Information Security Policy

Oikokyklios S.A., responding to the demands of modern business reality and aiming to protect its information systems, always aiming at seamless and exemplary service to its Customers, decided to design and install an Information Security Management System in accordance with the requirements of the International Standard ISO 27001:2022 in order to:

• Ensure the confidentiality, availability and integrity of the information managed by the Company.
• Be able to immediately address any incident that is reported or identified and may indicate a violation of confidentiality, integrity and availability.
• Minimize the impact that information security incidents may have on the Company’s credibility and reputation towards its customers.

The Company’s Information Security Management System covers the following scope:

• Collection, Transport, Processing of Lamps and WEEE, temporary storage and disposal of Recovered Characterized Materials
• Collection, Transport, Processing of Metallic and Non-Metallic Waste, temporary storage and disposal of Recovered Characterized Materials and was designed in accordance with the needs and objectives of the Company, the Legal and Regulatory Requirements of the applicable Greek and Community Legislation, the contractual obligations and the requirements of the standard related to information security.

The main objectives, as expressed in the procedures of the Company’s Information Security Management System, are:

• Τhe creation of a basis for the continuous improvement of the effectiveness of its processes, guided by the continuous satisfaction of the needs and expectations of its customers to the greatest extent possible the reduction of the effects of events that may affect the Company’s business continuity.
• Τhe commitment to comply with the legislative and regulatory provisions related to its activity the handling of information, which is kept and circulated in any way through its electronic and non-electronic systems, which constitute data of exceptional importance for its operation and position in the market, in a way that protects their security in terms of confidentiality, integrity and availability the commitment to the continuous improvement of the Information Security Management System.

The objectives of information security are consistent with the Company’s strategic objectives, while the Company ensures that the resources required for the PDMS are available.

The Management’s objective with regard to the protection of personal data is to comply with the following principles:

• Processing personal data in a fair and lawful manner.
• Personal data is kept in a lawful and fair manner.
• Personal data must be kept strictly limited to what is absolutely necessary to achieve these purposes.
• Protection of personal data through appropriate security measures.
• Retention of personal data for a certain period of time (depending on the purposes).

The Company’s System is reviewed at regular intervals by the Management, to adapt to new needs and developments in the market, to legislative requirements, but also to achieve the Company’s information security objective. The Information Security objectives are also reviewed on an annual basis and, if necessary, adjusted.

Management is committed to allocating the necessary resources for the implementation of its work and its implementation and improvement of the Information Security Management System.

Each employee is responsible for responding to, assimilating and implementing the procedures required by the Information Security Management System through their daily activities.

For this reason, all employees, depending on their responsibilities, are informed about the System and act demonstrably in accordance with the established security and confidentiality rules.

The Information Security Policy is available, understandable and applicable by all human resources, with the goal of the continuous, stable development of its business activity, with unwavering commitment to its principles and the continuous offer of top quality and maximum security services to customers. It is reviewed at regular intervals with the aim of continuously harmonizing it with market conditions, technological developments and applicable legislation.