The defense of Health and Safety at work, as well as the creation and maintenance of a healthy and safe working environment, are the main priorities of ThPA S.A.

It is a commitment of the Management to provide safe and healthy working conditions for the prevention of accidents at work and occupational diseases as well as the continuous improvement of the efficiency of the Management System for Health and Safety at work.

Key pillars of the Policy of ThPA S.A. in the field of Health and Safety at work are:

• Compliance with the requirements of the ISO 45001: 2018 standard.

• Compliance with applicable legislation, International Codes and Best Practices

• Continuous information, training, awareness of all employees in matters of Health and Safety at work.

• The systematic recognition of occupational hazards and the taking of measures to minimize the risks to Health and Safety in the workplace as well as the implementation of recognized good practices from the global experience.

• Taking measures in order to take advantage of opportunities in the work environment.

• The provision of all necessary means (equipment, training) and procedures for the establishment, review and achievement of the objectives for Health and Safety at work.

• The transparent, timely and thorough reporting of all occupational safety incidents, in order to identify the causes and implement preventive and corrective measures.

• The consultation and participation of employees and their representatives wherever present.

The Management assumes general responsibility for the protection of the Health and Safety at work and therefore ensures that this Policy is kept informed, communicated to the staff and made available to the public and stakeholders.

The systematic inspection of the organization and the procedures contributes to the achievement of the goal of absolute observance of the rules of safe work in every field of work.

Instructions for truck drivers

The need for sustainable development through the provision of quality and environmentally friendly services is one of the main strategic goals of ThPA S.A.

In this context, ThPA S.A. has designed and implements an Environmental Management System in accordance with the requirements of the International Standard ELOT EN ISO 14001: 2015 based on its needs and aspirations and in accordance with Legal and Regulatory requirements of applicable National and European legislation.

ThPA S.A. is committed to:

• Comply with the requirements of the ISO 14001:2015 standard

• Comply with the applicable Environmental Legislation

• Operate in such a way as to ensure the prevention of pollution and the improvement of the environmental performance of the Environmental Management System

• Inform and encourage all staff about their involvement in environmental protection actions

• Systematically identify, evaluate and control all environmental aspects and impacts

• Set appropriate environmental programs and targets in order to improve environmental performance, reduce the negative and increase the positive effects of its activities

• Review environmental targets and environmental programs

• Inform and raise awareness of the port community, suppliers, contractors and passengers passing through the port, on environmental management issues

To ensure these commitments, ThPA S.A. continuously improves the Environmental Management System by using the following processes:

• Management Reviews

• Internal Audits

• Identification and evaluation of the environmental aspects of its activities and their impact

• Corrective actions

The Management and the staff of ThPA S.A. recognize the need to provide environmentally friendly services and make every effort for the continuous improvement and efficiency of the Environmental Management System in accordance with the requirements of the International Standard ISO 14001:2015.

For this reason, this Policy is kept up to date, communicated to staff and made available to the public and stakeholders through ThPA SA website.

ThPA S.A. has designed and implements a Quality Management System in conformity with the requirements of the International Standard ELOT ISO 9001:2015, to meet the requirements of the modern business reality and ensure the ongoing improvement of its processes with a view to achieving top customer satisfaction.

The Quality Management System was designed based on the needs and aspirations of ThPA S.A. and in accordance with the legal and regulatory requirements of the applicable Greek and EU legislation and its scope is as follows:

Mooring of Commercial vessels, passenger vessels and cruise ships

Loading and unloading of containers, bulk cargo and general cargo

Storage and transport of cargo

Concession of sites for commercial and cultural activities

The Management commits to meet the requirements of all stakeholders and consolidate the customer confidence through the fulfilment of specific quality standards and the ongoing improvement of the effectiveness of the Quality Management System in conformity with ISO 9001:2015.

In this context, ThPA S.A., seeks to:

• Comply with the requirements of ISO 9001:2015

• Comply with the applicable relevant legislation, International Codes and best practices

• Provide ongoing information and training to all its employees through training programmes

• Constantly improve the Quality Insurance System and the company operations through the effective use of the following processes

• Management Review

• Internal Audits

• Corrective Actions

• Risk Management

To achieve the above goals, the Management:

• Commits to apply the principles of the Quality Policy and the Quality Management System that it establishes

• Commits to comply with the applicable Greek and EU legislation

• Informs its staff and encourages it to be bound by the same principles

• Commits to provide the infrastructure and equipment required for fulfilling its operations and implement properly the Quality Management System.

The implementation and certification of the quality management system aims at:

• enhancing the Company’s reputation by guaranteeing the customer confidence

• creating opportunities for entering international markets as the Company’s image and reliability improve

• reducing production cost through the optimization of resource and time management

• raising awareness of employees about quality management

• ensuring ongoing improvement of processes based on the implementation of objective monitoring and measurement mechanisms and, therefore, upgrading the Company processes to generate value added

• creating a competitive advantage

The Company Management periodically reviews the principles and goals of this Quality Policy, the current version of which has been notified to all the staff.

The Company is committed to complying with the Information Security Management System, acknowledging that the active participation and knowledge, of both the information security management system and the philosophy of its implementation, is a prerequisite for achieving the objective of the Company, in the context of the current legislation and the needs of its operation in the industry in which it operates.

To ensure a level of security proportional to the criticality and confidentiality of the information, but also to maximize the credibility of the Company’s information, the Management has created a special position, of the Information Security Manager (ISM), within the ICT Division, who is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

• Has considered all the regulatory and legal requirements of the country, as well as requirements arising from signed contracts with clients of the Company.

• Anticipating, assessing, and actively managing new and emerging threats and works across different departments to align security initiatives with broader business objectives and mitigate the risks various security threats pose to the organization’s mission and goals.

• Implementing and using technology systems to detect patterns of anomalous network and security behavior

• Works alongside with the information unit to procure security/cybersecurity products and services and to manage disaster recovery and business continuity plans.

• Ensure adherence to security practices in software development systems or applications, whether they are procured from an external party or developed in house.

• Ensure the company’s data privacy is secure and conduct electronic discovery and digital forensic investigation.

• Managing identity and access controls, organizational security policies, and industry-proven security best practices across the on-site and cloud-based infrastructure systems

• Involved in evaluating vendor risk, examining vendor contracts or terms of quality of service, helping different teams around the organization understand third-party risk and data privacy issues.

• Architecting IT environments with sufficient redundancy, duplication, and security protection against natural, internal, and external threats that may compromise information security and service availability

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.

• Develop and enhance an information security management framework.

• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.

• Educate and train colleagues in security software and best practices for information security.

Based on the above, the Company’s Management is committed to:

• Adhering strictly to and prioritizing the security practices in its daily activity and communicating the importance of the essential application of an effective security system by all staff

• Encouraging training and constantly pursuing that all staff members know their obligations arising from the implementation of policies and procedures that govern the system and organization of the security system

• Selecting suppliers and partners in relation to the level of security and quality of their services provided

• Providing the necessary resources in supporting the system on the basis of achieving the objectives it seeks and expects

• Controlling the achievement of these fundamental principles that are its main strategy, to examine the results of the internal security inspections and to participate in its systematic and in -depth review.

For the Company, information security is not only about regulatory compliance, but also a key strategic tool regarding the confidence of customers and a competitive advantage at a time when the largest part of the information is in electronic form.

This Information Security Policy is published, notified to, and applied by all staff.

ThPA S.A. has adopted a Business Continuity Management System ensuring a holistic and systematic approach which takes into account its operating framework, the expectations and the constraints derived thereto, as well as the requirements of the International Standard ELOT EN ISO 22301: 2019.

The purpose of this Business Continuity Policy is to provide a general framework through which an effective System is established and implemented, which:

• ensures that critical activities, support resources and interdependencies between them are identified

• takes into account the results of the business continuity risk assessment and business impact analysis, in order to select the appropriate business continuity strategy

• remains effective in achieving the objectives and meeting the requirements of business continuity, while fully in line with the requirements of the International Standard ELOT EN ISO 22301: 2019.

ThPA S.A. recognizes that the implementation of an effective Business Continuity Management System ensures ongoing awareness and training of all staff, continuous upgrading of infrastructure and equipment and clearly defines the roles and responsibilities and systematic avoidance of single points of failure. Management is committed to allocating all the necessary resources for the implementation and continuous improvement of the System.

The Business Continuity policy is reviewed at least once a year as well as after significant changes.

ThPA S.A., considering the ongoing energy and climate crisis, the requirements of the National and European legislation and in the light of its continuous efforts to reduce the energy footprint and the greenhouse gas emissions of its activities, is committed to:

• Allocate the necessary resources and information to achieve the energy objectives and to disseminate the achievements,

• Meet the requirements and expectations of stakeholders on energy management matters,

• Meet the applicable Legal and other Regulatory requirements concerning energy efficiency, energy use and energy consumption; and

• Continuously improve energy performance.

To this effect, it will:

• Implement and continuously improve the Energy Management System, which was developed in accordance with the ISO 50001 standard,

• Set, monitor and review the appropriate energy targets and indicators,

• Provide continuous training of the staff with the aim of developing an Energy culture at all levels of the organization,

• Supply energy-efficient products and services that affect energy performance,

• Support planning activities that take into account the improvement of energy performance; and

• Review regularly the Energy Management Policy and System.