Phoenix Vega Mezz PLC

Pre-Annual General Meeting Information • May 28, 2025

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF THE SHAREHOLDERS AND OTHER PARTICIPANTS TO THE REMOTE ANNUAL GENERAL MEETING OF "PHOENIX VEGA MEZZ PLC"

The Company "Phoenix Vega Mezz Plc" (the "Company"), hereby announces that for the purpose of participation in the remote Annual General Meeting of 20 June 2025 or in the Repeat General Meeting (hereinafter as "GM") thereof, it will be collected and processed by Hellenic Central Securities Depository S.A., to which Company has assigned the organization of any remote General Meeting, the codes of process of the Shareholders in the online platform https://axia.athexgroup.gr , through which they will have the possibility to participate and vote remotely in the General Meeting (hereinafter referred to as the "Internet Platform").

Furthermore, the Company informs the Shareholders that, the remote voting is obvious and the exercise of the right to vote by the Shareholder and the content of his/her vote, if requested, may be communicated to the other participants in the General Meeting, Shareholders.

In addition, the Company, informs, in the capacity of the controller, in accordance with the GDPR, Regulation (EU) 2016/679, and the other provisions on the protection of personal data, the natural persons other than the Shareholders, who will participate in teleconference (video conference) of the remote General Meeting, such as Members of the Board of Directors of the Company, Executive personnel, auditors and other third parties, that it processes the following personal data, which are collected directly by the data subjects in question, for the purposes of the legitimate interests pursued by the Company for that processing:

(a) Identification data, such as name, surname, father's name, identity card, or other equivalent document.

(b) Data relating to the capacity under which such persons are entitled to participate to the General Meeting. (c) E-mail address, mobile telephone number, in order for the natural person to participate to the teleconference.

(d) Data image - sound (video) from the participation of the natural person to the General Meeting.

Recipients of this data are the executives responsible for the management of the General Meeting of the Company, "Hellenic Central Securities Depository S.A." to which Company has assigned, as the processor on its behalf, the organization of the remote General Meeting as well as any sub-processors (further processors) the processing for "Hellenic Central Securities Depository A.E." (such as the company ZOOM Video Communications Inc., which provides the Zoom tool / services team with which video conference is provided through cloud services) which is maintained within the European Economic Area (E.E.A.), as well as anyone else who performs the processing (processor) on behalf of the Company, to which Company entrusts the organization of any remote General Meeting as well as any sub-processor (further processor) the processing for the above processors.

The above personal data are kept by Company for the period required by law and in general in accordance with the applicable legal and / or regulatory framework or for the exercise of claims or the defense of the legitimate interests of Company and in general in accordance with the respective legal basis for the retention of personal data based on the purpose that their processing serves.

According to GDPR, the personal data subject has the following rights, which may be exercised on case by case basis:

a) To know which personal data, concerning her/him, are being stored and processed by the Company, as well as their source (right of access).

b) To request for the rectification and/or supplementation of this personal data, so as to be complete and accurate, by submitting any necessary document which shows the need for supplementation or rectification (right to rectification). This is at the same time a Shareholder's obligation.

c) To request the restriction of processing concerning her/his personal data (right to restriction of processing). d) To deny and/ or object to any further processing of her/his personal data retained by Company (right to object).

e) To request for deletion of her/his personal data from the Company's records (right to be forgotten).

f) To request for the transfer of the data she/he has provided to the Company to another controller (right to data portability).

In order to exercise her/his rights, the Shareholder may address Company:

• in writing to Company address,

33 Vasilissis Friderikis St., Palais D'Ivoire House, 2nd floor,

1066 Nicosia, Cyprus

• through email to register@phoenixvegamezz.com.cy.

Company shall use its best endeavors to addressthe shareholders' request within thirty (30) days of itsreceipt. The above-mentioned period may be prolonged for sixty (60) more days, if deemed necessary according to the discretion of ATHEX, taking into account the complexity of the issue and the number of the pending requests. ATHEX shall inform the Shareholder within thirty (30) days after receipt of her/his request in any case of prolongation of the abovementioned period, stating the reasons of such prolongation.

Company applies an information security management system to ensure the confidentiality and security of the shareholders' data processing and the protection of personal data against accidental or unfair destruction, loss, alteration, unauthorized disclosure or access and any other form of unfair processing.

The Shareholder has the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr) or with the Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy), which is the competentsupervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to their personal data processing, when she/he assumes that her/his rights are infringed in any way, as well as the right to initiate judicial proceedings.