Privacy Policy

1. Introduction

1.1. NCDC COMMUNICATIONS LTD («NCDC COMMUNICATIONS », «we», «us», or «our») provides services in the field of electronic communications for individuals. We take the privacy of your Personal Data seriously and are committed to protecting it in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Cyprus national data protection legislation.

1.2. This Privacy Policy applies to NCDC COMMUNICATIONS LTD, including all affiliated products, APIs and platform under our management.

1.3. This Policy explains what Personal Data we collect about you, under what circumstances we collect it, how we use and safeguard it, and with whom we may share it. It also outlines your choices and applicable rights concerning your Personal Data that is in our possession or under our control.

1.4. We may amend this Privacy Policy at any time. Any updates will become effective upon posting to this site, as indicated by the «Effective Date». Your continued use of NCDC COMMUNICATIONS’s website, services, or applications after such changes will constitute your acceptance of the updated policy. In the event of material changes, we will notify you either via email (sent to the address specified in your account) or by a prominent notice on our site prior to the change taking effect.

1.5. This Privacy Policy does not apply to websites owned or operated by third parties, even if they are linked from our platforms. We do not control or have access to those websites. When visiting third-party sites, we encourage you to review their privacy policies to understand how your Personal Data may be collected and processed.

1.6. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (www.dataprotection.gov.cy), or with the relevant supervisory authority in your EU Member State of residence or employment.

2. Definitions

2.1. To ensure clarity in the understanding of your rights and our obligations in relation to your Personal Data, the following definitions shall apply throughout this Privacy Policy:

2.1.1. Applicable Law — all applicable laws, regulations, and binding industry standards governing the collection, use, processing, and protection of Personal Data by NCDC COMMUNICATIONS LTD, including the General Data Protection Regulation (EU) 2016/679 (GDPR), the Law 125(I)/2018 of the Republic of Cyprus, and other relevant data protection laws.

2.1.2. Personal Data — any information relating to an identified or identifiable natural person (Data Subject), such as full name, surname, postal address, tax identification number (TIN), email address, and bank account details.

2.1.3. Special Categories of Personal Data / Sensitive Personal Data — Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation, or data relating to criminal convictions and offenses; collected only when legally required or with explicit consent.

2.1.4. Data Controller — a natural person or legal entity determining the purposes and means of the processing of Personal Data; NCDC COMMUNICATIONS LTD acts as a Data Controller for the Personal Data of its employees, website users.

2.1.5. Data Processor — a natural person or legal entity processing Personal Data on behalf of a Data Controller. NCDC COMMUNICATIONS LTD acts as a Data Processor when providing services to clients who define the purposes and means of such processing.

2.1.6. Data Protection Authority — the independent public authority responsible for enforcing data protection laws and regulations; in Cyprus, this is the Office of the Commissioner for Personal Data Protection.

3. Categories of Personal Data Collected and Purposes of Processing

3.1. The categories of Personal Data that NCDC COMMUNICATIONS LTD may collect, process, and store depend on the nature of your interaction with us and the specific services we provide. Such data may include, but is not limited to:

• Full name and surname – for identification, authentication, and contractual purposes.
• Postal address – for the issuance of invoices, correspondence, and the delivery of relevant services.
• Tax Identification Number (TIN) – for compliance with applicable tax, financial, and regulatory obligations.
• Email address – for service-related communication, notifications, and correspondence.
• Phone number – for service-related communication, technical support, and customer assistance.
• Bank account details – for the execution and management of financial transactions, including payments and refunds related to our services.

3.2. Your Personal Data will be processed lawfully, fairly, and transparently, in accordance with this Privacy Policy and any applicable privacy notices provided in relation to specific services. The main purposes for processing include:

• Managing our business relationship with you, including service delivery, system implementation, account management, invoicing, and customer support.
• Responding to inquiries and communications, including support requests, feedback, or other interactions through our website or communication channels.
• Providing service-related updates and information, where legally permitted and based on your consent where required.
• Improving and maintaining our platforms and services, including internal analysis, product enhancement, troubleshooting, and ensuring system security and operational continuity.
• Complying with legal and regulatory obligations, including tax reporting, anti-fraud measures, anti-money laundering (AML), and data security requirements.

NCDC COMMUNICATIONS LTD processes Personal Data only to the extent necessary for these purposes and strictly in line with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Law 125(I)/2018 of the Republic of Cyprus, and other applicable data protection laws.

3.3. We do not sell, lease, or otherwise disclose your Personal Data to third parties for their independent marketing purposes. Any disclosure of Personal Data is strictly limited to what is necessary for the provision of our services or to meet legal obligations, and subject to appropriate safeguards.

4. How We Protect Your Personal Data

4.1. The protection of your Personal Data is of utmost importance to NCDC COMMUNICATIONS LTD. We implement appropriate technical and organizational security measures designed to ensure a level of protection commensurate with the risks associated with the processing of such data, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Law 125(I)/2018 of the Republic of Cyprus. These measures are aimed at safeguarding Personal Data against unauthorized access, accidental or unlawful destruction, alteration, disclosure, or misuse. They may include, but are not limited to, encryption technologies, secure servers, access controls, internal audit procedures, employee training, and physical protection of our IT infrastructure.

4.2. Access to Personal Data is strictly limited to employees, who require such access for legitimate business purposes and are bound by contractual confidentiality obligations and/or professional secrecy requirements.

4.3. We regularly assess and update our data protection and security measures in response to technological developments, emerging threats, and regulatory requirements. When appropriate, we may engage independent security audits and certifications to validate our practices and controls.

4.4. In the event of a Personal Data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority (Office of the Commissioner for Personal Data Protection in Cyprus) and, where required, inform affected data subjects without undue delay, unless the disclosure is postponed based on a lawful request by a competent authority.

5. How Long We Retain Your Personal Data

5.1. NCDC COMMUNICATIONS LTD retains Personal Data only for as long as is necessary to fulfill the purposes for which it was originally collected. These purposes may include the provision of services, compliance with legal and regulatory obligations, maintenance of business and financial records, risk management, and the resolution of potential disputes.

5.2. The applicable retention period depends on the type of data involved, the legal or contractual obligations in place, and the context in which the data is processed. Once the data is no longer required for the stated purposes, we will securely erase, anonymize, or return it to the data subject or controller, as appropriate.

5.3. All retention and deletion practices are carried out in accordance with the General Data Protection Regulation (GDPR), Law 125(I)/2018 of the Republic of Cyprus, and our internal data governance policies. These measures ensure that Personal Data is managed responsibly and remains protected throughout its lifecycle.

6. Legal Basis for Processing

6.1. We process Personal Data in accordance with the legal bases provided under Regulation (EU) 2016/679 (GDPR) and Cypriot Law 125(I)/2018. Depending on the context, we may rely on one or more of the following legal grounds:

• Performance of a contract: when the processing is necessary for the performance of a contract to which you or your organization is a party, or in order to take steps at your request prior to entering into such a contract.
• Compliance with legal obligations: when the processing is necessary to comply with legal obligations under applicable EU or national laws, including but not limited to tax regulations, anti-fraud requirements, and accounting rules.
• Legitimate interests: when the processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your fundamental rights and freedoms. These may include business operations, service improvement, information security, and fraud prevention.
• Consent: where required by law or where no other legal basis is applicable, we will seek your prior, informed, and explicit consent for processing. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7. Sharing of Personal Data

7.1. We do not sell, rent, or otherwise commercially distribute your Personal Data to third parties. However, in the course of our business activities and strictly in line with applicable data protection laws, we may share your Personal Data with the following categories of recipients:

• Third-party service providers, acting on our behalf and under our instructions, for the provision of services such as data hosting, IT support, analytics, payment processing, communications, or other operational functions. These parties are contractually bound by confidentiality and data protection obligations consistent with GDPR requirements.
• Clients or business partners, when such disclosure is necessary for the delivery of our services, and only within the scope of valid contractual relationships and applicable legal obligations.
• Public authorities or regulatory bodies, including the Office of the Commissioner for Personal Data Protection in Cyprus, where required by applicable law, court order, or regulatory obligation, or where necessary to defend our legal rights or comply with legal duties.
• Legal, tax, and professional advisors, such as auditors, external consultants, or legal representatives, to the extent necessary for legal compliance, dispute resolution, audits, or corporate governance matters.

7.2. Whenever we share Personal Data, we implement appropriate technical, organizational, and contractual safeguards to protect your information. These safeguards include Data Processing Agreements (DPAs) with service providers in accordance with Articles 28 and 32 of the GDPR, ensuring confidentiality, integrity, and availability of the data shared.

8. Your Rights Under Applicable Data Protection Law

8.1. In accordance with the GDPR and Cypriot Law 125(I)/2018, you have the following rights in respect of your Personal Data:

• Right of access – to obtain confirmation as to whether we process your data and access to that data.
• Right to rectification – to request correction of inaccurate or incomplete personal data.
• Right to erasure – to request the deletion of your data under certain conditions (“right to be forgotten”).
• Right to restriction of processing – to limit the way we use your data under specific circumstances.
• Right to data portability – to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller, where applicable.
• Right to object – to object to the processing of your data based on our legitimate interests, including profiling.
• Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint – you may file a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (https://www.dataprotection.gov.cy) if you believe your rights have been violated.

8.2. To exercise any of these rights, you may contact us using the details provided in Section 11 of this Policy. We will respond in accordance with applicable legal requirements and within the timeframes set by law.

9. Use of Cookies and Similar Technologies

9.1. Our website uses cookies and similar tracking technologies to improve your user experience, analyze website traffic, remember your preferences, and enable the functionality of certain services.

9.2. Cookies are small text files that are placed on your device when you visit a website. Depending on their function, we may use the following categories of cookies:

• Strictly Necessary Cookies – These cookies are essential for the proper functioning of our website and enable core features such as security, network management, and accessibility. These cannot be disabled.
• Performance and Analytics Cookies – These cookies help us understand how visitors interact with our website by collecting anonymous information, allowing us to improve site performance and user experience.
• Functionality Cookies – These cookies allow our website to remember choices you make (such as your language preference or login details), providing a more personalized experience.
• Marketing and Third-Party Cookies – These cookies may be set by us or by third parties to deliver personalized content, measure the effectiveness of marketing campaigns, or track user behavior across websites. These cookies are used only with your explicit consent.

9.3. You have the option to accept, reject, or customize your cookie preferences when you first visit our website through the cookie banner or consent management tool. You can also manage or disable cookies at any time through your browser settings.

9.4. Except for strictly necessary cookies, no cookies will be placed on the user’s device unless and until explicit consent has been provided via the cookie banner.

9.5. You may withdraw or modify your cookie consent at any time by clicking the “Cookie Settings” link available on our website.

9.6. Cookies are stored for different periods depending on their purpose and may be session-based or persistent.

9.7. The legal basis for the use of strictly necessary cookies is our legitimate interest in ensuring the proper operation of the website (Article 6(1)(f) GDPR). The legal basis for all other cookies is your consent (Article 6(1)(a) GDPR).

10. Contact Information

10.1. For any questions or requests:

10.2.If you are located in the European Economic Area and believe that your rights have not been respected, you may also contact the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus: https://www.dataprotection.gov.cy. In addition, you may consider contacting the data protection authority in your own EU member state. A full list of national data protection authorities within the EU is available at the European Data Protection Board website: https://edpb.europa.eu/about-edpb/board/members_en.