Effective as of April 6, 2026

We respect your privacy and the protection of your personal data.

This policy informs you about how your data is collected and used in the context of the website accessible at gr.timacagro.com (hereinafter the “Website”) and/or in the context of any communication with our Company, in accordance with Law No. 4624 (Government Gazette A’ 137/29.08.2019) “Hellenic Data Protection Authority” and the applicable European Regulation, namely the General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (“GDPR”).

Regarding the protection of your personal data

Data Controller and recipients of personal data

The personal data collected (“Data”) when using our Website and, more generally, during your communication with our Company, are processed by LYDA S.A., located at 9 Artas & Makrygianni, Glyka Nera, Attica 15354, acting as the Data Controller (“Data Controller”).

“Data” means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identifier such as a name, identification number, location data, or online identifier.

Depending on the purpose of processing, the data collected and/or transmitted are intended for use by the Data Controller. Its support departments (purchasing/sales, logistics, credit management, human resources, accounting, IT, and marketing) have access to such data. Data may be made available to service providers (“processors” or “third-party recipients”) strictly for the performance of their duties, in particular:

Technical service providers: advertising agencies, website hosting providers (see Legal Notice available HERE)

Financial/accounting providers: statutory auditors, banks

Logistics service providers: carriers and providers of logistics visibility solutions

Access is strictly governed by existing security policies to ensure that human intervention in the data is extremely limited. The Data Controller may disclose your data to third parties if such disclosure is permitted and required by law or by court order, or if necessary to defend its rights.

In all other cases, your personal data will not be shared with third parties unless this is necessary for the purposes described in this policy or required by applicable law.

In the course of its business activities, the Data Controller may transfer personal data outside the European Economic Area (EEA). In such cases, it ensures that the recipient provides appropriate safeguards through:

Binding Corporate Rules (agreements governing transfers within a group of companies)

Contractual clauses on data protection

Compliance with a code of conduct approved by a supervisory authority

Certification under an approved certification mechanism under the GDPR

Standard contractual clauses issued by the competent supervisory authority.

Purposes of data collection

The Data required to respond to your request, manage commercial relationships, or comply with regulatory obligations will be indicated as such at the time of collection.

Data processed include, among others:

Identification data (surname, first name, company, position, relationships with company personnel)

Login data

Location data (postal address)

Professional, financial, and family situation

Data relating to the monitoring of commercial relationships, invoicing, payment tracking (including reminders), and credit history where necessary

Data for promotional activities/competitions

Data for optimizing the Website experience

Any other data you submit for communication or provision of products/services.

Data is used in different ways depending on your reason for visiting the Website:

Based on your consent (which you may withdraw at any time without affecting the lawfulness of prior processing), for sending newsletters

For the performance of a commercial relationship, including sales or service contracts or supply agreements (e.g., account creation, credit assessment, order processing, invoicing, contract monitoring, delivery, after-sales service, complaint handling, satisfaction surveys, customer/supplier database management, debt collection, and legal disputes)

To process and respond to requests, which may lead to a contractual relationship

To comply with legal, accounting, and tax obligations (e.g., record-keeping, handling data subject requests, maintaining opt-out lists, and exercising or defending legal claims)

Unless you object, and within the limits of your rights, for the legitimate interests of the Data Controller, including:

Promotion of products/services, customer relationship management, and customer loyalty enhancement

Creation of customer/supplier accounts and necessary checks to protect the Data Controller’s interests

Optimization of Website functionality (navigation analysis, usage trends, etc.)

Customer acquisition and sales development

Management of user reviews and feedback

Personalization of user experience

Statistical reporting (e.g., sales analysis)

Management of prospect databases

Satisfaction surveys

Fraud prevention in electronic payments.

Cookies

The Website uses cookies to improve user experience and interaction.

For more information, please refer to the Cookies Policy available HERE.

Your rights

Individuals whose Data are processed have the right to access their data, rectify inaccurate data, object to processing, request deletion of part of their data, withdraw consent, restrict processing, determine how their personal data is handled after their death, request data portability.

To exercise your rights, you may contact the Data Protection Officer (DPO) at email: [email protected], address: LYDA S.A., 9 Artas & Makrygianni, Glyka Nera, Attica 15354

Data retention period

Your Data will be retained only for as long as necessary. More specifically, 5 years after the last contact and 13 months for cookies.

After these periods, Data will be deleted or archived in accordance with legal retention requirements and then permanently destroyed.

Contact with the Data Protection Officer

For any additional information or in case of any difficulty regarding the use of your Data, you may contact the Data Protection Officer (DPO) by email at [email protected] or by post at the following address:

LYDA S.A.

9 Artas & Makrygianni, Glyka Nera, Attica 15354, Greece

If the issue is not resolved, or in the event of a complaint relating to the processing of your Data, you may contact the Hellenic Data Protection Authority (HDPA), either by email at [email protected]  or by post at the following address:

1–3 Kifisias Avenue, 115 23 Athens, Greece

HUMAN RESOURCES DATA PROTECTION (JOB APPLICATIONS)

Our Company acts as Data Controller for processing your personal data in the context of evaluating your job application.

We are committed to protecting your personal data and provide the following information regarding the data we collect, how and why we process it, who we share it with, and your rights, in compliance with Law 4624/2019 and GDPR.

Personal data collected

Identification data (name, date of birth)

Contact details (address, email, phone number)

Education and professional experience

General interests

Additional information from references or interviews (e.g., personality traits, behavior)

Purpose of processing

The Company has a legitimate interest in carefully selecting candidates and verifying qualifications, experience, and suitability.

Data is processed based on CVs, reference letters, and interviews.

Recipients

Data may be accessed by authorized Company employees and cloud service providers (e.g., Microsoft).

Retention period

Data is retained for as long as necessary and in any case for up to 2 years from collection, unless further consent is obtained.

Your rights

To exercise your rights of access, rectification, erasure, restriction of processing, objection, or to withdraw your consent, please contact the Data Protection Officer (DPO) by email at [email protected]  or by post at the following address:

LYDA S.A.

9 Artas & Makrygianni, Glyka Nera, Attica 15354, Greece

If the issue is not resolved, or if you have any complaint relating to the processing of your Data, you may contact the Hellenic Data Protection Authority (HDPA), either by email at [email protected]  or by post at the following address:

1–3 Kifisias Avenue, 115 23 Athens, Greece