This notice is addressed to visitors of the websites www.titan-cement.com and www.ir.titan-cement.com of TITAN Cement International S.A., a legal entity which is established in Belgium (company registration number 0699.936.657) and has its registered address at Rue de la Loi 23, 7th floor, box 4, 1040 Brussels, Belgium. This privacy notice has been prepared in accordance with the provisions of Regulation (EU) 2016/679 on the Protection of Personal Data (“GDPR”).  We recommend that you read carefully this notice in order to be informed about the processing of your personal data when you visit our websites.  We may amend this notice at any time and at our discretion.  The amendments will be published on our websites.  Please check this notice regularly to be informed of any amendments.

1. The controller of your personal data

The controller of your personal data is TITAN CEMENT INTERNATIONAL SA (the “Company”, “we”, “our”, “us”). You may contact us to ask questions or exercise your rights (see Section 3 below) in relation to your personal data (a) by mail (sent to the attention of  Privacy Office) at TITAN’s legal seat at Rue de la Loi 23, 7th floor, box 4, 1040 Brussels, Belgium or at TITAN’s management seat at 12 Andrea Zakou and Michail Paridi street, MC Building, Egkomi, 2404, Nicosia, Cyprus or (b) by email at dataprotection@titan-cement.com.

 

2. Categories of personal data, purpose and legal basis of processing personal data, and storage periods

When you visit our websites we collect from you and process personal data depending on your use of our websites.  Therefore:

a. When you visit our websites we collect and process your IP address and your activity in our websites. The purpose of processingthese personal data is to monitor the use of our websites in order to improve them and protect them.  The legal basis for processing these personal data is our legitimate interest to safeguard the smooth operation of our websites and optimize their function and management.  We will retain these personal data for a period of 6 months from the day of your last visit to our websites.

b. When you contact us either through a communication form hosted on our websites or email we collect and process your full name, your country of origin, your email address, your telephone number, the company you represent and your position, and any information you include in the communication form or in your email. The purpose of processingthese personal data is to address your request, query or comment, and support our shareholders and investors.  The legal basis for processing of these personal data is our (a) legitimate interest to conduct our activities through our websites in the best possible manner and support our visitors, investors and shareholders and (b) legal obligation to comply with the capital market legislation, where necessary.  We will retain these personal data for a period of 6 months from the day you submit the communication form or send your email to us and delete them afterwards.

c. When you send us your resume through our websites we collect and process the personal data included in your resume. Please refer to the relevant privacy notice for more information.

 

A portion of your personal data is collected through cookies and other similar techniques.  Please refer to our cookies policy for more information.

 

Your personal data is not subject to any automated-decision making including profiling.  You have no statutory or contractual obligation to provide your personal data to us.  Unless you do so, we will not be in a position to address your request or consider your resume.

 

3. Your rights 

You have the following rights in connection with your personal data (restrictions apply to some of those rights):

a.Right of Access: You have the right to request from us a free copy of your personal data processed by us and information on the processing activities (e.g. which data we process, how and for what purpose).

b. Right to Rectification: You have the right to request from us the rectification, completion or update of your personal data, if they are incorrect, incomplete or have changed.

c. Right to Erasure: You have the right to request from us the erasure of your personal data, if among other reasons, the processing is no longer necessary or legitimate or if you have revoked your consent in case the processing is based on it.

d. Right to Object: If we have processed your personal data for the performance of a task carried out in the public interest or for the pursuit of its legitimate interest, you have the right to object to the processing of your personal data, on grounds relating to your particular situation. If you exercise such right, we will cease processing your personal data, unless we demonstrate compelling legitimate grounds to continue processing your personal data or to establish, exercise or defend of legal claims.

e. Right to Restriction: You have the right to request from us to restrict the processing of your personal data, if you contest their accuracy, the processing is illegal or no longer necessary or you have objected to the processing.

f. Right to Data Portability: You have the right to request from us to provide you with your personal data in a structured, commonly used and machine-readable format to be transferred by you or by us to another controller.

g. Right to file a Complaint: If you consider your personal data have been breached and we have failed to address your concern, you have the right to complain to the corresponding data protection authority in your country of residence, if you reside in the EEA, or to the data protection authority in the country where the breach of your personal data occurred. You can find the relevant supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

 

4. Recipients and international transfers of your personal data

Your personal data are processed only by Company employees, if necessary to carry out their duties.  We share your personal data with the Company’s subsidiaries outside Greece.  We also share your personal data with third parties as follows:

a. Providers of services relating to the operation, maintenance and technical support of our websites and data analysis services relating to the use of our websites by you;

b. In case the Company sells all or part of its assets to third parties, your personal data may be provided to those third parties; and

c. With law enforcement or administrative authorities in order to comply with our legal obligations or a court order.

The foregoing recipients receive only data that are strictly necessary for the respective purposes and are committed to comply fully with the applicable laws for the protection of personal data.

Such third parties may be headquartered in countries of the European Economic Area (EEA) or in other parts of the world.  When transferring personal data outside the EEA, we ensure an appropriate level of protection of the transferred data.  Your personal data will be transferred based on your consent, based οn standard contractual clauses approved by the European Commission, based on the selection of persons/organizations participating in international programs for the free flow of data (e.g. EU-US Privacy Shield) or will be transferred to countries that the European Commission considers safe.

In any case, anyone who may have access to your personal data, either employee or business partner, is contractually bound against us to take appropriate measures for the protection of confidentiality and security of your personal data.

 

5. Security of personal data

We implement all appropriate technical and organizational measures to ensure the security of your personal data, the confidentiality of processing and the protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of unauthorized processing.  However, we cannot guarantee the security of the data transmitted to our websites, as the transmission of information over the Internet can never be completely secure.

Our websites may contain links to other websites.  We are not responsible for the personal data protection practices, the content and the security of other websites that are not governed by this notice of personal data protection.  For this reason, we advise you to carefully read the personal data protection notices of those websites.

PRIVACY NOTICE TO TITAN GROUP CUSTOMERS

 

1. Introduction

With this notice we inform individuals who are customers of any TITAN Group entity about the processing of their personal data and
the rights to which they are entitled under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”). We may
amend this notice at any time and post the amended version on our website.

 

2. Who is the Controller of your personal data?

We, TITAN CEMENT INTERNATIONAL SA (“TITAN”, “we”, “our”, “us”), Rue de la Loi 23, 7th floor, box 4, 1040 Brussels,
Belgium, are the controller of your personal data in connection with our business relationship. If you have any questions or wish to
exercise your rights (see section 11 below) regarding your personal data, you may contact us by email at dataprotection@titancement.com.

 

3. How do we collect your personal data?

We collect your personal data directly from you (e.g., when you communicate with us in relation to our products and services, register
as customer through our electronic platforms, submit an order, register to receive our newsletter, participate in our customer surveys)
or from third parties (e.g., your representatives, our salespersons, business development agents). If you do not provide us with your
personal information, we will be unable to provide you with the requested products or services.
If you are under 16 years of age, please make sure that you get your parent/guardian’s permission before you share your personal data
with us. We will not process your personal data without such consent.

 

4. Which categories of personal data does ΤΙΤΑΝ process?

We collect the following categories of personal data:

a.   Identification and communication data, such as full name, father’s name, job title, address (street, number, postal code, city,
region, country), copy of ID or passport, mobile and fixed-line phone, email, tax number, mobile device unique identifier and the
IP address of your computer if you use our websites, online platforms or apps.
b.   Commercial and financial data, such as nature and quantity of materials that you purchase from us, transaction value, payment
methods, credit card number, bank account number, information on your financial status, your transaction and payment history as
customer of Titan Group.

 

5. For which purposes does ΤΙΤΑΝ process your personal data?

We may process your personal data for any of the following purposes:

a.   register you as our customers;
b.   conduct due diligence or other background or credit screening activities;
c.   process your applications, orders and payments, and facilitating delivery requests;
d.   assess, process or track your use and requests of our products and services;
e.   provide maintenance services for our products and services;
f.   carry out your instructions or respond to your queries;
g.   contact or communicate with you in relation to our products or services;
h.   prevent or investigate any fraud, unlawful activity or omission or misconduct;
I.   facilitate or administer any internal or external audit of our business;
j.   comply with any applicable laws and order of a court or regulatory body, including legal and regulatory disclosure and record-keeping
requirements;
k.   conduct research, market surveys, analysis and/or business development activities (including data analytics, surveys and/or profiling) to
improve and promote our products and services;
l.   produce statistics and research for internal and statutory reporting;
m.   facilitate a business transaction such merger, sale, acquisition, lease, or purchase;
n.   operate, develop, and maintain our IT systems, including storage and processing of personal data in computer databases and servers.
If we must process your personal data for any other purpose that is incompatible with the foregoing purposes, we will provide you prior
notice.
TITAN GROUP – Privacy Notice to Customers

 

6. On which legal bases do we base the processing of your personal data?

The processing of your personal data must be premised on one of the legal bases provided in the GDPR. We base the processing of
your personal data on the following legal bases, as appropriate from time to time: (a) performance of the contract between you and
us (e.g., to deliver the materials you have purchased from us), (b) compliance with our legal obligations (e.g., conduct sanctions and
anti-corruption screening before you become our customer), (c) pursuit of our legitimate interests (e.g., collection of amounts due
to us from you).

 

7. Who has access to your personal data?

Your personal data are accessible to our employees, who need such access to carry out their duties, and to other TITAN Group entities
both in and outside the EEA. Your personal data may also be accessible to the following parties who may be based inside or outside
the EEA:

a.   law enforcement or administrative authorities in order to comply with our legal obligations or a court order;
b.   credit reference agencies and other companies for use in credit decisions, for fraud prevention and to pursue debtors;
c.   service providers for the operation, maintenance and technical support of our electronic systems;
d.   other service providers (e.g. a cloud provider) to process your personal data on our behalf and in accordance with our instructions;
e.   any prospective seller or buyer of any business or assets we might sell or purchase, in which case one such transferred asset will be
the personal data held by us about customers.

 

8. Do we transfer your personal data outside the European Economic Area (ΕEA)?

We maintain and process your personal data within the EEA. When required by law or necessary for Titan Group’s business needs, we
share your personal data with other companies of TTITAN Group or third parties (see section 7 above), located in countries outside
the EEA. When we transfer your personal data to companies of TITAN Group outside the EEA, we do so on the basis of intra-group
contracts that ensure your personal data will remain as protected as they are in the EEA. When we transfer your personal data to third
parties that are outside the EEA, we make sure your personal data will remain as protected as they are in the EEA, because those third
parties either (a) are located in countries which the European Commission considers secure for personal data or (b) undertake
contractual commitments with us to protect your personal data.

 

9. Protection and security of your personal data

We implement the appropriate technical and organizational measures to protect your personal data against any loss, misuse,
unauthorized access, disclosure, alteration and destruction. Our information systems are protected with strong passwords and security
control mechanisms at various levels. Electronic transfer of personal data is done by using encrypted messages and strict criteria for
identifying the recipient. We implement procedures to deal with breaches of personal data security. Your personal data are stored in a
secure database, located in the EEA. That database is accessible only by specialists residing in the EEA solely for repair and maintenance
purposes.

 

10. Retention time of your personal data

We will retain your personal data in our customer records throughout our business relationship with you. After the end of our business
relationship with you we will keep your personal data in our archives for the maximum claims period under Greek law, to use them, if
necessary, solely for the purpose of establishing, exercising or defending any related legal action that may arise. When this period ends,
we will keep only your personal data which appear in documents that form part of the historic and operational continuity of the
company, such as contracts, invoices, minutes of meetings, transaction documents.

 

11. Your rights in respect of your personal data

Depending on the legal basis we rely upon to process your personal data you have the following rights in connection with your personal
data (restrictions apply to some of those rights) and you may exercise them by contacting us in any of the ways mentioned in section 2
above:

a.   Right of Access: You have the right to request from us a free copy of your personal data we process and information on the
processing activities (e.g., which personal data we process, how and for what purpose).

b.   Right to Rectification: You have the right to request from us the rectification, completion or update of your personal data, if they
are incorrect, incomplete or have changed.

c.   Right to Erasure: You have the right to request from us to erase your personal data, if among other reasons, the processing is no
longer necessary or legitimate or if you have revoked your consent in case the processing is based on it.

d.   Right to Object: If we have processed your personal data for the performance of a task carried out in the public interest or for
the pursuit of our legitimate interest, you have the right to object to the processing of your personal data, on grounds relating to
your particular situation. If you exercise such right, we will cease processing your personal data, unless we demonstrate compelling
legitimate grounds to continue processing your personal data or for the establishment, exercise or defense of legal claims. You may
also object if we use your personal data for direct marketing purposes.

e.   Right to Restriction: You have the right to ask us to restrict the processing of your personal data, if you contest their accuracy,
the processing is illegal or no longer necessary or you have objected to the processing.

f.   Right to Data Portability: You have the right to ask us to provide you with your personal data in a structured, commonly used
and machine-readable format to be transferred by you or by us to another controller.

g.   Right to file a Complaint: If you have any concern or wish to raise a complaint about our handling of your personal data, you
may contact us by email at dataprotection@titan-cement.com. If you are not satisfied with our response or believe we are not
processing your personal data in accordance with the law, you have the right to file a complaint with the Hellenic Data Protection
Authority (www.dpa.gr), which is Titan Group’s lead supervisory authority. If you reside in the EEA, you may file a complaint with
the data protection authority in the country of your residence or the data protection authority in the country where the violation
of your personal data occurred. You can find the relevant supervisory authority’s name and contact details under
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.