Privacy Policy

Effective Date: July 17, 2025

  1. 1. Introduction

    At Wocap S.A. ("Wocap", "we", "us", "our"), we are committed to safeguarding the privacy and personal data of our users, clients, and business partners. This Privacy Policy outlines how we collect, process, store, and protect your personal data when you interact with our website, platform, or services.

    We process personal data in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), as well as applicable data protection legislation in Greece. Our objective is to be transparent about our data practices and provide you with control over your personal information.

    Wocap is committed to the principles of data minimization and purpose limitation in accordance with the GDPR.

  2. 2. Data Controller

    For the purposes of applicable data protection laws, the entity responsible for the processing of your personal data (the "Data Controller") is:

    Wocap S.A.
    Registered office: Kifisia, Greece
    G.E.MI. Registration No.: 182915901000
    Tax Identification Number: 802795397
    Email: info@wocap.io

    If you have any questions about how your data is handled, you may contact us at: info@wocap.io or your designated account contact.

    Depending on the context of the processing, Wocap may act either as a Data Controller or as a Data Processor on behalf of its customers. In particular, Wocap acts as a Data Processor with respect to certain personal data processed on behalf of Buyers via the platform, and as a Data Controller for user registration, platform usage data, and certain limited processing activities necessary to ensure platform security, maintain service integrity, comply with legal obligations, and keep appropriate audit and access logs.

  3. 3. Personal Data We Collect

    We collect and process personal data only to the extent necessary for the operation of our platform and services, and to fulfill our contractual and legal obligations.

    We process personal data relating to:

    • Users and authorized representatives of our customers (e.g. employees, officers);
    • Suppliers and their representatives;
    • Website visitors and prospective customers.

    We collect personal data either directly from Users or indirectly through our customers (e.g. Buyers providing Supplier contact details for onboarding purposes).

    The types of personal data we collect include:

    • Business Contact Information:
      Full name, company name, job title or role, business email address, and phone number.
    • Account & Platform Usage Data:
      Login credentials (e.g., usernames, encrypted passwords), ERP integration metadata, organization-level usage preferences, and platform access history.
    • Technical & Interaction Data:
      IP address, browser type and version, device identifiers, language settings, session duration, referral URLs, and information collected via cookies or similar tracking technologies (see our Cookie Policy for more information).

    We may collect personal data either directly from you or indirectly through our customers or business partners, including where Buyers provide Supplier contact details for onboarding or operational purposes. Where required by applicable law, appropriate privacy information will be provided to the relevant data subjects.

    We do not knowingly collect or process sensitive personal data (e.g., data relating to health, ethnicity, or political beliefs) unless required by law or explicitly provided with consent.

  4. 4. Legal Basis for Processing

    We process your personal data only where there is a valid legal basis under Article 6 of the GDPR. Depending on the specific context in which we collect your data, the legal bases include:

    • Contractual Necessity: When the processing is required to enter into or perform a contract with you or your company (e.g., user onboarding, service provision, technical support).
    • Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving platform functionality, ensuring cybersecurity, preventing fraud, and maintaining service continuity — provided such interests do not override your rights and freedoms.
    • Legal Obligations: When processing is necessary to comply with applicable laws and regulatory obligations, including anti-money laundering (AML), tax compliance, and corporate recordkeeping requirements.
    • Consent: When you have provided explicit consent for specific purposes, such as receiving marketing communications or participating in user feedback programs. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

  5. 5. How We Use Your Data

    We use the personal data we collect strictly for defined, lawful purposes that align with our service delivery model and legal obligations. These include:

    • User Onboarding and Platform Access: To create, verify, and manage your user account, including ERP integration where applicable.
    • Service Delivery and Optimization: To operate, maintain, and improve the functionality, performance, and user experience of our platform.
    • Communication: To send important service updates, operational notifications, or administrative information related to your account or transactions.
    • Legal and Regulatory Compliance: To meet obligations under applicable law, including accounting, financial reporting, risk management, and compliance monitoring.

    We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects without your explicit knowledge.

    Wocap does not carry out automated decision-making, including profiling, that produces legal or similarly significant effects within the meaning of Article 22 GDPR.

  6. 6. Data Sharing and Disclosure

    We treat your personal data with the utmost confidentiality and share it only when strictly necessary. In particular:

    • Third-Party Service Providers: We may engage carefully vetted third-party processors to support service delivery — including cloud infrastructure, ERP integrations, analytics platforms, customer support tools, and secure communication systems. These processors act solely on our instructions and are contractually bound by strict data protection and confidentiality obligations (including GDPR-compliant Data Processing Agreements). A list of subprocessors may be made available upon request, subject where appropriate to confidentiality restrictions.
    • Legal or Regulatory Authorities: We may disclose personal data where required to do so by law, regulation, legal process, or governmental request, including for fraud prevention or law enforcement.
    • Corporate Transactions: In the event of a merger, acquisition, or asset sale, data may be transferred to involved parties under appropriate confidentiality safeguards.

    We do not sell, rent, or trade your personal data to any third party under any circumstances.

  7. 7. International Data Transfers

    We may transfer personal data to jurisdictions outside the European Economic Area (EEA) where our service providers or infrastructure partners operate.

    In all such cases, we ensure that your data remains protected through the implementation of appropriate safeguards, including:

    • Standard Contractual Clauses (SCCs): As adopted by the European Commission under Article 46 of the GDPR;
    • Binding Corporate Rules (where applicable); or
    • Transfers to jurisdictions deemed by the European Commission to provide an adequate level of data protection.

    We apply the same level of protection and diligence to international data transfers as we do within the EEA.

  8. 8. Data Retention

    We retain personal data only for as long as is strictly necessary to fulfill the purposes for which it was collected, including:

    • Provision of services and contractual obligations
    • Compliance with legal, tax, and regulatory requirements
    • Security, dispute resolution, and fraud prevention

    Retention periods are determined based on the nature of the data, the purposes of processing, contractual requirements, legal and regulatory obligations, and operational necessity.

    For telephone communications with the Customer Support Department, call recordings/call data are retained for a period of six (6) months, exclusively for the purposes of quality control, staff training, and dispute resolution.

    When personal data is no longer required, we securely delete, anonymize, or archive it in accordance with our internal data retention policy and applicable legal standards.

  9. 9. Your Rights

    As a data subject under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data:

    • Right of Access: To obtain confirmation of whether we process your data and to request a copy.
    • Right to Rectification: To request correction of inaccurate or incomplete personal data.
    • Right to Erasure: To request deletion of your data where no longer necessary or where consent is withdrawn.
    • Right to Restriction: To request limited processing where data accuracy is contested or processing is unlawful.
    • Right to Object: To object to processing based on our legitimate interests, including direct marketing.
    • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
    • Right to Lodge a Complaint: You have the right to file a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

    To exercise any of these rights, please contact us at info@wocap.io.

  10. 10. Cookies

  11. 11. Security Measures

    We are committed to safeguarding your personal data through robust technical and organizational security measures, consistent with industry best practices and aligned with ISO/IEC 27001 certified information security practices.

    These include, but are not limited to:

    • Data encryption (at rest and in transit)
    • Access controls and role-based permissions
    • Multi-factor authentication (MFA)
    • Regular security audits and vulnerability assessments
    • Secure software development protocols
    • Business continuity and disaster recovery procedures

    Access to personal data is limited strictly to authorized personnel with a legitimate business need and is continuously monitored to prevent unauthorized access, disclosure, alteration, or destruction.

    In the event of a personal data breach, Wocap will take appropriate measures to mitigate risks and will notify affected parties and competent authorities where required by applicable law.

  12. 12. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at: info@wocap.io.

    We will make every effort to respond promptly and in accordance with applicable data protection regulations.

56b485334a093a6bd6b863e25e5312b6191b1f" defer data-cookieconsent="marketing">