G. AND E. MICHALAKIS PLC with the distinctive title GEM TRAVEL responding to the requirements of modern business reality and aiming at the protection of the information it manages in terms of integrity, confidentiality and expediency. Decided to design and install an Information Security Management System in accordance with the requirements of International Standard ISO 27001: 2013.


The Company’s Information Security Management System covers the “Provision of personal services in

Destinations”and was designed according to the needs and aspirations of the Company and the Legal and

Regulatory Requirements of the current Greek and Community Legislation.


The main objectives, as they are expressed in the processes of the Security Management System

Company Information, are:

❖ The creation of a basis for the continuous improvement of the efficiency of its processes, having as

guided by the continuous satisfaction of the needs and expectations of its customers as much as possible,

❖ minimizing the number of incidents that may affect the continuity of operations

processes, as well as to reduce their impact as much as possible,

❖ handling the information managed by the company in a way that protects their security as

to their confidentiality, integrity and availability,

❖ the company’s compliance with the laws and regulations to which it is subject,

❖ the continuous improvement of the system.


The goal of the Management both in matters of information security and in matters of protection of personal data is its compliance with the following principles:

▪ Processing of personal data in a lawful and legal manner

▪ Retention of personal data for clearly defined purposes

▪ Limiting personal data to what is absolutely necessary to achieve these goals

▪ Protection of personal data through adequate security measures

Observance of personal data for a certain period of time (depending on the purposes).


The Information Security Management System of the Company is reviewed at regular intervals by the Management, in order to adapt to new needs and market developments, legal requirements, but also to achieve the goal of continuous improvement of the Company’s operations.


The Management is committed to the disposal of the infrastructure and equipment that is deemed necessary for the implementation and availability of its work. Every employee is responsible to respond, assimilate and implement the procedures required by the Information Security Management System through its daily activities. For this reason, all employees, depending on their responsibilities, are informed about the System and act in accordance with the established rules of security and confidentiality.


The Information Security Policy is communicated, understood and applicable by all human resources, with the ultimate goal of continuous, stable development of its business activity, with unwavering commitment to its principles and the constant offer to its customers of excellent quality and maximum security services. It is reviewed at regular intervals with the aim of its continuous harmonization with market conditions, technological developments and current legislation.


Procedures, flows and actions, which do not guarantee the fulfillment of the set goals, are immediately stopped by those responsible, cause analysis are carried out and the necessary improvement measures are defined.


Management                                                                                                                    Rhodes, 15.01.2021

Avramios Pouliasis                                                                                                         (Version: 1)

Skip to content