Revolvex Group, incorporating Genuine Solutions and Relove Technology, is committed to ensuring the confidentiality, integrity, and availability of all information assets entrusted to us by our stakeholders, including customers, employees, partners, and shareholders. As such, we have implemented an Information Security Management System (ISMS) to effectively manage and mitigate information security risks across our organisation.

It is the policy of the companies to:

• Information Security Governance: We establish clear roles, responsibilities, and accountability for information security throughout the organisation, including the appointment of a dedicated Data Protection Office (DPO) responsible for overseeing the ISMS and data security.
• Risk Management: We identify, assess, and prioritise information security risks in the organisation, taking into account the potential impact on our business objectives and implement appropriate controls to mitigate these risks to an acceptable level.
• Confidentiality: We will ensure that confidential information is protected from unauthorised access, disclosure, or alteration, whether it is stored, processed, or transmitted within our organisation or to external parties.
• Availability: We will ensure the timely and reliable access to information and information systems, minimising the impact of disruptions or incidents that could affect our ability to deliver products and services to our stakeholders.
• Compliance: We will comply with all legal requirements, codes of practice and all other requirements applicable to our activities.
• Awareness and Training: We will provide ongoing education and awareness programs to ensure that all employees, contractors, and third parties understand their roles and responsibilities in safeguarding information assets and are equipped with the knowledge and skills necessary to do so effectively.
• Continuous Improvement: We will regularly review and evaluate the effectiveness of our ISMS, and we will strive for continuous improvement by implementing lessons learned from security incidents, audits, and other feedback mechanisms.

This policy is part of the Integrated Management System is controlled, audited and reviewed annually.