Privacy Policy
Effective Date: April 14, 2025
Last Updated: 18 June 2026
1. Introduction
Oneeven Investment Office (“1even”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal data when you visit our website located at www.1even.com (the “Website”), communicate with us, submit inquiries, or otherwise interact with our services.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), applicable data protection laws, and this Privacy Policy.
Please read this Privacy Policy carefully to understand how we handle your personal data.
2. Data Controller
For the purposes of the GDPR, the data controller responsible for processing your personal data is:
Bladetron LTD
Trading as: 1even Investment Office
Address: Kypranoros, 13 EVI BUILDING, 2nd floor, Flat/Office 201, 1061, Nicosia, Cyprus
Email: info@1even.com
Company Registration Number: HE449012
Data Protection Contact: privacy@1even.com
If you have any questions regarding this Privacy Policy or our processing of your personal data, please contact us using the details above.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identity Data
- First name
- Last name
- Middle name (where applicable)
3.2 Contact and Communication Data
- Email address
- Telephone number
- LinkedIn profile
- Skype username
- Other communication details voluntarily provided by you
3.3 Website Usage and Technical Data
When you access the Website, we may automatically collect:
- IP address
- Browser type and version
- Device information
- Operating system
- Referring website
- Date and time of access
- Usage information and interaction with the Website
3.4 Correspondence Data
Records of communications, inquiries, requests, meetings, and other interactions between you and us.
3.5 Identification and AML/KYC Data
Where you enter into, or seek to enter into, a business or investment relationship with us, or where we are otherwise subject to applicable anti-money laundering, counter-terrorist financing, and “know-your-customer” (“AML/KYC”) requirements, we may also collect and process:
- Identification document details (e.g. passport or national ID number, date and place of birth, nationality);
- Proof of address and contact verification information;
- Tax residence and tax identification information;
- Information on source of funds and source of wealth;
- Politically exposed person (PEP), sanctions, and adverse-media screening results;
- Bank account and payment information relevant to the relationship.
This data is processed in order to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR), including applicable Cyprus anti-money laundering legislation. Provision of this data is a statutory and/or contractual requirement; if it is not provided, we may be unable to establish or continue a business or investment relationship with you.
3.6 Job Application Data
Where you apply for a vacancy published on our Website, we may collect:
- Contact information;
- CVs and resumes;
- Employment history;
- Educational background;
- Qualifications and certifications;
- References;
- Interview notes;
- Any information voluntarily provided by you
4. How We Collect Personal Data
We collect personal data through:
4.1 Direct Interactions
You may provide personal data when:
- Completing contact forms;
- Submitting investment-related inquiries;
- Communicating through email;
- Using website chat or messaging functionality;
- Requesting information about our services.
4.2 Automated Technologies
We may automatically collect certain technical and usage information through cookies, server logs, and similar technologies.
Further information is available in our Cookie Policy.
4.3 Business Communications
We may receive personal data through professional interactions, referrals, introductions, networking activities, and publicly available professional sources.
4.4 Personal Data Obtained from Third Parties
Where we obtain your personal data from sources other than you directly — such as referrals, introductions, mutual contacts, or publicly available professional sources (for example, professional networking platforms or business registries) — the data we collect typically consists of the Identity Data and Contact Data described above.
In accordance with Article 14 GDPR, where we obtain your personal data indirectly we will, within a reasonable period and at the latest within one month, inform you of the source of the data, the categories of data concerned, and the purposes of processing, unless an exemption applies (for example, where the provision of such information proves impossible or would involve disproportionate effort, or where you already have the information).
5. Purposes and Legal Bases for Processing
We process personal data only where we have a lawful basis under Article 6 GDPR.
Responding to inquiries and requests
Categories of data: Identity, Contact Data
Legal basis: Legitimate Interests (Art. 6(1)(f))
Providing information about our services
Categories of data: Identity, Contact Data
Legal basis: Legitimate Interests (Art. 6(1)(f))
Managing business relationships
Categories of data: Identity, Contact, Correspondence Data
Legal basis: Legitimate Interests (Art. 6(1)(f))
Performance of contractual obligations
Categories of data: Relevant personal data
Legal basis: Contract (Art. 6(1)(b))
Compliance with legal obligations
Categories of data: Relevant personal data
Legal basis: Legal Obligation (Art. 6(1)(c))
Website administration and security
Categories of data: Technical Data
Legal basis: Legitimate Interests (Art. 6(1)(f))
Analytics and website improvement
Categories of data: Technical Data, Cookies
Legal basis: Consent (Art. 6(1)(a)) for non-essential cookies; Legitimate Interests (Art. 6(1)(f)) for strictly necessary, aggregated analytics
Marketing communications
Categories of data: Contact Data
Legal basis: Consent (Art. 6(1)(a)) or Legitimate Interests where permitted
AML/KYC, sanctions screening, fraud prevention, and regulatory compliance
Categories of data: Identity, Contact, Identification & AML/KYC Data
Legal basis: Legal Obligation (Art. 6(1)(c)); Legitimate Interests (Art. 6(1)(f)) for fraud prevention
Reviewing job applications
Categories of data: Applicant Data
Legal basis: Consent (Art. 6(1)(a)) or Legitimate Interests where permitted
6. Legitimate Interests
Where we rely on legitimate interests as a legal basis, such interests include:
- Operating and improving our Website;
- Responding to inquiries and communications;
- Managing business and investment relationships;
- Protecting our legal rights and interests;
- Preventing fraud, abuse, and unauthorized access;
- Maintaining information security;
- Supporting internal administration and business operations.
We carefully assess and balance our legitimate interests against your rights and freedoms before relying on this legal basis.
7. Job Applications
Where you apply for a position advertised on our Website, we may collect and process personal data contained in your application.
Such data may include:
- your name and contact details;
- CVs and resumes;
- employment history;
- educational background;
- qualifications and certifications;
- references;
- interview notes;
- any information voluntarily provided by you during the application process.
We process applicant information for the purposes of:
- reviewing and assessing applications;
- evaluating candidates for available positions;
- arranging and conducting interviews;
- communicating with applicants;
- making hiring decisions;
- complying with employment-related legal obligations.
The legal bases for such processing are:
- taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR);
- our legitimate interests in managing recruitment and hiring activities (Article 6(1)(f) GDPR);
- compliance with legal obligations where applicable (Article 6(1)(c) GDPR).
We collect applicant information directly from candidates through the application forms available on our Website.
Please do not provide special categories of personal data (including health information, racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic data, biometric data, sexual orientation, or other sensitive information) unless specifically requested or required by applicable law.
If your application is unsuccessful, we may retain your information for up to 12 months following completion of the recruitment process for the purpose of considering you for future opportunities, unless you request earlier deletion or applicable law requires a different retention period.
If your application is successful, relevant information may become part of your employment record and will thereafter be processed in accordance with our internal employee privacy practices.
8. Disclosure and Sharing of Personal Data
We may share personal data with:
8.1 Service Providers
Third-party providers supporting our operations, including:
- Cloud hosting providers;
- IT and cybersecurity providers;
- Website hosting providers;
- Email and communication providers;
- CRM providers;
- Professional advisors.
8.2 Legal and Regulatory Authorities
We may disclose personal data where required by:
- Applicable laws;
- Regulatory obligations;
- Court orders;
- Requests from competent governmental authorities.
8.3 Business Transactions
Personal data may be disclosed as part of mergers, acquisitions, restructuring, financing transactions, or similar corporate activities, subject to appropriate confidentiality protections.
We do not sell personal data.
9. International Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (“EEA”).
Where such transfers occur, we ensure that appropriate safeguards are implemented, including:
- European Commission Standard Contractual Clauses (SCCs);
- Adequacy Decisions issued by the European Commission;
- Other lawful transfer mechanisms recognized under GDPR.
You may request additional information regarding such safeguards by contacting us.
Where we transfer personal data outside the EEA on the basis of Standard Contractual Clauses, we also assess, on a case-by-case basis, the laws and practices of the destination country and, where necessary, implement supplementary technical, contractual, and organisational measures so that your personal data continues to receive a level of protection essentially equivalent to that guaranteed within the EEA.
10. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.
Typical retention periods include:
Contact form inquiries — Up to 24 months
Business correspondence — Up to 5 years
Contractual records — Duration of relationship plus applicable statutory period
Website logs — Up to 12 months
Marketing records — Until consent withdrawal or unsubscribe
Identification and AML/KYC records — At least 5 years following the end of the business relationship, or longer where required by applicable AML legislation
Job applications — Up to 12 months following completion of the recruitment process
Longer retention periods may apply where required by law, regulatory requirements, dispute resolution needs, or the establishment, exercise, or defense of legal claims.
Upon expiration of applicable retention periods, personal data will be securely deleted, anonymized, or otherwise disposed of.
11. Security Measures
We implement appropriate technical and organizational measures designed to protect personal data, including:
- Encryption in transit;
- Access controls and authentication procedures;
- Secure hosting infrastructure;
- Monitoring and logging systems;
- Data minimization practices;
- Confidentiality obligations for personnel and service providers.
While we strive to protect personal data, no transmission or storage method can be guaranteed as completely secure.
12. Your Rights Under GDPR
Subject to applicable law, you have the right to:
- Be informed about the processing of your personal data;
- Access your personal data;
- Correct inaccurate personal data;
- Complete incomplete personal data;
- Request deletion of personal data (“Right to be Forgotten”);
- Restrict processing;
- Object to processing;
- Withdraw consent at any time where processing is based on consent;
- Receive your personal data in a portable format;
- Request transfer of personal data to another controller where technically feasible;
- Object to direct marketing;
- Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
13. Exercising Your Rights
You may exercise your rights by contacting us at:
info@1even.com
We may request information necessary to verify your identity before responding to your request.
We generally respond within one month of receiving a valid request, although this period may be extended where permitted by law.
These rights are not absolute and are subject to the conditions and exemptions provided under the GDPR and applicable law. For example, we may decline a request for erasure or restriction of processing where we are required to retain the personal data in order to comply with a legal or regulatory obligation (including anti-money laundering record-keeping), or where the personal data is necessary for the establishment, exercise, or defence of legal claims.
Where a request is manifestly unfounded or excessive, in particular because of its repetitive character, we may either charge a reasonable fee taking into account the administrative costs of responding, or refuse to act on the request, as permitted by Article 12(5) GDPR.
14. Right to Lodge a Complaint
If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority in your country of residence, place of work, or location of the alleged infringement.
We encourage you to contact us first so that we may attempt to resolve your concerns.
15. Cookies and Similar Technologies
Our Website may use cookies and similar technologies to:
- Ensure proper website functionality;
- Improve user experience;
- Analyze Website performance;
- Understand visitor behavior.
Where required by law, non-essential cookies will only be used after obtaining your consent.
Further details are available in our Cookie Policy.
16. Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
17. Children’s Privacy
Our Website and services are not directed to individuals under the age of 16.
We do not knowingly collect personal data from children.
If we become aware that personal data of a child has been collected without appropriate authorization, we will take steps to delete such information.
18. Third-Party Websites
The Website may contain links to third-party websites, services, or applications.
We are not responsible for the privacy practices or content of third-party websites. We encourage you to review their privacy policies before providing any personal information.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
Any changes will be published on this page together with the updated effective date.
Where required by law, we will provide additional notice regarding material changes.
20. Governing Law and Jurisdiction
This Privacy Policy and any matter arising out of or relating to it are governed by the laws of the Republic of Cyprus. Any disputes shall be subject to the jurisdiction of the competent courts of Cyprus. This does not deprive you of any mandatory protection available to you under the GDPR or under the law of your country of residence, including your right to lodge a complaint with a supervisory authority.
21. Accuracy of Data and Third-Party Information
You are responsible for ensuring that the personal data you provide to us is accurate, complete, and up to date, and for notifying us of any changes. Where you provide us with personal data relating to other individuals (for example, colleagues, representatives, beneficial owners, or referrals), you confirm that you are entitled to provide such data and that you have informed those individuals of the processing described in this Privacy Policy.
22. Severability and Waiver
If any provision of this Privacy Policy is held to be invalid, unlawful, or unenforceable, that provision shall be severed and the remaining provisions shall continue in full force and effect. Our failure or delay in enforcing any provision of this Privacy Policy shall not constitute a waiver of that or any other provision.
23. Contact Us
For any questions regarding this Privacy Policy or our handling of personal data, please contact:
Oneeven Investment Office
Email: info@1even.com
Last Updated: 18 June 2026