Legal

Privacy Policy

How EuroEntity collects, uses and protects your personal data, in full compliance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679).

Last updated: April 2026

Table of contents

  1. Who we are
  2. Data we collect
  3. How we use your data
  4. Legal basis
  5. Data sharing
  6. Data retention
  7. Your rights
  8. International transfers
  9. Cookies & tracking
  10. Security
  11. Changes to this policy
  12. Contact us

1 Who we are

EuroEntity is a European business consulting service helping international entrepreneurs and companies establish their presence in the European Union. For the purposes of the GDPR, EuroEntity acts as a "data controller" — meaning we determine why and how your personal data is processed.

If you have any questions about this policy or how we handle your data, you can reach our Data Protection Officer at contact@euroentity.com.

2 Data we collect

We only collect data that is necessary to deliver our services. The categories of data we may process include:

Identification & contact information

  • Provided by you: first name, last name, email address, phone number, postal address, nationality, date of birth, passport or ID copy.
  • For company formation: proof of address, source of funds documentation, tax residence certificates and any document required by KYC/AML regulations.

Business & financial information

  • Bank statements (when required for fiscal representation or banking introductions).
  • Information about your planned business activity, target markets, expected turnover.
  • Payment information (processed exclusively by our PCI-DSS compliant payment provider — we do not store full card details).

Technical data

  • IP address, browser type, language preference, time zone — collected automatically when you visit our website.
  • Pages viewed, time spent, referral source — through privacy-respecting analytics.

3 How we use your data

Your personal data is used strictly for the following purposes:

  • Providing our services: incorporating your company, registering for VAT, opening bank accounts, ongoing accounting and compliance work.
  • Legal compliance: meeting our obligations under KYC/AML, tax and corporate law in the relevant EU jurisdictions.
  • Communication: responding to your inquiries, sending service updates, contractual notices and (with your consent) commercial newsletters.
  • Improving our service: understanding how visitors use our website to enhance user experience and content.
  • Security & fraud prevention: detecting and preventing unauthorized access, fraud or abuse of our services.

4 Legal basis for processing

Under Article 6 of the GDPR, we process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — when we incorporate your company or deliver any of our services.
  • Legal obligation (Art. 6(1)(c)) — to comply with KYC/AML, tax filing and corporate law requirements.
  • Legitimate interest (Art. 6(1)(f)) — for security, fraud prevention, and improving our service.
  • Consent (Art. 6(1)(a)) — for marketing communications and non-essential cookies. You can withdraw consent at any time.

5 Who we share your data with

We never sell your data. We share it only with the following categories of recipients, strictly when necessary:

  • Notaries and lawyers in the country of incorporation (mandatory for the legal process).
  • Trade registries and tax authorities in the country of incorporation (mandatory legal disclosures).
  • Banks and EMIs introduced for opening your business account (only with your explicit instruction).
  • Trusted sub-processors: our hosting provider, email service, CRM and accounting tools — all bound by GDPR-compliant Data Processing Agreements.
  • Public authorities when required by law (court orders, regulatory investigations, etc.).

6 How long we keep your data

We retain your data only as long as necessary, and in any case according to legal requirements:

  • KYC and incorporation files: 7 years after the end of our business relationship (legal requirement under AML directives).
  • Accounting and tax records: 10 years (statutory retention period in most EU countries).
  • Marketing data: until you unsubscribe or 3 years after your last interaction.
  • Website analytics: 14 months maximum.

7 Your rights

As a data subject under the GDPR, you have the following rights:

  • Right of access — obtain a copy of your personal data we hold.
  • Right to rectification — correct any inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations.
  • Right to restriction — limit the processing of your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on our legitimate interests, including direct marketing.
  • Right to lodge a complaint — file a complaint with your local data protection authority.
To exercise any of these rights: contact us at contact@euroentity.com. We will respond within 30 days as required by law.

8 International data transfers

Your data is primarily stored and processed within the European Economic Area (EEA). When we transfer data outside the EEA (for example, to a sub-processor based in the United States), we ensure adequate protection through one of the following safeguards:

  • European Commission adequacy decisions for the destination country.
  • EU Standard Contractual Clauses (SCCs) signed with the recipient.
  • EU-US Data Privacy Framework certification (when applicable).

9 Cookies & tracking

Our website uses a minimal set of cookies, mostly essential to the functioning of the site (such as remembering your language preference). We do not use third-party advertising cookies or sell tracking data.

For full details, please refer to our Cookie Policy.

10 Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure or destruction:

  • End-to-end encryption (TLS 1.3) for all data in transit.
  • Encryption at rest for sensitive data (passport copies, financial documents).
  • Strict access controls based on the principle of least privilege.
  • Regular security audits and staff training on data protection.

In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours.

11 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised.

For substantive changes, we will notify you by email or through a prominent notice on our website before the changes take effect.

12 Contact us

For any question, concern or request regarding your personal data or this Privacy Policy, please contact our Data Protection Officer at: