Information Security Policy

Ergobyte Informatics S.A., responding to the requirements of modern business reality and aiming to protect the information and personal data it manages, always aiming to provide uninterrupted and exemplary service to its clients by maintaining the confidentiality, availability and integrity of all information, decided to design and install an Information Security Management System in accordance with the requirements of the international standard ISO 27001:2013.

The scope of the Information Security Management System, applied by the company, is the following:

• design, development and promotion of information systems
• research and development activities in the field of information technology
• data processing and knowledge management
• consulting in the field of information technology

and was designed in accordance to the needs and objectives of the company and the legal and regulatory requirements of the current Greek and community legislation.

The main objectives, as they are expressed in the processes of Ergobyte's Information Security Management System, are:

• The creation of a basis for the continuous improvement of the efficiency of its processes, aiming at the continuous satisfaction of the needs and expectations of its customers to the maximum extent possible.
• To minimize the number of incidents that may affect the continuity of business processes, and to reduce their impact as far as possible.
• The management of the company considers that the information held and circulated in any way, through its electronic and non-electronic systems, is of extreme importance for its operation and market position and is committed to handling this information in a way that protects its security in terms of confidentiality, integrity and availability.
• To comply with the laws and regulations to which it is subject.
• The System’s continual improvement.

The goal of the management regarding the protection of personal data is its compliance with the following principles:

• Processing of personal data in a fair and lawful manner
• Retention of personal data for clearly defined purposes
• Limitation of personal data to what is strictly necessary for the achievement of those purposes
• Protection of personal data through adequate security measures
• Retention of personal data for a certain period of time (depending on the purposes).

The company's system is regularly reviewed by the management, in order to adapt to new needs and developments in the market, to legislative requirements, but also to achieve the company's information security objective.

On an annual basis, the information security objectives are also reviewed and adjusted if it is necessary.

The management is committed to provide the infrastructure and equipment, which are necessary for the implementation of its work. Each employee is responsible for responding to, assimilating and implementing the procedures required by the Information Security Management System through their daily activities. For this reason, all employees, according to their responsibilities, are informed about the System and act demonstrably in accordance with the established rules.

The Information Security & Data Protection Policy is communicated, understood and applied by all human resources, with the ultimate goal of continuous, steady development of its business activity, with unwavering commitment to its principles. It is reviewed at regular intervals in order to ensure that it is constantly in line with market conditions, technological developments and applicable legislation.

Processes, flows and actions that do not guarantee the fulfilment of the objectives set are immediately stopped by those responsible, root-cause analyses are carried out and the required improvement measures are defined.

Management
Nikolaidis George

Thessaloniki, 15/12/2022
ΔΚ-ΔΔ01/01 Version: 1