Privacy Policy

A. Introduction

This policy is a statement by EVERCURIOUS VC DIACHEIRISIS AMOIVAION KEFALAION EPICHEIRIMATIKON SYMMETOCHON SOCIETE ANONYME, operating under the commercial title Evercurious VC (hereinafter referred to as "the Company"), to comply with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679). It provides information on the processing of personal data and the rights of data subjects. This policy is intended for employees, limited partners, regulatory bodies, and other interested parties.

Evercurious VC is a société anonyme established under the laws of Greece and acts as a management company for Venture Capital Funds (hereinafter referred to as "Fund" or "Funds") in accordance with Article 7 of Law 2992/2002.

B. Company Statements

The Company takes all reasonable technical and organizational measures to ensure the confidentiality and security of data processing, protecting data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. Personal data will not be processed for any purpose other than those outlined herein without prior notice and/or consent from the data subject.

C. Data We Process

As a Data Controller under Article 4(7) of the GDPR, Evercurious VC processes electronic and/or physical files containing personal data of:

1. Shareholders, management members, employees, and suppliers of the Company.
2. Unitholders of the Funds it manages, their legal representatives, and beneficial owners.
3. The custodian of the Venture Capital Funds managed by the Company.
4. Shareholders, partners, legal representatives, beneficial owners, employees, suppliers, and customers of companies in which the Fund invests.

Categories of personal data processed may include:

• Personal Information: Name, date and place of birth, nationality, identification documents (e.g., ID card, passport), VAT number, tax residence, and contact details.
• Financial Information: Bank account details and financial/investment profile.
• Employment Information: CVs, references, diplomas, past employment records, social insurance details, and marital status.

The Company may also process personal data based on explicit consent, in which case subjects will be informed about the data processed, the purpose, retention period, and any relevant disclosures.

D. Legal Basis for Processing

The legal bases for processing personal data include:

1. Contract Performance (Article 6(1)(b) GDPR): For fulfilling contractual obligations with data subjects, including fund management and service agreements.
2. Legal Obligations (Article 6(1)(c) GDPR): Compliance with tax, insurance, anti-money laundering laws, and other legal requirements.
3. Legitimate Interests (Article 6(1)(f) GDPR): Protecting the legal rights of the Company or third parties.
4. Consent (Article 6(1)(a) GDPR): For specific processing activities based on explicit consent, which may be withdrawn at any time.

Data processing related to minors is conducted only with the prior consent of their legal representatives.

E. Purposes of Processing

The Company processes personal data for the following purposes:

• Managing agreements for fund establishment and operation.
• Evaluating investment opportunities and conducting due diligence.
• Complying with legal and regulatory obligations, including anti-money laundering checks.
• Managing employment relationships and fulfilling contractual obligations.
• Protecting the Company’s legal rights in judicial or administrative proceedings.

F. Recipients of the Data

Personal data may be shared with:

1. Company Employees involved in data processing activities.
2. External Partners and Service Providers, such as legal, financial, and insurance advisors.
3. Public Authorities and Judicial Bodies, as required by law.
4. Certified Audit Firms for financial statement audits.
5. Credit Institutions acting as custodians for the managed Funds.

In cases of outsourced processing, the Company ensures that processors meet legal requirements and implement adequate technical and organizational measures for data protection.

G. Retention Period

Personal data is retained only as long as necessary to fulfill the processing purposes or until consent is withdrawn. In general, the retention period does not exceed 20 years. If data retention is required for legal claims, the retention period may be extended as needed.

H. Rights of Data Subjects

Under GDPR, you have the following rights:

1. Right to Withdraw Consent: You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
2. Right to Access: Request access to your personal data and obtain information about the processing activities (Article 15 GDPR).
3. Right to Rectification: Request correction of inaccurate or incomplete personal data (Article 16 GDPR).
4. Right to Erasure: Request deletion of your personal data, subject to certain legal exceptions (Article 17 GDPR).
5. Right to Restrict Processing: Request restriction of processing under certain conditions (Article 18 GDPR).
6. Right to Data Portability: Request a copy of your data in a portable format (Article 20 GDPR).
7. Right to Object: Object to data processing based on legitimate interests (Article 21 GDPR).
8. Right to File a Complaint: Submit a complaint to the Hellenic Data Protection Authority, Kifissias Avenue 1-3, 11523 Athens, Greece (Tel: 210 64 75 600, Email: complaints@dpa.gr).

I. Privacy Policy Updates

This Privacy Policy may be updated periodically. We will notify you of any significant changes via our website or other communication channels.

J. Contact Us

For questions regarding this Privacy Policy or to exercise your data rights, please contact us at:

• Address: Elpidos 2A, 15343, Agia Paraskevi, Attica, Greece
• Email: hello@evercurious.vc