Code of Ethics and Conduct

1. Introduction

The present Code of Ethics and Conduct, aligned with the Ethical Code of Certified Data Protection Officers according to the Spanish Data Protection Agency’s scheme, establishes the principles and norms governing the actions of Adrián Murciego in providing data protection and cybersecurity consulting and auditing services. This code reflects our commitment to ethics, integrity, and professional excellence, as well as respect for privacy and information security.

2. Ethical values and principles

In carrying out our activities, we are guided by the following ethical values and principles:

• Legality and integrity: strictly complying with current laws, particularly those related to service provision, to prevent any illicit activity.
• Professionalism: performing duties with due diligence and professional rigor, while maintaining an updated professional capacity and personal training; behaving scrupulously loyal and independent before individuals, companies, entities, and clients, regardless of any limitations that might influence their own work and the team they may be responsible for.
• Responsibility in professional and personal activity: accepting only those activities they are reasonably expected to complete with the necessary skills, knowledge, and competences.
• Impartiality: acting objectively without accepting the influence of conflicts of interest or other circumstances that might challenge professional integrity and that of the organization they belong to.
• Transparency: clearly, accurately, and sufficiently informing all interested parties of all aspects involved in professional practice, unless they are subject to confidentiality, in which case they must remain reserved and not be disclosed.
• Confidentiality: respecting and maintaining the necessary protection and reservation of information accessed by reason of professional activity, safeguarding all stakeholders’ rights to their privacy. Such information must not be used for personal benefit nor disclosed to inappropriate parties.

2. Professional responsibilities

2.1. Confidentiality and privacy

We guarantee the confidentiality and security of the information we handle in our duties, especially concerning sensitive personal and business data.

2.2. Professional competence

We are committed to constantly maintaining and improving our professional competence, staying updated with the latest trends and developments in data protection and cybersecurity.

2.3. Conflict of interest

We avoid situations where our personal or financial interests may compromise our objectivity or impartiality in professional decision-making.

In cases where conflicts of interest may exist, they will be duly communicated to the client to determine any possible incompatibilities.

2.4. Relationships with external collaborators and suppliers

We establish relationships based on trust, transparency, professionalism, respect, and mutual benefit with our external collaborators and suppliers.

We act with impartiality and objectivity in selection processes of this personnel, applying criteria of competence, quality and cost, avoiding conflicts of interest at all times.

2.5. Client relationships

Our services will be provided with integrity and professionalism, aiming to achieve a high level of quality in their provision, seeking long-term development of relationships based on trust and mutual respect.

Independence will always be safeguarded, avoiding professional actions being influenced by economic, familial, or friendship ties with clients, or their professional relationships outside the activity scope, not accepting fees, gifts, or favors of any kind from them or their representatives.

3. Integrity and transparency

3.1. Honesty and truthfulness

We maintain high standards of honesty and truthfulness in all our professional interactions, communicating accurate and complete information at all times.

3.2. Appropriate use of resources

We use company resources, including time and technology, responsibly and efficiently, avoiding misuse or personal purposes.

3.3. Advertising and communications

Our communications and advertising are clear, accurate, and not misleading, accurately reflecting our services and capabilities.

4. Cybersecurity and data protection

4.1. Personal data protection

We treat personal data confidentially and respect applicable privacy laws and regulations in all activities related to data processing.

4.2. Information security

We implement appropriate security measures to protect clients’ and the company’s information, including preventing and responding to security incidents.

4.3. Use of technologies

We use technologies ethically and legally, avoiding practices that could compromise the security or privacy of third parties.

5. Relationships with organizational staff

5.1. Respect and diversity

We treat colleagues and organizational supervisors fairly and respectfully.

We foster an inclusive and respectful work environment where the diversity of perspectives, experiences and skills of each individual is valued.

5.2. Safe work environment

We are committed to providing a safe and healthy work environment, identifying and mitigating risks to our employees’ safety and wellbeing.

We reject any manifestation of physical, psychological, moral harassment, or abuse of authority, as well as any other conduct that contradicts creating a pleasant, healthy, and safe work environment.

5.3. Professional development

We take responsibility for our actions by promoting professional development through motivation, training, and communication. In any case, the relationship with collaborators must be guided by mutual respect and quality in direction.

5.4. Supervision of staff

We will ensure that the organization’s staff do not engage in illicit activities or conduct contrary to this Ethical Code.

5.5. Proper activity follow-up

All necessary information will always be provided for proper activity follow-up, without hiding errors or non-compliance, and trying to rectify detected shortcomings.

6. Legal and regulatory compliance

6.1. Compliance with laws and regulations

We operate in accordance with all applicable laws, regulations, and standards in data protection, cybersecurity, consulting, and auditing.

6.2. Prevention of money laundering

We take measures to prevent the use of our services in money laundering or terrorism financing activities.

6.3. Whistleblowing

We provide mechanisms for employees to confidentially report possible ethical, legal, or security violations.

7. Application of the ethical and conduct code

7.1. Training and awareness

We provide regular training to our employees to ensure the understanding and effective application of this code in their daily activities.

7.2. Application procedures

We establish clear procedures for addressing code violations, including grievance, investigation, and conflict resolution processes.

7.3. Consequences for non-compliance

Code violations may result in disciplinary actions, including sanctions, suspensions, or termination of employment, based on the severity of the violation.

8. Updating and reviewing the ethical and conduct code

We periodically review and update this code to ensure it reflects changes in the legal, technological, and business environment, and remains relevant and effective.