The entity responsible for data processing is:

ASTRONET LTD
Char. Trikoupi 22, Pylaia 555 35, Greece
Telephone: +30 2310 303 404
Email: info@astronet.gr
Business Hours: Monday to Friday, 9:00 AM – 5:00 PM

If you have questions about how we handle your personal data, please contact our Data Protection Officer using the details above.

2. What Sources and Data Do We Use?

We process personal data obtained directly from clients within our business relationship. We may also process data from publicly accessible sources (such as commercial or association registers, media, or online platforms) or legitimately obtained data from third parties, including KYC and due diligence providers.

Examples of personal data we may process include:

• Name, address, and contact details
• Date and place of birth, nationality
• Identification data (e.g. ID or passport information, signature)
• Order and transaction data (e.g. payment and contract details)
• Support and service correspondence
• Marketing data and analytics (including anonymized usage data via Google Analytics)

Analytics information is fully anonymized and helps us improve user experience on our website.

3. Purpose and Legal Basis for Processing

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

a. Contract Performance: Data is processed to provide and manage our services, fulfill contractual obligations, and handle pre-contractual inquiries.

b. Legitimate Interests: We may process data to maintain and improve business operations, such as:

• Enhancing customer service and needs assessments
• Conducting marketing and opinion research (if you have not objected)
• Preventing fraud, ensuring IT security, and managing risk
• Asserting or defending against legal claims

c. Consent: If you have granted consent (e.g. receiving newsletters or marketing communications), data processing will be based on that consent, which may be withdrawn at any time.

d. Legal Obligations / Public Interest: As a service provider, we comply with legal and regulatory requirements such as anti-money laundering, tax, and reporting obligations. This may involve identity checks and fraud prevention measures.

4. Who Receives My Data?

Authorized employees, partners, and service providers may access your personal data when necessary to fulfill contractual or legal obligations. These may include providers in:

• IT hosting and maintenance
• Marketing and communication services
• Financial institutions
• Legal and compliance consultancy

All third-party processors are contractually bound to maintain confidentiality and data protection standards.

5. Data Transfers to Third Countries

Your data may be transferred outside the EU or Switzerland only when:

• It is necessary for business operations (e.g. international transactions)
• Required by law
• You have provided explicit consent

All transfers are protected by GDPR-compliant safeguards.

6. Data Retention Period

We keep your personal data only for as long as necessary to fulfill our contractual or legal obligations. Once data is no longer required, it will be securely deleted unless retention is mandated by:

• Financial or commercial record-keeping requirements
• Ongoing legal investigations or compliance obligations

7. Your Data Protection Rights

You have the right to:

• Request access to your data
• Request correction, deletion, or restriction of processing
• Object to data processing
• Request data portability (where applicable)
• Withdraw your consent at any time
• Lodge a complaint with your local data protection authority

To exercise these rights, contact: info@astronet.gr

8. Obligation to Provide Data

Providing personal data is necessary for setting up and maintaining a business relationship and for fulfilling statutory obligations (such as identity verification). If you choose not to provide this data, we may be unable to establish or continue the requested services.

9. Automated Decision-Making and Profiling

ASTRONET does not use automated decision-making to form client relationships or deliver services.
However, certain automated assessments (profiling) may occur for compliance and security reasons, such as fraud prevention or transaction risk assessment. These mechanisms are used solely to protect clients and ensure regulatory compliance.