Privacy Policy

Last Updated: [June 2026] 

 

  1. Introduction

TheFutureCats Advisory S.A. (“TheFutureCats”, “Company”, “we”, “our” or “us”) is committed to protecting the privacy and personal data of individuals who visit our website, contact us, subscribe to our communications, use our services, or otherwise interact with us. 

This Privacy Policy explains how we collect, use, disclose, store and protect personal data in accordance with Regulation (EU) 2016/679 (“GDPR”), Greek Law 4624/2019 and other applicable data protection laws. 

 

  1. Data Controller

The data controller responsible for the processing of personal data described in this Privacy Policy is: 

TheFutureCats Advisory S.A. 

Soumela 41, Kalamaria, Thessaloniki  
Email: dpo@thefuturecats.com 

For any questions regarding this Privacy Policy or the processing of personal data, you may contact us using the details above. 

 

  1. Categories of Personal Data We Collect

Depending on the nature of our interaction, we may collect the following categories of personal data: 

Contact Information 

  • First name 
  • Last name 
  • Email address 
  • Telephone number 
  • Company name 
  • Professional title 

Communication Information 

  • Information contained in contact forms 
  • Correspondence exchanged with us 
  • Requests, inquiries and feedback 

Technical Information 

  • IP address 
  • Browser type and version 
  • Device information 
  • Operating system 
  • Website usage data 
  • Log files 

Marketing Preferences 

  • Newsletter subscriptions 
  • Communication preferences 
  • Consent records 

Cookies and Similar Technologies 

Information collected through cookies and similar technologies as described in our Cookie Policy. 

We do not intentionally collect special categories of personal data unless required for a specific lawful purpose and only where permitted by applicable law. 

  1. Purposes and Legal Bases of Processing

We process personal data only where we have a lawful basis to do so. 

Purpose 

Legal Basis 

Responding to inquiries and contact requests 

Article 6(1)(b) GDPR (pre-contractual steps) 

Providing requested information and services 

Article 6(1)(b) GDPR 

Managing customer and business relationships 

Article 6(1)(b) GDPR 

Sending newsletters and marketing communications 

Article 6(1)(a) GDPR (consent) 

Operating and securing our website 

Article 6(1)(f) GDPR (legitimate interest) 

Improving products and services 

Article 6(1)(f) GDPR 

Compliance with legal obligations 

Article 6(1)(c) GDPR 

Protection of legal rights and claims 

Article 6(1)(f) GDPR 

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal. 

 

  1. Marketing Communications

Where permitted by law and based on your consent where required, we may send information regarding: 

  • Company updates 
  • News and publications 
  • Events and webinars 
  • Product announcements 
  • Service-related information 

You may unsubscribe at any time by using the unsubscribe link included in communications or by contacting us directly. 

 

  1. Artificial Intelligence and Automated Processing

TheFutureCats develops and provides artificial intelligence technologies and related services. 

Unless expressly stated otherwise: 

  • Personal data submitted through our website is not used to train public or general-purpose AI models. 
  • Customer data processed through our services is handled in accordance with applicable contractual commitments. 
  • Automated systems may be used to detect malicious activity, fraud, cybersecurity threats or abusive behavior. 
  • Such processing is limited to what is necessary to ensure the security, integrity and availability of our systems and services. 

Where legally required, additional information regarding automated decision-making or profiling will be provided separately. 

 

6A. Artificial Intelligence Systems and Customer Data 

TheFutureCats develops, deploys and provides artificial intelligence solutions, including AI governance, compliance and risk management technologies. 

Unless expressly agreed otherwise in a separate customer agreement: 

  • Customer Data remains the property of the Customer. 
  • TheFutureCats does not acquire ownership rights over Customer Data. 
  • Customer Data is processed solely for the purpose of providing, maintaining, securing and improving the contracted services. 
  • TheFutureCats shall process Customer Data only in accordance with documented customer instructions and applicable law. 

Where TheFutureCats acts on behalf of a customer in relation to personal data, TheFutureCats acts as a Data Processor and the customer acts as the Data Controller, unless otherwise specified in writing. 

6B. AI Model Training Restrictions 

TheFutureCats recognizes the confidentiality and commercial sensitivity of customer information. 

Unless expressly agreed in writing: 

  • Customer Data shall not be used to train public, foundation, large language, generative or general-purpose AI models. 
  • Customer Data shall never be used for the training of any artificial intelligence model, including foundation models, large language models (LLMs), generative AI models or other machine learning models, unless expressly agreed in writing in advance between TheFutureCats and the Customer. 
  • Customer prompts, inputs, outputs, documents, conversations and uploaded files shall not be incorporated into publicly available models. 
  • Customer Data shall not be sold, licensed, disclosed or otherwise made available to third parties for model training purposes. 
  • Any use of Customer Data for model improvement, benchmarking or research purposes shall require an appropriate lawful basis and, where required, prior authorization. 

Where anonymized or aggregated information is used for service improvement, such information shall not reasonably permit identification of any individual or customer. 

The prohibition on the use of Customer Data for model training constitutes a fundamental contractual commitment of TheFutureCats and applies irrespective of whether such training is performed by TheFutureCats itself, its affiliates, or any third-party technology providers used in connection with the delivery of the Services. 

 

6C. AI Governance and Human Oversight 

TheFutureCats is committed to responsible AI practices and appropriate human oversight. 

Accordingly: 

  • AI-generated outputs are intended to support human decision-making and not replace professional judgment. 
  • Customers remain responsible for reviewing and validating AI-generated outputs before relying on them in business, regulatory, legal, financial, healthcare or other high-impact decisions. 
  • Appropriate technical and organizational safeguards are implemented to reduce risks associated with inaccurate, biased or unreliable outputs. 
  • Human review mechanisms may be implemented where required by law, regulation or contractual commitments. 

 

6D. Compliance with the EU AI Act 

Where applicable, TheFutureCats seeks to design and operate its services in alignment with the principles and requirements of Regulation (EU) 2024/1689 (EU Artificial Intelligence Act). 

Depending on the nature of the services provided, TheFutureCats may implement: 

  • AI risk management measures; 
  • Human oversight controls; 
  • Logging and monitoring mechanisms; 
  • Technical documentation; 
  • Transparency measures; 
  • Data governance controls; 
  • Security and cybersecurity safeguards. 

Nothing in this Privacy Policy shall be interpreted as creating regulatory obligations beyond those imposed by applicable law. 

 

6E. Data Residency and Data Location 

TheFutureCats seeks, where commercially and technically feasible, to process and store personal data within the European Economic Area (EEA). 

Where services involve international hosting providers, cloud providers or infrastructure providers located outside the EEA, TheFutureCats shall ensure that appropriate transfer safeguards are implemented in accordance with GDPR requirements. 

Upon request, customers may obtain additional information regarding applicable data storage locations and international transfer mechanisms. 

 

6F. Subprocessors 

TheFutureCats may engage carefully selected subprocessors to support the delivery of its services. 

Such subprocessors may include providers of: 

  • Cloud hosting services; 
  • Infrastructure services; 
  • Data storage services; 
  • Security services; 
  • Communication services; 
  • Analytics services; 
  • Customer support services. 

TheFutureCats requires subprocessors to maintain appropriate security and confidentiality measures and to process personal data only in accordance with contractual obligations and applicable data protection laws. 

Customers may request information regarding categories of subprocessors used in connection with specific services. 

TheFutureCats may maintain and publish an up-to-date list of material subprocessors used in connection with the provision of its Services. 

In the event of a material addition or replacement of a subprocessor that may affect the processing of Customer Personal Data, TheFutureCats may provide prior notice to affected customers within a reasonable period before the relevant change becomes effective. 

Enterprise customers may submit reasonable and substantiated objections to a proposed subprocessor where legitimate concerns exist relating to personal data protection, information security, regulatory compliance, or applicable legal requirements. 

 

6G. Security Controls 

TheFutureCats maintains a risk-based information security program designed to protect the confidentiality, integrity and availability of data. 

Security measures may include: 

  • Encryption in transit and at rest where appropriate; 
  • Role-based access controls; 
  • Multi-factor authentication; 
  • Logging and monitoring; 
  • Vulnerability management; 
  • Secure development practices; 
  • Business continuity measures; 
  • Incident response procedures; 
  • Personnel confidentiality obligations. 

Security measures are periodically reviewed and updated based on operational, technological and regulatory requirements. 

TheFutureCats conducts periodic security assessments and reviews of its technical and organizational security measures in order to maintain an appropriate level of protection against evolving technological, operational and cybersecurity risks. 

TheFutureCats seeks to perform at least an annual review of its information security program and risk assessment processes, including the review of security policies, procedures and controls. 

 

Identified critical or high-severity security vulnerabilities are assessed and addressed within a reasonable timeframe, taking into account the severity of the vulnerability, the likelihood of exploitation and the potential business impact. 

TheFutureCats may implement vulnerability management processes, penetration testing activities, internal or external security assessments and other verification procedures designed to evaluate the effectiveness of its security controls. 

 

6H. Customer Prompts, Inputs and Outputs 

Where AI-enabled services are used: 

  • Customer prompts, instructions, uploaded content and generated outputs may be temporarily processed to provide requested services. 
  • Such data is processed only to the extent necessary for service delivery, security, troubleshooting and legal compliance. 
  • Retention periods for prompts and outputs may vary depending on the service configuration, customer instructions and legal requirements. 
  • Customers remain responsible for ensuring that they have appropriate rights and lawful bases for submitting information to the services. 

 

6I. Enterprise Customer Commitments 

For enterprise customers, additional contractual commitments may apply through: 

  • Data Processing Agreements (DPAs); 
  • Enterprise Master Service Agreements; 
  • Security Addenda; 
  • AI Governance Addenda; 
  • Confidentiality Agreements; 
  • Regulatory Compliance Schedules. 

In the event of a conflict between this Privacy Policy and a specific customer agreement, the customer agreement shall prevail to the extent of such conflict. 

 

  1. Recipients of Personal Data

We may disclose personal data to: 

  • Hosting providers 
  • Cloud infrastructure providers 
  • Email and communication service providers 
  • Analytics providers 
  • Professional advisers (lawyers, auditors, consultants) 
  • Regulatory authorities and public bodies where required by law 
  • Service providers acting on our behalf under appropriate contractual safeguards 

All processors are contractually required to process personal data only in accordance with our instructions and applicable law. 

 

  1. International Data Transfers

Where personal data is transferred outside the European Economic Area (“EEA”), we ensure that appropriate safeguards are implemented, including: 

  • European Commission adequacy decisions; 
  • Standard Contractual Clauses (SCCs); 
  • Other lawful transfer mechanisms recognized by GDPR. 

Additional information regarding such safeguards may be requested by contacting us. 

 

  1. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. 

Indicatively: 

  • Contact requests: up to 24 months after the last interaction. 
  • Marketing subscriptions: until consent is withdrawn. 
  • Customer records: for the duration of the contractual relationship and applicable limitation periods. 
  • Technical logs: according to operational and security requirements. 

Longer retention periods may apply where required by law or for the establishment, exercise or defense of legal claims. 

 

  1. Security Measures

We implement appropriate technical and organizational measures designed to protect personal data against: 

  • Unauthorized access; 
  • Accidental loss; 
  • Alteration; 
  • Disclosure; 
  • Destruction; 
  • Misuse. 

Such measures include, where appropriate: 

  • Encryption; 
  • Access controls; 
  • Secure communication protocols (SSL/TLS); 
  • Logging and monitoring; 
  • Security policies and procedures; 
  • Staff confidentiality obligations. 

 

  1. Personal Data Breaches

In the event of a personal data breach, TheFutureCats will: 

  • Investigate the incident; 
  • Contain and mitigate the impact; 
  • Assess risks to affected individuals; 
  • Notify competent supervisory authorities where required; 
  • Notify affected individuals where legally required. 

 

  1. Your Rights

Subject to applicable law, you have the following rights: 

  • Right of access; 
  • Right to rectification; 
  • Right to erasure; 
  • Right to restriction of processing; 
  • Right to data portability; 
  • Right to object; 
  • Right to withdraw consent at any time; 
  • Right not to be subject to decisions based solely on automated processing where applicable. 

Requests may be submitted using the contact details provided above. 

We will respond within the deadlines required by applicable law. 

 

  1. Cookies

Our website uses cookies and similar technologies. 

Detailed information regarding the categories, purposes, retention periods and management of cookies is available in our separate Cookie Policy. 

 

  1. Third-Party Websites

Our website may contain links to third-party websites. 

We are not responsible for the privacy practices, content or security of such third-party websites. 

Users are encouraged to review the privacy policies of those websites independently. 

 

  1. Right to Lodge a Complaint

If you believe that the processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority. 

For individuals located in Greece, the competent authority is: 

Hellenic Data Protection Authority (HDPA) 
www.dpa.gr 

You also have the right to seek judicial remedies in accordance with applicable law. 

 

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. 

Any material changes will be published on this page together with the updated revision date. 

We encourage users to review this Privacy Policy periodically. 

Est.Tomorrow

    THEFUTURECATS

    THEFUTURECATS

    ADVISORY

    ADVISORY