Privacy Policy
PrivacyPolicy
Oulang International takes your privacy and data security seriously. This policy explains how we collect, use, share, store and protect personal information while providing immigration, real-estate, business and website services, in line with the EU General Data Protection Regulation (GDPR) and applicable Greek law.
Last updated: February 2026
Information We Collect
Categories of personal data we may collect
- Identity and contact data: name, phone, email, WeChat and related contact details
- Service-related data: ID/passport, address, family details where required for specific services
- Financial and transaction data necessary for investment assessment, contracting and payments
- Technical data: device/browser details, IP address, logs, cookie identifiers and usage events
- Communication records from chat, phone, email and booking channels for service quality and compliance
How we collect personal data
- Directly from you via forms, chat, calls, email or offline communication
- From authorised third parties (e.g. lawyers, accountants, authorities, partners) where lawful
- Automatically through cookies and similar technologies (manageable in cookie settings/browser controls)
- We do not intentionally collect sensitive data that is not necessary for the stated purpose
How We Use Your Information
Purposes and legal bases (GDPR Article 6)
- Contract performance / pre-contract steps at your request: consultation response, case assessment, application handling and customer support
- Legal obligations: anti-money laundering, tax/accounting compliance, regulatory reporting and audit retention
- Legitimate interests: website security, service improvement, fraud/risk prevention and dispute management
- Consent-based processing: marketing communications, non-essential cookies and selected analytics; you can withdraw consent at any time
- We apply data minimisation and do not reuse personal data for incompatible purposes
Information Sharing
Who we may share data with (strictly as necessary)
- Greek immigration and other competent authorities where required for your case
- Law firms, accountants, translators, notaries, real-estate and technology providers under confidentiality obligations
- Payment, communications, cloud and analytics providers used to operate and deliver services
- Third parties you explicitly authorise
- Regulators, courts or law-enforcement bodies where disclosure is legally required
International transfers and safeguards
- Where data is transferred outside the EEA, we implement GDPR-compliant safeguards (such as Standard Contractual Clauses)
- We apply encryption, access control, least-privilege policies and vendor due diligence
- We do not sell personal data and do not permit unauthorised sharing
Data Protection
Technical and organisational measures
- Encryption in transit/at rest, authentication controls, audit logs and role-based access
- Staff confidentiality duties, least-privilege access and regular privacy/security training
- Security monitoring, periodic testing, patching, backups and disaster recovery procedures
- If a personal data breach is likely to affect your rights, we will notify relevant authorities/data subjects as required by law
GDPR Compliance
Your rights under GDPR
- Right to be informed and right of access to your personal data
- Right to rectification and right to erasure (where legal conditions apply)
- Right to restriction of processing and right to object in specific circumstances
- Right to data portability in a structured, commonly used, machine-readable format
- Right to withdraw consent at any time for consent-based processing
- Automated decision-making: we do not carry out solely automated decisions producing significant legal effects
- Response timeframe: we generally respond within 30 days; this may be extended where legally permitted and complexity requires
Cookie Policy
Types of cookies we use
- Essential cookies: required for core functionality and security
- Functional cookies: remember language and user preferences
- Analytics cookies: measure usage and improve performance (e.g. Google Analytics)
- Marketing cookies: measure campaign performance and personalise content where applicable
Cookie controls and consent withdrawal
- On first visit, you can choose "Accept All" or "Necessary Only"
- You can update choices at any time through cookie settings or browser controls
- Disabling non-essential cookies does not block core access, but some features may be limited
Data Retention
Retention periods and deletion rules
- Business/contract records: retained per Greek legal and tax requirements, typically at least 7 years
- Inquiry and customer-service records: typically retained for 3 years after last contact
- Analytics data: retained according to tool configuration (for example up to about 26 months), with aggregation/pseudonymisation where possible
- Marketing consent logs: retained while consent is active and then minimised per legal retention requirements
- After retention expires, data is deleted, anonymised or minimally retained where legally required
Contact Us
If you have questions about this Privacy Policy or want to exercise your data-subject rights (access, rectification, erasure, objection, consent withdrawal), please contact us:
Data Protection Officer: Oulang International Legal Department
Email: privacy@oulang.com
Address: Leof. Mesogeion 2, Athina 115 27, Greece
Phone: +30 210-4408818
Data Subject Access / Deletion Requests (DSAR)
Under GDPR, you can ask us to export or delete all personal data we hold about you. To submit a request:
- Email privacy@oulang.com with the subject line "DSAR: Access" or "DSAR: Deletion".
- In the email body, include: your name, the contact details we have on file, and the request type (export, rectification, restriction, deletion, portability, withdrawal of consent).
- To verify your identity we may ask for one piece of evidence that matches our records (for example a registration receipt sent to your inbox).
- We will respond within 30 days of receiving your request. For complex cases this period may be extended by up to 60 days; we will notify you of the reason in advance.
- This service is free of charge unless the request is manifestly unfounded or repetitive.
Response SLA: First reply within 30 days; complex requests may be extended by up to a further 60 days.
Right to complain: If you believe your personal data has not been handled lawfully, you may lodge a complaint with the Hellenic Data Protection Authority (HDPA) or your local data protection authority. We encourage you to contact us first so we can try to resolve the issue promptly. HDPA:www.dpa.gr