A. INTRODUCTION
This policy serves as a clear statement of the company, with corporate name “CORALLIA VENTURES MANAGEMENT VENTURE CAPITAL MANAGEMENT SOCIETE ANONYME” and commercial title “CORALLIA VENTURES MANAGEMENT” (hereinafter, the Company), to serve a Privacy Policy in accordance with articles 13 and 14 of the (EU) 2016/679 General Data Protection Regulation (hereinafter GDPR) and provides information on the processing of personal data, as well as on the rights of data subject(s). It is intended to be communicated clearly to employees, limited partners, regulatory bodies, and other interested parties.
CORALLIA VENTURES MANAGEMENT is a société anonyme established and operating under the laws of Greece and acts in its capacity as a management company of Venture Capital Funds (hereinafter referred to as Fund or Funds) in accordance with article 7 of Law 2992/2002.
B. COMPANY STATEMENTS
The Company takes all reasonable technical and organizational measures to ensure the confidentiality and security of data processing and their protection from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or unauthorized access by anyone and any other form of unlawful processing.
Your personal data will not be processed for any purpose other than those provided herein, without your having been previously informed and/or given consent.
C. DATA WE PROCESS
The Company, as Data Controller within the meaning of article 4 paragraph 7 of the GDPR, keeps and processes electronic and/or physical files, in which personal data of the following subjects have been stored:
a) Its shareholders, members of its management and employees, as well as its suppliers.
b) The unit-holders in the Funds it manages and their legal representatives, if any, as well as their beneficial owners.
c) The custodian of the Venture Capital Funds it manages.
d) Shareholders, partners, legal representatives, beneficial owners, employees, suppliers and customers of the companies in which the Fund invests.
Specifically, the Company processes, on a case-by-case basis, the following categories of personal data, which it has either collected directly from you or from third parties, namely:
a) Categories of data that the Company processes for each data subject on the basis of a contractual relationship or for the fulfilment of legal obligations or to safeguard the Company’s legitimate interests:
– Personal information, which may include full name, father’s name, mother’s name, date and place of birth, nationality, professional capacity, ID number/passport or other official identification document, VAT number, tax residence and competent tax authority.
– Contact and correspondence information, which may include home address, home phone, work address, work phone, mobile phone, email.
– Bank account details for payments .
b) Categories of data processed by the Company in the context of its compliance with obligations under the applicable legislative framework for the prevention/suppression of money laundering and terrorist financing and relate specifically to (i) unitholders of the Funds it manages, (ii) to companies in which the Funds invest and (iii) to third party providers-suppliers of the Company, as well as (iv) the beneficial owners of the above:
– Financial/investment profile data, including information on the sources and size of the assets of the persons referred to in points (i)-(iii) above, as well as their professional/business activity.
– Information on the financial situation of the beneficial owner of the abovementioned persons.
c) Categories of data processed by the Company on the basis of an employment relationship or the provision of independent services, and relate specifically to its employees and associates:
– Vocational training data, such as CVs, letters of recommendation, copies of diplomas and information on studies, information on past employment and work experience, information on skills, knowledge of foreign languages.
– Contact details (phone, email).
– Social insurance details (main insurance organization, AMKA, EFKA Registration Number, etc.).
– Marital status data (married/unmarried, spouse’s name, number of dependants, etc.).
Finally, the Company may process personal data on the basis of explicit and specific consent of the subject. In this case, the Company will inform the subject in advance about the data to be processed, the purpose(s) of their processing, the type of personal data to be processed, their retention period, as well as any more specific information regarding the transmission of personal data.
D. LEGAL BASIS FOR PROCESSING
The legal basis for processing the personal data of the subjects is, as the case may be:
a) The execution of a contract concluded by the Company with the data subject (Article 6 (1), first paragraph, case b’ of the GDPR), such as the conclusion and execution of a contract for the establishment and management of a Fund with the Fund’s unitholders and the custodian, a service contract or a work contract with suppliers of the Company, a share acquisition agreement in companies in which a Fund invests and any agreements with their shareholders and partners.
b) The conclusion of an employment contract with employees of the Company or, after its conclusion, for its implementation (article 27 paragraph 1 of Law 4624/2019).
c) Compliance with legal obligations of the Company (Article 6 (1), first paragraph, case c of the GDPR), such as provisions of tax and insurance legislation, provisions of Law 4557/2018 for the prevention and suppression of money laundering and terrorist financing.
d) To safeguard the legitimate interests of the Company or third parties (Article 6 (1), first paragraph, case f of the GDPR), such as the judicial pursuit of claims of the Company or the unitholders of a Fund.
e) The consent of the data subject (Article 6 (1), first sentence case a’ of the GDPR), which has been provided for specific purposes, which arise from the respective content of the consent.
f) The consent of the data subject being an employee of the Company (article 27 paragraph 2 of Law 4624/2019), for specific processing purposes arising from the content of the consent, which the data subject may revoke at any time, without, however, affecting the legality of the processing carried out on the basis of the consent until its withdrawal.
g) The cases referred to in Article 25 paragraph 1 of Law 4624/2019.
The processing of personal data relating to minors is carried out under the strict condition of the prior consent of his/her legal representative, in accordance with the specific provisions of the applicable legislation.
E. PURPOSES OF PROCESSING
We process your personal data for the following purposes:
-
- To assess the suitability of companies to become objects of investments by the Fund and to conclude contracts for the acquisition by the Fund of shares/units in them.
- For the fulfilment of the Company’s obligations deriving from the applicable legislative and regulatory framework, such as the provisions of tax and insurance legislation, the provisions of Law 4557/2018 for the prevention and suppression of money laundering and terrorist financing, in the context of the “KYC” procedure, as well as for compliance with disclosure duties, by virtue of decisions of the competent supervisory, administrative, public and judicial/prosecutorial Authorities and Services.
- To comply with the Company’s obligations as an employer, which derive from employment contracts.
- For the fulfilment of the Company’s contractual obligations arising from contracts for the provision of services, works and any other kind of cooperation.
- To defend the Company’s legal rights before judicial or other authorities.
F. RECIPIENTS OF THE DATA
-
- The recipients of your personal data, to whom they are disclosed, are:
a) Employees of the Company who provide services to the Company for the performance of the aforementioned purposes.
b) External associates of the Company and service providers in general, such as financial, legal, insurance and other consultants, with whom the Company may cooperate directly or indirectly for these purposes.
c) Independent authorities, public bodies or judicial authorities such as public prosecutors’ offices, courts or tax authorities, to whom we are obliged to transmit personal data by law, or by virtue of a decision/order of a judicial or prosecutorial authority.
d) Certified audit firms that audit the financial statements of our Company.
e) Any credit institution performing custodian functions of the Fund managed. - In case of outsourcing the processing of personal data to third party associates, the Company will ensure that the processors acting on its behalf meet the requirements and provide sufficient assurances for the implementation of appropriate technical and organizational measures so that the processing of personal data ensures the protection of your rights.
G. RETENTION PERIOD
We store your personal data only for as long as it is required to achieve the processing purposes – if your consent has been granted – as long as you do not withdraw your consent. In any case, this time does not exceed twenty (20) years. After the expiry of the above period, personal data shall be destroyed.
In cases where the retention of personal data is necessary for the exercise or protection of the Company’s legal rights before judicial or other authorities provided for by applicable law, the above deadline is extended until the end of the period when such data are no longer necessary for the above purposes.
H. RIGHTS OF DATA SUBJECTS
According to legislation on the protection against the processing of personal data you have the right to:
-
- Subject to the provisions of article 33 of Law 4624/2019, request access to your personal data, pursuant to article 15 of the GDPR. In particular, you can receive information about which personal data concerning you are or have been processed, their categories, the purposes for which we process them, their origin, the categories of recipients to whom they are transmitted and their retention period. Upon request, the Company will provide you with a copy of your personal data being processed.
- Without prejudice to the provisions of article 35 of Law 4624/2019, to raise objections at any time and object to the processing of your data, pursuant to article 21 of the GDPR, at any time.
- Without prejudice to the provisions of Article 34 of Law 4624/2019, request the deletion of your data, if they are no longer necessary for the purposes for which they were collected or otherwise processed, if you revoke the consent on which the processing is based or if the personal data were processed unlawfully (Article 17 GDPR). The Company has the right to refuse your request for deletion of your personal data if the retention of the data is necessary for the establishment, exercise or support of its legal rights or of third parties.
- Request the correction of your personal data that we hold. This enables you to correct any incomplete or inaccurate information we have collected about you (Article 16 GDPR).
- Request restriction of processing of your personal data only for specific purposes, including in case of data correctness contestation or unlawful processing (Article 18 GDPR).
- You have the right to portability of your personal data to another controller, provided that the processing is based on your consent and is carried out by automated means (Article 20 GDPR).
- File a report/complaint with the Hellenic Data Protection Authority, Kifissias Avenue 1-3, 11523 Athens, Attica, Greece, T: 210 64 75 600, W: dpa.gr, E: complaints@dpa.gr.
I. PRIVACY POLICY UPDATES
Our Privacy Policy may be updated from time to time. We will notify you of any significant changes through our website or other appropriate means of communication.
J. CONTACT US
To exercise your above rights or for any questions you may have regarding the processing of your personal data, you may contact us at A: CORALLIA VENTURES MANAGEMENT, Kifissias Avenue 44, 15125 Maroussi, Attica, Greece, T: 210 63 00 797, E: dpo@coralliaventures.vc.