Wocap Privacy Policy

Effective Date: July 17, 2025

  1. 1. Introduction

    At Wocap S.A. ("Wocap", "we", "us", "our"), we are committed to safeguarding the privacy and personal data of our users, clients, and business partners. This Privacy Policy outlines how we collect, process, store, and protect your personal data when you interact with our website, platform, or services.

    We process personal data in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), as well as applicable data protection legislation in Greece. Our objective is to be transparent about our data practices and provide you with control over your personal information.

  2. 2. Data Controller

    For the purposes of applicable data protection laws, the entity responsible for the processing of your personal data (the "Data Controller") is:

    Wocap S.A.
    Registered office: Kifisia, Greece
    G.E.MI. Registration No.: 182915901000
    Tax Identification Number: 802795397
    Email: info@wocap.io

    If you have any questions about how your data is handled, you may contact us at: info@wocap.io.

  3. 3. Personal Data We Collect

    We collect and process personal data only to the extent necessary for the operation of our platform and services, and to fulfill our contractual and legal obligations. The types of personal data we collect include:

    • Business Contact Information:
      Full name, company name, job title or role, business email address, and phone number.
    • Account & Platform Usage Data:
      Login credentials (e.g., usernames, encrypted passwords), ERP integration metadata, organization-level usage preferences, and platform access history.
    • Technical & Interaction Data:
      IP address, browser type and version, device identifiers, language settings, session duration, referral URLs, and information collected via cookies or similar tracking technologies (see our Cookie Policy for more information).

    We do not knowingly collect or process sensitive personal data (e.g., data relating to health, ethnicity, or political beliefs) unless required by law or explicitly provided with consent.

  4. 4. Legal Basis for Processing

    We process your personal data only where there is a valid legal basis under Article 6 of the GDPR. Depending on the specific context in which we collect your data, the legal bases include:

    • Contractual Necessity: When the processing is required to enter into or perform a contract with you or your company (e.g., user onboarding, service provision, technical support).
    • Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving platform functionality, ensuring cybersecurity, preventing fraud, and maintaining service continuity — provided such interests do not override your rights and freedoms.
    • Legal Obligations: When processing is necessary to comply with applicable laws and regulatory obligations, including anti-money laundering (AML), tax compliance, and corporate recordkeeping requirements.
    • Consent: When you have provided explicit consent for specific purposes, such as receiving marketing communications or participating in user feedback programs. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

  5. 5. How We Use Your Data

    We use the personal data we collect strictly for defined, lawful purposes that align with our service delivery model and legal obligations. These include:

    • User Onboarding and Platform Access: To create, verify, and manage your user account, including ERP integration where applicable.
    • Service Delivery and Optimization: To operate, maintain, and improve the functionality, performance, and user experience of our platform.
    • Communication: To send important service updates, operational notifications, or administrative information related to your account or transactions.
    • Legal and Regulatory Compliance: To meet obligations under applicable law, including accounting, financial reporting, risk management, and compliance monitoring.

    We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects without your explicit knowledge.

  6. 6. Data Sharing and Disclosure

    We treat your personal data with the utmost confidentiality and share it only when strictly necessary. In particular:

    • Third-Party Service Providers: We may engage carefully vetted third-party processors to support service delivery — including cloud infrastructure, ERP integrations, analytics platforms, customer support tools, and secure communication systems. These processors act solely on our instructions and are contractually bound by strict data protection and confidentiality obligations (including GDPR-compliant Data Processing Agreements).
    • Legal or Regulatory Authorities: We may disclose personal data where required to do so by law, regulation, legal process, or governmental request, including for fraud prevention or law enforcement.
    • Corporate Transactions: In the event of a merger, acquisition, or asset sale, data may be transferred to involved parties under appropriate confidentiality safeguards.

    We do not sell, rent, or trade your personal data to any third party under any circumstances.

  7. 7. International Data Transfers

    We may transfer personal data to jurisdictions outside the European Economic Area (EEA) where our service providers or infrastructure partners operate. In all such cases, we ensure that your data remains protected through the implementation of appropriate safeguards, including

    • Standard Contractual Clauses (SCCs): As adopted by the European Commission under Article 46 of the GDPR;
    • Binding Corporate Rules (where applicable); or
    • Transfers to jurisdictions deemed by the European Commission to provide an adequate level of data protection.

    We apply the same level of protection and diligence to international data transfers as we do within the EEA.

  8. 8. Data Retention

    We retain personal data only for as long as is strictly necessary to fulfill the purposes for which it was collected, including:

    • Provision of services and contractual obligations
    • Compliance with legal, tax, and regulatory requirements
    • Security, dispute resolution, and fraud prevention

    When personal data is no longer required, we securely delete, anonymize, or archive it in accordance with our internal data retention policy and applicable legal standards.

  9. 9. Your Rights

    As a data subject under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data:

    • Right of Access: To obtain confirmation of whether we process your data and to request a copy.
    • Right to Rectification: To request correction of inaccurate or incomplete personal data.
    • Right to Erasure: To request deletion of your data where no longer necessary or where consent is withdrawn.
    • Right to Restriction: To request limited processing where data accuracy is contested or processing is unlawful.
    • Right to Object: To object to processing based on our legitimate interests, including direct marketing.
    • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
    • Right to Lodge a Complaint: You have the right to file a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

    To exercise any of these rights, please contact us at info@wocap.io.

  10. 10. Cookies

  11. 11. Security Measures

    We are committed to safeguarding your personal data through robust technical and organizational security measures, consistent with industry best practices and aligned with ISO/IEC 27001 standards (certification pending).

    These include, but are not limited to:

    • Data encryption (at rest and in transit)
    • Access controls and role-based permissions
    • Multi-factor authentication (MFA)
    • Regular security audits and vulnerability assessments
    • Secure software development protocols
    • Business continuity and disaster recovery procedures

    Access to personal data is limited strictly to authorized personnel with a legitimate business need and is continuously monitored to prevent unauthorized access, disclosure, alteration, or destruction.

  12. 12. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at: info@wocap.io.

    We will make every effort to respond promptly and in accordance with applicable data protection regulations.