Email
info@coralliaventures.vc
Corallia Ventures

Privacy Policy

Corallia Ventures > Privacy Policy

A. INTRODUCTION

This policy serves as a clear statement of the company, with corporate name “CORALLIA VENTURES MANAGEMENT VENTURE CAPITAL MANAGEMENT SOCIETE ANONYME” and commercial title “CORALLIA VENTURES MANAGEMENT” (hereinafter, the Company), to adopt and implement a Data Protection Policy (“Policy”) in accordance with the applicable legislation (primarily EU 2016/679 General Data Protection Regulation (hereinafter “GDPR”) and respective national laws 4624/2019 and 3471/2006 and any other relevant legislation, as in force – hereinafter also referred jointly “Data Protection Legislation”). The aim of this Policy is to set the basic requirements that have to be met and to provide in a transparent manner the necessary information on the processing of personal data that the Company performs. It is intended to be communicated clearly to employees, limited partners, regulatory bodies, and all other interested parties with whom the Company interacts in the context of its business activities.

CORALLIA VENTURES MANAGEMENT is a société anonyme established and operating under the laws of Greece and acts in its capacity as a management company of Venture Capital Funds (hereinafter referred to as Fund or Funds) in accordance with article 7 of Law 2992/2002.

B. COMPANY STATEMENTS

The Company takes all reasonable technical and organizational measures to ensure the confidentiality and the level of security of data processing that is appropriate to the risk presented, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access by anyone to the personal data transmitted, stored or otherwise processed by the Company.

The personal data will not be processed for any purpose other than those provided herein, without the relevant data subjects having been previously informed and/or given consent, where applicable.

C. DATA WE PROCESS

1. The Company, acting as Controller within the meaning of article 4 paragraph 7 of the GDPR, keeps and processes electronic and/or physical records containing personal data of the following categories of data subjects:

a) Internal stakeholders: its shareholders, members of its management, employees, individual experts engaged by the Company and suppliers of the Company.

b) Fund stakeholders: unit-holders of the Funds it manages, their legal representatives and their beneficial owners (if applicable).

c) Custodian: the custodian entities’ representatives of the Funds under its management.

d) Portfolio companies: shareholders, legal representatives, beneficial owners, employees, suppliers, and customers of companies in which the Funds invest, and individuals expressing interest in the Funds via the Company’s web forms.

e) External stakeholders: visitors to the Company’s website, newsletter subscribers and social media followers.

2. The Company processes, on a case-by-case basis, the following categories of personal data, collected either directly from the data subject or from third parties as identified in this policy:

a) Data processed based on contractual relationships, legal obligations, or legitimate interests: this includes data processed to fulfil contractual obligations, comply with legal requirements (e.g., tax, employment, social security laws), or safeguard the Company’s legitimate interests:

      • Personal information: full name, father’s name, mother’s name, date and place of birth, nationality, professional capacity, ID/driver’s license/passport number or other official identification documents, VAT/TIN number, tax residence and tax authority.
      • Contact information: home/work address, home/work phone, mobile phone, email address.
      • Financial information: bank account details for payments and credit information.
      • Technical information: information collected during visits to the Company’s website that does not directly identify the data subject, such as browser type, operating system, referring domain name, location, IP address, and web content accessed (via cookies). For more detailed information on the use of cookies on the Company’s website, please refer to our Cookie Policy.
      • Information provided to the Company related to specific requests.

b) Data processed for compliance with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations: this relates to unit-holders of the Funds it manages, to companies in which the Funds invest, as well as the beneficial owners of the above:

      • Financial/investment profile: information on the sources and size of the assets and professional/business activity.
      • Beneficial Owners: information on the financial status of the beneficial owners.
      • Tax data: income data and income tax return details.

c) Data processed for employment or independent services: this applies to employees and associates:

      • Professional background: CVs, educational history, recommendation letters, diplomas, past employment, work experience, skills, and foreign language proficiency.
      • Contact information: residence address, phone numbers and email addresses.
      • Social insurance details: insurance organisation, AMKA, ΕΦΚΑ registration number.
      • Personal status: marital status, spouse’s name, number of dependents.
      • Tax information: Tax ID (VAT/TIN).
      • Banking data: bank account details.
      • Permissible health data: details such as maternity or sick leave.
      • Operational data related to IT support and email management.

d) Data processed based on explicit consent: when required, the Company processes data subject to explicit and specific consent from the data subject:

      • Contact Information: email address, preferred language of communication.
      • Communication-related data: Information relating to specific communication or requests.

D. LEGAL BASIS FOR PROCESSING

The legal basis for processing the personal data of the data subjects is, as the case may be:

1. Contractual Necessity: The execution of a contract concluded by the Company with the data subject or in order to take steps at the request of the data subject prior to entering into the contract (Article 6 (1 case b’ of the GDPR), such as the conclusion and execution of an employment contract or a contract for the establishment and management of a Fund with the Fund’s unitholders and the custodian, a service contract or a work contract with suppliers of the Company, a share acquisition agreement in companies in which a Fund invests and any agreements with their shareholders and partners.

2. Legal Obligations: Compliance with legal obligations of the Company (Article 6 (1), case c of the GDPR), such as provisions of tax, employment and insurance legislation, provisions of Law 4557/2018 for the prevention and suppression of money laundering and terrorist financing.

3. Legitimate Interests: To safeguard the legitimate interests of the Company or third parties except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Article 6 (1), case f of the GDPR), such as the judicial pursuit and defence of claims of the Company or the Fund’s unitholders, or the detection and prevention of fraud, ensuring transactional security, safeguarding business continuity, protection via the CCTV system of property and persons visiting the Company’s premises, or operation of Company’s websites.

4. Consent: The consent of the data subject (Article 6 (1), case a’ of the GDPR), which has been provided for specific purposes, which arise from the respective content of the consent, as these are notified duly and timely by the Company to the respective data subjects e.g. for enlisting in our newsletter subscribers list, for image recording during corporate events or for the submission of employees to a group insurance policy.

E. PURPOSES OF PROCESSING

The Company processes personal data for the following purposes:

1. Fund Formation and Management : for the conclusion of the agreement for the establishment and management of a Fund and for the implementation of its contractual terms.

2. Investment Evaluation: To assess the suitability of companies to become objects of investments by the Fund and to conclude contracts for the acquisition by the Fund of shares/units in them.

3. Regulatory Compliance: For the fulfilment of the Company’s obligations deriving from the applicable legislative and regulatory framework, such as the provisions of tax, employment and insurance legislation, the provisions of Law 4557/2018 for the prevention and suppression of money laundering and terrorist financing, in the context of the “KYC” procedure, as well as for compliance with disclosure duties, by virtue of decisions of the competent supervisory, administrative, public and judicial/prosecutorial Authorities and Services. Especially with regards to abiding by the applicable anti-money laundering legislation, as specified therein, the Company is required, among other, to perform due diligence on the Fund’s prospective investees and in particular a) confirm the identity based on documents or information from a reliable and independent source, including through means of electronic identification in accordance with EU Regulation 910/2014 and any other applicable law, b) confirm and update the information on the identity the investee’s beneficial owner, c) assess and, where necessary, collect information on the subject and purpose of the business relationship, d) supervise the business relationship by monitoring the related transactions e) adopt the necessary measures with regards to the assessment of the investment.

4. Employment Obligations: To comply with the Company’s obligations as an employer, which derive from employment contracts.

5. Service Provision: For the fulfilment of the Company’s contractual obligations arising from contracts for the provision of services, works and any other kind of cooperation.

6. Legal Defense: To defend the Company’s legal rights before judicial or other competent authorities.

F. RECIPIENTS OF THE DATA

1. The Company will not transmit or disclose in any way personal data to third parties (other than the recipients listed below) for any purpose or use, without prejudice to paragraph 2 of this chapter.

2. The recipients of personal data, to whom they are disclosed to the extent necessary, are:

a) Company personnel: employees of the Company who are directly involved in fulfilling the purposes outlined in this policy.

b) External associates and service providers of the Company: financial, legal, insurance, IT and other consultants or service providers with whom the Company collaborates directly or indirectly for the purposes of this policy.

c) Regulatory authorities and public bodies: independent authorities, public bodies or judicial authorities (e.g., prosecutors, courts, tax authorities) to whom data must be disclosed by law or by judicial or prosecutorial order.

d) Audit Firms: certified auditors who perform financial audits of the Company’s statements.

e) Custodian Institutions: institutions performing custodian services for the Funds managed by the Company, acting as independent controllers as required under applicable law.

f) Fund Governance Bodies and Stakeholders: relevant decision-making bodies of the Fund (e.g., Investment Committee, Investor Advisory Committee) and Unit Holders, to the extent required for the execution of the management agreement between the Company, the Unit Holders and the Custodian, including for investing or divesting purposes, and/or compliance with a legal obligation and especially with any due diligence requirements (such as Law 2992/2002 on venture capital mutual funds, Law 4557/2018 on anti-money laundering, as in force). In this context, the Fund’s Unit holders will process the related information as controllers.

g) Individuals and entities acting as co-investors: with the Company under specific agreements.

3. In cases of outsourcing the processing of personal data to third party associates (e.g., IT services or payroll administration), the Company will ensure that the processors acting on its behalf meet the requirements and provide, by respective written assignments (art. 28 GDPR), the sufficient assurances for the implementation of appropriate technical and organizational measures so that the Company ensures the protection of all relevant data subjects’ rights.

4. In the event that we are required to disclose any information to a third party residing outside the European Union/European Economic Area, we will ensure that international data transfer measures are in place and provide adequate information, where feasible.

G. RETENTION PERIOD

We store personal data only for as long as it is required to achieve the processing purposes that we identify herein or for as long as we are required by the applicable law.

Such time periods may differ depending on the scope of processing. In this respect,

a) information stored for the purposes of complying with the applicable law on money laundering shall be kept for as long as required under the respective legal provisions (art. 30 Law 4557/2018 i.e. for five years after the end of the client business relationship and for longer but up to ten years in case required by law)

b) data on personnel and especially social security are kept for such time as the competent supervisory authorities (such as National Social Security Organization (EFKA)) is entitled to perform audits with a retrospective effect.

c) if the processing is based on consent, the related personal information is maintained for as long as consent remains valid and until its withdrawal.

After the expiry of the aforementioned periods, the Company ensures that the relevant personal data are safely destroyed so the corporate records contain only the information which is necessary for the pursue of the Company’s legitimate purposes and/or compliance with legal obligations to which it is subject.

In cases where the retention of personal data is necessary for the exercise or protection of the Company’s legal rights before judicial or other authorities provided for by applicable law and/or for the compliance with a legal obligation to which the Company is subject, the above deadline is extended until the end of the period when such data are no longer necessary for the above purposes considering the applicable time limitation periods respectively. During such time, the Company shall ensure that appropriate measures are applied (such as encryption or pseudonymization) with respect to any personal data maintained.

H. RIGHTS OF DATA SUBJECTS

According to Data Protection Legislation each data subject is entitled to the following rights whose exercise remains subject to the terms and conditions set by law :

1. Withdrawal of consent (article 7 GDPR): withdraw, at any time, any previously granted consent to the processing of personal data, in cases where the processing is based on consent. In this case, the processing of the relevant data by the Company will cease, without this affecting the legality of the processing that has already taken place until the withdrawal of the consent.

2. Right of Access (article 15 GDPR): request confirmation as to whether or not personal data concerning him or her are been processed by the Company and where that is the case, information on at least the purposes of processing, the categories of personal data concerned, their source, the recipients or categories of recipients to whom these data are transmitted and their retention period, existence of automated decision-making. Upon request, the Company will provide the data subject with a copy of his or her personal data being processed. The right of access may not be satisfied, in whole or in part, in case the Company is required to abide by its obligations pursuant to the applicable legislation on anti-money laundering (Law 4557/2018) namely in case disclosure of information may affect any official or legal investigations, analysis or procedures with respect to the prevention, detection and investigation of possible money laundering from criminal activities or financing of terrorism.

3. Right of Objection (article 21 GDPR): object at any time to the processing of his or her personal data which is based on the Company’s legitimate interest.

4. Right of Erasure (article 17 GDPR): request the deletion of data concerning him or her, if a) these data are no longer necessary for the purposes for which they were collected or otherwise processed by the Company, or b) if the data subject withdraws consent on which the processing is based and there are no legal grounds for the processing, or c) if the personal data were processed unlawfully or d) the data have to be erased for compliance with a legal obligation or e) the data subject exercises the right to objection and there are no overriding legitimate grounds for the processing (such as for example where the retention of the data is necessary for the establishment, exercise or support of its legal rights or of third parties).

5. Right of Rectification (article 16 GDPR): request the correction of inaccurate or incomplete personal data that the Company holds.

6. Right to Restriction of processing (article 18 GDPR): request restriction of processing of the personal data concerning him or her only for specific purposes, including in case of data accuracy contestation or unlawful processing.

7. Right to data portability (article 20 GDPR): request to receive the personal data concerning him or her, which were provided to the Company, in a structured, commonly used and machine-readable format and transmit those data to another controller, provided that the processing is based on consent and is carried out by automated means

8. Right to lodge a complaint: file a request/complaint with the Hellenic Data Protection Authority in accordance with the instructions contained on its website (Kifissias Ave. 1-3, Po Box 11523, Ampelokipoi, Athens Greece. T: +30 210 6475 600, E: complaints@dpa.gr, W: http://www.dpa.gr).

I. PRIVACY POLICY UPDATES

Our Privacy Policy may be updated from time to time. We will notify any significant changes through our website or other appropriate means of communication.

J. CONTACT US

In addition to your right to lodge a complaint under Chapter H, paragraph 8 above, you may contact the Company for any inquiries regarding the processing of your personal data or to exercise your rights at A: CORALLIA VENTURES MANAGEMENT, Kifissias Ave. 44, 15125 Maroussi, Attica, Greece, T: +30 210 63 00 797, E: dpo@coralliaventures.vc.