PERSONAL DATA PROTECTION DECLARATION
in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the relevant national legislation –

1. GENERAL

1.1. The private limited liability company under the name “BELL GLOBAL REAL ESTATE LIMITED”, which is based in Nicosia, Cyprus, at 37 Stasikratous Street, CENTER POINT TOWER, apt. no. 602, 6th floor, P.C. 1065, with registration number 474216/18-04-2025 (hereinafter “BELL” or the “Company”) has created and manages the website https://bell.global (hereinafter the “Website”), with the purpose of providing information and services for its visitors/users.

The Company is the Controller of the personal data it receives through the use of the Website, in accordance with the General Regulation 2016/679 of the European Union for Data Protection (General Data Protection Regulation, hereinafter also “GDPR”) and the relevant national legislation. The Company acknowledges and places particular importance on its compliance with the applicable legal and regulatory framework governing the protection of individuals from the processing of personal data.

1.2. With this Declaration we provide you with the following information, whether you are prospective or existing clients, regarding the collection and processing of your personal data within the framework of our operation and activities, and specifically:

The purpose of the Personal Data Protection Declaration.
The Company’s services and Website.
The general principles governing the processing of personal data.
The type of personal data that may be collected and processed.
The purposes of collecting and processing personal data.
The third parties/recipients to whom we may disclose your data.
What applies in the event of data transfer to third countries (cross-border transfer).
The duration of retention of your data and the way they are managed after the expiration of their retention period.
Your rights as data subjects.
The corresponding obligations of the Company.
The possibility of modifying this Declaration.
The Company’s contact details.

2. COMPANY SERVICES – WEBSITE

2.1. The Company provides through the Website and its partners, as well as other means, services related to real estate (hereinafter the “Services”), which include indicatively but not limited to:
2.2.1. Services of posting and managing real estate listings, advertising and communication between sellers and buyers.
2.2.2. Real estate promotion services.

2.2.3. Real estate rental services.

2.2. During the use of the Company’s Website, personal data of visitors or users is collected only when provided voluntarily for the provision of electronic services.

2.3. The Company may process part or all of the data submitted by the users, for the purpose of providing services, improving their quality and carrying out statistical analyses.

2.4. The Website may include links to other third-party websites. The Company bears no responsibility for the data protection policies or information management practices applied by them.

3. GENERAL PRINCIPLES – LEGAL BASES FOR PROCESSING PERSONAL DATA

3.1. Within the framework of using the Website, the Company processes your data according to the following general principles and lawful bases:

1. Legitimate interest of the Company

To ensure and achieve the legitimate interests of the Company, the Company processes your personal data in order to ensure the uninterrupted, proper and secure operation of the Website, to maintain backup copies of data and to ensure issues of business continuity in general. Also, based on our legitimate interest, we manage any general communication we receive from you, in order to respond to your comments and questions.

The data collected is relevant, adequate and limited to what is strictly necessary for the purpose of processing.

1. Consent of the Data Subject

The collection of your data is carried out only after your explicit consent where required, for clearly defined, legitimate and lawful purposes. Likewise, before any processing, you are sufficiently informed and, where required, you provide your consent freely and consciously.

For the collection and processing of your data, we use appropriate technical and organizational security measures to prevent loss, unauthorized access, destruction, unlawful use or disclosure of the data.

The data subject has the right, at any time, to withdraw their consent for the collection, processing and storage of their personal data by the Company, without affecting the lawfulness of the processing based on consent before its withdrawal.

Withdrawal of consent may be carried out by submitting a relevant request to the Company, through the contact details referred to in this Declaration (see section 13). After receiving the request, the Company will stop processing the data based solely on consent, unless another lawful basis exists under applicable law.

1. Other lawful bases

The Company may collect and process your personal data in certain exceptional cases and without your consent. Specifically:

For the purposes of performing the contract you have concluded with the Company.
At a pre-contractual stage, if preparatory measures are required following your request.
When processing is imposed by the Company’s legal obligations.
When processing is required for the performance of a task carried out in the public interest or the exercise of official authority.

Special cases of collection and processing of your data through the Company’s Website:

Newsletter
If you wish to receive our newsletter, you may give your consent through a specific field on the Website and subscribe to the relevant service. In this case, we will process your full name and the email address you provided to send you news and updates related to the Company. You may withdraw your consent at any time either by selecting the “unsubscribe” link at the bottom of each such communication or by submitting a request to the contact details referred to below.

Cookies
Additionally, if you give your consent for the use of technologies such as cookies and local storage on your device, information about you is automatically collected, according to the Website’s Cookie Policy, for analysis, personalization and/or advertising purposes. You may change your choice for cookies at any time and withdraw your consent through the Website’s Cookie Policy.

Third-party websites
The Website provides the ability to access third-party websites through appropriate links. These links are provided solely for the convenience of the Website’s users, while the websites to which they lead are subject to those websites’ own terms of use and Personal Data Protection Declarations. The placement of such links does not constitute an indication of approval or acceptance of the content of the respective websites by the Website administrator, who bears no responsibility for their content or for the privacy protection practices or accuracy of materials found there. The Company has no control over third-party websites or their content, accessed via this Website or made available on it, and therefore does not endorse, fund, advise or otherwise accept any responsibility for these websites or their content. If the user decides to use, through the Website’s links, any third-party website, they accept that they do so at their own responsibility.

Social media
The Company may, within the framework of its activities, collect and process personal data that is publicly available on websites and/or social media platforms, when such processing serves a lawful purpose and is in accordance with the applicable provisions on the protection of personal data.
The Company bears no responsibility for any collection or disclosure of personal data via social media platforms without the data subject’s consent, if such data has been made publicly available by the data subject themselves under the terms of use of those platforms.

4. PERSONAL DATA THAT MAY BE PROCESSED

4.1. The Company collects, retains and processes personal data that you voluntarily disclose, with the sole purpose of identifying you and communicating with you, in order to provide you with the requested services and information.

4.2. The personal data we collect and process are the following:

Basic information required for the provision of services, such as: full name, Tax Identification Number, email address, mobile phone number, postal address, description and characteristics of property, documents related to ownership and the legal or urban planning status of the property (e.g., ownership titles, encumbrances, construction permits), as well as photographic material or other elements necessary for the performance of services.
Technical information during your visit to the Website, such as IP address, date and time of visit, as well as other information collected through cookies and similar technologies related to the analysis of your browsing on the Website.
In case of registration to our newsletter, we collect, following your consent, your email address and full name. In any case, you retain the ability to withdraw your consent at any time either by selecting the “unsubscribe” option in the email body you receive from the “Company” or by contacting the Company directly at the contact details listed on the Website.

4.3. Personal data of minors is collected and retained only when provided with the consent of those who exercise parental responsibility and exclusively for purposes serving the interests of minors. In any case, the Company does not transact directly with minors and its products or services are not intended for direct use by them. Transactions concerning a minor are carried out only through the persons exercising parental responsibility.

4.4. Personal data are retained in written form and/or electronically or magnetically, in accordance with the security procedures implemented by the Company.

5. PURPOSES OF PROCESSING

5.1. Our Company has taken all appropriate organizational and technical measures, according to technological standards and applicable laws and regulations, to ensure that the processing of personal data, either by itself or by third parties on its behalf, is lawful, appropriate and has the necessary level of security to prevent unauthorized or accidental access, processing, deletion, alteration or other use.

5.2. The purposes for which the Company may process the above personal data, either at the beginning of the cooperation or at a later stage, are the following:

5.2.1. Preparation or execution of the contract. Specifically:
5.2.1.1. For identifying and verifying your information.
5.2.1.2. For communicating with you at any stage of our cooperation.
5.2.1.3. For concluding, performing and smooth functioning of the contract, fulfilling the Company’s obligations, and managing, monitoring and completing your transactions.

5.2.2. Newsletter. Specifically:
5.2.2.1. For informing you about new products or services of the Company or partner companies that relate to your interests. You may withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal.

5.2.3. Cookies. Specifically:
5.2.3.1. For analyzing how you use the Website through cookies.

5.2.4. Legitimate interests of the Company, provided that the protection of your rights and freedoms is taken into account. Specifically:
5.2.4.1. For detecting or resolving technical issues during the provision of online services.
5.2.4.2. For protecting persons and property of the Company.

5.2.5. In case processing is required by the applicable legislative framework relating to the prevention and suppression of money laundering or terrorist financing.

5.3. Where deemed necessary for the achievement of the above purposes, data processing may be carried out through automated procedures, including the creation of user profiles.

6. POSSIBLE RECIPIENTS OF PERSONAL DATA

6.1. For the best possible fulfilment of the above processing purposes, the Company may disclose personal data to the following categories of persons:

6.1.1. Companies in which the Company participates or that participate in the Company.
6.1.2. Partner financial institutions.
6.1.3. Third natural or legal persons acting upon instruction and on behalf of the Company.
6.1.4. Chartered accountants and auditing firms.

6.1.5. Service providers related to the smooth operation of the Website, including data processing such as storage, archiving, data management, IT, network maintenance or infrastructure, as well as professionals providing real-estate-related services (such as engineers, appraisers, experts, property management consultants, accountants and tax advisers).
6.1.6. Companies undertaking Data Protection Officer duties or other Group companies with which we collaborate for the fulfilment of the above purposes.

6.1.7. Supervisory, Judicial, Independent or other Public Authorities at national or European level, when disclosure is required by law or court order.

6.2. The Company has taken all necessary measures to ensure that its staff and partners are specifically authorized for these purposes, act exclusively according to the Company’s instructions and are fully bound by confidentiality and the obligations provided by legislation regarding the collection and further processing of your data.

6.3. The Company will inform you specifically of any data transfer to the above recipients when required by applicable law. Exceptionally, disclosure of personal data to competent supervisory, police, judicial or other public authorities is possible without prior notification when imposed by the legislative and regulatory framework, either regularly or following a relevant request.

7. DATA TRANSFER TO THIRD COUNTRIES (CROSS-BORDER TRANSFER)

7.1. Within the framework of its activities and for compliance with the regulatory framework, the Company may transfer or receive personal data from cooperating or affiliated companies, as well as link certain files, when required for the provision of its services.

7.2. Such transfers or linkages are carried out in accordance with EU law for companies based within the European Economic Area (EEA) or according to local legislation for companies outside the EEA.

7.3. Transfer of data to countries outside the EEA is permitted only if an adequate level of protection is ensured. When the third country does not provide such a level, transfer is carried out only if an appropriate data transfer agreement exists or if the conditions explicitly provided by EU and national legislation exist, such as your explicit consent.

7.4. The Company takes all necessary measures to ensure that the involved entities and the competent authorities follow the prescribed procedures and ensure secure processing of transferred data.

8. DURATION OF DATA RETENTION AND MANAGEMENT AFTER EXPIRATION

8.1. Personal data processed by the Company are retained for as long as necessary for the fulfilment of the purpose of each processing or for as long as required by applicable legislation.

8.2. After the expiration of this period, the data will be deleted, unless otherwise provided by law or if required for establishing, exercising or defending legal claims of the Company. Specifically, your newsletter subscription data is retained until you withdraw your consent.

8.3. After the expiration of the retention period, the Company applies a special procedure for secure destruction or deletion of the data, according to the instructions of the Data Protection Authority.

8.4. The same obligation of secure deletion or destruction applies to any third party or partner who had access to the data and processed it on behalf of the Company, through outsourcing contracts.

9. YOUR RIGHTS AS DATA SUBJECTS

9.1. In any case, as data subjects, you have and may exercise—after verification of your identity, according to applicable legislation—the following rights:

Right of access: the right to request confirmation whether your data is being processed, as well as information related to the processing, and to receive copies of it.
Right to rectification: the right to request the correction of inaccurate data and the completion of incomplete data.
Right to erasure (“right to be forgotten”): the right to request the deletion of your data, provided the legal conditions are met.
Right to restriction of processing: the right to request limitation of processing when the legal conditions apply.
Right to data portability: the right to receive your data in a structured, commonly used and machine-readable format (e.g., USB), either for yourself or for another controller.
Right to object: the right to object at any time to the processing of your data. In such case, the Company must stop processing unless there are overriding legal grounds or rights of defense.
Right to human intervention: the right to be excluded from automated procedures or profiling when they produce legal effects or significantly affect you.
Right to withdraw consent: the right to withdraw any consent you have given, immediately and free of charge.

9.2. The exercise of any of the above rights is carried out by submitting a relevant written request to our Company, to which we will respond within one (1) month from receipt. This period may be extended by two (2) additional months considering the complexity of your request and the number of overall requests received.

9.3. Furthermore, our Company undertakes the obligation to inform you, without undue delay, of any breach of your personal data that may place your rights and freedoms at high risk, provided that it does not fall within one of the exceptions explicitly provided by law.

9.4. To exercise the above rights, you may send an email message to hello@bell.global

9.5. If you believe your rights are violated, you may submit a complaint to the Hellenic Data Protection Authority (www.dpa.gr, 1–3 Kifisias Ave., Athens, P.C. 11523, tel. 210 6475600, fax 210 6475628, email: contact@dpa.gr).

10. OBLIGATIONS OF THE COMPANY

In accordance with your rights, the Company has the following obligations regarding the collection and processing of your personal data:

10.1. Ensuring data confidentiality and processing security
10.1.1. Personal data processing is confidential and carried out exclusively by authorized persons of the Company.
10.1.2. The Company applies technological and organizational solutions with high security standards, conducts regular audits and ensures the consistent implementation of data protection policies.
10.1.3. All appropriate measures are taken to prevent breach, loss, alteration or unauthorized access to the data.

10.2. Information systems security
The Company has established Information Systems Security Policies, aiming at:
10.2.1. Protecting data transmitted through data and voice networks.
10.2.2. Effective access control to its information systems and safeguarding the information they manage.
10.2.3. Timely detection and prevention of security breach incidents.

11. UPDATE – MODIFICATION OF THIS DECLARATION

11.1. The Company reserves the right to update, modify or supplement this Declaration in accordance with the applicable legislative and regulatory framework or its operational needs.

11.2. Every amended version is posted on the Company’s Website with a clear indication of the date of the latest update.

12. CONTACT DETAILS

Name: BELL GLOBAL REAL ESTATE LIMITED
Headquarters: Nicosia, Cyprus, 37 Stasikratous Street, CENTER POINT TOWER, apt. 602, 6th floor, P.C. 1065
Registration Number: 474216/18-04-2025
Email: hello@bell.global