Last revised on May 26, 2025
In this Privacy Policy we explain how we process personal data when we provide our services and when you navigate through our website, as well as when you communicate with us by phone, e-mail, social media and otherwise.
This Privacy Policy describes policies and practices regarding our collection and use of Your personal data, as well as sets forth your privacy rights. We recognize that personal data protection is an ongoing responsibility, and we may from time to time update this Privacy Policy, as we undertake new personal data processing practices.
Please take your time to carefully read this Privacy Policy and, if you have any questions, please feel free to contact us.
1. DEFINITIONS
The following terms are defined as follows in this Privacy Policy:
- We / Controller – Afftegrix Ltd, a private limited liability company duly incorporated and existing under the laws of the Republic of Cyprus, with registration number HE 459201, and having its registered office at 3 Arachovis Street, 3096 Limassol, Cyprus, e-mail: [email protected].
- You – visitors of our Website and the employees, contact persons, board members or authorized persons of our Partners.
- Partner – our Partners using the Services provided by us.
- Services– services we offer and provide to our Partners.
- Agreement– the agreement on the provision of Services concluded between us and the Partner.
- Website– the website accessible at https://afftegrix.com.
2. ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
We process your data specified in this Privacy Policy on these legal grounds:
- for fulfilment of legal obligations and requirements of legal acts applicable to us (Article 6(1)(c) of the GDPR);
- for pursuing our legitimate interests and those of third parties (Article 6(1)(f) of the GDPR);
- for acting in accordance with your consent (Article 6(1)(a) of the GDPR).
In the scope and under the conditions set by applicable legislation, one or several of the above-mentioned legal grounds may apply to processing of the same of your personal data.
3. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES DO WE USE THEM?
3.1. Conclusion an Agreement with the Partner and provision of Services to a Partner
In order for us to conclude agreements with our Partners and to provide our Services to our Partners, we process personal data of our Partners’ employees, contact persons, board members or authorized persons.
| Conclusion an Agreement with the Partner and provision of Services to a Partner | |
| Data categories | During the process of signing the Agreement, as well during the process of providing our Services, we collect the following data (required information may vary, depending on how you decide to sign the document):
· First name, surname; · Identity number; · Contact information (telephone number, e-mail); · Company name; · Position; · Data related to communication with you; · Other information necessary to sign the Agreement or to provide our services. |
| Legal grounds for data processing | Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR) in the following areas:
Our legitimate interest to contact employees of our Partners during the process of providing our Services. |
| Duration of data processing
|
During the term of the validity of our Agreement with the relevant Partner and 5 (five) years after the termination of the Agreement. |
| Section 6 of the Privacy Policy lists cases and conditions where personal data of yours can be stored or otherwise processed for a longer period of time. | |
3.2. Marketing on social media
We may maintain official accounts or profiles on one or more third-party social media platforms, which may include, without limitation, Facebook, LinkedIn, Instagram, or similar services.
If you are interested in our Services and follow our profiles on social media, we collect and process the data we obtain directly from your social media account, so that we can manage our social media accounts.
| Marketing in social media
|
|
| Data categories | Name, surname, gender, country, photograph, information about communication in the Account (“like”, “follow”, “comment”, “share”, etc.), notifications sent, information on notifications (message receipt time, message content, message attachments, correspondence history, etc.), comments, reactions to published entries, sharing, information on participation in events and/or games organized by us. |
| Legal grounds for data processing | Our legitimate interest in managing our social media profiles (Article 6(1)(f) of the GDPR), Facebook Insights, etc. |
| Duration of data processing | Personal data used for this purpose shall be stored as long as you are registered on a specific social network. |
| Section 6 of the Privacy Policy lists cases and conditions where this personal data of yours can be stored or otherwise processed for a longer period of time. | |
3.3. Protection of our property and legal interests
We process your personal data in order to protect our property and interests and those of our Partners and other persons, collect evidence of, as well as to administer, manage and recover damages inflicted on us and our property.
| Protection of our property and legal interests | |
| Data categories
|
· Information on the damage inflicted, including the debt amount, date, history, other related information;
· All other relevant personal data specified in this Privacy Policy. |
| Legal grounds for data processing | Our legitimate interest (Article 6(1)(f) of the GDPR):
|
| Duration of data processing | During the term of the validity of our Agreement with the relevant Partner and 5 (five) years after the termination of the Agreement. |
| Section 6 of the Privacy Policy lists cases and conditions where this personal data of yours can be stored or otherwise processed for a longer period of time. | |
3.4. Website administration, support, improvement
When you visit and browse our Website, for the purpose of collecting statistical data and improving the quality of Services and visitor experience, we process the following data:
| Website administration, support, improvement | |
| Data categories
|
IP address, MAC address, date of visit, duration of visit, pages visited, devices and applications used for web browsing, etc. |
| Legal grounds for data processing | Your consent (Article 6(1)(a) of the GDPR).
Our legitimate interest to analyze data in order to administer, improve the Website operation, improve our activities and create value both for you as a customer and for our business (Article 6(1)(f) of the GDPR). |
| Duration of data processing | See the Cookie Policy. |
Cookies are used on the Website. More information on cookies used on the Website can be found in our Cookie Policy.
3.5. Providing customer service – inquiries, requests, complaints
If you contact us by writing (by e-mail or otherwise), we will store the fact of you contacting us and the information provided, including personal data, so that we can properly examine your request and/or respond to your question, request or complaint.
If you contact our customer service center by phone, we will write down the information you provide, including personal data, so that we can properly examine your request and/or respond to your inquiry.
| Customer service – inquiries, requests, complaints | |
| Data categories
|
The telephone number you are calling from or the e-mail address, other information pertaining to your inquiry, including, but not limited to, first name, surname, technical details of the call (date, duration, etc.); history of calls; complaint, request, inquiry text, description of the circumstances of the complaint or another inquiry, documents supporting the complaint, request, inquiry, other information provided to us. |
| Legal grounds for data processing | Our legitimate interest to provide customer service (Article 6(1)(f) of the GDPR). |
| Duration of data processing | Complaints, claims, written requests related to the performance our Services and/or which may be related to disputes, shall be stored throughout the entire effective term of the Agreement and no longer than for 5 (five) years after its expiry, unless longer periods specified below apply. |
| Section 6 of the Privacy Policy lists cases and conditions where this personal data of yours can be stored or otherwise processed for a longer period of time. | |
3.6. Recruitment
We process your personal data if you have applied for one of the announced vacancies, or if you have sent your CV outside the competition, or if your contact information for feedback has been submitted by an applicant for a vacant position.
| Recruitment | |
| Data categories
|
· Contact details of candidates (name, surname, address, telephone number, e-mail address);
· Information included in candidates’ CVs (education, work experience, skills); · Information contained in the candidates’ cover letter; · Information provided during the interview. |
| Legal grounds for data processing | Our legitimate interest to recruit employees (Article 6(1)(f) of the GDPR). |
| Duration of data processing | 2 (two) years after the end of the recruitment process for the relevant vacancy. |
| Section 6 of the Privacy Policy lists cases and conditions where this personal data of yours can be stored or otherwise processed for a longer period of time. | |
3.7. Provision of promotional activities
We may share or transfer Your personal data with third-party affiliate networks and strategic business partners.
| Customer service – inquiries, requests, complaints | |
| Data categories | E-mail. |
| Legal grounds for data processing | The legal basis for processing your personal data in this context is your explicit consent to the processing of your data, as required for your participation in third-party promotions (Article 6(1)(a) of the GDPR). By providing your consent, you authorize us to share your data with third-party partners in relation to the promotional activities. |
| Duration of data processing | Your personal data, collected for the purposes outlined above, will be retained as long as you remain registered with the relevant third-party platforms. |
| Should your data need to be retained for longer periods, this will be done in accordance with the specific conditions outlined in Section 6 of this Privacy Policy, which details the circumstances under which your personal data may be stored or further processed beyond the regular retention period. | |
4. FROM WHAT SOURCES DO WE OBTAIN YOUR DATA?
You
We receive some of your personal data from you, while we cooperate with you during the provision of Services to our Partners.
Our Partners
We obtain certain personal data about you from our Partners. This includes information regarding your name, surname, role at the Partner’s company and other information necessary to conclude an Agreement with the Partner and to provide our Services to the Partner.
Please note that our Partners process your personal data in line with their own privacy policies.
From your use of the Website
We also collect data about you based on your actions, for example, we collect data about how and when you use our Website. This can include information such as mouse clicks/taps, mouse movements, page scrolling and text entered into forms which we collect through software which monitors how customer uses or Website. This helps us to monitor the service we provide to you, to design improvements to our products and services (including changes to our Website), to personalize our marketing communications.
To simplify the sign-up procedure a separate process, such as i) Facebook connect, or ii) Google sign-in be used as a source for obtaining private data. If such a process is used, once the authorization of access and the necessary information is provided by you upon sign up, personal data (registration and contact data) will be automatically fed to your profile from the third-party source to facilitate your registration. Such data is used as further specified in this Privacy Policy.
5. DO WE SHARE YOUR DATA WITH OTHERS?
Partners
During the Provision of Services, we may share some personal data with the relevant Partner for whom you work or who you represent.
Service providers
In order to provide our services, we rely on various service providers (e.g. providers of server hosting, data centers, cloud computing, audit, accounting, legal, tax advisory services, administration of damages, and other services).
Our data processors we use are usually located in the Member States of the European Union or store data entrusted to them by us in the European Union. However, when we manage our social media accounts, we receive and provide data to social network platform operators (e.g. LinkedIn, Facebook, Instagram), which also operate outside the European Union, e.g. in the USA. We closely follow the practices of data protection supervisory authorities and guidelines on the transfer of data outside the European Union, and we diligently consider conditions under which data are transferred and may be subsequently processed and stored after the transfer outside the European Union.
Third parties
If necessary and legally justified, we also provide your data to separate data controllers, namely to the competent authorities, institutions, organizations, also other data controllers who are entitled to receive information in line with the applicable legislation and/or our legitimate interests or based on your consent. Please see below a non-exhaustive list of examples of such situations:
- We have the right and the obligation to transfer information to the competent authorities (pre-trial investigation bodies, etc.) for the purposes of prevention of fraud, offence and crime prevention and investigation;
- We provide data to service providers that are separate controllers of your data (partners whose offers you have agreed to receive, etc.).
Strategic Business Partners
We may also share your personal information with our strategic business partners, including those who collaborate with us to provide joint services, promotional campaigns, or co-branded offerings. These partners may use your data in connection with delivering services or promotions relevant to your interactions with our platform.
6. HOW LONG DO WE STORE YOUR PERSONAL DATA?
Personal data specified in this Privacy Policy shall be stored and otherwise processed for no longer than the period specified in Section 3 of this Privacy Policy for each relevant data category and for no longer than necessary to achieve the purposes for which the data were collected.
In those cases when the data storage period is not indicated in this Privacy Policy, your data will be stored no longer than necessary for achievement of the purposes, for which the data were collected, or for a period set by applicable data protection laws.
After the end of your data processing and storage period set in this Privacy Policy, we destroy your data or anonymize them irreversibly and reliably as soon as possible, within a period reasonably necessary for the performance of such an action.
If different processing or storage periods can be applied to the same data category for different purposes in accordance with this Privacy Policy, the longest of the applicable periods shall apply.
Your personal data can be stored for a period longer than indicated in this Privacy Policy only when:
- Your data is necessary for the proper administration of damages (for example, you have caused damage to us or other persons), examination and settlement of a dispute, complaint, the protection of our legitimate interests or those of third parties;
- That is necessary in order that we could defend ourselves from existing or threatening demands, claims or legal actions and exercise our rights;
- There are reasonable suspicions of violations, illegal activities, which are or may be a subject to investigation;
- This is necessary for ensuring the functioning, resilience, integrity of backup copies, information systems, traceability of operations, statistical and other similar purposes;
- There are other grounds provided for in applicable data protection laws.
7. YOUR RIGHTS
You, as a data subject, have certain rights under the GDPR, including the right:
- To request access to your personal data and get a copy thereof;
- To request rectification or restriction of inaccurate or incomplete personal data;
- To request deletion or restriction of personal data which are excessive or unlawfully processed;
- To object to the processing of your personal data;
- To request transfer of your personal data provided in a structured, machine-readable format;
- To withdraw your consent at any time if data processing is based on the data subject’s consent (withdrawal of the data subject’s consent shall not affect lawfulness of data processing before the withdrawal of the consent);
- To file a complaint with the Data State Inspectorate of Your country, however, we would recommend contacting us first and we will try to resolve all your concerns together with you.
How can you contact us to exercise your rights?
You can submit your request for the exercise of your rights to us in the following ways:
- Sending a request by e-mail at [email protected].
7.1. The right to access data processed and the right to obtain a copy of personal data
Should you wish to obtain a copy of your personal data, contact us at [email protected].
7.2. Right to rectify personal data
You have the right to obtain from us the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Accordingly, if any of the personal data you have provided to us has changed, or if you believe that such data is inaccurate or incomplete, you may request that we rectify or complete such information. Such requests may be submitted by contacting us at [email protected].
7.3. Right to withdraw consent
When we process your data on the basis of your consent, you have the right to withdraw your consent at any time and data processing based on your consent will stop. Such requests may be submitted by contacting us at [email protected].
7.4. Right to object to data processing, when processing is based on legitimate interests
You have the right to object to personal data processing, when personal data is processed based on our legitimate interests. Such requests may be submitted by contacting us at [email protected].
7.5. Right to erasure (right to be forgotten)
When there are certain circumstances indicated in the legislation on personal data protection (e.g. when the basis for data processing has disappeared, etc.), you have the right to request that we erase your personal data. In order to exercise this right, please contact us.
If you provide us with the request to erase all or some of your data and express your wish “to be forgotten”, we will no longer process those data of yours which will no longer be necessary for the purposes for which they were collected or otherwise processed. After you have exercised the right “to be forgotten”, your personal data will be further processed for the following main purposes and on the following main grounds (the list is non-exhaustive):
- For the purposes of meeting accounting, tax requirements, personal data will be further processed according to Article 6(1)(c) of the GDPR (data processing is necessary to fulfil the legal obligation imposed on the data controller);
- In order to manage clients’ complaints and other requests and inquiries, personal data will be processed according to Article 6(1)(b) of the GDPR (it is necessary to process data in order to fulfil the contract, a party to which the data subject is);
- In case of disputes, administration of damages, in order to pursue our other legal claims and protect our rights, data will be further processed according to Article 6(1)(f) of the GDPR (data processing is necessary in pursuance of legitimate interests of the data controller or a third party).
7.6. Right to restriction of data processing
You have the right to request the restriction of the processing of your personal data in certain circumstances, including but not limited to the following:
- Where you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of such data;
- Where the processing is unlawful and you oppose the erasure of the data and instead request the restriction of its use;
- Where we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defense of legal claims;
- Where you have objected to processing based on our legitimate interests, pending the verification of whether our compelling legitimate grounds override your rights.
During the period in which processing is restricted, we may continue to store your personal data but shall not otherwise process it without your consent, unless required for legal claims, the protection of rights of another natural or legal person, or for reasons of important public interest.
Please note that, due to the nature of certain Services, we may be unable to provide full or uninterrupted functionality during any period in which data processing is restricted.
Such requests may be submitted by contacting us at [email protected].
7.7. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit such data to another controller, where technically feasible, without hindrance from us, provided that:
- The processing is based on your consent or on a contract; and
- The processing is carried out by automated means.
This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
To exercise your right to data portability, please contact us at [email protected] and specify the data you wish to receive or transfer. We will process your request in accordance with applicable data protection laws and respond within the timeframe provided in the GDPR.
7.8. Right to lodge a complaint
If you believe that the processing of your personal data by us violates applicable data protection laws, we encourage you to contact us first at [email protected] so that we may have the opportunity to address your concerns in good faith. We are committed to resolving any issues, responding to your requests, and rectifying any errors without undue delay.
Notwithstanding the foregoing, if you are not satisfied with our response, or if you believe that we have failed to take appropriate action in accordance with applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority in your jurisdiction.
A list of supervisory authorities within the European Economic Area, along with their contact details, is available at: https://edpb.europa.eu/about-edpb/board/members_en
8. HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA?
We use appropriate organizational and technical personal data security measures, including protection against unauthorized or unlawful processing of data and against accidental loss, destruction or damage. Such measures have been selected taking into account the risks that may arise for your rights and freedoms as those of a data subject.
We regularly monitor our systems for possible breaches or attacks, but it is not possible to guarantee full security of information transmitted online. With this in mind, you provide us with information by using the internet connection at your sole discretion and assuming any associated risks.
9. YOU CAN CONTACT US AS FOLLOWS:
📧 Email: [email protected]
📍 Afftegrix Ltd, 3 Arachovis Street, 3096 Limassol, Cyprus