Our Group is characterized by its solid ethical culture and compliance with external regulations, which we reinforce with internal guidelines. It’s involved in the way we relate to each other, to our Customers and suppliers, as well as to other stakeholders.
Self-regulation and reporting mechanism
GRI 2-15, 2-23, 2-24, 2-25, 2-26, 3-3, 205-1, 205-2
Our Code of Ethics incorporates our work philosophy, which prioritizes honesty as an outstanding value in the search for the responsible use of information, avoiding the incidence of conflicts of interest. In addition, we have a Code of Conduct and Integrity, which details the behavior we expect from our collaborators in all the relationships derived from the operation of El Puerto de Liverpool.
Complementarily, we have policies that reinforce performance in higher risk processes and/or operations, such as the Zero Tolerance to Corruption and Bribery Policy, which includes guidelines for relations with suppliers and other third parties, as well as donations.
At El Puerto de Liverpool, we care for and train our employees on ethics and compliance issues, reaching more than 51,000 employees and providing them with different awareness approaches throughout the year.
In our relationship with Customers, we promote responsible marketing, with transparency regarding product information and aiming to ensure that the Customer purchases the most convenient product.
This commitment begins with advertising.
We have an Ethics Hotline to identify and report behaviors or signs of behaviors that are not aligned with expectations. The Ethics Office and the Ethics Committee attend this hotline, communicating relevant issues to the Audit and Corporate Practices Committee, which is made up of, among others, certain members of the Board of Directors.
At the corporate level, we have established a solid control and monitoring system, which includes auditing and internal control, complemented by the external auditors’ annual reviews.
As a publicly traded company, being listed on the Mexican Stock Exchange, we comply with the disclosure requirements related to the Securities Market Law, publishing financial information on a quarterly and annual basis, as well as complying with the Directors and/or Officers’ statements regarding Related Parties.
In cases of non-compliance, we have a Disciplinary Measures Policy that can go up to the early termination of the employment contract, without restricting the reports and other legal actions that El Puerto de Liverpool decides to implement.
These efforts have allowed us to maintain our leadership position in the Corporate Integrity Index 500 (IC500), developed by “Mexicanos contra la Corrupción e Impunidad” (Mexicans Against Corruption and Impunity in English) and Transparencia Mexicana.
Data Protection
GRI 3-3, 418-1, SASB CG-EC-230a.1; CG-MR-230a.1; FN-CF-230a.3
Our employees are guided by the Personal Data Policy, which demands strict data processing for collected information, and it’s supported by external regulations. We are very careful when using data and avoid any abusive practice that could generate a damage to our Customers, who may exercise their rights to access, rectification, cancellation or opposition (ARCO by its acronym in Spanish) to the processing of personal data, with instructions available on our website.
We also have an Information Security Policy, which is part of a robust system that responds to potential cybersecurity risks. The structure is integrated by the Cyber Security Operation Center (SOC), which is responsible for active monitoring and responding to potential threats.
Our information security performance integrates systems support with user training and awareness, especially within our staff.
We continuously test and monitor our systems, both internal and externally. The infrastructure for online card payments is certified and complies with the international PCI-DSS standard, both in Liverpool and Suburbia.
To ensure our employees are both educated and aware, we implement an annual training plan, complemented by regular updates throughout the year.
Cybersecurity is integrated into our business continuity plans, which include strategies and responsibilities to address any potential risks and their materialization, avoiding any impact on our business operation.