Epikast Security Policy

Purpose: The purpose of this policy is to outline the high-level approach and commitment of Epikast Inc Greek Branch to achieve and maintain compliance with ISO 27001 standards for information security management.

Scope: This policy applies to all employees, contractors, and third-party service providers who handle the organization's information assets.

Policy Statement:>

• Information Security Management System (ISMS):

  • Establish, implement, maintain, and continually improve an ISMS based on ISO 27001 standards.
  • Conduct regular risk assessments to identify and manage information security risks.

• Leadership and Commitment:

  • Management shall demonstrate leadership and commitment to the ISMS by ensuring the necessary resources are available.
  • Information security objectives shall be aligned with the organization's strategic goals.

• Risk Management:

  • Identify and assess information security risks.
  • Implement appropriate controls to mitigate identified risks.
  • Review and update risk assessments regularly.

• Compliance and Legal Requirements:

  • Ensure compliance with all relevant legal, regulatory, and contractual requirements related to information security.
  • Maintain documentation to demonstrate compliance with ISO 27001 standards.

• Security Controls:

  • Implement and maintain security controls to protect information assets.
  • Regularly review and update security controls to address emerging threats.

• Training and Awareness:

  • Provide information security training and awareness programs to all employees and contractors.
  • Ensure ongoing education and awareness of information security policies and procedures.

• Incident Management:

  • Establish and maintain procedures for the effective management of information security incidents.
  • Ensure timely response and recovery from information security incidents.

• Continuous Improvement:

  • Regularly review and improve the ISMS to ensure its effectiveness.
  • Conduct internal audits and management reviews to identify areas for improvement.

• Documentation and Records:

  • Maintain comprehensive and accurate records of the ISMS, including policies, procedures, and controls.
  • Ensure all documentation is up-to-date and accessible to relevant personnel.

• Responsibilities:

  • Top Management: Ensure the establishment and implementation of the ISMS.
  • Information Security Manager (CTO): Angelos Kapsimanis, the company's CTO, will oversee the ISMS and ensure compliance with ISO 27001.
  • Employees and Contractors: Comply with the organization's information security policies and procedures.

• Communication and Publication:

  • This policy shall be communicated to all employees, contractors, and third-party service providers through internal communications, training sessions, and the organization's intranet.
  • Regular updates will be provided as necessary.
• (c) referring website (a site that has led you to ours) or application;
• (d) communications to us or regarding us on social media; and
• (e) activity related to how you use our online services, such as the pages you visit on our sites or in our mobile apps.
• (f) online activity on other websites, applications, or social media]

2.5 We may also collect information that is publicly available, when you interact with us such as interaction through social media.

3. COOKIES

3.1 Our Website does not use cookies. Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. Websites automatically collect information through cookies or similar technology.

4. USES MADE OF THE INFORMATION

4.1 We use information held about you in the following ways:

• (a) To ensure that content from our site is presented in the most effective manner for you and for your computer.
• (b) To provide you with the information or services you have requested and for internal customer administration and business purposes.
• (c) To allow you to participate in interactive features of our Website, when you choose to do so.
• (d) To notify you about changes to our Website like cookies modifications.
• (e) To come to contact with you in case of any questions/concerns or requests you submit to us by using our contact forms, available at the Website,
• (f) If you consent to receive marketing material from us, we may use your data to send you marketing and other materials relating to us.

4.2 We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.

5. WHERE WE STORE YOUR PERSONAL DATA

The personal data we collect is stored in secure servers located within the United States. The Company is committed to protecting the privacy and confidentiality of personal information when the latter is transferred to third parties. Where such transfers occur, the Company will assure you that adequate protection exists either through appropriate contractual arrangements or as required by law.

6. INTERNATIONAL DATA TRANSFERS

The Company is committed to protecting the privacy and confidentiality of personal information when the latter is transferred to third countries. Where such transfers occur, the Company will assure you that adequate protection exists either through appropriate contractual arrangements or as required by the applicable European Union legislation or applicable State or regional (US) legislation.

The Company may also transfer personal data from the European Union to other third countries outside the EEA for its legitimate interests. In such cases, the transfer of personal data outside the EEA will be carried out based on appropriate security guarantees in accordance with the applicable European Union legislation.

7. INFORMATION SECURITY

7.1 The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

8. RETENTION OF PERSONAL INFORMATION

8.1 We retain personal information for the period of time necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal data, the Company will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of employee’s personal data, the purposes for which we process employee’s personal data and whether the Company can achieve those purposes through other means, and the applicable legal requirements.

9. DISCLOSURE OF YOUR INFORMATION

9.1 We will only share your information as described in this Privacy Policy.

9.2 We may share your information within Epikast., our affiliates and our subsidiaries as well as our partners and local distributors of Epikast’s products to foreign countries. Members of the Epikast Group of Companies who receive this information from us are not authorized to use or share the information, except as set out in this Privacy Policy.

9.3 We may share your information with vendors who provide services to us, such as providing data processing and other information technology services, management of the Company’s website and social media, managing promotions, carrying out research and analysis, and personalizing individual customer experiences. We do not allow these vendors to use this information or to share it for any purpose other than to provide services on our behalf.

9.4 We may, for strategic or other business reasons, decide to sell or transfer all or part of our business. As part of that sale or transfer, we may pass information we have collected and stored, including customer information, to anyone involved in the sale or transfer.

9.5 There may be times where we may share information when it does not directly identify you. For example, we may share anonymous, aggregated statistics about your use of our Website. Or we may combine information about you with other customers and share the information in a way that does not identify you.

9.6 We have the right to use or share information as necessary to keep to any law, regulation or legal request, to protect our Website, to bring or defend legal claims, to protect the rights, interests, safety and security of our organization and our employees, or users of the Website, or in connection with investigating fraud or other crime, or violations of our policies.

10. YOUR RIGHTS

10.1 Under the applicable legislation you have the right to request access to the personal data we hold about you, i.e. to be informed upon your request whether your personal data are subject to processing and to receive further information on such processing, including information on eventual transfers of personal data outside the EU and the appropriate or suitable safeguards we have in place for such transfer. As long as the requirements under the applicable legislation are met, you may also request the correction of any inaccurate information we hold about you or the deletion of the same or restriction of the processing concerning your personal data. If such a request places us or our affiliates in breach of its obligations under applicable laws, regulations or codes of practice, then we may not be able to comply with your request but you may still be able to request that we block the use of your personal information for further processing. You may also have a right to data portability to another data controller under certain circumstances. You may withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal. You may also lodge a complaint with the competent Data Protection Supervisory Authority, if you feel that the processing contravenes the law.

10.2 If you would like to exercise your rights above or if you have any questions or concerns about our Privacy Policy please contact: gdpr@epikast.com

11. LINKS TO OTHER WEBSITES AND SOCIAL MEDIA

11.1 Our Website may, from time to time, contain links to and from the websites of our partner networks, and advertisers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

11.2 We may also have providers of other apps, tools, widgets and plug-ins on our online services, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organizations may use your information in line with their own policies.

12. CHANGES TO OUR PRIVACY POLICY

12.1 This Privacy Policy is in effect as of the date noted at the top of the statement. We may change this Privacy Policy from time to time. If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement. You should check here regularly for the most up-to-date version of the statement.

12.2 Any changes we may make to our Privacy Policy in the future will be posted on this page.

13. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

The Company has entrusted the Data Protection Officer (DPO) with overseeing the compliance of the Company with personal data protection legislation, whom you can contact at gdpr@epikast.com in case of any questions or concerns on the processing of personal data or if you wish to exercise one of the rights you have as data subject.