In addition to appropriate security measures, we must always ensure that all personal data that is collected and processed has a purpose and a legal basis. We are aware of the financial and reputational risk that may be brought along by a possible breach of legal requirements. Therefore, each case is checked on a case-by-case basis and the preventive and control measures taken are individual. In the event that PENNY customers are affected by data leakage incidents, they are informed in writing of the specific measures taken. Once the causes of a possible incident have been eliminated and reported to the competent authorities, while attempting to neutralize the effects of the incident, the affected customers are also informed in a way that allows individual communication of the event that has occurred, the potential risk and the measures already taken or planned to limit the impact. The first level of prevention and identification of risks with implications in the sphere of personal data is at the level of hardware, software and network infrastructure, where potential threats can be dealt with in a differentiated and appropriate way by investing resources and effort for each category of risk, from the system level down to individual stations. Eliminating vulnerabilities identified along the way by updating configurations on each infrastructure component, as well as auditing security mechanisms for all three classes of systems is the second level of strengthening security against data security risks. Training and educating employees on both existing risks and good organizational practices to avoid them, as well as testing, awareness and ownership of how to work accordingly, is the third level of potential risk prevention. In 2022 there were no incidents of substantial personal data leaks or substantiated complaints from external stakeholders or supervisory bodies. However, due to the complex nature of the cyber environment, in 2022 there were 3 personal data security incidents and 6 customers were affected by data leaks. We have not registered any substantiated complaints from external stakeholders about personal data leaks or complaints about personal data leaks from supervisory bodies. The company has not identified any leaks, thefts or losses of data. SUSTAINABILITY REPORT PENNY ROMANIA 2022 86/250 SUSTAINABILITY STRATEGY ABOUT US AND OUR VALUE CHAIN THE FUTURE IS MADE TODAY SUSTAINABILITY HIGHLIGHTS MESSAGE FROM THE GENERAL DIRECTORS CONTENTS SUSTAINABILITY STEP BY STEP
RkJQdWJsaXNoZXIy MTk3NjE0OQ==