CONTENT ABOUT PENNY SUSTAINABILITY STRATEGY SUSTAINABILITY STEP BY STEP SUSTAINABLE ASSORTMENT ENERGY, CLIMATE AND RESOURCES EMPLOYEES AND SOCIETY REPORT ASSURANCE GRI & SASB INDEX IMPACT EXPLANATION Digitization is a prerequisite for development in our industry, and cyber security plays an important role in terms of legal compliance as well as for our company's image. The development of our business cannot be achieved without meeting the minimum conditions of technological modernization and ensuring the protection of the data we manage. The protection and security of personal data is a strategic direction assumed at the management level, materialized through a specific policy in this regard. This policy supports our legal compliance activities and allows us to allocate resources to properly monitor and manage this. OUR IMPACT AND PERFORMANCE IN FIGURES In 2021,we conducted 15 internal audits on cyber security topics, following which we identified 3 threats and fixed 3 cyber security incidents. Thus, we have had no security breaches or thefts of personal or commercial data, or contamination of the internal network with malware. At the same time, there was no incident of substantial leaks of personal data or substantiated complaints from external stakeholders or inspection bodies. However, due to the complex nature of the cyber environment, in 2021 there were 7 incidents related to the security of personal data and 1 case of erroneous processing of email data, caused by the erroneous transmission of a newsletter to 9 003 people. HOWWE MANAGE THE IMPACT Within our company, we use dedicated and globally recognized IT systems. We constantly implement dedicated systems to ensure the highest degree of protection against cyber attacks, such as firewalls, anti-viruses, and protection software. These systems are used both proactively for permanent monitoring of data transfer flows and reactively to minimize the impact of potential cyber security risks. We document, verify, and process any request from customers or supervisory authorities about data protection. The team responsible for the management of cyber security has the role of ensuring the processing of personal data by the applicable rules SUSTAINABILITY REPORT PENNY ROMANIA 2021 30/168
RkJQdWJsaXNoZXIy NTg3MTAy