Privacy Policy

Last updated: January 1, 2024

Effective date: January 1, 2024

1. Introduction

Cyprus ORM Agency ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws in Cyprus and the European Union.

2. Information We Collect

2.1 Personal Data You Provide

We collect personal data that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, company name
• Business Information: Company details, industry, business size
• Service Preferences: Interested plans, specific requirements
• Communication Data: Messages, inquiries, feedback

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information, including:

• Technical Data: IP address, browser type, operating system, device information
• Usage Data: Pages visited, time spent on pages, click patterns
• Cookies: Small text files stored on your device (see Cookie Policy below)

2.3 Third-Party Sources

We may receive information about you from third-party sources, such as:

• Social media platforms (if you interact with our social media accounts)
• Business directories and professional networks
• Public records and databases

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Provision

• To provide our online reputation management services
• To communicate with you about our services
• To process payments and manage billing
• To provide customer support and respond to inquiries

3.2 Business Operations

• To improve our services and develop new features
• To conduct market research and analysis
• To ensure website security and prevent fraud
• To comply with legal obligations

3.3 Marketing and Communication

• To send you relevant marketing communications (with your consent)
• To provide updates about our services
• To share industry insights and educational content

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our contractual obligations when you engage our services
• Legitimate Interest: To improve our services, ensure security, and conduct business operations
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your personal data with the following parties:

5.1 Service Providers

• Formspree (for contact form processing)
• Payment processors (for billing)
• Cloud hosting providers
• Analytics and marketing tools (with consent)

5.2 Legal Requirements

We may disclose your information if required by law or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Active Clients: For the duration of our service relationship plus 7 years for legal compliance
• Prospects: 2 years from last contact (unless you request deletion)
• Website Visitors: Analytics data retained for 26 months
• Marketing Data: Until you withdraw consent or unsubscribe

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

7.1 Access and Information

• Right to access your personal data
• Right to information about how we process your data

7.2 Correction and Completion

• Right to correct inaccurate data
• Right to complete incomplete data

7.3 Erasure

• Right to request deletion of your personal data ("right to be forgotten")

7.4 Restriction and Portability

• Right to restrict processing
• Right to data portability

7.5 Objection and Withdrawal

• Right to object to processing
• Right to withdraw consent

7.6 Automated Decision Making

• Right not to be subject to automated decision-making

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

9. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure such transfers comply with GDPR requirements through:

• Adequacy decisions by the European Commission
• Standard contractual clauses
• Other appropriate safeguards

10. Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our use of cookies, please see our Cookie Policy below.

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification (for active clients)
• Updating the "Last updated" date at the top of this policy

13. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

You also have the right to lodge a complaint with the Cyprus Data Protection Commissioner if you believe we have not addressed your concerns adequately.