assets is developed.
  • The control objectives and corresponding controls are established to mitigate the risks found.
  • Employee responsibility is established in relation to:
    • Reporting security violations.
    • Preserving the confidentiality, integrity and availability of information assets in accordance with this policy.
    • Complying with policies and procedures inherent in the Information Security Management System.

The Security Officer is directly responsible for maintaining this policy, providing advice and guidance for its implementation and for correcting any deviations in its compliance.

This information security policy is aligned with general company policies at all times and with those acting as a framework for other internal management systems, such as quality or environmental policies.

Approved date: January 12th, 2021