Primary Policy

At GM FINANCIAL GROUP LTD (along with our affiliated partner companies, hereinafter referred to as the “Company,” “we,” “our,” or “us”), we respect your privacy and are committed to keeping secure any information we collect from or about you.

This Privacy Policy outlines our practices regarding the personal data we collect from or about you when you use our website, applications, and services (collectively, the “Services”).

This Privacy Policy does not apply to content processed on behalf of our clients for products and Services we provide through our partnerships. The use of such data is governed by specific, individualized agreements with our clients covering access to and use of these products and Services.

For information on how we collect and use information to develop products or Services that drive growth or support other Services, as well as on the choices you have regarding this information, please see this Privacy Policy.

1. Data Controller

As a data controller, the Company is committed to upholding the principles of transparency and lawfulness in processing your data. You may contact our Data Protection Officer via email at dpo[at]gmfinancialgroup[dot]gr or send a letter to (201b.3 Cardinal Point, Park Road, Rickmansworth, England, WD3 1RE), specifying our the Company’s name on the envelope.

2. Personal Data We Collect

We collect personal data about you (hereinafter “Personal Data”), as described below:

Personal Data You Provide: When you create an account to use our Services or contact us, we collect the following Personal Data:

– Account Information: When you create an account, we collect information related to your account, including your name, contact details, account credentials, and date of birth (collectively, “Account Information”).

– User Content: We collect any Personal Data you enter into the Services (hereinafter “Content”), including instructions you provide and other content you upload, such as files (corporate or personal) within the funding application form, images in (business plans), and videos (drone or landscape footage), depending on the features you use.

– Contact-Based Information: If you reach out to us, for instance, via form, email, or our social media pages, we collect Personal Data such as your name, contact information, and the content of any messages you send (collectively, “Contact-Based Information”).

– Other Information You Provide: We collect other information you may provide, such as when you participate in our events or surveys or provide us with information to verify your identity or age (collectively, “Other Information You Provide”).

– Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with our Services, we receive the following information regarding your visit, usage, or interactions (hereinafter “Technical Information”):

– Log Data: We collect information automatically sent by your browser or device when you use our Services. Log Data includes your IP address, browser type and settings, date and time of your request, and how you interact with our Services.

– Usage Data: We may automatically collect information about how you use the Services, such as the type of content you view or interact with, features you use, and actions you take, as well as your time zone, country, access dates and times, user agent and version, type of computer or mobile device, and connection type.

– Device Information: We collect information about the device you use to access our Services, such as device name, operating system, device identifiers, and browser used. The information collected may depend on the type of device and its settings.

– Location Information: We may determine the general area from which your device accesses our Services based on information such as your IP address for security and to enhance your product and service experience. For example, we may protect your account by detecting unusual login activity or provide more accurate responses. Additionally, certain Services allow you to provide more precise location information from your device, such as GPS location.

– Cookies and Related Technologies: We use cookies and related technologies to operate and manage our Services and improve your experience. If you use our Services without creating an account, we may store some of the information described in this policy as cookies, which help you, for instance, retain preferences across browsing sessions. For details on our use of cookies, see our Cookie Policy.

– Information We Receive from Other Sources: We receive information from trusted partners, such as security partners, to protect our Services from fraud, abuse, and other security threats, and from marketing service providers who provide information on potential clients for our business services.

We also collect information from other sources, such as publicly available information online, primarily to support the development of the models that power our Services.

3. How We Use Personal Data

We may use Personal Data for the following purposes:

– To provide, analyze, and maintain our Services, for example, by responding to your inquiries.
– To improve and develop our Services and conduct research, such as developing new features.
– To communicate with you, including sending you information about our Services and events, such as updates or enhancements to the Services.
– To prevent fraud, illegal activity, or misuse of our Services, and to safeguard the security of our systems and Services.
– To comply with legal obligations and protect the rights, privacy, security, or property of our users, GM FINANCIAL GROUP LTD, our affiliated companies, or any third party.

We may also aggregate or anonymize Personal Data so that it no longer identifies you, and use this data for the purposes described above, such as to analyze how our Services are used, enhance and add features, and conduct research. We will retain and use anonymized information in an unidentifiable form and will not attempt to re-identify it unless required by law.

As highlighted above, we may use the Content you provide to improve our Services, for example, to train our partners to better serve you.

4. Disclosure of Personal Data

We may disclose your Personal Data in the following circumstances:

– Suppliers or Service Providers: To meet business needs and perform certain services and functions, we may disclose Personal Data to suppliers and service providers, such as hosting providers, customer service vendors, cloud providers, content delivery services, security support and monitoring services, email communication software, web analytics services, payment processors, and other IT service providers. These parties will access, process, or store Personal Data only as directed, in the course of fulfilling their responsibilities to us.

– Business Transfers: In cases where we are involved in strategic transactions, reorganization, bankruptcy, receivership, or service transition to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the due diligence process to counterparties and other parties supporting the Transaction and may be transferred to a successor or affiliated entity as part of the Transaction, along with other assets.

– Government Authorities or Other Third Parties: We may share your Personal Data, including information regarding your interactions with our Services, with government authorities, industry counterparts, or other third parties as required by law (i) to comply with a legal obligation or in good faith that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine at our discretion that there has been a violation of our terms, policies, or the law, (iv) to detect or prevent fraud or other illegal activity, (v) to ensure the security, protection, and integrity of our products, employees, partners, users, or the public, or (vi) to defend against legal liability.

– Affiliated Companies: We may disclose Personal Data to our affiliated companies, which are entities that control, are controlled by, or are under common control with the Company. Our affiliated companies may use such Personal Data in a manner consistent with this Privacy Policy.

– Business Account Administrators: When you register with the Company for a Company or business account, the administrators of such an account may have access to and control over your Company account, including the ability to access your Content. Additionally, if you create an account using an email address belonging to your employer or another organization, we may inform your employer or organization that you have a Company account and share certain account information, such as your email address, to enable your addition to their business account.

– Other Users and Third Parties You Interact With or Share Information With: Certain features may allow you to interact with other users or third parties or share information with them. For example, you may share conversations from our Company with other users via links you provide. You may also send information to third-party applications or social networks, such as through custom actions for the Company or to search the internet, to help answer questions that benefit from more recent information. Information you share with third parties is governed by their own terms and privacy policies, and you should ensure you understand these terms and policies before sharing information with them.

5. Data Retention

We will retain your Personal Data only for as long as necessary to provide you with our Services or for other legitimate business purposes, such as resolving disputes, security purposes, or compliance with our legal obligations. The duration for which we retain Personal Data depends on various factors, including:

– The purpose of processing the data (e.g., if data retention is needed to provide our Services).
– The quantity, nature, and sensitivity of the data.
– The potential risk of harm from unauthorized use or disclosure of the data.
– Any legal requirements we are subject to.

In some cases, the retention period for data depends on your settings. For example, temporary conversations with our Company will not appear in your history and will be retained for up to 30 days for security purposes.

6. Your Rights

You have the following statutory rights concerning your Personal Data:

– Access to your Personal Data and information regarding its processing.
– Deletion of your Personal Data from our records.
– Correction or Update of your Personal Data.
– Data Portability, allowing you to transfer your Personal Data to a third party.
– Restriction of how we process your Personal Data.
– Withdrawal of Consent at any time if we rely on consent as the legal basis for processing.
– Filing a Complaint with the local data protection authority (see bellow).

You also have the following rights to object:

– Objection to the processing of your Personal Data for direct marketing purposes at any time.
– Objection to our processing of your Personal Data when processing is based on legitimate interests.

If you are unable to exercise your rights through your account (such as accessing, correcting, deleting, restricting processing, data portability, or objecting to processing), please submit your request via email at: dpo[at]gmfinancialgroup[dot]gr.

We hope to address any questions or concerns you may have. If we or our Data Protection Officer cannot resolve an issue, you may submit a complaint to the Hellenic Data Protection Authority (Kifisias 1-3, 115 23, Athens, +30 210 6475 600, [email protected]) or any competent supervisory authority within the European Union.

7. Children

Our Services are neither directed nor intended for children under the age of 18. We do not knowingly collect Personal Data from children under 18. If you believe that a child under 18 has provided Personal Data to our Company through the Services, please email us at dpo[at]gmfinancialgroup[dot]gr. We will investigate any report and, if warranted, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services.

8. Security

We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, no transmission over the internet or email is ever fully secure or error-free. Therefore, please exercise caution when deciding what information to share through the Services. Additionally, we are not responsible for any circumvention of privacy settings or security measures contained within the Service or on third-party websites.

9. Legal Bases for Processing