The protection of information and its processing systems is of strategic importance for the Company in order to achieve its short- and long-term objectives and at the same time to ensure the confidentiality of the data of the customers receiving its services.

The Company, recognizing the criticality of information and information systems in the execution of its business operations, applies an Information Security Policy with the following objectives:

• Ensuring the confidentiality, integrity and availability of the information it manages.
• Ensuring the proper functioning of information systems.
• The timely response to incidents that may jeopardise the Company’s business operations.
• The satisfaction of legislative and regulatory requirements.
• The continuous improvement of the level of Information Security.

For this purpose:

• The organisational structures necessary for monitoring issues related to Information Security are defined.
• Define the technical measures to control and restrict access to information and information systems.
• Specifies how information should be classified according to its importance and value.
• Describes the necessary measures to protect information during the stages of its processing, storage and circulation.
• The ways of informing and training the Company’s employees and partners on information security issues are specified.
• The ways of dealing with Information Security incidents are specified.
• Describe the ways in which the safe continuation of the Company’s business operations is ensured in the event of malfunctioning of information systems or in the event of disasters.

The Company conducts assessments of the risks related to Information Security at regular intervals and takes the necessary measures to address them. It implements a framework for evaluating the effectiveness of its Information Security processes, through which performance indicators are defined, the methodology for measuring them is described and periodic reports are produced and reviewed by the Management in order to continuously improve the system.

The Information Security Officer is responsible for controlling and monitoring the policies and procedures related to Information Security and taking the necessary initiatives to eliminate all those factors that may compromise the availability, integrity and confidentiality of the Company’s information. All employees of the Company and its partners with access to the Company’s information and information systems are responsible for complying with the rules of the applicable Information Security Policy.

The Company is committed to the continuous monitoring and compliance with the regulatory and legislative framework and to the continuous implementation and improvement of the effectiveness of the Information Security Management System.

VASILEIOS PANAGIOTARAKIS

Managing Director