Information Security Management Policy

The goal of the Information Security Management Policy is to ensure an appropriate level of
security related to the confidentiality, integrity and availability of all information resources of the company, regardless of the possible threats to which they are exposed. Our information security management system defines, implements, monitors, verifies, maintains and improves processes and controls related to information security, and is based on risk management.

 Q Experience ensures the confidentiality, integrity and availability of information generated and used within the defined scope of the information security management system, to enable the protection of information from internal, external, accidental or intentional threats and to ensure business continuity.

All users of the information system (employees of the company and business partners who are in any way involved in the business processes of the company) are required to familiarize themselves with the security practices prescribed by this document and other internal acts governing information security, as well as the proper use of any information system.

Q Experience takes into account all legal and contractual obligations in the management of the information security system in order to prevent violations of legal and contractual obligations and requirements related to the security of the information system.

The information security management system is based on risk assessment. Criteria for risk assessment and acceptance have been established, formalized and approved by the Management Board. Impact on risks is carried out through adopted preventive measures, detection and correction measures and response to possible incidents, in accordance with the relevant legislation, contractual obligations and other business requirements.

By adopting this Policy, the Management Board clearly expresses its commitment to current and future continuous improvement and development of information security management system, commits to compliance with all relevant legislation and justified requirements of stakeholders, as well as providing all necessary resources for successful business and information security. This Policy is reviewed by the Management Board upon any significant changes in the management system or at least once a year. This Policy is made public.