Information Security Policy

1. Security principles

MASTEL HOSPITALITY S.L., hereinafter Mastel, as a company dedicated to the development, implementation, maintenance and marketing of IT solutions for hotels, aware that information security is essential for the provision of its services and efficient decision-making, has established an Information Security Management System in accordance with the requirements of the ISO/IEC 27001 standard to guarantee the continuity of information systems, risk management, ensure compliance with the objectives set and the consolidation of a culture of security.

2. Security objectives

The objective of the Security Policy is to establish the necessary framework for action to protect information resources against threats, whether internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity and availability of information.

Mastel establishes, defines and reviews objectives within its Information Security Management System (ISMS) aimed at improving its security, understood as the preservation of the confidentiality, availability and integrity of its information, as well as the systems that support it, increasing the confidence of our customers and other interested parties; along with compliance with all legal, regulatory and contractual requirements that apply to it. Mastel’s high-level Information Security Policy is supported by specific policies, standards and procedures which guide the proper handling of information.

3. Organizational structure

The organizational structure for information security in the areas described here, whose functions are defined in the Roles and Responsibilities Standard, is composed of:

  1. Safety and Risk Committee
  2. Information Security Officer
  3. Data controllers
  4. Processor

This organizational structure shall be responsible for maintaining, updating and enforcing compliance with this policy and its implementing regulations.

4. Scope of application

The effectiveness and implementation of the Information Security Management System is the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination and enforcement of this Security Policy.

Any person whose activity may, directly or indirectly, be affected by the requirements of the Information Security Management System is obliged to strictly comply with the Security Policy.

5. Analysis and management of information security and privacy risks

Risk management should be performed on a continuous basis on the information system, in accordance with the principles of risk-based security management and periodic reassessment.

In the processing of personal data, an analysis of risks to the rights and freedoms of individuals will be carried out beforehand in accordance with the General Data Protection Regulation (GDPR) and the Organic Law on Protection of Personal Data and Guarantee of Digital Rights (LOPDgdd).

To this end, Mastel will implement all the security measures necessary to comply with the applicable regulations on security and privacy, and to guarantee the security of the information through the application of standards, procedures and controls that will ensure the confidentiality, integrity and availability of the information, essential for:

  • Comply with current legislation on information systems.
  • To ensure the confidentiality of the data managed by Mastel.
  • Ensure the availability of information systems, both in the services offered to customers and in internal management.
  • To ensure the capacity to respond to emergency situations, re-establishing the functioning of critical services in the shortest possible time.
  • Avoid undue alterations to information.
  • Promote information security awareness and training.
  • Establish objectives and goals focused on the evaluation of information security performance, as well as the continuous improvement of our activities, regulated in the Management System that develops this policy.

S.D.: The Management

Date of last update: 01/02/2024