Last Updated: 18 February 2026

For the purpose of compliance with the obligations provided for by the EU Regulation 2016/679 (“General Data Protection Regulation” or “GDPR”), we are required to inform you about the collection and processing of your personal data.

Below is a description of the purposes for which your data will be used, your rights as a data subject, and the information necessary to provide explicit consent where required.

1. The Data Controller

The Data Controller for the FutureStory platform is AcrossLimits Ltd (Malta). Pursuant to Article 4 of the Regulation, AcrossLimits Ltd, with registered offices at 2nd Floor, Tower Business Centre, Tower Street, Swatar, Birkirkara, BKR 4013, Malta, in the person of the Legal Representative, Angele Giuliano, is the Data Controller of your personal data.

• Controller E-mail: [email protected]

• Data Protection Officer (DPO): Emanuele Pristerà, Head – IT and Digital Media Development Department

• DPO E-mail: [email protected]

   

2. Types of Personal Data Collected

To provide our services, we collect the following personal data:

• User First Name and Last Name

• User E-mail Address

• User Country and Company Address

• User Company Name

• Company Pitch Deck and Company Logo (where appropriate)

• Billing and administrative information necessary for invoicing (Note: Credit card details for standard packages are processed securely by Stripe and are not stored on our servers).

3. Purpose of Data Processing

Personal data will be collected and processed exclusively for the following purposes:

• Registering the individual and managing their account on the FutureStory platform.

• Facilitating the matchmaking services between investors and companies seeking investment.

• Managing administrative positions, including the purchase of membership packages, invoicing, contract execution, and collections.

• Contacting you regarding initiatives, events, and communications associated with FutureStory.

• Helping us improve technical assistance, customer care, our services, and content.

• Performing aggregate statistical analysis and statistic interpolation on an anonymous basis.

• Managing complaints and disputes, recovering debts, and preventing fraud and illegal activities.

• Exercising the rights and protecting the legitimate interests of the Data Controller or third parties (for example, the right of defence in court).

• Fulfilling legal obligations, laws, regulations, community regulations, orders, and prescriptions of the competent authorities.

• Sending commercial communications to the email address you provided (you may opt-out at any time by clicking the unsubscribe link in our emails).

4. Legal Basis of Processing

The processing of personal data will be carried out on one or more of the following legal bases:

• Performance of a Contract: To process your package purchase, execute agreements, and provide the services you have requested.

• Explicit Consent: For specific marketing communications or where strictly required by law.

• Compliance with a Legal Obligation: To which the Data Controller is subject (e.g., tax and accounting laws).

• Legitimate Interests: Pursued by the Data Controller or by a third party (e.g., fraud prevention, service improvement).

5. With Whom Data Will Be Shared (Data Processors)

We do not sell your personal data. To provide our services, your data may be shared with strictly vetted internal staff and third-party service providers acting as Data Processors, including:

• Internal & Joint Venture Entities: AcrossLimits Ltd., Grey Matter Ltd., employees assigned to the FutureStory joint venture, or any legal entity that may replace the joint venture.

• Arkafort: Our designated server and hosting provider located in Malta, where the Website and its data are securely stored.

• Stripe: Our third-party payment gateway used to process secure transactions for standard membership packages.

• DocuSign: Our third-party electronic signature provider used to securely execute formal membership contracts.

The updated list of our Data Processors is available at the offices of the Data Controller and upon request.

6. Duration of Data Storage and Security

The data collected will be stored for a period no longer than necessary for the purposes for which they were collected or subsequently processed (e.g., for the duration of your membership and to comply with legal/tax retention requirements).

• Storage Location: Data is securely stored on servers provided by Arkafort in Malta.

• Security Measures: Every time you use our services, the Data Controller and our third-party processors adopt appropriate technical and organisational security measures to prevent unauthorised access, disclosure, modification, or destruction of your data, pursuant to the GDPR.

• Removal: Data can be removed following a specific, valid request by the User to the Data Controller, provided there are no superseding legal obligations to retain it.

7. Rights of the Data Subject

Under the GDPR, you have the right to:

• Access your data.

• Have your data amended (rectification) or deleted (erasure/right to be forgotten).

• Have the processing of your data halted or restricted.

• Withdraw your consent at any time (this will not affect the lawfulness of processing based on consent before its withdrawal) by sending an email to [email protected].

8. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with the Maltese data supervisory authority if they consider that the processing of personal data relating to them infringes the GDPR.

• Authority: Information and Data Protection Commissioner (IDPC) Malta

• Email: [email protected]

---