GDPR & Privacy Policy


Privacy & Data Protection Policy

(Effective date: 01.05.2024, Version: 1.0.1)

1. Introduction

This Privacy & Data Protection Policy explains how Bullconcept Smart Solutions Ltd. (“Bullconcept”, “we”, “our” or “us”) collects, uses, stores and protects your personal data when you visit our website https://bullconcept.com, interact with us online or offline, or use our services.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the relevant national legislation in Cyprus.

If you have any questions, you can contact us at:

  • Data Controller: Bullconcept Smart Solutions Ltd.
  • Registered office: 26, A. Mavrokordatou Str., CY-3116 Agia Fyla, Limassol - Cyprus.
  • Email for privacy matters: privacy@bullconcept.com
  • Telephone: +357 25 250222
  • Data Protection Officer (DPO): Mr. Michael P. Tanczos


2. Definitions

For the purposes of this Policy:

  • Personal Data” means any information relating to an identified or identifiable natural person.
  • Processing” means any operation performed on personal data (collection, storage, use, disclosure, etc.).
  • Controller” means the person or entity that determines the purposes and means of the processing.
  • Processor” means a person or entity processing personal data on behalf of the controller.


3. Categories of Personal Data We Process

We collect and process the following categories of personal data:

Category

Examples

Source

Identification & Contact

Full name, postal address, email, phone number

Provided by you via forms, email, phone

Customer Relationship

Billing information, order history, payment data (excluding full card numbers)

Provided by you / generated during service

Technical / Usage Data

IP address, browser type, device identifiers, log files, cookie IDs

Automatically collected when using our website

Communications

Messages sent via contact forms, email correspondence, support tickets

Provided by you

Marketing Preferences

Newsletter subscriptions, opt-in/opt-out choices

Provided by you

We do not knowingly collect data of children under the age of 18 without parental consent.


4. Purposes of Processing & Legal Bases

We will only process personal data where we have a lawful basis under GDPR. The main purposes and legal bases are:

Purpose

Legal basis under GDPR

To respond to enquiries and provide quotations

Contract (Art. 6 (1)(b)) or pre-contractual steps

To provide and deliver ordered products or services

Contract (Art. 6 (1)(b))

To manage invoicing, accounting, and legal obligations

Legal obligation (Art. 6 (1)(c))

To communicate service updates or important notices

Legitimate interest (Art. 6 (1)(f)) or legal obligation

To send marketing emails or newsletters

Consent (Art. 6 (1)(a)) – you may withdraw at any time

To maintain website security and prevent fraud

Legitimate interest (Art. 6 (1)(f))

To comply with lawful requests by authorities

Legal obligation (Art. 6 (1)(c))

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.


5. Cookies & Tracking Technologies

We use cookies and similar technologies on our website. For full details see our Cookie Policy.
We will not set non-essential cookies (analytics, marketing) without your prior consent via our cookie banner.

Category

Purpose

Examples

Retention

Strictly necessary

Essential for site operation

Session cookie

Session

Preferences

Store language or site preferences

Language cookie

Session

Analytics

Understand site traffic

Google Analytics

Session

Marketing

Track ads and remarketing

Facebook Pixel

Session

You can change or withdraw your cookie consent at any time via the banner or your browser settings.


6. Disclosure to Third Parties & International Transfers

We will only share your data with trusted service providers (“processors”) under written agreements that require them to handle your data securely and only under our instructions.

Typical recipients include:

  • IT hosting & support providers
  • Payment service providers
  • Accounting / bookkeeping partners
  • Delivery and courier services
  • Email marketing platform (if subscribed)
  • Hard / Software Manufacturers (e.g., warranty / licensing purposes)

If we transfer personal data to countries outside the European Economic Area (EEA), we will ensure appropriate safeguards, such as:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs)


7. Retention of Data

We retain personal data only as long as necessary for the purposes described, and as required by applicable law (e.g., tax/accounting).

Data type

Typical retention period

Customer account and order records

7 years after end of contract to meet tax law

Enquiries and correspondence

12 months after last contact

Marketing list (email)

Until you unsubscribe or withdraw consent

Technical logs

12 months

CCTV footage (if any)

30 days

When retention periods expire, we securely delete or anonymize data.


8. Your Rights

Under GDPR you have the following rights (subject to legal limits):

  • Right of access to your data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to object to processing (including direct marketing or were based on legitimate interest)
  • Right to data portability (for data provided by you and processed by automated means)
  • Right to withdraw consent at any time
  • Right to lodge a complaint with the supervisory authority:
    Office of the Commissioner for Personal Data Protection, Cyprus
    Website: https://www.dataprotection.gov.cy
    Tel: +357 22 818 456

To exercise your rights, contact us at privacy@bullconcept.com.


9. Security of Your Data

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit and at rest where feasible
  • Access control and authentication for staff
  • Regular backups and secure storage
  • Staff confidentiality and data protection training


10. Automated Decision-Making & Profiling

We do not use personal data for automated decision-making that produces legal or similarly significant effects on you.


11. Children

Our services are not directed at individuals under the age of 18 and we do not knowingly collect data from them. If we learn that we have collected data of a child without appropriate consent, we will delete it promptly.


12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.


13. Changes to This Policy

We may update this Policy from time to time to reflect changes in law or our practices.
We will indicate the effective date and, where significant changes are made, we will notify you via our website or by email if appropriate.


14. Contact

For any questions or to exercise your rights under this Policy, please contact:

  • Bullconcept Smart Solutions Ltd.
  • Email: privacy@bullconcept.com
  • Address: 26, A. Mavrokordatou Str., CY-3116 Agia Fyla, Limassol - Cyprus.
  • Phone: +357 25 250 222