INFORMATION SECURITY POLICY

Havas, a global communication and marketing network, defines the scope of this policy as the systems that support the processes of Brief, Strategy, Tactical Plan, Purchase, Monitoring/Optimization, and Closure, for both physical environments and private and public clouds, as well as the processing of personal data in public clouds, according to the current statement of applicability.

Havas has a Security Policy aimed at ensuring the proper protection, confidentiality, integrity, and availability of all documents and data necessary for the company’s operations, with special emphasis on those containing personal, financial, client, and process-related information.

The key principles for implementing the security policy are:

1. Havas records and gives special treatment to all files containing individual names, client and employee contact information, as well as those linking names to personal data, in accordance with current legislation on personal data protection.
2. Havas has the necessary resources and controls to guarantee the absolute confidentiality and safeguarding of client data.
3. Havas exercises special care with data throughout all processes—from reception, processing, and storage—including proper risk control, inventories, and access management, both physical and electronic, in accordance with the company’s security procedures, the confidentiality required by clients, and international standards related to information security management requirements and best practices.
4. Havas has implemented an Information Security Management System (ISMS), which has the full commitment of the management and is mandatory for all members of the company.

Juan Diez

Chief Executive Officer – Mexico

Policy approved: 12/13/2024 Version: 1.0