Privacy Policy

1. Introduction

This Privacy Policy explains how Alpha Omega Financial Group ("we", "us", "our") collects, uses, discloses, and protects your personal data when you use our website, mobile applications, and related services (the "Services"). We are committed to protecting your privacy in accordance with Regulation (EU) 2016/679 (the "GDPR") and applicable Greek data-protection law.

2. Data controller

The data controller responsible for your personal data is Alpha Omega Financial Group, established in Greece. You can contact our Data Protection Officer at dpo@testakis.gr.

3. Personal data we collect

• Account data: name, email address, phone number, country of residence.
• Authentication data: hashed credentials, multi-factor authentication tokens, session identifiers.
• Usage data: pages viewed, features used, device and browser metadata, IP address, approximate geolocation.
• Marketing preferences: consent records, communication-channel preferences.

4. Why we process your data (legal bases)

• Performance of a contract (Article 6(1)(b) GDPR): to provide the Services you have requested.
• Legal obligation (Article 6(1)(c) GDPR): to comply with applicable financial-services and tax legislation.
• Legitimate interests (Article 6(1)(f) GDPR): to secure the Services, prevent fraud, and improve the user experience. You can object to this processing at any time.
• Consent (Article 6(1)(a) GDPR): for marketing communications and non-essential cookies. You can withdraw consent at any time.

5. Sharing your data

We share personal data only with: (i) processors acting on our documented instructions (e.g. cloud hosting, email delivery, analytics) bound by Article 28 GDPR data-processing agreements; (ii) competent authorities where legally required; and (iii) successors in the event of a corporate restructuring, subject to equivalent protections.

6. International transfers

Where personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission and, where appropriate, supplementary technical measures (encryption, pseudonymisation).

7. Retention

We retain personal data only for as long as necessary for the purposes described above and to comply with legal retention obligations (typically up to 5-7 years for financial-services records). Marketing-consent records are kept until you withdraw consent.

8. Your rights

Under the GDPR you have the right to: access, rectify, erase, restrict, port, and object to the processing of your personal data, as well as to withdraw consent and to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr). To exercise any of these rights, contact us at dpo@testakis.gr.

9. Security

We implement appropriate technical and organisational measures, including encryption in transit and at rest, role-based access controls, and regular security testing, to protect personal data from unauthorised access, disclosure, alteration, or destruction.

10. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the Services and, where required, we will request renewed consent. The "version" and "effective date" shown above always reflect the current version.

This document is template-grade boilerplate aligned with the GDPR and Greek data-protection law. It must be reviewed by qualified legal counsel before being relied upon for any specific deployment.