Our Company places particular importance on the protection of your personal data. For this reason, we have prepared this Privacy Policy in order to inform you about the processing of your personal data.
Please read the following carefully. By using our Website and signing the relevant declaration of consent, you acknowledge that you have read, understood, and unconditionally accepted the practices described herein, which henceforth govern our relationship.
1. Definitions
(Note: The definitions follow Article 4 of the General Data Protection Regulation (EU) 2016/679, hereinafter: “GDPR”)
“Personal Data”: any information relating to an identified or identifiable natural person (“Data Subject”).
“Controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor”: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.
“Data Subject”: natural persons whose personal data are collected and processed by the Controller (in this Privacy Policy, Data Subjects are the users of the above-mentioned website, regardless of whether they are identified, for the purpose of using a service).
2. Data Controller
The Controller responsible for processing personal data for the purposes of this Website is the company under the name “One Three Capital Société Anonyme for the Provision of Crowdfunding Services”, Tax ID No. 802563771, headquartered in Marousi, Attica, at 21 Sifnaion Angioplaston Street, Postal Code 15125.
3. Processing of Personal Data
When you visit our Website, we may process:
(a) The data you enter by completing the electronic contact form available on our Website
(e.g., full name, email address, telephone number).
(b) Personal data automatically collected during your browsing
(IP address, device type, browser, referring webpage, pages of our company that you visited, date and time of visit).
4. Purpose of Processing
Your personal data is processed for the following purposes:
(a) To facilitate our pre-contractual or contractual relationship, so that you receive personalised information, have access to your personal documents, and so that we may respond to your requests or contact you following your inquiry.
(b) To establish any legitimate legal claim or defence against attempted fraud, potential cyber-attacks, or other unlawful activities.
(c) To create anonymised statistics on the traffic and accessibility of the Website and its subpages, in order to take the necessary measures to improve them and enhance your browsing experience.
Legal Basis for Processing
Unless otherwise specified at the time of collection, the legal basis for the processing of your personal data is one of the following:
(a) Processing is necessary for the performance of the contractual relationship with you
(Article 6(1)(b) GDPR).
(b) Processing is necessary for the purposes of the legitimate interests pursued by the Company
(Article 6(1)(f) GDPR).
(c) You have given your explicit consent to the processing of your personal data
(Article 6(1)(a) GDPR).
5. Confidentiality
We may engage natural or legal persons to perform certain services and functions of our Website. These persons receive only the personal data necessary to fulfil their assigned services and are contractually bound to the Company to ensure confidentiality and secure processing.
The Company does not sell, transfer, or otherwise disclose your personal data to third parties without your consent, except where required by applicable law and only to competent Authorities.
Personal data may be disclosed to judicial, police, and other administrative authorities upon their lawful request and in accordance with applicable legislation. Furthermore, in case of a lawful order by a prosecutor or other Authority, or during the conduct of a preliminary or formal investigation, the Company is obliged to provide access to relevant information.
The Company does not transfer users’ personal data to any country or international organisation outside the EEA.
Our Company maintains pages on social media platforms such as LinkedIn, Facebook, and Instagram; however, it does not carry out any processing of your personal data through these platforms. The Company has no influence or control over the personal data collected and processed by the social media platforms and bears no responsibility for such processing. For more information regarding their data collection and processing, please consult the privacy policy of each platform.
6. Data Transfer and Storage
The Company will always ask you for the minimum personal data required to contact us and to use our services. We retain your personal data only for as long as necessary, after which it is anonymised or destroyed.
The criteria used to determine the retention period include:
(a) the duration of our contractual relationship,
(b) the time required for the Company to comply with a legal obligation,
(c) the period necessary based on the Company’s legal position (e.g., defence of rights before courts, regulatory audits, etc.).
7. Technical and Organisational Measures
The Company implements effective technical and organisational measures—both at the time of determining the processing means and during processing itself—designed to ensure compliance with applicable law and to protect the rights of natural persons.
8. Rights
In full compliance with the GDPR, the Company enables and facilitates the exercise of the rights granted to Data Subjects, insofar as such rights can be effectively exercised within the Website’s operational framework:
Right of access: to know which of your data we process, why, and who the recipients are.
Right to rectification: to correct mistakes, inaccuracies, or incomplete data.
Right to erasure: to have your data erased from our records under the conditions of the GDPR.
Right to restriction of processing: in cases of contested accuracy, pending objection requests, or when data is no longer necessary for the original purpose but cannot yet be erased for legal reasons.
Right to data portability: to receive your data in electronic form and transmit it to a third party.
Right to object: to the processing of your personal data and to withdraw your consent—where consent was required—without affecting the lawfulness of processing prior to its withdrawal.
9. Fulfilment of Rights – Safeguards – Retention Period
The Company ensures that:
Procedures exist that allow Data Subjects to easily exercise their rights and that all necessary actions begin immediately.
It responds to requests without undue delay and in any case within thirty (30) calendar days.
If a request cannot be satisfied, the Company provides specific, adequate, and complete justification.Except for manifestly unfounded or excessive requests, all actions relating to Data Subject rights are carried out free of charge.
Personal data is stored in secure electronic systems used exclusively by specially trained and authorised personnel, ensuring maximum possible protection in today’s digital environment.
The Company retains and processes your Personal Data only for as long as necessary for the purposes mentioned above, based on the applicable terms of service or the relevant laws.
10. Cookies Policy
Cookies are small data files that a website, such as this one, may install and store on your computer or mobile terminal device to remember your actions during navigation.
For more information about Cookies, please refer to our Company’s Cookies Policy (available here: https://ovolus.com/cookies-policy/).
11. Contact
You may contact the Company’s Data Protection Officer (DPO) at support@ovolus.com for any questions regarding the processing of your personal data.
If you exercise any of the above rights, the Company will take all reasonable steps to satisfy your request within thirty (30) calendar days from receipt, informing you in writing of the outcome or of the reasons preventing compliance.
If due to complexity or volume of requests this is not technically feasible, the deadline may be extended by a further two months, following your notification.
If you are not satisfied with our response or believe that the processing of your personal data violates the applicable regulatory framework, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) (postal address: 1-3 Kifisias Ave., 115 23 Athens, tel. 210 6475600, email: contact@dpa.gr).
12. Validity and Amendment
This Policy was published by the Company on 25/11/2025 and is subject to periodic review and improvement.
The Company may amend this Policy at any time and without prior notice, announcing any such amendment via its Website.