I. The corporation named "MICH. VELIVASAKI BROS INDUSTRIAL AND COMMERCIAL COMPANY OF MATTRESSES - FURNITURE" with the trade name "CANDIA WAKE UP IN THE MEDITERRANEAN," headquartered in Spata, Attica, at the 18th km of Spaton Avenue, as legally represented (Tax ID: 094250479), hereinafter referred to as the "COMPANY" or "BUSINESS," informs the natural person - visitor of the website (hereinafter referred to regardless of gender or status as "Customer" or "Visitor") that it, or third parties on its behalf, will process personal data concerning them during their visit, use, stay, and navigation on this website, as specified below:

II. DETAILS OF PERSONAL DATA PROCESSING: A. TYPE OF DATA COLLECTED: The personal data we collect pertains to the Visitor, both regarding any information they voluntarily provide and those required technologically for visiting, using, staying, and navigating this website, as well as for any electronic transactions between the parties. These data solely relate to matters related to the above, such as: (a) IP address, date and time of access, URL, access provider, browser, operating system (b) name, email, comments, contact details, management of any submitted request, query, or complaint, etc.

B. DATA COLLECTION SOURCES: The personal data we collect come from the customer/visitor, either from forms/entries they fill in and use during the start or during their visit and stay on the website, or via telephone communication, electronic correspondence, mutual message exchanges, or by any other means necessary due to modern technological tools to achieve the website's purpose and the entire visiting process, stay, or navigation of its visitors.

C. REASONS FOR DATA COLLECTION AND PROCESSING METHODS: The personal data are collected to ensure the safe and adequate operation of the website, the business, and to know the necessary details of the visitor as a potential future customer of the business. They are also collected for advertising purposes of the business and future communication with the visitor, sending advertising/informative brochures, other printed materials, correspondence between the parties, future connection of the customer with the website, etc. The processing of these data involves their collection, registration, organization, structuring, and storage, exclusively carried out by the "business" or its staff or associates, to serve the aforementioned purposes. The "business" commits to having taken all necessary actions, applying appropriate technical and organizational measures, for the lawful maintenance, processing, and safeguarding of the personal data file it keeps, committing to securing and protecting it in every way from loss, leakage, alteration, or unauthorized processing by unauthorized persons. The "business" commits that the above personal data will not be provided to third parties unrelated to the assigned task, nor will they be used for third-party advertising purposes.

D. DATA RECIPIENTS: The data is made known to the "business," its staff, or its associates, related to the proper, legal, and smooth operation of the present website, according to the aforementioned purposes, with the self-evident note that each of them is aware of and processes only the data absolutely necessary for the execution of their duties.

E. RETENTION TIME: The personal data mentioned above is kept indefinitely unless the customer/visitor explicitly requests their deletion, either before or after the completion of the assigned task, except for those data that must be kept indefinitely according to the law or current transaction practices. In all other cases, all types of data are deleted twenty (20) years after the last contractual link between the parties, unless there are pending judicial, legal, procedural matters that necessitate their further retention, in which case the retention time will be extended by two (2) years after special notification to the customer of the reason and duration of the extension.

F. CUSTOMER RIGHTS: (i) The customer has the right to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed and, if so, the right to access the personal data and the following information: a) the purposes and source of the processing, b) the relevant categories of personal data, c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations, d) if possible, the period for which the personal data will be stored, or, when that is not possible, the criteria used to determine that period, e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing, f) the right to lodge a complaint with a supervisory authority, g) when the personal data are not collected from the customer, any available information as to their source, h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. (ii) The customer has the right to request from the data controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, they also have the right to have incomplete personal data completed, including by means of a supplementary statement. (iii) The customer has the right to request from the data controller the erasure of personal data concerning them without undue delay and the data controller has the obligation to erase personal data without undue delay if one of the following reasons applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, b) the customer withdraws the consent on which the processing is based and there is no other legal ground for the processing, c) the customer objects to the processing and there are no overriding legitimate grounds for the processing, d) the personal data have been unlawfully processed, e) the personal data must be erased to comply with a legal obligation under Union or Member State law to which the data controller is subject, f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). (iv) The customer has the right to obtain from the data controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data, b) the processing is unlawful and the customer opposes the erasure of the personal data and requests the restriction of their use instead, c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the customer for the establishment, exercise, or defense of legal claims, d) the customer has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject. (v) The customer has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where: a) the processing is based on consent or on a contract and b) the processing is carried out by automated means. In exercising their right to data portability under the above, the customer has the right to have the personal data transmitted directly from one data controller to another, where technically feasible. (vi) The customer has the right to object, at any time and on grounds relating to their particular situation, to processing of personal data concerning them, including profiling. The data controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. Where personal data are processed for direct marketing purposes, the customer has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the customer objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. At the latest at the time of the first communication with the customer, the right referred to above shall be explicitly brought to their attention and shall be presented clearly and separately from any other information. In the context of the use of information society services and notwithstanding Directive 2002/58/EC, the customer may exercise their right to object by automated means using technical specifications. Where personal data are processed for scientific or historical research purposes or statistical purposes, the customer, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

The "business" has the right to refuse a request for restriction of processing or erasure of the customer's data if the processing or retention is necessary for the establishment, exercise, or defense of its legal claims, or to comply with its legal obligations. The exercise of the above rights by the customer operates only for the future, starting from the date the relevant request reached the "business" in any proven manner. The Customer has the right to lodge a complaint with the Data Protection Authority (www.dpa.gr), which is the competent supervisory authority for the protection of the fundamental rights and freedoms of individuals regarding the processing of their data, if they believe that their rights are being violated in any way. The customer can exercise the above, and all other, rights either by sending an email, a registered letter, an extrajudicial statement, by telephone or by physical correspondence to the data controller or the data protection officer of the business (see below), or to its official headquarters. The "business" will make every effort to respond to the Customer within thirty (30) days from the submission of their request, which may be extended by anI. The Joint-Stock Company under the name "ADELFOI MICH. VELIVASAKI ANONYMOUS INDUSTRIAL AND COMMERCIAL COMPANY OF MATTRESSES - FURNITURE" and the distinctive title "CANDIA WAKE UP IN THE MEDITERRANEAN," headquartered in Spata, Attica, 18th km L. Spaton, legally represented (VAT: 094250479), hereinafter referred to as the "COMPANY" or "BUSINESS," informs, in accordance with Regulation (EU) 2016/679 of the European Union and the provisions of Greek law on personal data protection, the natural person - visitor of the website (hereinafter regardless of gender or status "Customer" or "Visitor") that it or third parties on its behalf will process personal data concerning them within the context of their visit, use, stay, and browsing on this website as mentioned below:

II. DETAILS OF PERSONAL DATA PROCESSING: A. TYPE OF DATA COLLECTED: The personal data we collect concerns the Visitor, both regarding any information they voluntarily provide and any data technologically required for their visit, use, stay, and browsing on this website, as well as within the context of any electronic transactions between the parties. These data are exclusively related to the above-mentioned matters, namely indicatively: (a) IP address, date and time of access, URL, access provider, browser, operating system, (b) name, email, comments, contact details, management of any submitted request, query or complaint, etc.

B. SOURCES OF DATA COLLECTION: The personal data we collect come from the customer/visitor themselves, either from forms/entries they fill in and use at the beginning or during their visit and stay on the website, or via telephone communication, or electronic correspondence, or following mutual messaging, or in any other way required by modern technological means to achieve the website's purpose and the entire process of visiting, staying, or browsing its visitors.

C. REASONS FOR DATA COLLECTION AND PROCESSING METHOD: Personal data are collected for the purpose of secure and adequate operation of the website, the business, and knowing the necessary details of the visitor as a future customer of the business. They are also collected for the business’s advertising purposes, future communication with the visitor, sending advertising/informational leaflets, other documents, correspondence between the parties, future connection of the customer with the website, etc. The processing of these data involves collecting, recording, organizing, structuring, and storing them, exclusively by the "business" or its staff, or its partners, to serve the above-mentioned purposes. The "business" commits to having taken all necessary actions, applying appropriate technical and organizational measures, for the lawful retention, processing, and safeguarding of the personal data file it maintains, committing to secure and protect it by all means from loss, leakage, alteration, or unlawful processing by unauthorized persons. The "business" commits that the above-mentioned personal data are not provided to third parties unrelated to the assigned work and are not used for third-party advertising purposes.

D. DATA RECIPIENTS: The data are made known to the "business," or its staff, or its partners related to the proper, lawful, and smooth operation of this website, according to the purposes mentioned earlier, with the obvious note that each of them acknowledges and processes only the data necessary for the execution of their duties.

E. DATA RETENTION PERIOD: The aforementioned personal data are stored indefinitely unless the customer/visitor explicitly requests their deletion, either before or after the completion of the assigned work, except for those data that must be retained indefinitely according to the law or current transactional customs. In any other case, all kinds of data are deleted twenty (20) years after the last contractual link between the parties, unless there are judicial, legal, procedural pending matters necessitating further retention, in which case the retention period will be extended by two (2) years following a specific notification to the customer about the cause and duration of the extension.

F. CUSTOMER RIGHTS: (i) The customer has the right to receive confirmation from the data controller about whether personal data concerning them are being processed, and, if so, the right to access the personal data and the following information: a) the purposes and origin of the processing, b) the relevant categories of personal data, c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations, d) if possible, the period for which the personal data will be stored or, when that is not possible, the criteria used to determine that period, e) the existence of a right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, f) the right to lodge a complaint with a supervisory authority, g) when the personal data are not collected from the customer, any available information about their source, h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. (ii) The customer has the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning them. Considering the purposes of the processing, they also have the right to have incomplete personal data completed, including by means of a supplementary statement. (iii) The customer has the right to request from the data controller the erasure of personal data concerning them without undue delay, and the data controller has the obligation to erase personal data without undue delay if one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, b) the customer withdraws consent on which the processing is based and where there is no other legal ground for the processing, c) the customer objects to the processing, and there are no overriding legitimate grounds for the processing, d) the personal data have been unlawfully processed, e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject, f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). (iv) The customer has the right to obtain from the data controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data, b) the processing is unlawful, and the customer opposes the erasure of the personal data and requests the restriction of their use instead, c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the customer for the establishment, exercise, or defense of legal claims, d) the customer has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject. (v) The customer has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where: a) the processing is based on consent or on a contract, and b) the processing is carried out by automated means. In exercising their right to data portability, the customer has the right to have the personal data transmitted directly from one data controller to another, where technically feasible. (vi) The customer has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, including profiling. The data controller shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. If personal data are processed for direct marketing purposes, the customer has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the customer objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. At the latest, at the time of the first communication with the customer, this right is explicitly brought to the customer's attention and is presented clearly and separately from any other information. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the customer may exercise their right to object by automated means using technical specifications. Where personal data are processed for scientific or historical research purposes or statistical purposes, the customer has the right to object, on grounds relating to their particular situation, to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

It is noted that the "business" has the right to refuse a request for restriction of processing or deletion of the customer's data if the processing or retention thereof is necessary for the establishment, exercise, or defense of its legitimate interests or for its compliance with legal obligations. The exercise of the above rights by the customer only applies for the future, starting from the date on which the relevant request reached the "business" in any proven way. The Customer has the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr), which is the competent supervisory authority for protecting the fundamental rights and freedoms of individuals against processing that concerns them, if they believe that their rights are being infringed in any way. The customer can exercise the above and all other rights either by sending an email, registered letter, extrajudicial statement, or by phone or physical correspondence to the data controller or the data protection officer of the business (see below), or at its official headquarters. The privacy policy of "Candia Wake Up in the Mediterranean" explains the collection and processing of personal data from website visitors. It covers the types of data collected, sources of data, reasons for collection, data retention periods, and rights of customers regarding their data. The company commits to protecting personal data and outlines how customers can exercise their rights to access, rectify, erase, and restrict processing of their data. Data may be shared with company staff and partners for lawful purposes.

For detailed information, visit the Candia privacy policy.

The data protection officer (DPO) for Candia is Alexandros Velivasakis, who is responsible for the management and protection of personal data. He can be contacted via email at dpo@candia.gr or by phone at +30 6973222108.

 

Important notice for COVID-19

The production order will start once the payment process is completed.
Please note that due to the current situation associated with COVID-19 and the measures issued by the Hellenic National Public Health Organization – EODY as well as the Greek Government, the delivery time is estimated to be around 8 to 10 working days. For orders within the Attica region, please expect delivery on weekdays between 15:00 and 21:00.

Cookies on the CANDIA website

This site, like many others, uses small files called cookies to help us customise your experience. Find out more about cookies and how you can control them. Cookies are small text files that are stored by the browser (for example, Internet Explorer or Safari) on your computer or mobile phone. They allow websites to store things like user preferences. You can think of cookies as providing a “memory” for the website, so that it can recognise you when you come back and respond appropriately.

 

Anonymous analytics cookies

Every time someone visits our website, software provided by another organisation generates an “anonymous analytics cookie”. These cookies can tell us whether or not you have visited the site before. Your browser will tell us if you have these cookies and, if you don't, we generate new ones. This allows us to track how many individual users we have, and how often they visit the site. Unless you are signed in to CANDIA, we cannot use these cookies to identify individuals. We use them to gather statistics, for example, the number of visits to a page. If you are logged in, we will also know the details you gave to us for this, such as your username and email address.

 

Geotargetting cookies

These cookies are used by software which tries to work out what country you are in from the information supplied by your browser when you click on a web page.

 

Registration cookies

When you register with CANDIA we generate cookies that let us know whether you are signed in or not. Our servers use these cookies to work out which account you are signed in with.

 

How do I turn cookies off?

It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a particular website. However, we cannot tell if you are signed in without using cookies, so you would not be able to buy products. All modern browsers allow you to change your cookie settings. You can usually find these settings in the “options” or “preferences” menu of your browser. To understand these settings you can use the “Help” option in your browser for more details.

 

Update to site users

-

We delete or cancel an order when...

15 calendar days have elapsed and the full amount of the basket has not been settled.

 

VIOLENCE AND HARASSMENT POLICY

PART A – GENERAL PROVISIONS

1. Introduction

1. The company adheres to all measures and obligations related to the implementation of the provisions of Part II of Law 4808/2021 for the prevention and combating of all forms of violence and harassment, including gender-based violence and harassment and sexual harassment.
2. The purpose of this policy is to create and establish a work environment that respects, promotes, and ensures human dignity and the right of every person to a world of work free from violence and harassment. The COMPANY declares that it recognizes and respects every employee's right to a work environment free from violence and harassment and does not tolerate any such behavior of any form by any person.
3. This policy is adopted in accordance with Articles 9 and 10 of Law 4808/2021 and the regulatory legislation implementing these.

2. Scope of Application

1. This policy applies to and concerns all employees and workers of the COMPANY, regardless of their contractual status, including those employed under a project contract, independent services, salaried mandate, those employed through third-party service providers, as well as individuals undergoing training, including interns and apprentices, volunteers, employees whose employment relationship has ended, as well as individuals seeking employment or working in the informal economy.
2. Forms of violent and harassing behavior against any of the above persons may occur particularly: a) at the workplace, including public and private spaces and areas where the employee provides work, receives payment, takes breaks especially for rest or food, in areas of personal hygiene and care, locker rooms, or accommodations provided by the COMPANY, b) during travel to and from work, other travel, training, as well as events and social activities related to work, c) during work-related communications, including those conducted via information and communication technologies.

3. Definitions For the purposes of this policy, the following definitions apply: a) "violence and harassment" means forms of behavior, acts, practices, or threats thereof, that are intended, result in, or may result in physical, psychological, sexual, or economic harm, whether occurring individually or repeatedly, b) "harassment" means forms of behavior intended to or resulting in the violation of a person’s dignity and creating an intimidating, hostile, degrading, humiliating, or offensive environment, regardless of whether they constitute a form of discrimination, including harassment based on gender or other grounds of discrimination, c) "gender-based harassment" means forms of behavior related to a person’s gender, intended to or resulting in the violation of the person’s dignity and creating an intimidating, hostile, degrading, humiliating, or offensive environment. These behaviors include sexual harassment (as defined below), and behaviors related to a person's sexual orientation, expression, identity, or gender characteristics, d) "sexual harassment" means any form of unwanted verbal, psychological, or physical behavior of a sexual nature aimed at or resulting in the violation of a person's personality, particularly by creating an intimidating, hostile, degrading, humiliating, or offensive environment around them.

4. Prohibition of Violence and Harassment at Work

1. All forms of violence and harassment occurring during work, whether related to it or arising from it, including gender-based violence and harassment, religious, racial harassment, sexual orientation, and sexual harassment, are prohibited.
2. Specifically, the following are strictly prohibited, among others: a) comments containing sexual expressions or other malicious comments directed at persons who have not explicitly expressed a desire to receive such comments, b) comments or persistent questions about appearance, gender, religion, race, sexual orientation causing shame or embarrassment, c) circulation and/or display of sexually explicit material or any other content offensive to human dignity (e.g., photographic, digital, printed), d) unwanted comments with sexual innuendos, e) sending messages with sexual, racist, aggressive, or disturbing content, f) sexual gestures or acts (e.g., any unwanted physical contact aimed at assault or pressure for sexual relations), g) persistent proposals for dates, h) threats or insinuations that someone's sexual favors can promote their career or that refusal to have sexual relations may negatively impact their professional path in the company, i) use of obscene, threatening, or offensive language, including cyberbullying, j) obscene, threatening, violent, or offensive gestures, k) coercion into sexual acts or contact, l) demeaning or ridiculing a person, their appearance, sexual orientation, or abilities, whether privately or in front of others.

PART B - PREVENTION AND COMBATING VIOLENCE AND HARASSMENT AT WORK

1. Risk Assessment of Violence and Harassment at Work The risks arising from violence and harassment at work can be very serious, both for the employees and the company itself. Specifically, for employees, the risks include: a) Offense to human dignity and causing moral harm, b) Causing anxiety, stress, anger, and fear while performing work, c) Causing psychosomatic symptoms (such as headaches, tachycardia, and increased blood pressure, sleep disturbances, etc.), d) Defamation, loss of prestige, and dignity. In addition to employees, the company faces risks such as: A) Disruption of labor relations and smooth operation of the company, B) Reduced productivity, C) Legal and financial consequences, D) Negative publicity. However, the prevention, control, and mitigation measures of violence and harassment risks at work and monitoring and managing such incidents or behaviors implemented by the COMPANY, the actions to inform and raise awareness among its staff about issues of violence and harassment, in combination with the methods of organizing work, the nature of its activity, and strict adherence to current legislation on occupational health and safety, significantly contribute to improving the level of employee protection and effectively addressing related risks.

2. Measures for Preventing, Controlling, Limiting, and Combating the Risks of Violence and Harassment at Work and Monitoring Such Incidents or Behaviors The COMPANY takes measures and implements administrative practices to prevent, control, limit, and combat the risks of violence and harassment at work and monitor such incidents or behaviors. Indicative of the above measures and administrative practices include the following: a) Adoption of an Internal Complaint Management Policy for Incidents of Violence and Harassment, included in this document (Part C), ensuring that each complaint or related report is received, investigated, and resolved confidentially and in a manner respecting human dignity. The COMPANY may maintain a Log of incidents for the reported cases. b) Appointment of a reference person ("liaison") for guiding and informing employees regarding the prevention and combating of violence and harassment at work. c) Encouraging the maintenance of a work climate where respect for human dignity, cooperation, and mutual assistance are core values. d) Technical measures, such as proper lighting, etc. e) Training employees in handling incidents of violence and ensuring that employees have the necessary training/information to perform their duties, particularly in positions with higher risks for incidents of violence and harassment. f) Actions to raise awareness among employees about healthy behavior standards and issues concerning vulnerable employee categories. g) Guidance and support for victims of violence and harassment to reintegrate into the workplace. h) Providing assistance to any competent public, administrative, or judicial authority during the investigation of incidents of violence or harassment, if requested by them. i) Regular evaluation of the effectiveness of the implemented preventive and response measures and revision/updating of risk assessments and measures. j) Any other appropriate and advisable measure to achieve the purposes of this document.

3. Actions for Informing and Raising Awareness Among Staff on Violence and Harassment Issues The COMPANY declares its zero tolerance for violence and harassment phenomena and takes the following actions to raise staff awareness on these phenomena: a) Provides through this document information and details to its staff about the risks of violence and harassment, the related prevention and protection measures, the procedures in place at the enterprise level, and the options provided by law in case of such incidents. b) May organize targeted staff meetings to discuss related topics and timely address potential risks. c) May hold seminars with mental health specialists or counseling service providers, etc. d) Encourages the participation of employees and management in training and educational seminars on recognizing and managing the risks of violence and harassment at work.

4. Information on the Rights and Obligations of Employees and the COMPANY in Case of Occurrence or Report or Complaint of Incidents, as well as the Relevant Procedure 4.1. Options for Affected Individuals by Incidents of Violence and Harassment: 4.1.1. If a person is affected by an incident of violence and harassment during access to employment, during their employment relationship, or collaboration with the COMPANY, or even if their contract or employment relationship with the COMPANY within which the incident or behavior is alleged to have occurred has ended, they have: a) The right to judicial protection, b) The right to appeal, submit a complaint, and request a labor dispute resolution at the Labor Inspectorate, within its legal competencies, c) The right to submit a report to the Ombudsman, within its legal competencies as the authority promoting and supervising the principle of equal treatment, d) The right to submit a report or complaint within the COMPANY according to the complaint reception and management procedure provided in Part C of this document. In any case, when a report or complaint of such behavior arises within the COMPANY, the affected person retains all their rights to appeal, either cumulatively or alternately, to any competent authority. 4.1.2. Furthermore, any person subject to this policy who suffers an incident of violence and harassment against them has the right to leave the workplace for a reasonable time without loss of salary or other adverse consequence, provided that in their reasonable belief there is an imminent serious danger to their life, health, or safety, especially when the perpetrator of such behavior is a person exercising managerial authority or representing the COMPANY or when the COMPANY does not take the necessary and appropriate measures. Any person exercising this right must, without undue delay, inform the Labor Inspectorate, within its competencies.

4.2. Obligation of the COMPANY to Protect Against All Forms of Violence and Harassment The COMPANY takes the necessary and appropriate measures to protect individuals from all forms of violence and harassment and, in particular: 4.2.1. Encourages and supports individuals to report cases of violence and harassment. 4.2.2. Ensures, during the process of receiving, investigating, and handling reports or complaints, that: a) Confidentiality is maintained, and the protection of personal data is ensured, b) The dignity and privacy of all parties involved are respected, c) No retaliation against the complainant or affected individual occurs. 4.2.3. Takes disciplinary actions against those found to have committed acts of violence or harassment, according to internal regulations and applicable law.

4.3. Procedure for Submitting a Report – Responsible for Receiving and Monitoring Reports:

The company establishes easily accessible reporting channels and encourages the submission of reports, ensuring that all received reports are handled confidentially.

The designated Responsible for Receiving and Monitoring Reports (R.R.M.R.) is Michalis Velivasakis, son of Charalambos, email: mvelivasakis@candia.gr, phone: 6973222102. The deputy for this role is Alexandros Velivasakis, son of Emmanouil, email: alexvelivasakis@candia.gr, phone: 6973222108. The deputy will replace the R.R.M.R. in case of any impediment, conflict of interest, suspicion of bias, or for any reason that makes the R.R.M.R. unable to handle the case.

The R.R.M.R. is responsible for receiving all reports and subsequently informing the Report Evaluation Committee about the reports to be examined.

Detailed submission options include: a) In Writing, with Named Submission via Email: Reports can be sent to mvelivasakis@candia.gr. b) In Writing, with Named or Anonymous Submission via Mail: Reports can be addressed to the attention of the R.R.M.R. at the company's address. c) Orally, either via Telephone or by Scheduling a Personal Appointment with the R.R.M.R.:

In cases where a report is submitted by phone, the R.R.M.R. will keep detailed minutes to document the communication. The reporting person will be given the opportunity to verify, correct, amend, and agree with the recorded minutes. The minutes must be signed by the reporting person, and if they refuse, the R.R.M.R. will make a relevant note on the document.

The identity or other details of the reporting person will remain confidential and protected.

4.4. Report Processing Post-Submission

Upon submission of any report, the Responsible for Receiving and Monitoring Reports (R.R.M.R.) will notify the reporting person that their report has been received (provided that the contact details of the reporting person are available) and will forward it for investigation in a pseudonymized form, ensuring confidentiality and protection of personal data. This process includes updating the report log maintained by the R.R.M.R. and forwarding the report to the Report Evaluation Committee, which is explicitly composed of the following members:

Regular Members (3):

• Kyriakos Georgios of Efstratios
• Segredos Alexandros of Nikolaos
• Kostakis Ektoras of Georgios

Alternate Members (3):

• Dimitrios Roussos of Konstantinos
• Ioannis Dimopoulos of Dionysios
• Spyros Salaounis of Dimitrios

If the report involves one or more members of the Report Evaluation Committee, the implicated member(s) will be replaced. If replacement is not feasible, the R.R.M.R. will log the report and forward it to the National Transparency Authority as an external reporting channel, informing the reporting person accordingly.

Simultaneously, the R.R.M.R. must notify the relevant authorities, such as the Economic Crime Prosecutor, other Prosecutorial Authorities (if criminal acts are identified), the National Transparency Authority, the Competition Commission, the Bank of Greece, the Data Protection Authority, the Public Procurement Authority, the Hellenic Atomic Energy Commission, the Unified Food Control Authority, the Consumer Ombudsman, the National Cybersecurity Authority, the Anti-Money Laundering Authority, the Independent Public Revenue Authority, and the General Directorate of Economic Crime, among others.

The R.R.M.R. may file the report with a decision communicated to the reporting person, if feasible, when the report is evidently unproven, baseless, vague, false, or repeated in an abusive manner, or if it falls outside the scope of this policy or Article 4 of Law 4990/2022.

Upon receiving any report, the Report Evaluation Committee is responsible for conducting thorough investigations to evaluate the accuracy of the claims included in each report and recording the results. The committee may conduct interviews, site inspections, engage expert consultants (e.g., legal, financial, psychological experts), and ensure the legality of the process. Based on the investigation outcomes and the specifics of each case, the committee may determine whether the report requires further investigation or if it is evidently baseless or vague, warranting no further action (in which case the reporting person will be informed that the report is archived). If the report pertains to behavior falling within the scope of this policy, the committee will take appropriate actions as detailed above and as stipulated by the applicable law, especially Law 4990/2022.

For every decision, the Report Evaluation Committee maintains written minutes of its meetings and decisions.

4.5. Conclusion of the Process

After the investigation, the Report Evaluation Committee must draft a report on the decision made following the investigation, submit it to the management, provide recommendations and corrective actions to resolve the issue, if feasible, determine whether the National Transparency Authority or another competent supervisory authority needs to be informed (if not already notified by the R.R.M.R.), and inform the R.R.M.R. of the actions taken. The R.R.M.R. will then update the reporting person on the outcome of their report's evaluation. If the Company's management decides to pursue further legal action, this will be entrusted to a legal partner of the Company. In such a case, the Report Evaluation Committee will monitor the case progress and inform the reporting person accordingly.

The decision regarding the timing of notifying involved parties is made by the Report Evaluation Committee within one month of receiving the report.

5. FINAL PROVISIONS

This policy was approved by the Company’s Board of Directors in its meeting on June 6, 2024, as documented in the minutes of the same date, signed and endorsed by the R.R.M.R.

PART C – INTERNAL COMPLAINT MANAGEMENT POLICY FOR INCIDENTS OF VIOLENCE AND HARASSMENT AT WORK

1. Submission of Complaints 1.1. Complaints can be submitted in writing to the designated person or department responsible for handling such issues. 1.2. The company shall provide a secure and confidential process for submitting complaints. 1.3. Complaints should contain detailed information about the incident, including dates, times, locations, and any witnesses. 1.4. Complainants can choose to remain anonymous, but it is encouraged to provide contact information for follow-up.

2. Handling of Complaints 2.1. Upon receipt of a complaint, the designated person or department will conduct a preliminary assessment to determine the appropriate course of action. 2.2. An investigation will be initiated promptly, ensuring a fair and impartial process. 2.3. Both the complainant and the accused will have the opportunity to present their case and provide any supporting evidence. 2.4. The investigation will be conducted confidentially, with only those directly involved having access to the information. 2.5. The company will take appropriate measures to ensure the safety and well-being of the complainant during the investigation process.

3. Resolution and Follow-up 3.1. Based on the findings of the investigation, appropriate actions will be taken, which may include disciplinary measures, counseling, or training. 3.2. The complainant will be informed of the outcome of the investigation and any actions taken. 3.3. Follow-up will be conducted to ensure that the issue has been resolved and to prevent any recurrence. 3.4. The company will review and evaluate the effectiveness of the complaint management policy periodically and make necessary improvements.

4. Protection Against Retaliation 4.1. The company prohibits any form of retaliation against individuals who report incidents of violence and harassment or participate in the investigation process. 4.2. Any retaliation will be considered a serious violation and will be subject to disciplinary action.

5. Training and Awareness 5.1. The company will provide regular training and awareness programs to educate employees about their rights and responsibilities concerning violence and harassment at work. 5.2. Training will include information on how to recognize, prevent, and report incidents of violence and harassment.

6. Support Services 6.1. The company will provide support services to individuals affected by violence and harassment, including counseling and assistance in seeking external support if needed. 6.2. Employees will be informed about available support services and how to access them.

7. Monitoring and Reporting 7.1. The company will monitor the effectiveness of the policy and procedures related to violence and harassment at work. 7.2. Regular reports will be generated to track incidents and the outcomes of investigations. 7.3. The company will use the data to identify trends and areas for improvement in preventing and addressing violence and harassment.

8. Review and Update 8.1. This policy will be reviewed periodically and updated as necessary to ensure compliance with applicable laws and regulations and to address emerging issues and trends related to violence and harassment at work. 8.2. Employees will be informed of any updates or changes to the policy.

9. Implementation 9.1. The company commits to the full implementation of this policy and will allocate the necessary resources to ensure its effectiveness. 9.2. All employees are expected to comply with this policy and to contribute to a safe and respectful work environment.