INFORMATION SECURITY POLICY

1. Information security regulations (hereinafter – the Regulations) are the main document of Girteka group (hereinafter – Girteka) information security management system (hereinafter – the ISMS), which is approved by order of the CEO of Girteka. Parts of regulations and the ISMS documents can be made available to parties related to Girteka information in a form that is accessible and understandable to them.
2. The purpose of the regulations is to present the position of Girteka’s management regarding information security and to protect all verbal, written and electronic information received, sent, created, managed and used by Girteka from all possible threats: external, internal, intentional or accidental, which may affect the activities and image of Girteka.
3. In implementing the objective of the ISMS, the following information security goals are pursued:
3.1. To ensure and manage information security, taking into account Girteka’s operational (strategic) goals for transportation, logistics, forwarding and vehicle purchase/sale services;
3.2. To ensure and manage compliance with external and internal information security requirements by performing periodic compliance assessment and eliminating identified deficiencies;
3.3. To ensure the resolution of information security violations and the elimination of their causes, implementing information security incident management;
3.4. To ensure the appropriate selection and implementation of information security and processing measures, performing an annual risk assessment and implementing the Risk Management Plan;
3.5. To ensure the effectiveness of applied information security measures;
3.6. To ensure the adequacy of the Business Continuity Management Plan by periodically reviewing and testing it.
4. Information is a strategically important asset for Girteka’s operations, therefore, its loss, illegal alteration, damage, disclosure or termination of information processing may cause disruptions to Girteka’s operations. According to that, Information Security Policy establishes the basic guidelines that all Girteka employees, contractors and other related parties operating in the fields of transportation, logistics, forwarding and purchasing/selling of vehicles must follow to protect the information of Girteka and its customers.
5. The information security policy applies to all Girteka business processes related to transportation, logistics, forwarding and vehicle purchase/sale services, and includes verbal and written information, information systems, computer networks, physical environment, employees, related parties, partners, contractors, or other persons working at Girteka, including employees working for third parties and those legally processing Girteka information.
6. Information security includes three main aspects:
6.1. confidentiality of information – protection of information from unauthorised disclosure;
6.2. integrity – protection of information from unauthorised or accidental change;
6.3. accessibility – ensuring that information is accessible when it is required for proper performance of Girteka’s activities.
7. Regulations:
7.1. describe Girteka’s provisions for protection of its own and its customers’ information assets, i.e., confidentiality, integrity and accessibility of any form of information, as well as tangible (computer and communication devices, premises, etc.) and intangible (reputation, image) assets related to it;
7.2. determine the responsibility for information security;
7.3. provide references to the security documents that make up the ISMS.
8. The present Regulations shall be reviewed at least once a year.
9. The implementation of Girteka’s information security requirements is ensured and managed through consistent planning, implementation, evaluation and improvement of the ISMS in accordance with the requirements of the Lithuanian standard LST ISO/IEC 27001:2017.
10. The scope of Girteka ISMS certification includes: transportation, logistics, forwarding and vehicle purchase/sale services.
11. Information security management at Girteka is based on risk management. Information security risk assessment creates the conditions for information security management measures applied in Girteka’s operations to meet the main goals of Girteka’s activities and information security.
12. Girteka’s information security risk is assessed every calendar year according to the approved Information Security Risk Management methodology.

Cookie	Expiry date	Description
pll_language	1 year	This cookie name is associated with the Polylang plug-in for WordPress powered websites. it stores a language preference for the visitor to support multilingual websites. When set as a persistent cookie, or with the default lifespan of 1 year, it has to be considered Functional rather than strictly necessary.
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category ‘Necessary’.
PHPSESSID	During the session	The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. It is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. (expires when you close your browser)
wordpress_test_cookie	During the session	WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.

Cookie	Expiry date	Description
_ga	2 years	Used to distinguish users to calculate visitor, session and campaign data.
_gid	24 hours	Used to distinguish users on a website to generate statistical information about their use of the website
_gid	24 hours	Used to distinguish users on a website to generate statistical information about their use of the website
_gat_UA-47406720-5	10 minutes	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
DV	7 minutes	This cookie is used to save the user’s preferences and other information. This includes in particular the preferred language, the number of search results to be displayed on the page as well as the decision as to whether the Google SafeSearch filter should be activated or not.
OTZ	7 minutes	Cookie used by Google Analytics that provides an aggregate analysis of Website visitors
_hjid	1 year	Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.
_hjTLDTest	During the session	When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
_hjAbsoluteSessionInProgress	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjIncludedInPageviewSample	30 minutes	This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site’s pageview limit.
_ym_uid	2 years	These cookies are used to measure and analyse the traffic of this website. These are the cookies used by Yandex Metrica script belonging to the company Yandex.
_ym_d	1 year	Saves the date of the user’s first site session
CONSENT	18 years	Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.
1P_JAR	15 days	Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.

Cookie	Expiry date	Description
SEARCH_SAMESITE	4 months	This cookie is used to prevent the browser from sending this cookie along with cross-site requests.
viewed_cookie_policy	6 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
rs6_overview_pagination	2 years	Cookie is set by Slider Revolution, tracks downtime and other browser related issues. Helps us track if something should go wrong in the UI

Cookie	Expiry date	Description
_fbp	2 months	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers
_uetsid	1 day	This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. This is a Microsoft cookie.
SIDCC	1 year	This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
SAPISID	2 years	Google collects visitor information for videos hosted by YouTube.
SSID	2 years	Google collects visitor information for videos hosted by YouTube on maps integrated with Google Maps.
SID	2 years	Security cookie to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.
__Secure-3PSID	2 years	Builds a profile of website visitor interests to show relevant and personalized ads through retargeting.
HSID	2 years	This cookie is set by DoubleClick (which is owned by Google) to build a profile of the website visitor’s interests and show relevant ads on other sites.
ANID	1 year	Lists ads on Google sites based on recent searches.
_uetvid	16 days	This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website.
APISID	2 years	Personalizes Google ads on websites based on recent searches and interactions.
__Secure-3PAPISID	2 years	Builds a profile of website visitor interests to show relevant and personalized ads through retargeting.
__Secure-3PSIDCC	1 year	Builds a profile of website visitor interests to show relevant and personalized ads through retargeting.
handl_ip	1 month	It records your I.P address in your browser.
handl_original_ref	1 month	Records the URL from which you came from to our site.
handl_url	1 month	The URL on which we placed the code that generates this cookie is stored.
handl_landing_page	1 month	This records the very first page you visited on our site in your browser.
handl_landing_page	1 month	This records the very first page you visited on our site in your browser.