Our Company attaches great importance to the protection of your personal data. For this reason, we have prepared this Privacy Policy to inform you about the processing of your personal data.
Please read the following carefully. By using our website and signing the relevant consent form, you acknowledge that you have read, understood and unconditionally accept the practices described herein, which govern our relationship from now on.
1. Definitions
(Note: Definitions follow Article 4 of the General Data Protection Regulation (EU) 2016/679, hereinafter: “GDPR”)
“Personal data”: any information relating to an identified or identifiable natural person (“Data Subject”).
“Data Controller”: the natural or legal person, public authority, organisation or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Performing the processing”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Data subject”: the natural persons whose personal data are collected and processed by the controller (in this privacy policy, Data Subjects are the users of the aforementioned website, regardless of whether they are identified, for the purpose of using a service).
2. Data controller
The controller for the processing of personal data for the purposes of this website is the company with the name “One Three Capital Limited Crowdfunding Service Provider”, Tax Number 802563771, based in Marousi, Attica, at 21 Sifnaion Agioplaston Street, ZIP Code 15125.
3. Processing of personal data
When you visit our Website, we may process:
(α) The data you enter by completing the online contact form available on our website
(e.g. name, email address, telephone number).
(β) Personal data collected automatically when you browse our website (IP address, device type, browser, referring website, pages of our company that you visited, date and time of visit).
4. Purpose of processing
Your personal data is processed for the following purposes:
(α) To facilitate our pre-contractual or contractual relationship, so that you receive personalized information, have access to your personal documents and so that we can respond to your requests or contact you following your inquiry.
(β) To establish any legitimate legal claim or defense against attempted fraud, possible cyber attacks or other illegal activities.
(γ) To create anonymous statistics regarding the traffic and accessibility of the website and its subpages, in order to take the necessary measures to improve them and enhance your browsing experience.
Legal basis for processing
Unless otherwise specified at the time of collection, the legal basis for processing your personal data is one of the following:
(α) The processing is necessary for the performance of the contractual relationship with you
(Article 6(1)(b) GDPR).
(β) The processing is necessary for the purposes of the legitimate interests pursued by the Company
(Article 6(1)(f) GDPR).
(γ) you have given your explicit consent to the processing of your personal data
(Article 6(1)(a) GDPR).
5. Confidentiality
We may assign certain services and functions of our website to natural or legal persons. These persons receive only the personal data necessary to fulfill the services assigned to them and are contractually bound by the Company to ensure confidentiality and secure processing.
The Company does not sell, transfer or in any other way disclose your personal data to third parties without your consent, unless required by applicable law and only to the competent Authorities.
Personal data may be disclosed to judicial, police and other administrative authorities upon their lawful request and in accordance with applicable law. Furthermore, in the event of a lawful order from a prosecutor or other Authority or during the conduct of a preliminary or official investigation, the Company is obliged to provide access to relevant information.
The Company does not transfer users’ personal data to any country or international organization outside the EEA.
Our Company maintains pages on social networking platforms such as LinkedIn, Facebook and Instagram, however, it does not process any of your personal data through these platforms. The Company has no influence or control over the personal data collected and processed by the social networking platforms and bears no responsibility for such processing. For more information on the collection and processing of their data, please consult the privacy policy of each platform.
6. Data transfer and storage
The Company will always ask you for the minimum personal data required to contact us and use our services. We retain your personal data only for as long as necessary, after which it is anonymized or destroyed.
The criteria used to determine the retention period include:
(α) the duration of our contractual relationship,
(β) the time required for the Company to comply with a legal obligation,
(γ) the period necessary based on the Company’s legal position (e.g. defense of rights before courts, regulatory audits, etc.).
7. Technical and organizational measures
The Company implements effective technical and organizational measures – both when determining the means of processing and during the processing itself – which aim to ensure compliance with applicable legislation and to protect the rights of natural persons.
8. Rights
In full compliance with the GDPR, the Company allows and facilitates the exercise of the rights granted to Data Subjects, to the extent that such rights can be effectively exercised within the operational framework of the website:
Right of access: know what data we process about you, why and who the recipients are.
Right to correction: correction of errors, inaccuracies or incomplete data.
Right to erasure: to have your data deleted from our files in accordance with the terms of the GDPR.
Right to restriction of processing: in cases of disputed accuracy, pending objection requests or when the data is no longer necessary for the original purpose, but cannot yet be deleted for legal reasons.
Right to data portability: receive your data in electronic form and transmit it to a third party.
Right to object: to the processing of your personal data and to the withdrawal of your consent – where consent is required – without affecting the lawfulness of the processing prior to its withdrawal.
9. Fulfillment of rights – Safeguards – Retention period
The Company ensures that:
There are procedures in place that allow data subjects to easily exercise their rights and that all necessary actions are initiated immediately.
Responds to requests without undue delay and in any case within thirty (30) calendar days.
If a request cannot be satisfied, the Company provides specific, sufficient and complete justification.Except for manifestly unfounded or excessive requests, all actions regarding the rights of data subjects are carried out free of charge.
Personal data is stored in secure electronic systems used exclusively by specially trained and authorized personnel, ensuring the maximum possible protection in today’s digital environment.
The Company retains and processes your Personal Data only for as long as necessary for the purposes mentioned above, based on the applicable terms of service or relevant laws.
10. Cookie policy
Cookies are small data files that a website, such as this one, can install and store on your computer or mobile terminal device to remember your actions while browsing.
For more information about Cookies, please refer to our Company’s Cookies Policy (available here: https://ovolus.com/cookies-policy/).
11. Contact
You can contact the Company’s Data Protection Officer (DPO) at support@ovolus.com for any questions regarding the processing of your personal data.
If you exercise any of the above rights, the Company will take all reasonable steps to satisfy your request within thirty (30) calendar days of receipt, informing you in writing of the result or the reasons preventing compliance.
If due to the complexity or volume of the requests this is not technically feasible, the deadline may be extended by two additional months, after informing you.
If you are not satisfied with our response or believe that the processing of your personal data violates the applicable regulatory framework, you have the right to file a complaint with the Hellenic Personal Data Protection Authority (HPPA) (postal address: 1-3 Kifissias Avenue, 115 23 Athens, tel. 210 6475600, email: contact@dpa.gr).
12. Validity and modification
This policy was published by the Company on 11/25/2025 and is subject to periodic review and improvement.
The Company may modify this Policy at any time and without prior notice, announcing any such modification through its website.