Protection of Tangible and Intangible Assets Policy

Repsol's assets are a key factor in our positioning and decision-making at a strategic level. Our goal is to ensure the protection of the people, goods, industrial, intellectual, and internet property rights¹, the business secrets, know-how, and the company information, as well as its operations and interests , against aggressions and bad practices, whether internal or external, regardless of the source, and whether physical or digital, paying special attention to strategic assets and promoting a culture of security, pursuant to Repsol’s values.

Our commitments

Comply with current legislation, internal regulations, and dissemination of criteria on asset protection. Comply with the legal requirements in force regarding asset protection at each location and in each country in which we operate. Develop the necessary internal regulations to establish behavior standards for the entire Company, promote the dissemination of criteria for asset protection, and make a common framework for action possible.
Respect the assets of third parties. Respect the assets of third parties, in particular confidentiality and the legitimate intellectual and industrial property rights and business secrets of others, while ensuring that ours are also respected.
Provisioning resources. Provide the appropriate means to protect and safeguard the people, interests, goods, operations, know-how, industrial, intellectual, and internet property rights, the business secrets, and company information, as well as the assets supporting them.
Implement technological solutions and procedures aimed at preventing misuse of information technology.

Contribution to creating awareness of asset protection. Carry out training and dissemination activities related to asset protection so employees can look out for their own security as well as that of other Company assets in their corresponding scopes of responsibility.

Management based on risk analysis. Carry out studies on asset protection at the different Business Units/Corporate Areas to identify risks appropriately and adopt measures to manage them according to the criteria set by the Policy on Risk Management.

Information coordination. Establish and maintain internal and external communication channels that enable us to be aware of the asset protection status in the countries where the Company is present.

Continuous improvement. Establish objectives for improvement and goals for asset protection systematically, assessing performance and applying the necessary corrections to achieve the proposed goals, establishing verification, auditing, and control processes to ensure the objectives are met.

^{1 Among others: trademarks, patents, utility models, designs and other creations, copyrights, and domain names.}