Last updated: March 18, 2026
This Privacy Policy ("Policy") is issued by Xylarion Digital Solutions Ltd, a company duly incorporated and registered under the laws of the Republic of Cyprus (the "Company", "we", "us", or "our"). This Policy governs the collection, processing, storage, and use of personal data in connection with the website located at www.xylarion.com (the "Website") and the digital marketing services offered by the Company.
This Policy is issued in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the "General Data Protection Regulation" or "GDPR"), as well as applicable Cypriot data protection legislation, including the Processing of Personal Data (Protection of Individuals) Law of 2018 (Law 125(I)/2018) (the "Cyprus DPA Law").
By accessing or using the Website, you acknowledge that you have read, understood, and agree to the terms set out in this Policy.
The Data Controller responsible for the processing of your personal data is:
Registered address: 123 Makarios III Avenue, Office 401, 3030 Limassol, Republic of Cyprus
Email: [email protected]
Telephone: +357 25 123 456
Website: www.xylarion.com
If you have any questions or concerns regarding this Policy or the processing of your personal data, you may contact us using the details set out above.
We collect and process the following categories of personal data, depending on the nature of your interaction with us:
Identification data: first name, last name, company name
Contact data: email address, telephone number
Communication data: the content of messages you send us through the Website contact form, including the description of your project, goals, and timeline
Service preference data: the type of service you are interested in
Technical data: IP address, browser type and version, operating system, device type
Usage data: pages visited, time spent on pages, referring URLs, click-through paths
Cookie data: identifiers stored in cookies and similar tracking technologies (see Section 8 below)
Business contact information from professional networking platforms or referral partners
Advertising and analytics data from integrated third-party platforms (e.g., Google Ads, Meta, LinkedIn) in the context of campaign management services
We process your personal data only where we have a lawful basis to do so under Article 6 of the GDPR. The applicable legal bases and corresponding purposes are set out below:
To respond to your enquiries and assess the feasibility of providing the requested services
To prepare and negotiate service proposals and agreements
To deliver contracted digital marketing, advertising, SEO, web development, and analytics services
To manage billing, invoicing, and payment processing
To operate and improve the functionality and security of the Website
To conduct internal business analytics and performance reporting
To carry out direct marketing communications to existing clients regarding related services (subject to your right to object)
To detect, prevent, and investigate fraud, security incidents, or misuse of our services
To exercise or defend legal claims
To comply with tax, accounting, anti-money laundering, and other regulatory obligations applicable in Cyprus and the EU
To respond to lawful requests from competent supervisory or judicial authorities
To place non-essential cookies and similar tracking technologies on your device (see Section 8)
To send newsletters or promotional communications where you have expressly opted in
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply:
Contact and enquiry data: up to 2 years from the date of last contact, unless a contractual relationship ensues
Contractual and business data (including invoices and payment records): 7 years from the end of the financial year to which they relate, in accordance with Cypriot tax and accounting law
Website usage and technical data: up to 13 months from collection, subject to cookie consent settings
Marketing communications opt-in data: until consent is withdrawn or you opt out
Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in a manner that prevents re-identification.
We do not sell, rent, or otherwise transfer your personal data to third parties for their own independent marketing purposes. We may, however, share your data with the following categories of recipients in the course of our legitimate business operations:
We engage third-party processors who act under our instruction and are bound by appropriate data processing agreements in accordance with Article 28 GDPR. These include:
Cloud hosting and infrastructure providers
Email and communication service providers
Website analytics providers (e.g., Google Analytics)
CRM and project management platforms
Payment processing providers
Digital advertising platforms (e.g., Google LLC, Meta Platforms Ireland Ltd, LinkedIn Ireland Unlimited Company), in the context of managing client campaigns
Lawyers, accountants, auditors, and insurers, subject to professional confidentiality obligations.
Regulatory, supervisory, or law enforcement authorities, where required by applicable law or pursuant to a legally binding order.
Some of our third-party service providers are located outside the European Economic Area ("EEA"). Where we transfer personal data to countries that have not been recognised by the European Commission as providing an adequate level of data protection, we rely on one or more of the following safeguards:
Standard Contractual Clauses (SCCs) adopted or approved by the European Commission
An adequacy decision of the European Commission in respect of the recipient country
Other appropriate safeguards pursuant to Chapter V of the GDPR
You may request further information about international transfers and the applicable safeguards by contacting us at [email protected].
Under the GDPR and applicable Cypriot data protection law, you have the following rights in respect of your personal data:
Right of access (Art. 15 GDPR): to obtain confirmation as to whether we process your personal data and, if so, to receive a copy thereof
Right to rectification (Art. 16 GDPR): to request correction of inaccurate or incomplete personal data
Right to erasure / 'right to be forgotten' (Art. 17 GDPR): to request deletion of your personal data, subject to applicable legal obligations and legitimate interests
Right to restriction of processing (Art. 18 GDPR): to request that we temporarily limit the processing of your personal data in certain circumstances
Right to data portability (Art. 20 GDPR): to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller
Right to object (Art. 21 GDPR): to object to processing based on legitimate interests or direct marketing
Right to withdraw consent (Art. 7(3) GDPR): where processing is based on consent, to withdraw that consent at any time
Right not to be subject to solely automated decision-making (Art. 22 GDPR): we do not currently make decisions about you based solely on automated processing that produce legal or similarly significant effects
To exercise any of the above rights, please submit a written request to [email protected]. We will respond within one calendar month of receipt, which may be extended by a further two months in cases of complexity or high volume of requests, subject to notifying you of such extension.
You also have the right to lodge a complaint with the competent supervisory authority. In Cyprus, this is the Commissioner for Personal Data Protection, reachable at:
Address: Iasonos 1, 1082 Nicosia, Republic of Cyprus
Telephone: +357 22 818 456
Website: www.dataprotection.gov.cy
Our Website uses cookies and similar tracking technologies to enhance user experience, analyse traffic, and support our marketing and advertising activities. The following categories of cookies are used:
These cookies are essential for the functioning of the Website. They do not require your consent and cannot be disabled. They are used for purposes such as session management and security.
These cookies allow us to measure traffic and analyse how visitors use the Website, enabling us to improve its structure and content. These cookies are placed only with your prior consent.
These cookies are used to deliver advertising relevant to your interests and to track the effectiveness of advertising campaigns run through platforms such as Google Ads and Meta Ads. They are placed only with your prior consent.
You may manage or withdraw your consent to non-essential cookies at any time through our cookie consent banner or by adjusting your browser settings. For full details, please refer to our Cookie Policy at www.xylarion.com/cookie-policy.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as required by Article 32 of the GDPR. Such measures include, without limitation, encryption of data in transit, access controls, regular security assessments, and staff training on data protection obligations.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the Commissioner for Personal Data Protection within 72 hours of becoming aware of such breach, and will notify affected data subjects where required by applicable law.
The Website may contain hyperlinks to third-party websites. This Policy does not apply to such external websites, and we are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party websites you visit.
Our Website and services are directed exclusively at individuals aged 18 years and above, and we do not knowingly collect personal data from minors. If you believe that we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will take appropriate steps to delete such data.
We reserve the right to update or amend this Policy at any time to reflect changes in applicable law, our data processing practices, or the services we offer. The current version of this Policy will always be available on the Website, with the effective date indicated at the top of the document.
Where changes are material, we will notify you by posting a prominent notice on the Website or by sending a direct communication to the email address we hold for you, prior to the change becoming effective.
This Policy is governed by and shall be construed in accordance with the laws of the Republic of Cyprus and the directly applicable provisions of EU data protection law, including the GDPR. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts of Limassol, Cyprus.
If you have any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us:
Email: [email protected]
Telephone: +357 25 123 456
Address: 123 Makarios III Avenue, Office 401, 3030 Limassol, Cyprus
Working hours: Monday to Friday, 09:00 – 18:00 EET