INFORMATION SECURITY POLICY

COVARIANCE PC, responding to the requirements of the modern business reality and aiming to meet the requirements of the modern business reality and aiming at the protection of its information systems, always aiming at the seamless and exemplary service of its customers, decided to design and install an Information Security Management System in accordance with the requirements of the International Standard ISO 27001:2022 so that:

• To ensure confidentiality, availability and integrity of the information managed by the Company.
• Be able to promptly respond to any incident reported or detected that may indicate a breach of confidentiality, integrity, and availability.
• To minimize the impact that information security incidents may have on the credibility and reputation of the company towards its customers.

The Company's Information Security Management System covers the Development of scientific artificial intelligence and data analytics software and was designed in accordance with the needs and objectives of the Company and the Legal and Regulatory Requirements of the applicable Greek and EU Legislation.

The main objectives, as expressed within the procedures of the Company's Information Security Management System, are:

• The creation of a basis for the continuous improvement of the efficiency of its processes, based on the continuous satisfaction of the needs and expectations of its customers to the maximum possible extent.
• The reduction of the impact of incidents that may affect the company's business continuity.
• The company's compliance with the laws and regulations to which it is subject.
• The handling of the information, which is held and circulated in any way through its electronic and non-electronic systems and which constitute elements of exceptional importance for its operation and position on the market, in a way that protects its security in terms of its confidentiality, integrity and availability.
• The objectives of Information Security to be in line with the company's strategic objectives.
• Ensuring that the resources needed for the SDAP are available.
• The continuous improvement of the system.

The Administration's goal in terms of both information security and personal data protection is to comply with the following principles:

• Processing of personal data in a lawful and lawful manner.
• Retention of personal data for clearly defined purposes.
• Limitation of personal data to what is strictly necessary to achieve these purposes.
• Protection of personal data through adequate security measures.
• Retention of personal data for a certain period (depending on the purposes).

The Company's Information Security Management System is reviewed at regular intervals by the Management, to adapt to the new needs and developments of the market, to the legislative requirements, but also to the achievement of the goal of continuous improvement of the Company's operations.

The Management is committed to the provision of the infrastructure and equipment deemed necessary for the implementation and availability of its work. Each employee is responsible for responding, assimilating and implementing the procedures required by the Information Security Management System through their daily activities. For this reason, all employees, depending on their responsibilities, are informed about the System and act in accordance with the established rules of security and confidentiality.

The Information Security Policy is communicated, understandable and applicable by all human resources, with the ultimate goal of continuous, stable development of its business activity, with unwavering commitment to its principles and the constant offer to its customers services of excellent quality and maximum security. It is reviewed at regular intervals with the aim of continuous harmonization with market conditions, technological developments and current legislation.

Processes, flows and actions, which do not guarantee the fulfillment of the goals set, are immediately interrupted by those responsible, cause analyses are carried out and the required improvement measures are defined.