Return

Security Policy

Proximity, quality of service, and results-oriented approach are our hallmarks. Therefore, aware of the importance of information security and in line with the path defined by our identity, EVIDENZE GROUP EUROPE, S.L. has promoted the establishment of an Information Security Management System in accordance with ISO 27001 requirements, with the aim of identifying, assessing, and minimizing the risks to which its information and that of its clients are exposed, as well as ensuring compliance with the established objectives.

The main objective of this Security Policy is to establish a framework that allows us to develop a corporate culture, a way of working, and decision-making at EVIDENZE, as well as ensuring that information security and respect for personal data are constant by:

Preserving the confidentiality of our clients’ information, preventing its disclosure and access by unauthorized persons.
Maintaining the integrity of our clients’ information, ensuring its accuracy and preventing its deterioration.
Ensuring the availability of our clients’ information, across all media and whenever necessary.

Management, for its part, places special value and establishes as the main criterion for risk assessment the evaluation of the availability and confidentiality of its information, and even more so that of its clients. Thus, it is committed to developing, implementing, maintaining, and continuously improving its Information Security Management System (ISMS) with the objective of continuous improvement in the way we deliver our services and handle our clients’ information. Therefore, it is EVIDENZE’s policy that:

Annual objectives related to Information Security are established.
Legal, contractual, and business requirements are met.
Training and awareness activities on Information Security processes are carried out for all staff.
A process of analysis, management, and treatment of risks to information assets is developed.
Control objectives and corresponding controls are established to mitigate identified risks.
Employees’ responsibility is established regarding reporting security breaches and complying with policies and procedures inherent to the Information Security Management System.

The Security Officer will be directly responsible for maintaining this policy, providing advice and guidance for its implementation and corrections in case of deviations from compliance.

This information security policy will always be aligned with the company’s general policies and those that provide a framework for other internal management systems, such as quality and sustainability policies.

Barcelona, October 27, 2025

Chief Executive Officer of Evidenze Group

ESG Commitment is a Foundational Pillar Underpinning
Quality Services and Operational Excellence

ESG Overview

Evidenze is fully committed to integrating Environmental, Social, and Governance (ESG) principles into every aspect of its operations.

The Group aims to reduce resource consumption through digitalization and energy-efficient measures.

Policies are advanced to promote work-life balance and equal opportunities for all employees.

Comprehensive safety measures are implemented, with continuous input gathered from employees through engagement surveys.

Supplier compliance with safety and ethical standards is ensured.

ISO-certified processes are implemented to maintain the highest standards of safety and quality across its programs.

ISO 9001:2015 certification. Evidence obtained ISO 9001 for quality management in the Patient Support Programs business.

ISO 9001:2015 certification. Evidence obtained ISO 9001 for quality management in the Clinical Research business.

Ecovadis sustainability rating. Evidencee and its subsidiaries are listed individually and updated annually. Evidence holds Ecovadis Platinum rating in Germany.

Standard Programs and Initiatives

Environmental

Objective to decrease energy and paper consumption by implementing digital processes and energy-efficient technologies

Registered with ECOVADIS to evaluate and benchmark our performance in sustainable development and corporate social responsibility

Social

Developing and communicating new employee policies throughout 2024, including a 'Right to Disconnect' protocol and a flexible working policy

Updating the Gender Equality Plan to be signed with the Works Council, ensuring equal opportunities for all employees

Conducting an engagement survey to assess employee satisfaction and identify areas for improvement in health and well-being

Engaged in pro-bono projects across business units leveraging unique know-how and capabilities

Governance

Established an internal whistleblower channel to encourage confidential reporting of safety concerns and unethical practices

Conducted comprehensive cyber-security training to safeguard company data and prevent breaches

Implemented supplier homologation processes to ensure compliance with safety and ethical standards across the supply chain

Adopted an ethics code that includes a strict anti-corruption and bribery policy to maintain transparency and integrity

Nombre	Hostname	Path	Expiración
evidenze_session (Session Cookie)	https://evidenze.com	/	240 minutos
The server uses a cookie to identify user sessions. Without this cookie, the website does not work.
XSRF-TOKEN	bricoteca.aduxia.es	/	1 día
The server automatically generates a CSRF token for each active user session managed by the application. this token is used to verify that the authenticated user is the one who actually makes requests to the application

Nombre	Hostname	Path	Expiración
lang	https://evidenze.com	/	1 Año
Cookie to identify the user's language. Without this cookie the language is always set to the system language.
laravel_eu_cookie_consent	https://evidenze.com	/	240 minutos
Stores the user's cookie consent status for the current domain.

Nombre	Hostname	Path	Expiración
_ga	www.googletagmanager.com	/	2 años
Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
_ga_#	www.googletagmanager.com	/	2 años
It collects data on the number of times a user has visited the website as well as the dates of the first and most recent visit. Used by Google Analytics.