Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for your personal data is 380 Degrees Ventures S.R.L. (trading as Elian Partners), a company registered in Romania under CUI 41799623, Reg. No. J40/14218/2019, with its registered office in Bucharest, Romania.

For any data protection inquiries, please contact us via the contact form on our website at elianpartners.com.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Data you provide directly:

• Full name, email address, and message content submitted through our website contact form
• Identity documents and proof of address (for KYC/AML compliance under Law 129/2019)
• Financial information, including portfolio details, investment objectives, risk tolerance, income, and net worth (for suitability assessments under MiFID II)
• Professional and employment details
• Family structure and succession planning information
• Correspondence and communications with our team

2.2 Data collected automatically:

• IP address and approximate geographic location
• Browser type, device information, and operating system
• Pages visited, time spent on pages, and navigation patterns
• Referring website or source

We do not collect or process special categories of personal data (such as health data, biometric data, or data concerning racial or ethnic origin) unless strictly necessary and with your explicit consent.

3. Legal Basis for Processing

We process your personal data on one or more of the following legal bases under GDPR Article 6:

• Consent (Article 6(1)(a)): When you voluntarily submit information through our contact form or subscribe to communications.
• Performance of a contract (Article 6(1)(b)): When processing is necessary to provide our advisory services under a signed engagement agreement.
• Legal obligation (Article 6(1)(c)): When processing is required to comply with AML/KYC obligations (Law 129/2019), tax reporting requirements, or regulatory obligations under Law 126/2018.
• Legitimate interests (Article 6(1)(f)): When processing is necessary for our legitimate business interests, such as improving our services, maintaining security, and administering our website, provided these interests do not override your fundamental rights.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• Responding to your inquiries and assessing whether our services are suitable for your needs
• Providing advisory, consulting, and coordination services under signed agreements
• Conducting suitability assessments and risk profiling as required by MiFID II
• Performing KYC/AML due diligence as required by Romanian law
• Complying with legal, regulatory, and tax reporting obligations
• Maintaining records as required by applicable financial regulations
• Improving our website, services, and client experience
• Communicating updates relevant to your advisory relationship

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to any third party. We may share your data only in the following circumstances:

• Regulated entities: Where advisory services require execution through regulated entities authorised by the Romanian Financial Supervisory Authority (ASF), your data may be shared to the extent necessary for transaction intermediation.
• Professional advisors: With your explicit consent, we may share relevant information with your existing professional advisors (legal counsel, tax advisors, auditors) to coordinate advisory services.
• Regulatory and supervisory authorities: Where required by law, including ASF, ANAF, or other competent authorities.
• Service providers: Third-party providers who support our operations (e.g., website hosting, email services) under appropriate data processing agreements compliant with GDPR Article 28.

6. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If any data transfer outside the EEA is necessary (for example, through third-party service providers), we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or transfers to countries with an adequacy decision.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

• Contact form inquiries: Deleted within 12 months if no advisory relationship is established.
• Client data under advisory agreements: Retained for a minimum of 5 years after the termination of the advisory relationship, or longer if required by applicable financial regulations.
• AML/KYC documentation: Retained for a minimum of 5 years after the end of the business relationship, in accordance with Law 129/2019.
• Financial and tax records: Retained in accordance with Romanian fiscal and accounting law requirements.

After the applicable retention period, personal data is securely deleted or anonymized.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Article 17): You may request deletion of your personal data, subject to legal retention obligations.
• Right to restriction of processing (Article 18): You may request that we restrict the processing of your data in certain circumstances.
• Right to data portability (Article 20): You may request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object (Article 21): You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Please note that certain rights may be limited where we are required to retain data to comply with legal or regulatory obligations, including AML/KYC requirements and financial record-keeping laws.

To exercise any of these rights, please contact us via the contact form on our website. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Cookies

Our website uses cookies and similar technologies. For detailed information about the cookies we use and how to manage your preferences, please refer to our separate Cookie Policy.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. The updated policy will be published on our website with a revised "Last updated" date.

14. Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucharest, Romania
Website: www.dataprotection.ro