Privacy Policy
1. Introduction
This Privacy Policy explains how IT-Flow Cyprus (“we”, “us”, “our”, or “IT-Flow”) processes personal data of individuals who visit our website at https://itflowcy.com/, use our services, or interact with us in any capacity. This policy informs you about your privacy rights and how data protection law protects you.
This Privacy Policy applies to natural persons who are current or potential customers of IT-Flow, website visitors, newsletter subscribers, or anyone who provides personal data to us through any means.
We comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and any applicable local data protection laws.
Effective Date: 1 February 2023
Last Updated: 12 September 2025
2. Who We Are
IT-Flow Cyprus is a leading IT solutions provider specialising in comprehensive technology services for businesses. We provide IT support, cloud solutions, cybersecurity, and digital transformation services to help businesses optimise their technology infrastructure.
Contact Information:
- Company Name: IT-Flow Cyprus
- Website: https://itflowcy.com/
- Email: [email protected]
- Data Protection Officer Email: [email protected]
For all privacy-related inquiries, including requests to exercise your legal rights, please contact our Data Protection Officer at [email protected]
3. The Types of Personal Data We Collect and Process
We may collect, use, store, and transfer the following categories of personal data:
3.1 Contact Information
- First and last names
- Business names and job titles
- Email addresses
- Phone numbers
- Postal addresses
- Company information
3.2 Technical and Usage Data
- IP addresses
- Browser type and version
- Device information
- Operating system
- Pages visited on our website
- Time and date of visits
- Referring websites
- Cookies and similar tracking technologies
3.3 Service-Related Information
- Information provided during IT consultations
- Technical specifications of your systems
- Support ticket details
- Service preferences
- Communication history
3.4 Financial Information
- Payment details
- Billing addresses
- Transaction records
- Invoice information
3.5 Marketing and Communication Data
- Marketing preferences
- Newsletter subscriptions
- Communication preferences
- Event attendance records
3.6 Special Categories of Data
Under exceptional circumstances related to specific IT services, we may process special categories of personal data (such as health data on company devices or biometric data for security systems). Such processing occurs only with explicit consent or when legally required, and appropriate safeguards are implemented.
4. How, Why, and on What Legal Basis We Collect and Process Personal Data
4.1 How We Collect Data
Direct Collection:
- When you contact us through our website, email, or phone
- When you request quotes or consultations
- When you subscribe to our newsletter
- When you engage our services
- When you attend our events or webinars
Automated Collection:
- Through website analytics and cookies
- During IT support sessions (with permission)
- Through system monitoring (for clients)
Third-Party Sources:
- Business partners and referrals
- Public business directories
- Professional networks
4.2 Why We Process Your Data
We process personal data for the following legitimate business purposes:
Service Delivery:
- To provide IT support and consulting services
- To manage client accounts and relationships
- To process payments and billing
- To deliver technical support and maintenance
Business Administration:
- To respond to inquiries and communications
- To manage contracts and agreements
- To conduct business analysis and improvement
- To maintain accurate business records
Marketing and Communication:
- To send service updates and newsletters (with consent)
- To inform you about relevant services and events
- To conduct market research and surveys
Legal and Security:
- To comply with legal obligations
- To protect our business interests and rights
- To prevent fraud and ensure security
- To resolve disputes and enforce agreements
4.3 Legal Basis for Processing
We process your personal data under the following lawful bases:
Contract Performance: When processing is necessary for performing our contract with you or taking steps at your request before entering into a contract.
Legitimate Interests: For our legitimate business interests, including:
- Providing and improving our services
- Direct marketing to existing clients
- Network and information security
- Business development and administration
Legal Obligation: When we must process data to comply with legal requirements.
Consent: For special categories of data, direct marketing to non-clients, and certain cookies (where required).
5. Sharing and Disclosure of Personal Data
We may share your personal data with:
5.1 Service Providers
- Cloud hosting providers
- Payment processors
- IT infrastructure suppliers
- Professional advisors (lawyers, accountants)
- Marketing and communication platforms
5.2 Business Partners
- Technology vendors and suppliers
- Subcontractors providing services on our behalf
- Joint venture partners
5.3 Legal Requirements
- Regulatory authorities and government bodies
- Law enforcement agencies
- Courts and legal proceedings
5.4 Business Transfers
In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the acquiring entity.
All third parties are contractually obligated to protect your data and use it only for specified purposes in accordance with our instructions and applicable data protection laws.
6. International Transfers of Personal Data
Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate data protection as determined by the European Commission
- Standard Contractual Clauses: Using EU-approved standard contractual clauses
- Certification Schemes: Ensuring providers have appropriate certifications
- Your Explicit Consent: When you have specifically agreed to the transfer
For more information about our international transfer safeguards, contact our Data Protection Officer.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
Service Data: For the duration of our business relationship, plus 7 years for financial records
Website Data: Up to 2 years for analytics purposes
Marketing Data: Until you unsubscribe or withdraw consent
Legal Requirements: As required by applicable laws and regulations
We regularly review our data retention practices and securely delete or anonymise data when no longer needed.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Access controls and authentication systems
- Regular security assessments and updates
- Employee training on data protection
- Incident response procedures
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. However, we will notify the Cyprus Commissioner for Personal Data Protection and affected individuals within the timelines required by GDPR: Website: https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument
Address: kypranoros 15, Nicosia 1061 , Cyprus
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
9.1 Right of Access
Request a copy of the personal data we hold about you
9.2 Right to Rectification
Request correction of inaccurate or incomplete data
9.3 Right to Erasure (“Right to be Forgotten”)
Request deletion of your personal data in certain circumstances
9.4 Right to Restrict Processing
Request a limitation of processing in certain situations
9.5 Right to Data Portability
Request the transfer of your data to another organisation
9.6 Right to Object
Object to processing based on legitimate interests or for direct marketing
9.7 Rights Related to Automated Decision-Making
Rights regarding automated decision-making and profiling
To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within one month of receiving your request.
10. Consent and Withdrawal
Where we rely on your consent for processing, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
To withdraw consent for marketing communications, use the unsubscribe link in our emails or contact [email protected].
11. Cookies and Website Technologies
We use cookies and similar technologies to:
- Ensure website functionality
- Analyse website usage
- Remember your preferences
- Provide personalised content
You can control cookie settings through your browser preferences. For detailed information about our cookie usage, please see our Cookie Policy.
12. Children’s Privacy
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.
13. Marketing Communications
We may send you marketing communications if:
- You have consented to receive them
- You are an existing client, and the communications relate to similar services
- We have a legitimate interest in marketing to you
You can opt out of marketing communications at any time by:
- Using unsubscribe links in emails
- Contacting [email protected]
- Updating your preferences in your account
14. Data Protection Officer
We have appointed a Data Protection Officer responsible for overseeing data protection compliance. Contact our DPO for:
- Privacy-related questions
- Exercising your rights
- Data protection complaints
- General data protection inquiries
DPO Contact: [email protected]
15. Complaints and Supervisory Authority
If you believe we have not handled your personal data properly, you can:
- Contact our Data Protection Officer at [email protected]
- Lodge a complaint with the Cyprus Commissioner for Personal Data Protection
- Contact your local supervisory authority if you’re in another EU country
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in our business practices
- Legal or regulatory requirements
- Improvements in our data protection practices
We will notify you of significant changes through:
- Email notifications
- Website announcements
- Updated effective dates
17. Contact Information
For any questions about this Privacy Policy or our data practices:
IT-Flow Cyprus Email: [email protected] Website: https://itflowcy.com/
Data Protection Officer Email: [email protected]
This Privacy Policy was last updated on 12 September 2025 and is effective as of 1 February 2023.