Legal
Privacy Policy
Last updated: 9 May 2026
1. Data Controller
This Privacy Policy explains how JCR Kairos Team Ventures LTD (trading as Kairos Tek) collects, uses, stores, and protects personal data in connection with the website at kairos-tek.com (the "Website") and our professional services.
JCR Kairos Team Ventures LTD is the data controller for the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and the national implementing legislation of the Republic of Cyprus.
JCR Kairos Team Ventures LTD
Registration number: HE 482227
Jurisdiction: Republic of Cyprus (Companies Law, Cap. 113)
Email: info@kairos-tek.com
Website: kairos-tek.com
For all privacy-related enquiries, including requests to exercise your rights, please contact us at info@kairos-tek.com. We do not currently appoint a separate Data Protection Officer (DPO), as we are not required to do so under Article 37 GDPR. All data protection matters are handled directly by the company.
2. Personal Data We Collect
We collect personal data only to the extent necessary for specific, legitimate purposes. The categories of personal data we may collect are:
a) Data you provide directly — contact form and email
- Full name — to address you personally and identify you as a contact.
- Email address — to respond to your enquiry.
- Company name (optional) — to understand the business context of your enquiry.
- Message content — the substance of your enquiry or request.
b) Analytics data — collected automatically with your consent
- Pages visited and navigation paths — to understand how visitors use the Website.
- Approximate geographic location (country/region level, derived from IP address) — Google Analytics anonymises IP addresses before storage.
- Device and browser type — to optimise the Website's presentation.
- Session duration and interaction data — to measure engagement.
Analytics data is collected only after you provide explicit consent via our cookie banner. See Section 5 and our Cookie Policy for full details.
c) Technical data collected automatically
- Cookie consent preference — stored in a browser cookie to remember your choice and avoid showing the banner on every page.
- Server logs — standard web server logs (IP address, request timestamp, HTTP status code) retained for a maximum of 30 days for security and diagnostics. These are not used for profiling.
We do not collect any special categories of personal data (Article 9 GDPR), and we do not use automated individual decision-making or profiling that produces legal or similarly significant effects on you.
3. Purposes and Legal Bases for Processing
The table below sets out each processing activity, its purpose, and the legal basis under Article 6 GDPR on which we rely:
| Activity | Purpose | Legal basis |
|---|---|---|
| Responding to contact form submissions and email enquiries | To communicate with you about your enquiry or potential engagement | Legitimate interests (Art. 6(1)(f)) — responding to business enquiries is in our and your mutual interest |
| Service delivery and project management | To perform the services agreed with you under a contract | Performance of a contract (Art. 6(1)(b)) |
| Website analytics (Google Analytics 4) | To understand how visitors use the Website and improve its content and performance | Consent (Art. 6(1)(a)) — only activated after you accept analytics cookies |
| Cookie consent preference | To store and honour your cookie preferences | Legitimate interests (Art. 6(1)(f)) — necessary to comply with ePrivacy obligations |
| Server log retention | Website security, abuse prevention, and technical diagnostics | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance | To comply with applicable legal and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms, given the limited and non-intrusive nature of the processing involved.
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Contact form and email enquiries — retained for up to 3 years from last contact, to manage ongoing business relationships and for our legitimate interest in defending legal claims. If no service engagement results, we delete the data after 12 months.
- Service delivery records — retained for 7 years following the end of the contractual relationship, to meet accounting, tax, and legal obligations under Cypriot law.
- Analytics data (GA4) — Google Analytics is configured with a data retention period of 14 months. Aggregated, anonymised reporting data may be retained beyond this period.
- Server logs — retained for a maximum of 30 days, then automatically deleted.
- Cookie consent record — stored in your browser; expires as described in the Cookie Policy.
When personal data is no longer required, it is securely deleted or anonymised.
5. Cookies and Tracking Technologies
We use cookies and similar technologies on the Website. Strictly necessary cookies (required for the Website to function) are placed automatically. Analytics cookies (Google Analytics 4) are placed only after you give your explicit consent through our cookie consent banner.
You can withdraw your consent at any time by clicking "Cookie Settings" in the Website footer or by clearing cookies in your browser settings. For a full description of the cookies we use, their purposes, and their expiry periods, please see our Cookie Policy.
6. Sharing Personal Data with Third Parties
We do not sell, rent, or trade your personal data. We may share personal data with the following categories of third parties, strictly to the extent necessary:
- Google LLC (Google Analytics 4) — our analytics provider. Google processes analytics data on our behalf as a data processor under Google's data processing terms. See Section 7 for details on international transfers.
- Hosting and infrastructure providers — our hosting provider processes technical data (including server logs) as a data processor under a data processing agreement.
- Professional advisors — lawyers, accountants, and other professional advisors where required to comply with legal obligations or to defend legal claims, subject to appropriate confidentiality obligations.
- Regulators and public authorities — we may disclose personal data where required to do so by law, court order, or mandatory request from a competent authority.
We do not use any advertising networks, behavioural tracking platforms, or third-party marketing tools on the Website.
7. International Data Transfers
As a Cyprus-based company, our primary operations are within the European Economic Area (EEA). However, our use of Google Analytics 4 involves the transfer of analytics data to Google LLC, which is based in the United States — a country not subject to an EU adequacy decision for general data transfers.
This transfer is safeguarded by the following mechanisms:
- EU Standard Contractual Clauses (SCCs) — Google incorporates the EU SCCs (Commission Implementing Decision (EU) 2021/914) into its data processing terms for Google Analytics, providing an adequate level of protection for personal data transferred outside the EEA.
- IP anonymisation — Google Analytics 4 anonymises IP addresses before any data is stored or processed, reducing the personal identifiability of analytics data.
You can review Google's privacy practices at policies.google.com/privacy and Google's data processing terms at business.safety.google/adsprocessorterms.
We do not make any other transfers of personal data to countries outside the EEA.
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights with respect to your personal data processed by Kairos Tek:
- Right of access (Art. 15) — you have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of the data and information about how it is processed.
- Right to rectification (Art. 16) — you have the right to request correction of inaccurate or incomplete personal data we hold about you.
- Right to erasure (Art. 17) — you have the right to request deletion of your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected, or where you withdraw consent and there is no other legal basis for processing.
- Right to restriction of processing (Art. 18) — you have the right to request that we restrict processing of your data in certain circumstances, for example while we verify a rectification request.
- Right to data portability (Art. 20) — where processing is based on consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to object (Art. 21) — you have the right to object at any time to processing based on our legitimate interests, on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for the establishment, exercise, or defence of legal claims.
- Right to withdraw consent (Art. 7(3)) — where processing is based on your consent (for example, analytics cookies), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You can do so via the cookie settings on the Website or by contacting us.
- Right not to be subject to automated decision-making (Art. 22) — we do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.
9. How to Exercise Your Rights
To exercise any of the rights described in Section 8, please submit your request by email to info@kairos-tek.com with the subject line "Data Subject Request". Please include sufficient information to identify yourself (full name and email address used when contacting us).
We will respond to your request within 30 calendar days of receipt. In complex cases or where we receive a high volume of requests, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reasons for it within the initial 30-day period.
There is no charge for exercising your rights, unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request. We may need to verify your identity before processing your request.
10. Right to Lodge a Complaint with a Supervisory Authority
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. As a Cyprus-registered company, our lead supervisory authority is:
Commissioner for Personal Data Protection (Cyprus)
Iasonos 1, 1082 Nicosia, Cyprus
Telephone: +357 22 818 456
Email: commissioner@dataprotection.gov.cy
Website: dataprotection.gov.cy
If you are located in another EU/EEA member state, you also have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs is available on the European Data Protection Board's website at edpb.europa.eu.
We encourage you to contact us directly first at info@kairos-tek.com, as we aim to resolve all privacy concerns promptly.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- Encryption of data in transit via HTTPS (TLS).
- Access controls limiting who within our team can access personal data.
- Use of reputable, GDPR-compliant third-party service providers under data processing agreements.
- Regular review of security practices as the company grows.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware, and will notify affected individuals without undue delay where required by Article 34 GDPR.
12. Children's Privacy
Our Website and services are directed at businesses and professional individuals aged 18 and over. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected such data, please contact us at info@kairos-tek.com and we will delete it promptly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing activities, applicable law, or best practices. When we make material changes, we will update the "Last updated" date at the top of this page. The current version is always available at kairos-tek.com/legal/privacy-policy.
We encourage you to review this page periodically. Where changes are significant and involve new ways of processing your personal data, we will seek fresh consent where required by law.
14. Contact
For any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us:
JCR Kairos Team Ventures LTD (trading as Kairos Tek)
Email: info@kairos-tek.com
Website: kairos-tek.com