Information Security Policy

The G. AND E. MICHALAKIS COMMERCIAL COMPANY, with the distinctive title GEM TRAVEL, responding to the requirements of modern business reality and aiming at the protection of its information systems, always aiming at uninterrupted and exemplary service to its customers, decided to design and install an Information Security Management System according to the requirements of the International Standard ISO 27001:2022 so that:

• To ensure the confidentiality, availability and integrity of the information managed by the Company.
• To be able to promptly address any incident reported or detected that may indicate a breach of confidentiality, integrity and availability.
• To minimize the impact that information security incidents may have on the Company’s credibility and reputation with its customers.

The Company’s Information Security Management System covers the “Provision of Personal Services in Destinations”

and was designed in accordance with the needs and objectives of the Company and the Legal and Regulatory Requirements of the current Greek and Community Legislation. The main objectives, as expressed within the procedures of the Company’s Information Security Management System, are:

• the creation of a basis for the continuous improvement of the efficiency of its processes, with a view to the continuous satisfaction of the needs and expectations of its customers to the maximum extent possible.
• the reduction of the impact of events that may affect the company’s business continuity,
• the company’s compliance with the laws and regulations to which it is subject,
• the handling of information, held and circulated in any way through its electronic and non-electronic systems, which constitute data of exceptional importance for its operation and market position, in a manner that protects their security in terms of confidentiality, integrity and availability,
• Information Security objectives are consistent with the strategic objectives of the Company,
• ensuring that the resources required for the ISMS are available.
• the continuous improvement of the system.

The Management’s objective with regard to the protection of personal data is to comply with the following principles:

• Processing of personal data in a fair and lawful manner.
• Personal data is kept in a lawful and fair manner and in a lawful and fair manner.
• Personal data must be kept strictly limited to what is strictly necessary to achieve those purposes.
• Protecting personal data by means of adequate security measures.
• Retention of personal data for a certain period of time (depending on the purposes).

The Company’s System is regularly reviewed by the Management, in order to adapt to new needs and developments in the market, to legislative requirements, but also to achieve the objective of continuous improvement of the Company’s operations.

The Management is committed to making available the resources necessary for the implementation of its work and the implementation of the EMS. Each employee is responsible for meeting, assimilating and implementing the procedures required by the Information Security Management System through their daily activities. For this reason, all employees, according to their responsibilities, are informed about the System and act demonstrably in accordance with the established security and confidentiality rules.

The Information Security Policy is communicated, understood and applied by all human resources, with the ultimate goal of continuous, steady growth of its business activity, with unwavering commitment to its principles and the continuous offer to its customers of services of excellent quality and maximum security. It is reviewed at regular intervals in order to ensure that it is constantly in line with market conditions, technological developments and the legislation in force.