Data Protection

At Eurore Build, we take data protection seriously. As a Germany-based facilitation and advisory group connecting European suppliers with Ukrainian institutions for reconstruction projects, we are committed to upholding the highest standards of privacy, security, and transparency in line with the European Union’s General Data Protection Regulation (GDPR) and other applicable data protection laws.

This statement outlines our responsibilities, principles, and practices regarding the collection, processing, storage, and security of personal data. It also explains the rights of individuals whose data we process and provides information on how we ensure compliance with GDPR requirements.

Our Commitment to Data Protection

Eurore Build recognizes that personal data belongs to the individual and that any organization handling such data has a duty of care to protect it. We are fully committed to ensuring that personal information entrusted to us is processed lawfully, fairly, and transparently.

Our approach to data protection is guided by the following core principles:

  • Lawfulness, fairness, and transparency: We process personal data based on clear legal grounds and in a way that is transparent to individuals.

  • Purpose limitation: We collect personal data only for specific, explicit, and legitimate purposes.

  • Data minimization: We ensure that the data we collect is adequate, relevant, and limited to what is necessary.

  • Accuracy: We take reasonable steps to keep personal data accurate and up to date.

  • Storage limitation: We retain data only for as long as it is needed for the purposes for which it was collected.

  • Integrity and confidentiality: We implement robust security measures to protect personal data against unauthorized access, loss, or damage.

  • Accountability: We maintain documentation and procedures to demonstrate our compliance with GDPR obligations.

Legal Basis for Processing Personal Data

Under GDPR, we must have a valid legal basis to process personal data. At Eurore Build, we rely on the following legal grounds:

  • Consent: Where individuals voluntarily provide information via contact forms or newsletter subscriptions, we process that data based on their explicit consent.

  • Contractual necessity: When data processing is necessary to fulfill agreements or facilitate services requested by individuals or organizations.

  • Legal obligations: When we are required by law to process certain data, such as for tax or compliance purposes.

  • Legitimate interests: When processing is necessary for our legitimate business interests, provided those interests do not override the rights and freedoms of individuals.

Data We Collect and How We Use It

We collect personal data primarily through contact forms, email communications, and interactions related to our services. This may include names, company details, email addresses, phone numbers, and job titles, as well as any information voluntarily provided when requesting our services.

The information we collect is used solely for:

  • Responding to inquiries and partnership requests.

  • Facilitating connections between European suppliers and Ukrainian institutions.

  • Maintaining accurate records of communications and transactions.

  • Fulfilling legal and regulatory obligations, where applicable.

We do not sell or share personal data for marketing purposes with unrelated third parties.

Data Storage and Security Measures

Eurore Build implements strict technical and organizational measures to ensure the security of personal data. These measures include secure servers, encrypted communications, restricted access protocols, regular security audits, and data protection training for employees handling personal information.

All personal data is stored within the European Economic Area (EEA) unless otherwise required for service delivery. If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as the use of Standard Contractual Clauses or equivalent mechanisms approved by the European Commission.

We also maintain a Data Breach Response Plan to ensure that any security incidents are identified, contained, reported, and remediated promptly in line with GDPR requirements.

Data Retention Practices

We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected or as required by law.

  • Business inquiries and communications are retained for a reasonable period to maintain accurate business records.

  • Contract-related data is kept for as long as legally required for auditing, tax, or regulatory compliance.

  • Website analytics data collected via cookies is anonymized and stored for a limited time to evaluate website performance.

Once personal data is no longer needed, it is securely deleted or anonymized to prevent unauthorized access or use.

Third-Party Processors and Data Sharing

Eurore Build may engage trusted third-party service providers for services such as website hosting, IT support, analytics, or secure data storage. These third parties are carefully selected based on their commitment to data protection and are bound by strict contractual obligations to process data securely and in compliance with GDPR.

Personal data may also be shared with public authorities or regulatory bodies if required by law. Beyond these circumstances, no personal data is disclosed to external parties without the explicit consent of the individual concerned.

Your Rights Under GDPR

As an individual whose personal data we process, you have the following rights under GDPR:

  • Right to access: You can request a copy of the personal data we hold about you.

  • Right to rectification: You can request corrections if your data is inaccurate or incomplete.

  • Right to erasure: You can request deletion of your personal data under certain circumstances, such as when it is no longer needed for the original purpose.

  • Right to restrict processing: You can request that we limit the processing of your data in certain cases.

  • Right to object: You can object to processing based on legitimate interests or direct marketing activities.

  • Right to data portability: You can request that we transfer your data to another controller in a structured, commonly used format.

  • Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time.

To exercise these rights, please contact us using the details provided at the end of this statement. We will respond promptly and in accordance with GDPR timelines.

Data Protection Officer (DPO)

While Eurore Build is not currently required by law to appoint a formal Data Protection Officer, we have designated an internal Data Protection Lead responsible for overseeing compliance, handling data protection inquiries, and ensuring adherence to GDPR principles across our operations.

If you have questions about how we handle your personal data or wish to exercise your rights, you can contact our Data Protection Lead using the information provided below.

Training and Awareness

All employees and contractors at Eurore Build handling personal data receive regular training on GDPR principles, data security measures, and privacy best practices. We foster a culture of accountability where data protection is embedded into our processes, systems, and decision-making practices.

Ongoing Compliance and Audits

GDPR compliance is an ongoing commitment. Eurore Build conducts periodic reviews and audits of its data protection practices to ensure they remain effective, up-to-date, and aligned with evolving legal requirements.

Where necessary, we update our policies, implement new security measures, and adjust retention periods to maintain compliance and safeguard personal data.

Updates to This Statement

We may update this Data Protection & GDPR Compliance Statement periodically to reflect changes in legislation, technology, or our business operations. Any updates will be posted on this page with a revised effective date, and significant changes will be communicated to users when appropriate.