Privacy Policy

Last updated: 4.2. 2026

Introduction

Welcome to the privacy notice of Vertitech Single Members SA (the “Privacy Notice”).

We respect your privacy and are committed to protecting your personal data. This Privacy Notice explains how we collect, use, share and otherwise process personal data in accordance with applicable data protection laws.

This Privacy Notice applies to personal data processed by us in the context of our business activities, which may include, depending on how you interact with us:

visiting or interacting with our website(s);
communicating with us for business, sales or support purposes;
using products, services or platforms made available by us (where applicable);
applying for a role with us; and/or

The specific processing activities that apply to you depend on the nature of your relationship with us and how you interact with our business.

Purpose of this Privacy Notice

This Privacy Notice is intended to provide you with information about how Vertitech Single Members SA processes personal data, in accordance with applicable data protection laws. It explains, where relevant:

what categories of personal data we process;
the purposes and legal bases for such processing;
with whom personal data may be shared;
how long personal data is retained; and
the rights available to individuals under applicable data protection laws.

This Privacy Notice applies to personal data collected directly from you as, where applicable, to personal data obtained from third parties. Where personal data is collected indirectly, we will provide the information required under applicable data protection laws within the time limits prescribed by law, unless an exemption applies.

This Privacy Notice supplements any other privacy notices or fair processing notices that may be provided to you in specific circumstances and is not intended to override them.

Children

Our website(s), products and services are not directed at children under the age of 16, and we do not knowingly collect personal data from children under this age, unless explicitly stated otherwise.

If we become aware that we have collected personal data from a child under the age of 16 without a valid legal basis (such as appropriate consent where required), we will take reasonable steps to delete such personal data.

Where our activities involve the processing of personal data relating to children, additional or alternative privacy information may be provided, and specific safeguards may apply in accordance with applicable data protection laws.

Role and scope of this Privacy Notice

This Privacy Notice explains how Vertitech Single Members SA (“we”, “us”, or “our”) processes personal data in the context of its business activities, as described in this notice.

This Privacy Notice applies to personal data processed by us where we act as a Data Controller, and, where applicable, provides transparency information where we act as a Data Processor and applicable data protection laws require such information to be provided directly by us.

Depending on the context and the nature of the processing, Vertitech Single Members SA may act either as:

a Data Controller, where we determine the purposes and means of processing personal data; or
a Data Processor, where we process personal data on behalf of another party acting as Data Controller and in accordance with their instructions.

Which role applies depends on why and how the personal data is processed, and not solely on the category of individual.

When we act as a Data Controller in relation to personal data that we process for our own business purposes, which may include, depending on our activities:

operating and administering our website(s);
managing business relationships and communications;
sales, billing and finance activities;
marketing and promotional activities (where applicable);
recruitment and human resources activities; and
compliance with legal, regulatory and corporate governance obligations.

Where we act as Data Controller, this Privacy Notice describes how we process personal data and the rights available to individuals under applicable data protection laws.

In certain cases, we process personal data on behalf of customers, partners or other third parties, who act as the Data Controller and determine the purposes and means of the processing. In those situations:

our processing is governed by a data processing agreement or similar contractual arrangement with the relevant Data Controller; and
the relevant Data Controller is primarily responsible for providing individuals with information about the processing of their personal data and for responding to data subject rights and requests.

Where required under applicable data protection laws, and where no exemption applies, we will provide relevant transparency information to individuals as soon as reasonably practicable after receiving their personal data.

Vertitech Single Members SA is part of the Banyan Software group of companies. Each Banyan group company is responsible for its own processing activities and may maintain its own privacy notice. This Privacy Notice does not automatically apply to other Banyan group companies unless explicitly stated.

Identity and contact details

The entity responsible for the processing activities described in this Privacy Notice, where applicable, is:

Legal name: Vertitech Single Members SA
Registered address: Damianou Str. 10, 65403 Kavala, Greece
Registration number / VAT number: EL998479074
Website: https://www.classter.com

If you have any questions about this Privacy Notice or about how your personal data is processed, or if you wish to exercise your rights under applicable data protection laws, you may contact us using the details below:

Email address: privacy@classter.com
Postal address: Damianou Str. 10, 65403 Kavala, Greece

Where required under applicable data protection laws, or where voluntarily appointed, Vertitech Single Members SA has designated a privacy contact responsible for overseeing data protection matters. You may contact this person using the contact details above or, where applicable, at:

Privacy contact: Josip Ralašić, COO
Email: privay@classter.com

What personal data we collect

For the purposes of this Privacy Notice, “personal data” or “personal information” means any information relating to an identified or identifiable individual. It does not include information that has been anonymised so that it can no longer be associated with an individual.

Depending on the nature of your relationship with us and how you interact with our business, we may collect or receive the following categories of personal data. Not all categories will apply to all individuals or in all circumstances.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data	such as first name, last name, username, or similar identifiers
Contact Data	such as email address, telephone number, business address or billing address
Professional or business-related data	such as job title, employer, department, or business contact details
Recruitment data (where applicable)	such as curriculum vitae, qualifications, skills, education, employment history, right to work, pre-screening checks, and other information provided as part of an application process
Technical Data	such as internet protocol (IP) address, device identifiers, browser type and version, operating system, time zone settings and other technology-related information collected through websites or digital services
Usage Data	such as information about how websites, platforms or services are accessed or used
Marketing and Communications Data	such as preferences in receiving marketing communications and records of communications with us
Transaction or relationship data (where applicable)	such as information necessary to manage contractual, billing, finance or corporate relationships.
Corporate transaction data (where applicable)	such as information relating to individuals involved in a merger, acquisition, investment or due diligence process.

We may also collect, use and share aggregated or anonymised data, such as statistical or demographic information, for any purpose. Aggregated or anonymised data is not considered personal data under applicable data protection laws. Where such data is combined with personal data in a way that allows an individual to be identified, it will be treated as personal data in accordance with this Privacy Notice.

Certain types of personal data are subject to enhanced protection under applicable data protection laws (“special categories of personal data”), such as information revealing racial or ethnic origin, religious or philosophical beliefs, health data, biometric data or sexual orientation.

We only process special categories of personal data where this is strictly necessary, permitted by law and subject to appropriate safeguards. Where relevant, additional information will be provided regarding such processing.

We do not process information relating to criminal convictions or offences unless this is permitted under applicable law and subject to appropriate safeguards. Where such processing occurs, additional information will be provided as required by law.

Failure to provide personal data

In certain circumstances, we may be required to collect personal data:

to comply with a legal obligation; or
where the provision of personal data is necessary to enter into or perform a contract, or to take steps at your request prior to entering into a contract.

If you choose not to provide personal data in these circumstances, we may not be able to:

comply with applicable legal obligations; or
enter into or perform a contractual relationship with you; or
otherwise provide certain services, functionalities or responses requested by you.

Where relevant, we will inform you at the time of collection whether the provision of personal data is mandatory or optional, and of the possible consequences of not providing such data.

How personal data is collected

We collect or receive personal data from and about you through a variety of sources, depending on how you interact with us and the context of the processing. These sources may include the following:

Direct interactions

You may provide personal data to us directly when you:

● communicate with us by email, telephone, post or other means;

● complete forms or submit information through our website(s);

● apply for a role or otherwise engage with us in a recruitment context; or

● otherwise interact with us in the course of a business or contractual relationship.

Automated technologies or interactions

When you interact with our website(s) or digital channels, we may automatically collect certain technical and usage information through cookies and similar technologies.

Further information about how we use cookies and similar technologies, and how you can manage your preferences, is available in our Cookies Policy at
https://www.classter.com/cookie-policy-eu/ ,
https://www.classter.com/cookie-policy-ca/ ,
https://www.classter.com/cookie-policy-au/ ,
https://www.classter.com/cookie-policy-uk/ ,
where applicable.

Third parties or publicly available sources

In some cases, we may receive personal data from third parties or from publicly available sources, such as:

● business partners, customers or service providers;

● recruiters or employment agencies (in a recruitment context);

● analytics or technology providers; or

● public registers or publicly available sources.

Where personal data is obtained indirectly, we will provide the information required under applicable data protection laws within the time limits prescribed by law, unless an exemption applies.

How we use your personal data

We process personal data only where there is a valid legal basis to do so under applicable data protection laws. Depending on the context and the nature of the processing, personal data may be processed on one or more of the following legal bases:

Performance of contract: Processing may be necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
Legitimate interest: Processing may be necessary for the purposes of our legitimate interests, provided that such interests are not overridden by your interests or fundamental rights and freedoms. Where we rely on legitimate interests, we assess and document the impact of such processing on individuals and implement appropriate safeguards where required.
Comply with a legal obligation: Processing may be necessary for compliance with a legal or regulatory obligation to which we are subject.
Consent: In limited circumstances, processing may be based on your consent. Where consent is required, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.
Processor context: Where we process personal data on behalf of another party acting as Data Controller, such processing is carried out in accordance with the instructions of the relevant Data Controller and governed by a data processing agreement or similar contractual arrangement.

Purposes for which we will use your personal data

We use personal data for different purposes depending on the nature of your relationship with us and how you interact with our business.

The table below sets out the purposes for which personal data may be processed by Vertitech Single Members SA, together with the relevant categories of personal data and the applicable legal bases.

Purpose	Categories of personal data	Legal basis
To operate and administer website(s)	Identity data, contact data, technical data, usage data	Legitimate interests
To manage business relationships and communications	Identity data, contact data, professional data	Legitimate interests
To respond to enquiries or requests	Identity data, contact data	Legitimate interests
To enter into and perform contracts	Identity data, contact data, transaction data	Performance of a contract
To manage billing, accounting and finance	Identity data, contact data, transaction data	Legal obligation / Performance of a contract
To send marketing communications	Identity data, contact data, marketing preferences	Consent / Legitimate interests
To manage recruitment and applications	Identity data, recruitment data	Legitimate interests / Legal obligation
To comply with legal or regulatory obligations	Identity data, contact data, transaction data	Legal obligation
To support corporate transactions	Corporate transaction data	Legitimate interests

Marketing and promotions

Where applicable, we may use your personal data to send you marketing or promotional communications relating to our products, services or activities. Depending on the context and applicable law, such communications may be sent:

where you have provided your consent; or
where we have a legitimate interest in promoting our business and you have not objected to such communications, to the extent permitted by law.

You may opt out of receiving marketing communications at any time by:

using the unsubscribe link included in our communications; or
contacting us using the details set out in the “Contact details” section of this Privacy Notice.

Please note that opting out of marketing communications will not affect the receipt of non-marketing or service-related communications, such as administrative messages or responses to enquiries.

Change of purpose

We will only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose that is compatible with the original purpose and permitted under applicable data protection laws.

If we intend to use personal data for a new purpose that is not compatible with the original purpose, we will inform you of that purpose and provide any additional information required by law before such processing takes place.

Where we process personal data on behalf of another party acting as Data Controller, we do not independently determine new purposes for processing and act solely in accordance with the instructions of the relevant Data Controller.

Sharing your data

We may share personal data with third parties where this is necessary for the purposes described in this Privacy Notice and in accordance with applicable data protection laws. In all cases, personal data is shared on a need-to-know basis and subject to appropriate safeguards.

Personal data may be shared with the following categories of recipients, depending on the context of the processing:

Service providers and (sub)processors: We may share personal data with third-party service providers who process personal data on our behalf and under our instructions, such as providers of IT systems, hosting services, analytics, communications, professional services, or other support services. Such service providers act as data processors and are contractually required to process personal data only for the purposes specified by us and in accordance with applicable data protection laws.
Other controllers: In certain circumstances, we may share personal data with third parties who act as independent data controllers, such as:
- professional advisers (e.g. legal, financial, tax or audit advisers);
- business partners or counterparties in a corporate transaction; or
- public authorities, regulators or law-enforcement bodies, where required by law.

Where personal data is shared with independent data controllers, such parties are responsible for their own processing of personal data and will provide information about such processing in their own privacy notices.

Banyan group companies: Where relevant and necessary, personal data may be shared with other companies within the Banyan group for internal administrative purposes, compliance, or other legitimate business purposes, in accordance with applicable data protection laws.

Each Banyan group company processes personal data in accordance with its own privacy notice and applicable legal obligations.

Legal and regulatory disclosures: We may disclose personal data where this is required to comply with a legal obligation, enforce our rights, or protect the rights, property or safety of individuals or organisations.
No sale of personal data: We do not sell personal data to third parties.

International transfers

Personal data may be transferred to, and processed in, countries outside the European Economic Area (“EEA”) or the United Kingdom, where this is necessary for the purposes described in this Privacy Notice.

Where personal data is transferred outside the EEA or the United Kingdom to countries that do not provide an adequate level of data protection as determined by the European Commission or the UK Government (as applicable), we ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

Such safeguards may include, as appropriate:

standard contractual clauses approved by the European Commission or the UK Government;
international data transfer agreements or addenda; and/or
other legally recognised transfer mechanisms.

Where we act as a Data Processor, international transfers are carried out in accordance with the instructions of the relevant Data Controller and subject to the safeguards agreed in the applicable data processing agreement.

You may obtain further information about the safeguards used for international transfers by contacting us using the details set out in the “Contact details” section of this Privacy Notice.

Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. The criteria used to determine the applicable retention period include:

the nature and sensitivity of the personal data;
the purposes for which the personal data is processed;
whether the purposes of the processing can be achieved through other means;
applicable legal or regulatory retention requirements; and
the existence of any actual or potential disputes, claims or investigations.

Where personal data is processed on behalf of another party acting as Data Controller, retention periods are determined by the relevant Data Controller and governed by the applicable data processing agreement.

Once personal data is no longer required for the purposes for which it was collected, and subject to any applicable legal obligations, it will be securely deleted or anonymised.

Data security

We have implemented appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing. Such measures may include, as appropriate:

access controls and authentication mechanisms;
encryption or pseudonymisation where appropriate;
procedures for managing access rights and user privileges;
monitoring, logging and incident response procedures; and
organisational policies, training and awareness measures.

Despite these measures, no method of transmission over the internet or method of electronic storage is completely secure. We therefore cannot guarantee absolute security, but we take reasonable steps to protect personal data in accordance with applicable data protection laws.

Where we process personal data on behalf of another party acting as Data Controller, we implement security measures in accordance with the requirements of the applicable data processing agreement.

Your rights

Under applicable data protection laws, you may have certain rights in relation to your personal data. These rights may vary depending on your location and the context of the processing. Where applicable, your rights may include the right to:

Access your personal data and obtain a copy of it;
Rectification of inaccurate or incomplete personal data;
Erasure of personal data (“right to be forgotten”), subject to legal limitations;
Restriction of processing of your personal data in certain circumstances;
Data portability, where the processing is based on consent or a contract and carried out by automated means;
Object to processing based on legitimate interests, including for direct marketing purposes; and
Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.

Where we process personal data as a Data Controller, we are responsible for assessing and responding to requests to exercise these rights in accordance with applicable data protection laws.

Where we process personal data on behalf of another party acting as Data Controller, we may refer your request to the relevant Data Controller or assist them in responding to your request, as required under the applicable data processing agreement.

We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You may exercise your rights by contacting us using the details set out in the “Contact details” section of this Privacy Notice. We may need to verify your identity before responding to a request. We will respond to valid requests within the time limits prescribed by applicable data protection laws, subject to any permitted extensions or limitations.

If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the competent supervisory authority. If you are located in the European Economic Area, you may lodge a complaint with the supervisory authority in your country of residence, place of work or place of the alleged infringement. If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office (ICO).

Third party links

Our website(s) or communications may contain links to third-party websites, plug-ins or services. Clicking on those links or enabling such connections may allow third parties to collect or share data about you.

We do not control these third-party websites or services and are not responsible for their privacy practices or content. We encourage you to read the privacy notices of any third-party websites or services you visit.

This Privacy Notice applies only to personal data processed by Vertitech Single Members SA and does not apply to third-party websites or services.

Complaints and questions

If you have any questions, concerns or complaints about how your personal data is processed or about this Privacy Notice, we encourage you to contact us in the first instance using the contact details set out in the “Contact details” section of this Privacy Notice.

We will endeavour to address any questions or concerns promptly and in accordance with applicable data protection laws.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our processing activities, legal or regulatory requirements, or for other operational reasons.

Any updates to this Privacy Notice will be published on our website and will apply from the date of publication, unless stated otherwise.

Where required by applicable data protection laws, we will notify you of material changes to this Privacy Notice in an appropriate manner.