Important Information

DMN GROUP POLICIES & CODES

PREAMBLE

This unified text brings together, in one coherent public-facing form, the Company’s framework of notices, terms, policies and key operating principles. It is intended to provide clear, transparent and consistent information to clients, partners, website visitors and any other interested party regarding the main principles governing the Company’s operations, data protection, terms of use, professional conduct standards, the general framework for service delivery and the use of artificial intelligence.

This text is of a public nature. Any internal policies, operating procedures, SOPs, templates, checklists and other internal compliance and governance tools of the Company remain in force internally, without being published in full, to the extent that they are not appropriate for public disclosure.

PART I – IMPORTANT INFORMATION / POLICIES AND TERMS

A. DATA PROTECTION AND PRIVACY POLICY

1. PRIVACY STATEMENT

DOMINION GROUP PROJECT MANAGEMENT & REAL ESTATE SINGLE MEMBER PRIVATE COMPANY (I.K.E.), trading as “DMN GROUP”, with registered office in Piraeus, Attica (81 Akti Miaouli), VAT No. 801589788, Tax Office KEFODE Attikis, GEMI No. 159687307000 and Chamber Registry No. 133926 for brokerage services (hereinafter the “Company”). The Company acknowledges the importance of the protection of personal data relating to visitors, users, clients, business partners, suppliers and other natural persons dealing with it or visiting the websites www.dmn-group.com and www.dmn-properties.com (the “Websites”). The Company undertakes to process personal data lawfully, fairly and transparently in accordance with the GDPR, Greek Law 4624/2019, Greek Law 3471/2006 and any other applicable national or EU legislation.

This Policy informs data subjects about the collection, recording, organisation, storage, use, disclosure and any other processing operation carried out by the Company in its capacity as Controller, as well as about the rights of data subjects and the manner in which such rights may be exercised. The Company applies appropriate technical and organisational security measures and restricts access to personal data to persons who hold relevant authorisation and are bound by confidentiality obligations.

2. DEFINITIONS

• “GDPR” means Regulation (EU) 2016/679, as in force.

• “Personal Data” means any information relating to an identified or identifiable natural person.

• “Special Categories of Data” means the data referred to in Article 9 GDPR.

• “Processing” means any operation or set of operations performed on personal data.

• “Consent” means any freely given, specific, explicit and informed indication of the data subject’s wishes.

• “Controller” means the natural or legal person determining the purposes and means of the processing.

• “Processor” means the natural or legal person processing data on behalf of the Controller.

3. PURPOSES OF COLLECTION AND PROCESSING

The Company collects and processes only such data as are adequate, relevant and necessary for lawful and specified purposes. In particular, processing may be necessary:

• to identify and communicate with the data subject and to manage comments, requests, queries and complaints;

• for the proper operation, administration, security and optimisation of the Websites and for improving the browsing experience;

• to prevent or investigate fraud, malicious activity, breaches of the terms of use or security incidents;

• to understand how users interact with the content of the Websites by means of cookies and similar technologies, to the extent permitted by law;

• to manage the Company’s contractual relationship with clients, partners, suppliers and other counterparties;

• to safeguard the Company’s legitimate interests and to establish, exercise or defend legal claims;

• to assess job applicants.

4. CATEGORIES OF DATA COLLECTED

Depending on the nature of the relationship with the Company, the following categories of data may be collected and processed:

• identification data and basic contact details, such as full name, e-mail address, telephone number, country and city of residence or activity, professional capacity and tax identification details where required;

• data disclosed by the data subject through a contact form, e-mail, telephone communication, request or complaint;

• education and professional experience data, CVs/résumés, employment preferences and other job applicant data;

• technical and usage data, such as IP address, date and time of visit, browser, operating system, referring URL and data collected through cookies;

• data processed in the context of a specific project or service, such as payment details, bank account details where necessary, contractual instructions, documents and communications;

• data relating to judicial or administrative proceedings involving counterparties or partners, where obtained from public sources or lawful databases.

The Company does not seek to collect special categories of data. Exceptionally, if such data are disclosed to the Company without prior request, they will be processed only where a lawful basis exists and only to the extent strictly necessary. The Websites are directed to persons over 18 years of age.

5. LEGAL BASIS FOR PROCESSING

The processing of personal data is based, as applicable, on one or more of the following legal grounds:

• performance of a contract or steps prior to entering into a contract;

• compliance with a legal obligation of the Company;

• legitimate interests pursued by the Company, provided that such interests are not overridden by the rights and freedoms of the data subject;

• express consent of the data subject, where required by law.

6. RECIPIENTS OF THE DATA

Recipients of the data are, as a rule, the strictly necessary and duly authorised members of the Company’s personnel, as well as third parties to whom the Company lawfully entrusts the performance of specific tasks on its behalf, such as hosting providers, website maintenance providers, IT providers, accountants, auditors, legal advisers or other processors.

The Company ensures that recipients are bound by confidentiality obligations and apply appropriate security measures. The Company does not sell or disclose personal data to third parties for their own commercial purposes. To the extent that providers with infrastructure or servers outside the EEA are used, the Company implements appropriate safeguards for lawful transfer.

7. COOKIES POLICY

Cookies are small text files stored on the user’s terminal equipment. The Company may use strictly necessary cookies for the secure and technically proper operation of the Websites and, where the legal requirements are met, preference cookies, analytics cookies or similar technologies.

Any use of non-essential cookies shall take place only after the required notice has been provided and, where applicable, after the user has given prior valid consent. The Company should maintain and publish an updated cookie table including, at minimum, the name, provider, purpose, duration, category and legal basis of each cookie or tool.

8. DATA RETENTION PERIOD – UPDATING

The Company retains personal data for no longer than is necessary for the fulfilment of the purposes of processing, unless a longer retention period is required or permitted by law or is necessary for the establishment, exercise or defence of legal claims.

In determining the retention period, the Company takes into account, in particular: (a) the duration of the contractual relationship, (b) statutory tax, accounting and regulatory obligations, and (c) the need to retain records for audit, compliance or the defence of the Company’s rights.

9. TECHNICAL AND ORGANISATIONAL PROTECTION MEASURES

The Company, the processors acting on its behalf and its authorised personnel are required to implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access or any other unlawful form of processing.

Nevertheless, no transmission over the internet or method of electronic storage can be regarded as absolutely secure. While the Company uses reasonable efforts to protect data, it cannot absolutely guarantee the security of information transmitted via the internet or connected third-party applications.

10. RIGHTS OF THE DATA SUBJECT

Each data subject is entitled, subject to the GDPR and applicable law, to exercise, in particular, the following rights:

• the right to information and access;

• the right to rectification;

• the right to erasure;

• the right to restriction of processing;

• the right to data portability, where applicable;

• the right to object;

• the right not to be subject to a decision based solely on automated processing, where applicable.

The exercise of rights shall be effected by written request to the Company at info@dmn-group.com and/or info@dmn-properties.com. The Company may request additional proof of identity where necessary for the secure handling of the request.

11. RIGHT TO WITHDRAW CONSENT

Where processing is based on the data subject’s consent, the data subject shall be entitled to withdraw such consent at any time, with effect for the future, without affecting the lawfulness of the processing carried out before withdrawal.

12. CONTROLLER / CONTACT DETAILS

13. TRANSPARENCY OBLIGATION – RIGHT TO LODGE A COMPLAINT

The competent supervisory authority is the Hellenic Data Protection Authority (www.dpa.gr). If a data subject considers that the processing of his or her data infringes applicable law, he or she has the right to lodge a complaint with that Authority after first, where feasible, contacting the Company.

14. AMENDMENTS TO THIS POLICY

The Company reserves the right to amend or update this Policy at any time. The version in force from time to time shall be posted on the Websites and shall become effective as from the date of publication unless stated otherwise.

B. TERMS & CONDITIONS OF USE

These Terms and Conditions govern access to, browsing and use of the Websites, their content, and the electronic tools, contact forms, online functionalities and other digital features made available by the Company. By accessing or using the Websites, the user is deemed to have read, understood and accepted these Terms.

The content of the Websites is provided for general information purposes only. Unless expressly agreed otherwise in a written contract or specific written engagement, no information appearing on the Websites shall by itself constitute legal, tax, accounting, technical, investment, financial or other professional advice.

The Company operates as a project management and service coordination firm. Any specialised assessments, recommendations or opinions are provided only by duly licensed professionals and only after review of the actual facts and documents of the specific matter.

The Websites may include links to third-party services or websites. The Company does not control and assumes no responsibility for the content, terms of use, privacy policies, availability or security of such third-party websites.

To the fullest extent permitted by law, the Company shall not be liable for any loss or damage arising out of or in connection with access to, browsing or use of the Websites, inability to use them, errors, omissions, delays, service interruptions, cyberattacks, viruses or acts or omissions of third parties.

These Terms shall be governed by Greek law. Any dispute arising in connection with the Websites, these Terms or the use of the services provided shall fall within the exclusive jurisdiction of the courts of Piraeus, subject to any mandatory rules on consumer protection and jurisdiction.

PART II – AI USE POLICY

This section is intended to inform clients, partners, website visitors and other interested parties about the key principles governing the responsible, safe and lawful use of Artificial Intelligence tools and functionalities (“AI”) by the Company.

The Company seeks to use AI tools in a lawful, transparent, secure and proportionate manner, in accordance with the applicable EU and national legal framework, including in particular the GDPR, Greek Law 4624/2019, Greek Law 3471/2006 and, where applicable, Regulation (EU) 2024/1689 on Artificial Intelligence (“EU AI Act”).

The Company’s use of AI is governed, in particular, by the following principles: legality, transparency, data minimisation, security, human oversight, accountability, professional diligence and respect for the rights and freedoms of natural persons.

The Company may use approved AI tools, among other things, for drafting or supporting administrative and informational content, organising work, analysing non-sensitive or suitably anonymised/pseudonymised information, supporting marketing content, initial communication support or online assistance and, generally, for improving productivity and process quality.

The Company does not permit the use of non-approved AI tools for corporate work where this entails uncontrolled leakage of data, confidential information or trade secrets. As a rule, uncontrolled uploading of personal data, confidential documents, credentials, contracts or other sensitive business information to public or non-approved AI environments is not permitted.

Where the use of AI tools includes or may include the processing of personal data, the Company applies the principles of the GDPR and, where feasible, seeks to ensure that anonymised or pseudonymised data are used and that only the strictly necessary data are sent to AI environments for the specific purpose.

Where the Company uses customer-facing AI functionalities or provides support through a chatbot or another automated AI solution, it seeks to inform the user clearly that he or she is interacting with AI technology, where required or appropriate, and to provide the possibility of human communication or suitable escalation in material cases.

The Company does not treat AI outputs as infallible or self-sufficient. The use of AI does not replace human judgment, professional review or the provision of specialised professional services by appropriately licensed professionals.

Where the Company uses third-party AI providers or platforms, it seeks to assess, as appropriate, their role as processors or other recipients, the security of their services, their data use terms, the geography of processing, any subprocessors and the necessary contractual safeguards, particularly where international transfers of data outside the EEA may arise.

The Company implements, to the extent reasonable and proportionate, appropriate technical and organisational measures for the safe use of AI tools, such as access control, multi-factor authentication, access restrictions, basic data leakage prevention measures and internal controls.

Any issue concerning the processing of personal data in the context of the Company’s use of AI is subject to the applicable data protection provisions and to the Company’s Data Protection and Privacy Policy. For information or for the exercise of rights, data subjects may contact the Company at info@dmn-group.com and info@dmn-properties.com.

PART II – SERVICE PROCESS FRAMEWORK / GENERAL SERVICE DELIVERY FRAMEWORK / CODE OF CONDUCT

A. COMPANY POLICY / CODE OF CONDUCT

The Company seeks to maintain high standards of professional integrity, objectivity, independence of judgment, confidentiality and compliance. Its personnel, officers and partners must act diligently, in good faith, professionally and with discretion.

The Company treats its partners and suppliers with objectivity, impartiality, professionalism and respect. The selection and maintenance of business relationships are based on criteria of legality, reliability, adequacy and professional consistency.

Only persons who have received express authorisation from the Company may communicate with authorities, the media, third parties or the public as representatives of the Company or make public statements regarding its projects, clients, activities or results.

Any information coming to the knowledge of the Company which is not publicly available shall be treated as confidential unless disclosure is permitted or required by law or by contractual obligation.

The Company expects its personnel and partners to comply with applicable law, the public policies posted by the Company and the relevant internal procedures. Any actual or potential conflict of interest must be disclosed to the Company without delay.

B. SOP

This section constitutes a public and concise rendering of the Company’s general framework for managing partners, clients, online services and project assignments. It does not reproduce the internal SOP procedures in full, but informs the public of the key stages in the way the Company operates as a project management and service coordination firm.

The Company operates on the basis of an organised framework for the management of partners, new clients, project assignments, online services, written documentation of critical communications and administrative monitoring of each matter or project it coordinates.

For each new request or project, the Company may request the basic information necessary for initial assessment, communication with the client and evaluation of whether the relevant matter or service can be undertaken.

As part of the initial assessment, the Company may hold a diagnostic appointment or preliminary meeting (in person, by telephone or online) in order to understand the needs, objectives and context of the specific matter and to determine the next steps that may be required.

Following the initial assessment, the Company may send the client a written fee proposal or other relevant document setting out, as applicable, the subject matter, general scope, key terms, stages and financial framework of the proposed engagement.

The substantive commencement of a project or matter ordinarily takes place only after the necessary preconditions have been fulfilled, such as acceptance of the proposal, execution of the relevant agreement and/or assignment instruction and payment of any agreed advance fee, where applicable.

The Company retains the central coordination of each project and selects, where appropriate, the suitable internal or external persons, including licensed professionals, for the support or performance of the necessary work, depending on the nature of the project.

Material updates to the client regarding important stages, critical developments, required documents, pending matters, deliverables or next steps are confirmed or sent in writing by e-mail or another approved means of communication.

Where an online booking system or online appointments are used, the specific terms displayed during the booking process or on the relevant service page shall additionally apply, in particular with regard to cancellations, rescheduling and any refunds.

The Company does not provide, through unauthorised personnel or functions, personal or informal opinions on specialised legal, tax, accounting, technical or other professional matters. Any such recommendations or assessments are, where appropriate, provided by suitably licensed professionals and under the applicable regulatory framework.

Upon completion of the project or relevant service, the Company may notify the client of the result, the completion of the main actions and, where appropriate, proceed to final invoicing and administrative closure of the file.

FINAL PROVISION

The Company reserves the right to amend or update this unified text of policies and terms at any time, in particular due to changes in legislation, its services, its websites, the tools it uses or the way it operates. The version in force from time to time shall be posted on the official website of the Company and shall become effective as of the date of publication unless stated otherwise.