Privacy Policy

At GM Financial Group LTD (together with our affiliated partner companies, hereinafter referred to as the “Company”, “we”, “our”, or “us”), we value your privacy and are committed to protecting any personal data that we collect from or about you.

This Primary Privacy Policy explains how we collect, use, disclose, and protect personal data when you access or interact with our websites and advisory services (collectively, the “Services”).

Scope clarification

This Policy does not apply to personal data processed strictly on behalf of clients within the framework of executed advisory or contractual engagements. In such cases, data processing is governed exclusively by the relevant contractual agreements and applicable confidentiality obligations.

1. Data Controller

For the purposes of applicable data protection laws, including the EU GDPR and UK GDPR, GM Financial Group LTD acts as the Data Controller with respect to personal data processed through its own Services.

Data Protection Officer (DPO)
Email: dpo[at]gmfinancialgroup[dot]gr

Postal Address
Data Protection Officer
GM FINANCIAL GROUP LTD
3 Cardinal Point, Park Road
Rickmansworth, England, WD3 1RE
(Please clearly indicate the Company’s name on the envelope.)

2. Personal Data We Collect

We collect personal data only to the extent necessary for legitimate advisory, communication, and compliance purposes.

Personal Data You Provide

This may include:

• Identification and Contact Information
  Name, professional title, company name, email address, telephone number.

• Advisory & Project Information
  Business, financial, or project-related information voluntarily submitted via contact forms, inquiries, or during preliminary advisory discussions.

• Correspondence
  Information contained in emails, forms, or other communications you send to us.

Personal Data Collected Automatically

When you access our website, we may collect limited technical data such as:

• IP address

• Browser type and version

• Device and operating system

• Date, time, and pages accessed

• Referring URLs

This data is used strictly for security, analytics, and website functionality.

Personal Data from Third Parties

Where permitted by law, we may receive limited personal data from:

• professional or business partners,

• publicly available sources,

• service providers supporting security or compliance functions.

3. Legal Bases and Purposes of Processing

We process personal data only where a valid legal basis exists, including:

• performance of a contract or pre-contractual steps,

• legitimate interests, such as operating, securing, and improving our Services,

• legal obligations,

• consent, where required.

Purposes include:

• responding to inquiries and requests,

• preliminary advisory assessment and communication,

• compliance with legal and regulatory obligations,

• website security, analytics, and operational integrity.

4. Disclosure of Personal Data

We may disclose personal data only where necessary and lawful, including to:

Service Providers
Trusted third-party providers supporting hosting, IT infrastructure, security, communications, and analytics, all subject to Data Processing Agreements (DPAs).

Legal and Regulatory Authorities
Where required to comply with applicable laws, lawful requests, or to protect legal rights.

Corporate Transactions
In the event of a merger, restructuring, or asset transfer, subject to appropriate safeguards and notice where required.

Affiliated Entities
Entities under common control, strictly for purposes consistent with this Policy.

5. Data Retention

Personal data is retained only for as long as necessary, taking into account:

• the purpose of processing,

• legal and regulatory obligations,

• contractual and compliance requirements,

• risk and security considerations.

Data is securely deleted, anonymized, or restricted when no longer required.

6. Your Rights

You have the following rights under GDPR:

• right of access,

• right to rectification,

• right to erasure,

• right to restriction of processing,

• right to data portability,

• right to withdraw consent,

• right to object (including to direct marketing).

Requests may be submitted to:
dpo[at]gmfinancialgroup[dot]gr

We respond within statutory deadlines.

Supervisory Authorities

Greece
Hellenic Data Protection Authority
www.dpa.gr

United Kingdom
Information Commissioner’s Office (ICO)
www.ico.org.uk

7. Children

Our Services are not intended for individuals under 18.
We do not knowingly collect personal data from minors.

8. Security Measures

We implement appropriate technical and organizational safeguards, including:

• access controls,

• encryption where appropriate,

• system monitoring,

• secure hosting environments.

No internet transmission is fully secure; users should exercise caution when sharing information.

9. International Data Transfers

Personal data may be transferred outside the EEA, UK, or Switzerland where required for operational purposes.

Safeguards include:

• adequacy decisions,

• Standard Contractual Clauses (SCCs),

• UK Addendum and equivalent mechanisms.

Further details are available upon request.

10. Changes to This Policy

We may update this Policy periodically.
Updates are published on this page with a revised Last Updated date.

Continued use of the Services constitutes acknowledgment of the updated Policy.

11. Contact

For privacy-related matters, contact:
dpo[at]gmfinancialgroup[dot]gr

Last Updated: 06/02/2026