Privacy Policy

Covers the following entities

  • Canada: Delos Financial LTD, 255 5 Ave SW, Calgary, AB T2P 3G6

  • United Kingdom: Delos Financial Limited, Formal House, 60 St. Georges Place, Cheltenham, Gloucestershire, England, GL50 3PN

  • Greece: Delos Financial ΜΟΝΟΠΡΟΣΩΠΗ A.Ε., Leof. El. Venizelou 238, Kallithea 176 75, Athens, Attica

Last Updated: 10 Oct 2025 Last Reviewed: 25 Jun 2025 Next Review: 25 Jun 2026

Delos Financial Group (“Delos”, “we”, “us”, “our”) is committed to protecting the privacy of individuals whose personal data we process. This Policy explains what personal data we collect, why we process it, how we protect it, your rights, and how to contact us.

Global Privacy Notice (short summary)

This Global Privacy Notice summarises the key privacy information you need when interacting with Delos Financial Group:

  • Controller: Delos Financial Group acts as the data controller for the personal data described in this policy.

  • What we collect: identity, contact, financial, authentication and device/usage data necessary to provide, secure and improve our services.

  • Why we process: to perform contracts, meet legal and regulatory obligations (including AML/KYC), prevent fraud, maintain security, and for legitimate business interests such as improving services — or with consent where required.

  • Sharing: we share data with trusted service providers, regulators where required, and in corporate transactions. We do not sell personal data for marketing.

  • Transfers: personal data may be transferred internationally; we apply appropriate safeguards (contractual safeguards, SCCs or equivalent).

  • Your rights: access, correction, deletion, restriction, objection, portability, withdraw consent and complaint to a supervisory authority where applicable.

  • Security & retention: we apply encryption, access controls and retention limits aligned to legal requirements.

  • Contact: [email protected] — use this address to exercise rights, ask questions or raise concerns.

For more detail on each item below, see the full policy sections that follow.

1. Data controller & contact

Delos Financial Group (each entity above) is the data controller for personal data processed in connection with the services provided by the Group entities. Data Protection Officer (DPO) / privacy contact: [email protected]

2. Information we collect

We collect categories of personal data necessary to provide and improve our services, including (examples):

  • Identifying information: name, date of birth, national ID.

  • Contact information: postal address, email, phone.

  • Financial information: bank account details, transaction history.

  • Authentication data: passwords, 2FA credentials (stored securely).

  • Usage & device data: IP address, device fingerprints, logs, cookies.

  • Customer support and case notes.

We collect this information from you, from your interactions with our services, and from third parties (e.g., identity verification providers, payment processors, partners) where permitted.

3. Lawful bases for processing

We rely on lawful bases that apply depending on context, such as: performance of a contract; compliance with legal obligations (e.g., AML/KYC requirements); your consent where required; and our legitimate interests (e.g., fraud prevention, improving services), balanced against your rights.

4. How we use your information

We use personal data to: deliver account and payment services; verify identity and comply with AML/KYC and sanctions rules; operate and secure our products; provide customer support; detect and prevent fraud; perform analytics and improve our services; and meet legal or regulatory obligations.

5. Sharing & processors

We do not sell personal data for third-party marketing. We share data with: service providers and processors (e.g., identity verification, payment, cloud hosting), regulators and law enforcement when required by law, and in corporate transactions (with safeguards). All processors are contractually bound to protect personal data and only process it per our instructions.

6. International transfers & safeguards

Personal data may be processed or stored in countries outside the EEA/UK/Canada (including the US). When data is transferred internationally we apply appropriate safeguards (e.g., EU Standard Contractual Clauses, contractual commitments, binding safeguards) or other lawful transfer mechanisms, and we document transfer risk assessments.

7. Data retention

We retain personal data only as long as necessary to fulfil the purpose for which it was collected, to comply with legal obligations (for example AML/record-keeping laws) and to resolve disputes. Retention periods are documented and aligned with our Document Retention Policy.

8. Data security

We use technical and organisational measures to protect personal data including encryption in transit and at rest, access controls, keys managed via cloud KMS, monitoring and logging, regular security assessments, and incident response processes.

9. Cookies & tracking

We use cookies and similar technologies to operate our services, remember preferences, secure accounts and for analytics. Where required by law we will obtain consent. You can manage cookie preferences via your browser or the preferences tools we provide.

10. Children

Our services are not directed at children. We do not knowingly collect personal data from children under applicable age thresholds. If we become aware that we have collected such data we will delete it in accordance with applicable law.

11. Your rights — quick summary

Subject to applicable law, you may have the right to:

  • Access the personal data we hold about you.

  • Request correction or completion of inaccurate personal data.

  • Request deletion/erasure where permitted.

  • Request restriction of processing.

  • Object to processing (including profiling) where grounds exist.

  • Request data portability (receive a copy in machine-readable format).

  • Withdraw consent where processing is based on consent.

  • Lodge a complaint with a supervisory authority (see jurisdictional notices below).

To exercise rights: contact [email protected]. We will verify requests and respond within applicable legal timescales.

12. Privacy notices by jurisdiction

GDPR Notice (EU / EEA / UK)

If you are an EU/EEA or UK data subject, the GDPR (or UK GDPR) may apply to processing by Delos. You have all rights described in Section 11. Where we rely on legitimate interests we will document and balance those interests; where we rely on consent you may withdraw consent at any time without affecting processing lawfully carried out before withdrawal. You have the right to lodge a complaint with your local supervisory authority (for example the Information Commissioner’s Office (ICO) in the UK or the relevant national authority in the EU).

PIPEDA Notice (Canada)

If your personal data is processed under Canadian jurisdiction, PIPEDA and applicable provincial privacy laws govern processing. We rely on consent, contract performance or legal obligations as the basis for processing. You can withhold or withdraw consent (subject to legal or contractual restrictions) and request access or correction of your personal information. If you have a privacy complaint that we cannot resolve, you may contact the Office of the Privacy Commissioner of Canada (OPC).

United States notice (overview / state law)

There is no single U.S. federal privacy law covering all personal data; certain state laws (e.g., California CCPA/CPRA) may afford additional rights to residents (such as rights to know, delete, and limit sale/sharing). Where applicable state law provides specific rights, we will honour those rights. We do not “sell” personal data for purposes of consumer protection laws. To exercise state-specific rights, or for more information, contact [email protected].

13. Automated decision-making & profiling

We may use automated tools for identity verification, fraud detection and risk scoring. Where automated decision-making has a legal or similarly significant effect, we provide information about the logic involved, the meaning, and the possible consequences, and offer a way to request human review where required by law.

14. Breach notification

In the event of a personal data breach that creates a risk to your rights and freedoms, we will follow our incident response procedures and notify affected individuals and regulators as required by applicable law without undue delay.

15. How to exercise your rights or complain

  • Contact (DPO): [email protected]

  • Postal: use the relevant entity address at top of this policy.

  • If you are not satisfied with our response you may lodge a complaint with the relevant supervisory authority in your jurisdiction (e.g., ICO in the UK, OPC in Canada, or the relevant EU Member State authority).

16. Changes to this policy

We may update this Policy from time to time. We will publish the updated policy with a revised “Last Updated” date and, where required by law, notify you of material changes.

PreviousPlatform Agreement (BaaS)NextComplaints Policy

Last updated