Data Privacy Policy

1. Who We Are

Azal Capital IKE is a private capital company (Ιδιωτική Κεφαλαιουχική Εταιρεία) incorporated in Athens, Greece, under Greek Law 4072/2012. We provide sovereign advisory services to government and institutional clients. We are the data controller for personal data collected through this website.

2. What Data We Collect and Why

We collect personal data in the following circumstances:

We do not use your personal data for marketing purposes, profiling, or automated decision-making. We do not sell your data to any third party.

3. Cookies

Our website uses only strictly necessary cookies required for security and functionality. These cookies do not require your consent under the ePrivacy Directive. For full details, please see our Cookie Policy.

4. Who We Share Your Data With

We share your personal data only where necessary with the following categories of recipients:

• Infomaniak Network SA (Switzerland) — our web hosting provider. Data hosted in Switzerland, which has an EU adequacy decision. Data Processing Agreement in place.
• Cloudflare Inc. (USA) — our content delivery network and security provider. Cloudflare is certified under the EU-US Data Privacy Framework. Standard Contractual Clauses incorporated into Cloudflare’s standard DPA, which applies automatically to our account.
• Proton AG (Switzerland) — our email provider. Data hosted in Switzerland. Zero-knowledge encryption means Proton cannot access email content.

We do not share your data with any other third parties without your explicit consent, except where required by law.

5. International Transfers

Your data may be transferred outside the European Economic Area to the following countries:

• Switzerland — adequate country per European Commission decision. No additional safeguards required.
• United States (Cloudflare) — transfers covered by Standard Contractual Clauses and/or the EU-US Data Privacy Framework.

Where we provide advisory services involving clients in non-EEA countries, any personal data transfers are made on the basis of contractual necessity (Article 49(1)(b) GDPR) or with appropriate safeguards in place.

6. How Long We Keep Your Data

We retain personal data only for as long as necessary:

• Contact form enquiries: 2 years from submission, or until the matter is resolved.
• Business correspondence that becomes part of a client engagement: 7 years from the end of the engagement.
• Website access logs (held by Cloudflare): up to 30 days per Cloudflare’s standard retention.

After these periods, personal data is securely deleted or anonymised.

7. Your Rights

Under GDPR, you have the following rights:

• Access — request a copy of your personal data.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete your data where there is no longer a lawful basis for processing.
• Restriction — ask us to restrict processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact us at contact@azaladvisors.com. We will respond within one calendar month. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr | Tel: +30 210 6475 600.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including end-to-end encrypted email (ProtonMail), HTTPS encryption on all web traffic, and restricted access to personal data on a need-to-know basis.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at azaladvisors.com/privacy-policy. Material changes will be notified prominently on the website.

10. Contact

Data controller: Azal Capital IKE, Athens, Greece

Data protection contact: contact@azaladvisors.com

Supervisory authority: Hellenic Data Protection Authority (HDPA), www.dpa.gr