The purpose of this Information Security Policy is to protect FAL Calzados de Seguridad, S.A.’s information assets.

The objectives of the information security policy are as follows:

• Information is protected against loss of availability, confidentiality and integrity.

• The information is protected against unauthorised access.

• Its compliance with security business requirements, legal or regulatory requirements, contractual security obligations and other requirements to which the organisation subscribes.

• Security incidents are reported and dealt with appropriately.

• Controls are established to ensure adherence to the Security Policy, to align with the organisation’s risk management strategy and to establish risk estimation criteria.

• The Information Security Officer shall be responsible for maintaining this policy and procedures and for providing support in its implementation.

• Each employee is responsible for complying with this Policy and its procedures as applicable to his or her job.

• It is the policy of FAL Calzados de Seguridad S.A. to implement, maintain, monitor and continuously improve the ISMS.

• This policy has been approved by the management of FAL Calzados de Seguridad S.A., and will be reviewed annually.