Information Security Policy
ZELSIOR, a provider of Information Society Services and E-Commerce, is committed to safeguarding the information we manage. Our Information Security Management System (ISMS) covers our services for the purchase and legal management of national and international financial assets, judicial document management, and legal representation.
Our commitment extends beyond mere legal compliance. We aim to continuously improve our processes, offering a high-quality, agile, and flexible service to meet our clients’ needs. To this end, we have implemented the ISO 27001:2013 Information Security Management System to ensure data security.
This policy, approved by General Management, establishes the framework for continuous improvement, guided by the following principles:
- Compliance and Client Satisfaction: We provide services that meet legal and regulatory requirements, as well as the needs and expectations of our clients and other stakeholders, based on a thorough analysis of context, risks, and opportunities.
- Competence and Awareness: We conduct ongoing training and awareness programs to ensure our personnel possess a high level of competence in managing information security. This involves maintaining the confidentiality, availability, integrity, and traceability of all data and improving overall process performance.
- Personnel Involvement: We actively involve, motivate, and commit our personnel to ensure their full participation in the development and implementation of our ISMS.
- Continuous Collaboration: We maintain and continuously collaborate with clients and professionals to enhance service quality and information security.
- Resource Provision: To guarantee the success of this policy and the ISMS, Management will allocate all necessary human, technical, and operational resources for its proper functioning and maintenance.
Scope of Application
These provisions apply to all IFR areas and departments, including their internal resources and business processes, as well as those of external third parties linked to the entity through contracts or agreements.
Regulatory Framework
Our policy is guided by, but not limited to, the following key legislation:
- Organic Law 3/2018, of December 5th, on the Protection of Personal Data and Guarantee of Digital Rights.
- Law 34/2002, of July 11th, on Information Society Services and Electronic Commerce.
- Law 32/2003, of November 3rd, General Telecommunications Law.
- Law 59/2003, of December 19th, on Electronic Signature.
- Law 25/2007, of October 18th, on Retention of Data Related to Electronic Communications and Public Communication Networks.
- EU General Data Protection Regulation (GDPR) 2016/679, April 27, 2026