Legal

Privacy Notice

Last updated: May 2026

1Privacy Notice

This Privacy Notice explains how Thess IC ("Thess IC", "we", "us", "our") collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us as a Thess IC client, industrial colleague, partner or being generally interested in our products and services, in accordance with applicable data privacy laws and the General Data Protection Regulation ("GDPR") which became applicable as of 25 May 2018.

2Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

3Types of Data Collected

3.1Personal Data

While using our website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Depending on how you interact with our website, this may include: Via the Contact Form: • First name and last name • Email address • Company name (optional) • Your message Via the Careers / Job Application Form: • First name and last name • Email address • Position applied for • Cover letter or message (optional) • CV / résumé file (optional) Personal Data does not include data from which you can no longer be identified such as anonymised aggregate data.

3.2Special Category Data

CVs and cover letters submitted via the careers form may incidentally contain special category data as defined under GDPR Article 9 (such as health information, nationality, photograph, or date of birth). We do not request or require such information. Applicants are advised to redact any special category data from their documents before submission. Where such data is inadvertently received, it will not be used in our evaluation process and will be subject to the same retention and deletion policy as all other application data.

3.3Accuracy of Information

It is important that the Personal Data we hold about you is accurate and current. Please let us know if your Personal Data changes during your relationship with us.

3.4What if you do not provide the Personal Data we request?

It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to accept an engagement from you, to provide all or some of our services, to enter into a contract with you, or to send you requested marketing or other information.

3.5Usage Data

Our web server may automatically record standard access log data, which can include your IP address, browser type, and the pages you visit. This data is used solely for the operational security and maintenance of the website and is not used to identify individual users or shared with third parties.

4Use of Data

Thess IC uses the collected data for the following purposes: • To respond to enquiries submitted via the contact form • To process and evaluate job applications submitted via the careers form • To communicate with you regarding your enquiry or application • To comply with our legal obligations

5Legal Basis for Processing Personal Data Under GDPR

If you are from the European Economic Area (EEA), Thess IC's legal basis for collecting and using the Personal Data described in this Privacy Notice depends on the Personal Data we collect and the specific context in which we collect it. Contact form enquiries: Processing is based on our legitimate interests (Article 6(1)(f) GDPR) in responding to business enquiries and communicating with prospective clients and partners. Job applications: Processing is based on pre-contractual steps taken at the request of the applicant (Article 6(1)(b) GDPR) — i.e., evaluating whether to enter into an employment or contractual relationship. Where an application is retained beyond the immediate evaluation period, processing is based on our legitimate interests (Article 6(1)(f) GDPR) in maintaining a talent pipeline, subject to the retention limits in Section 6. Where we rely on consent as a legal basis (e.g., for extended retention of application data), you have the right to withdraw that consent at any time. See Section 11 for details. We may also process Personal Data to comply with a legal obligation (Article 6(1)(c) GDPR).

6Retention of Data

Thess IC will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. • Contact form enquiries: Personal Data submitted via the contact form is retained for up to 2 years from the date of submission, after which it is deleted. • Job applications: CVs, cover letters and application data submitted via the careers form are retained for up to 1 year from the date of submission. If your profile does not match our current needs, we may keep your application on file for this period in case a suitable opportunity arises. After 1 year, your data will be deleted unless you have provided explicit consent to a longer retention period or we have entered into a contractual relationship with you. Where extended retention is sought, we will contact you before the 1-year period expires to request your consent. You may request deletion of your application data at any time — see Section 10. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

7Transfer of Data

For the purposes described above we may have to transfer your Personal Data from the European Economic Area (EEA) to a third party outside of the EEA and in a jurisdiction not subject to an adequacy decision of the European Commission. We will always ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with, and respects, EU laws and other applicable laws and regulations on data protection.

8Disclosure of Data

8.1Disclosure for Law Enforcement

Under certain circumstances, Thess IC may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

8.2Legal Requirements

Thess IC may disclose your Personal Data in the good faith belief that such action is necessary to: • Comply with a legal obligation • Protect and defend the rights or property of Thess IC • Prevent or investigate possible wrongdoing in connection with the Service • Protect the personal safety of users of the Service or the public • Protect against legal liability

9Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

10Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Thess IC aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us. You have the right to: • Request access to your Personal Data (commonly known as a "data subject access request") and request certain information in relation to its processing • Request rectification of your Personal Data • Request the erasure of your Personal Data • Request the restriction of processing of your Personal Data • Object to the processing of your Personal Data Job applicants specifically may request deletion of their application (including CV and cover letter) at any time by contacting us at the details in Section 17. We will action such requests within 30 days. You also have the right to make a complaint at any time to the Hellenic Data Protection Authority (HDPA — www.dpa.gr), the competent supervisory authority in Greece, or as the case may be, any other competent supervisory authority of an EU member state.

11Right to Withdraw Consent

In case you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. In case we processed your Personal Data for direct marketing purposes, you have the right to object at any time, in which case we will no longer process your Personal Data for such marketing purposes.

11.1Fees

You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

12Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, or to perform Service-related services. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We currently use the following Service Provider: • Resend (resend.com) — an email delivery service used to transmit messages submitted via our contact and careers forms. Personal Data included in form submissions (name, email address, message, and CV file where provided) is processed by Resend solely for the purpose of delivering those messages to us. Resend acts as a data processor on our behalf under a Data Processing Agreement (DPA) that covers all data types transmitted through the service, including file attachments.

13Analytics

We use Umami, a self-hosted, privacy-focused analytics tool deployed on our own infrastructure (analytics.thess-ic.com). Umami collects anonymized, aggregate statistics — such as page views, referrer, browser type, device type, and country — to help us understand how our website is used. It does not use cookies, does not track individuals across sessions or websites, and does not store IP addresses. No data is shared with third parties.

14Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

15Children's Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

16Changes to This Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will make an updated copy available on our website.

17Further Information

If you have any concerns or require any further information, please do not hesitate to contact us: Email: contact@thess-ic.gr Phone: +30 2310 473133

18Corporate Identity

Thess IC 12km Thessalonikis-Moudanion, 57001, Thessaloniki, Greece