Privacy Notice
How B-ENDY SOFTWARE LTD collects, uses, retains and protects your personal data, and the rights you have under the GDPR and Cyprus law.
I. Introduction
This Privacy Notice details the methodologies by which our company (collectively referred to as "we," "us," "our," or B-ENDY SOFTWARE LTD) gathers, processes, and discloses data concerning individuals who engage with us or reach out via the Website or alternative communication channels. We commit substantial resources to ensuring the robust security of your personally identifiable information and its appropriate utilization.
This Privacy Notice exclusively governs the processing of Personal Data of customers and visitors collected by B-ENDY SOFTWARE LTD through the Website and other channels expressly stated herein. It does not govern data exchanged directly between your browser and external service providers.
Before using the Website, please read this Privacy Notice ("Notice") completely. Your provision of data signifies your agreement; if you do not assent to the terms outlined here, please refrain from sharing your information with us.
II. Operations Governed by this Privacy Notice
This Privacy Notice governs data processing associated with the following core operations conducted by B-ENDY SOFTWARE LTD:
- Operation of Digital Infrastructure: Administration, maintenance, and security of the B-ENDY SOFTWARE LTD online domain (the "Website"), including managing traffic, ensuring stability, and deploying core services.
- Marketing and Customer Acquisition: Handling inquiries and data submissions received via the contact forms on the Website, as well as the distribution of the B-ENDY SOFTWARE LTD electronic newsletter and other data-driven marketing communications.
- Client and Partnership Management: Communication, service delivery, and strategic business dealings with the company's customers, vendors, and other collaborative associates.
III. Defining "Personal Data" and the Scope of "Processing"
For our purposes, "Personal Data" or "Personal Information" refers to any data point concerning an individual who is directly identifiable from the information provided, or indirectly identifiable when that information is combined with other data sources.
"Processing" is an umbrella term covering every operation performed on personal data, such as gathering, documenting, organization, storage, adapting, retrieving, reviewing, utilizing, sharing, combining, restricting, erasing, or destroying data.
How we acquire your Personal Data
Typically, you voluntarily share your data with us through direct interactions when you:
- Access our website(s) or services.
- Submit an application for our services.
- Engage with any of the services we offer.
- Subscribe to receive marketing materials, such as our email newsletters.
- Provide feedback or contact our team.
IV. Our Function and Identity
Throughout this Privacy Notice, "B-ENDY SOFTWARE LTD", "we," "us," and "our" exclusively denote B-ENDY SOFTWARE LTD, a limited liability entity formally established under the laws of Cyprus.
B-ENDY SOFTWARE LTD
Registration number: ΗΕ 482937
1-7 Makarios III Street, MITSI 3, 3rd Floor, Apartment/Office 302, Nicosia, 1065, Nicosia, Cyprus
Email: hello@b-endy.com
Depending on the context, when you interact with our Website or communicate via Social Media platforms (such as Twitter, LinkedIn, or Facebook), we may function as a data controller, a joint data controller, or a data processor concerning the collected personal data.
A data controller determines the objectives and methodologies for processing personal data. A joint data controller involves two or more entities that collaboratively decide on the purpose and means of processing — for instance, regarding your Social Media Data: when you contact us via Social Media, we are a controller solely for (i) the information you submit to us and (ii) the statistical data provided by the channel, while the platform operates as an independent controller for all other handling. A data processor handles personal data strictly on behalf of and according to the instructions of a controller.
V. Guiding Principles
Our commitment is to uphold the most rigorous standards of data protection whenever we process your Personal Data. All of our data handling activities are shaped by the following core principles:
| Principle | Description |
|---|---|
| Lawfulness, equity & clarity | We handle your Personal Data in a legal manner, grounded in a clear and valid objective, and keep you fully aware of our processing via this Notice. |
| Goal restriction | Your data is acquired for defined, unambiguous, and rightful goals and is not further processed in ways that deviate from those purposes without your explicit consent, unless authorized by law. |
| Data efficiency | We only collect and process Personal Data that is appropriate, pertinent, and strictly proportional to the intended purposes, and do not store it longer than necessary. |
| Data integrity | We make every effort to keep your data precise, comprehensive, and current. You may seek correction of inaccurate or incomplete information. |
| Integrity & security | We employ suitable technical and organizational measures to guarantee the security and confidentiality of your Personal Data. |
| Accountability | We assume full responsibility for our processing procedures, document our activities, and conduct regular compliance reviews. |
| Legal grounds for handling | Processing is always justified by one or more lawful criteria, such as consent, performance of a contract, legal duties, or legitimate interests. |
| Exercising data rights | We respect the rights you possess as a data subject and provide mechanisms to exercise them effectively. |
| International transfer safeguards | Where we transfer your data outside the EEA, we implement sufficient protective measures as mandated by applicable law. |
VI. Categories and Intentions of Personal Data Processing
We will only handle your personal data to deliver the services you request, to meet the legal duties arising from providing those services, and to fulfil our legitimate business interests as defined in Article 6 of the GDPR for individuals in the European Economic Area. Core objectives include:
- Risk management & compliance — AML, counter-terrorism, sanction and fraud-prevention checks; detecting and preventing financial crime; meeting legal and regulatory requirements; resolving complaints.
- Service delivery — processing and providing our services, registering accounts and contacting you by phone or email.
- Financial administration — overseeing, collecting and transferring payments, fees and related charges.
- Internal oversight & analysis — maintaining accurate records and analysing how clients use our products and services.
- Market insight & growth — studying customer behaviour to inform marketing strategy and support business expansion.
- Security & administration — managing and protecting our website(s) and services, including network security and fraud prevention.
- Marketing & content delivery, service enhancement, and any additional purpose for which you grant explicit consent.
Your information will never be sold, traded, or otherwise transferred to any external entity without your permission, except for the specific aim of fulfilling requested services and enhancing those services. The categories of personal data we process are:
| Category | Examples | Description / Comments |
|---|---|---|
| Analytical & usage data | IP address; interactions with the Website (button clicks, data input); device type, browser, operating system | Certain data is gathered automatically as you browse, using tools like Google Analytics. Google compiles aggregated reports that prevent us from identifying any single individual. |
| Contact information | Name / nickname; email address; phone number; any additional information you supply | Typically gathered via the contact form on the Website. The decision regarding which data to disclose rests entirely with you. |
| Subscription data | Email address | If you contact us via the contact form, we may use the indicated email for our marketing and newsletter purposes. |
| Social media data | Nicknames, names and/or photos; messages, comments and other communications; data provided to us by the platform | You may contact us via Twitter, LinkedIn or Facebook. Statistical information is generally provided in anonymized form. Please refer to the privacy policies of the respective platform. |
| Contract data | Full name; contact details; position in company; passport data; other data required by law | Required to enter into a contract to provide you with services. Note that an email such as info@company.net is not personal data. |
| Recruitment data | Full name; email; phone; professional experience; previous position; resume, skills, education, languages, expected salary, etc. In case of employment: passport data, TIN | Needed to understand whether you meet the requirements of our vacancy. Where employment follows, certain information is required by law. |
| Feedback data | Name; position; photo | If you choose to tell others your impression of us, you can send us feedback and we will publish it on our Website. |
VII. Retention Period for Personal Data
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. To determine the appropriate period we consider the volume, nature and sensitivity of the data, the potential risk of harm, the purposes of processing, and applicable legal requirements.
| Category | Retention period | Explanation |
|---|---|---|
| Analytical & statistical data | Up to 2 years | Specific timelines are determined by Google based on its settings. |
| Contact data | 2 years after the last communication | Unless otherwise mandated by relevant legislation. |
| Subscription data | While you remain a subscriber | Processed only until you opt out of marketing and newsletter emails. |
| Social media data | No specific period for aggregated statistics; communications deleted 2 years after last contact | Personal data you submit is retained until you or the platform initiates its deletion. |
| Contract data | 2 years after termination of the contractual relationship | Related to our obligations under law, such as accounting, auditing and taxation. |
| Recruitment data | Employment: duration of work plus 1 year after dismissal. Refusal: 6 months (absent objection) | Used only to the extent necessary to assess your application or fulfil legal obligations. |
| Feedback data | As long as your feedback remains on our Website | Processed only until you opt out via our contact details. |
VIII. Your Rights Regarding Personal Data
Pursuant to the applicable legislation, you possess specific entitlements concerning the personal information we maintain about you. To ensure the secure exercise of your rights, we may need to request supplementary information to confirm your identity.
| Right | Description |
|---|---|
| Right to review data | Request a copy of the personal data we hold about you, including the justification for processing, the types of data involved, recipients, and retention duration. |
| Right to correction | Request that we promptly correct or update information that is incorrect or incomplete. |
| Right to deletion ("right to be forgotten") | Request erasure of your data under specific conditions, e.g. when it is no longer necessary or you withdraw consent and no other legitimate grounds exist. |
| Right to limit processing | Request temporary restriction of processing under defined situations, e.g. if you challenge the data's accuracy. |
| Right to data portability | Receive the data you supplied in a standardized, machine-readable format and transfer it to another controller, where technically feasible. |
| Right to object | Object to processing based on our legitimate interests; we will stop unless we establish compelling overriding grounds. |
| Right to withdraw consent | Withdraw previously granted consent at any time, without affecting the lawfulness of processing before withdrawal. |
| Right to file a complaint | Submit a complaint to the appropriate supervisory authority if you believe your rights have been infringed. |
Office of the Commissioner for Personal Data Protection
P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456 · Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy · dataprotection.gov.cy
To activate any of these rights, please reach out using the contact details in Section IV. We commit to responding without undue delay and in full compliance with the applicable legislation. In certain situations we may be unable to satisfy your request due to specific legal requirements or exemptions.
IX. Data Retention Policy
We will maintain your personal data only for the period during which it is necessary to fulfil the stated purpose or as legally required, which may surpass the conclusion of our formal relationship with you. We reserve the right to preserve certain records where essential for preventing fraud or future misuse, or to meet valid business objectives such as analysing anonymized aggregated data, facilitating account recovery, or where mandated by law. For the purpose of meeting our legal or regulatory duties, you grant us permission to retain records throughout the duration of our business relationship with you and for an additional period of two (2) years after that relationship is terminated.
X. Modifications to Our Privacy Notice
This Privacy Notice may be updated or amended by us occasionally, a change that will be reflected by adjusting the revision date found at the top of this page. We will notify you of any material changes by sending an email notification to the address registered in your profile. Your failure to accept a newly published edition obligates you to immediately discontinue the use of both the website and our services.
XI. Contact Us
If you have any questions or concerns regarding the provisions of this Privacy Notice, kindly contact us using the following details:
Address: 1-7 Makarios III Street, MITSI 3, 3rd Floor, Apartment/Office 302, Nicosia, 1065, Nicosia, Cyprus
Email: hello@b-endy.com