Privacy Policy

1. Introduction

WORLD CLASS CONSULTANTS G.P. / WORLD CLASS CONSULTANTS O.E. (trading as WORLD CLASS CONSULTANTS, "we", "us", "our") is committed to protecting personal data and respecting the privacy of individuals in accordance with Regulation (EU) 2016/679 (the GDPR) and applicable Greek and EU data protection law.

This Privacy Policy explains how and why we process personal data when you interact with us through our website, by email or other professional communications, or in the context of prospective or existing business relationships.

2. Controller Details

The controller responsible for the processing of personal data described in this Privacy Policy is:

We have not designated a Data Protection Officer because, based on our current activities, we are not required to do so under Article 37 GDPR.

3. Categories of Personal Data

Depending on the nature of your interaction with us, we may process the following categories of personal data:

• identification data, such as your name;
• contact data, such as your email address, telephone number, postal address, or signature block information;
• business and professional data, such as company name, role, and professional capacity;
• enquiry and correspondence data, such as the contents of messages, requests, and follow-up communications;
• contractual, project, billing, and invoicing data, where relevant to a business relationship;
• technical and website usage data that may be generated when you access the website, such as server logs, security logs, IP-related event data, browser/device information, and similar technical information necessary for security, troubleshooting, and reliable operation of the website.

We do not intentionally collect special categories of personal data within the meaning of Article 9 GDPR through the website. Please do not send sensitive personal data to us unless it is strictly necessary and appropriate safeguards have been agreed.

4. Purposes of Processing and Legal Bases

We process personal data only where permitted under Article 6 GDPR. The main purposes and legal bases are as follows:

5. Legitimate Interests

Where we rely on Article 6(1)(f) GDPR, our legitimate interests may include:

• responding to business enquiries and maintaining professional communications;
• administering and documenting business relationships;
• protecting the website, systems, and communications against misuse, spam, fraud, unauthorized access, and other security risks;
• ensuring the availability, integrity, and performance of the website and related business systems; and
• exercising or defending legal claims, where necessary.

When relying on legitimate interests, we consider and balance our interests against the rights and freedoms of the individuals concerned.

6. Recipients and Processors

We may share personal data, where necessary, with trusted third parties acting on our behalf or where otherwise permitted by law, including:

• IT hosting, infrastructure, security, and website service providers;
• email, productivity, and collaboration service providers;
• professional advisers, such as accountants, lawyers, auditors, and compliance advisers;
• payment, billing, banking, or invoicing-related service providers, where relevant; and
• public authorities, regulators, courts, or enforcement bodies where disclosure is required by law or necessary to establish, exercise, or defend legal claims.

Where third parties act as our processors, we require appropriate contractual safeguards in accordance with Article 28 GDPR.

7. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), we will do so only where a lawful transfer mechanism exists under applicable data protection law, including, where relevant, adequacy decisions or the European Commission's Standard Contractual Clauses together with any supplementary measures considered necessary.

You may request more information about applicable transfer safeguards using the contact details in this Privacy Policy.

8. Retention

We retain personal data only for as long as necessary for the relevant purpose and in accordance with applicable legal, accounting, contractual, and operational requirements. Retention periods may vary depending on the nature of the relationship and the applicable records involved. In particular:

• business enquiries and general correspondence are retained for as long as needed to respond to the enquiry, manage follow-up, and keep an appropriate record of the communication;
• prospective client, proposal, and pre-contract materials are retained for as long as reasonably necessary to evaluate the opportunity, conduct follow-up, and document the relevant business history;
• contract, project, billing, and invoicing records are retained for the duration of the relationship and thereafter for as long as needed to comply with legal, accounting, tax, audit, and record-keeping obligations and to establish, exercise, or defend legal claims;
• technical, website, and security-related logs are retained for as long as operationally necessary for security, troubleshooting, continuity, and incident investigation; and
• consent records are retained for as long as needed to demonstrate compliance with consent requirements and to manage withdrawals of consent.

When personal data is no longer required, we will delete, anonymise, or otherwise securely dispose of it, unless continued retention is required or permitted by law.

9. Data Subject Rights

Subject to applicable law, you may have the right to:

• request access to your personal data;
• request rectification of inaccurate or incomplete personal data;
• request erasure of your personal data where applicable;
• request restriction of processing;
• object to processing carried out on the basis of legitimate interests;
• request data portability where applicable;
• withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing before withdrawal; and
• lodge a complaint with a competent supervisory authority.

10. Exercising Your Rights

To exercise your rights or make a privacy-related request, please contact us at tzimis@worldclassconsultants.gr.

We will respond in accordance with applicable data protection law.

If you believe that the processing of your personal data infringes applicable law, you also have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), including through the authority's official channels.

11. Whether You Must Provide Personal Data

You are generally not under a statutory obligation to provide personal data to us when using the website.

However, if you contact us, request information, ask us to consider an engagement, or enter into a contractual relationship with us, certain personal data may be necessary in order for us to respond to you, evaluate your request, communicate effectively, perform the contract, issue invoices, or comply with legal obligations. If you do not provide the necessary data, we may be unable to respond fully or proceed with the relevant relationship or transaction.

12. Automated Decision-Making

We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you through this website.

13. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss, misuse, or destruction, taking into account the nature of the data and the risks involved.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, operational, or organisational changes. The most current version will be made available on the website with an updated "Last updated" date.