I CAN SHOP logo

COMPLETE PRIVACY NOTICE AND DATA PROTECTION POLICY

ICan School Merchandise Store – Final Version

Data Controller: ICANSCHOOL LTD

Effective Date: 17.11.2025

1. INTRODUCTION AND OUR COMMITMENT

At ICANSCHOOL LTD ("we," "us," "our," "ICAN," or "the Company"), we understand that your privacy is important to you and that you care about how your personal data is used and protected.

We are committed to protecting your personal data and respecting your privacy rights. This Privacy Notice explains:

  • How we collect your personal data
  • How we use and process your personal data
  • How we protect your personal data
  • Your rights regarding your personal data
  • How you can contact us about your data
  • Our strict policy regarding customers under 18 years of age

We will only collect and use your personal data in ways that are:

  • Described in this Privacy Notice
  • Consistent with our legal obligations under applicable law
  • Compliant with the General Data Protection Regulation (GDPR) – EU Regulation No. 2016/679
  • Compliant with Cyprus Law on the Protection of Natural Persons with regard to the Processing of Personal Data – Law 125(I)/2018
  • Respectful of your fundamental rights and freedoms

Acceptance: By using our Website, Services, or placing an order with ICan Shop, you acknowledge that you have read and understood this Privacy Notice. Your continued use constitutes your acceptance of the terms herein. If you do not agree to this Privacy Notice, please do not use our Website or Services.

2. WHO WE ARE

2.1 Our Organization

Legal Entity Name: ICANSCHOOL LTD

Company Registration Number (Cyprus): ΗΕ434549

Company Type: Limited Liability Company, incorporated and registered in the Republic of Cyprus

Registered Office Address:

24 Iosif Broz Tito Block NEFELI and OLYMPUS
3010 Limassol, Republic of Cyprus

Data Controller Status: ICANSCHOOL LTD is the Data Controller responsible for your personal data. This means we determine the purposes and means of processing your personal data.

2.2 Our Role and Operations

We operate:

  • The ICan Shop merchandise website shop.icanskill.com (the "Website")
  • Associated downloadable and mobile applications, if any
  • Customer service and order fulfillment operations
  • Communications with customers via email, telephone, chat, and in-person interactions

2.3 Scope of This Privacy Notice

This Privacy Notice applies to all prospective, current, and former customers and clients who use our Website or Services to purchase merchandise.

Important Note: This Privacy Notice is not applicable to:

  • Current, former, or prospective employees
  • Job applicants
  • Third-party contractors engaged for employment purposes

If you fall into these categories, your personal data will be processed under a separate employment or contractor privacy notice.

2.4 Our Data Protection Officer

ICAN only processes your personal data in compliance with this Privacy Notice and in accordance with GDPR, while meeting the highest possible data protection standards, and as such, we treat data protection complaints with all seriousness. So, should you have any reservations or complaints as to how we process(ed) your personal data, you can contact us through the following address:

Full Name of Legal Entity:

ICANSCHOOL LTD


Email Address:


shop@icanskill.com

info@icanskill.com

Postal Address:

24 Iosif Broz Tito, Block NEFELI and OLYMPUS, 3010 Limassol, Cyprus

To enable us to process your request, please contact us using the registered email address you disclosed and registered with us. We may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification. This is to ensure that we appropriately protect the personal data we hold from unauthorized access requests and comply with our security obligations.
If you have any questions or want more details about how we use your data, you may contact us at the above contact details and we will be happy to provide you with further details.

If following your request to us we are unable to provide you with a satisfactory answer then you may complain with the local data protection supervisory authority. The data protection supervisory authority in Cyprus is: the Commissioner for Data Protection P.O. Box 23378, 1682 Nicosia, Cyprus- www.dataprotection.gov.cy


We would however appreciate the chance to deal with your concerns before you approach the Data Protection Commissioner, so please contact us in the first instance.

3. DATA COLLECTION AND PROCESSING CATEGORIES

3.1 Types of Personal Data We Collect

We collect, process, store, and transfer different kinds of personal data about you to provide and improve our Services. The specific data collected depends on how you interact with us.

A. Identity Data

Information used to identify who you are:

  • First name and last name
  • Patronymic or middle name (if available)
  • Date of birth
  • Gender
  • Nationality
  • Passport number or copy
  • National ID number or copy
  • Driver's license number or copy
  • Photograph or copy of photo ID

Purpose: Order fulfillment, identity verification, age confirmation, compliance with legal obligations. Our Website is not intended for children and we do not knowingly collect data relating to children. As we do not allow users under the age of 18 to use our services, we need to obtain your birth date in order to confirm the Clients’ age checks.

B. Contact Data

Information used to communicate with you:

  • Billing address
  • Delivery address (if different from billing)
  • Email address(es)
  • Telephone number(s)
  • Mobile phone number
  • Contact preferences (phone, email, SMS, etc.)

Purpose: Order processing, delivery, customer service, communication, notifications

C. Financial Data

Information related to payment and financial matters:

  • Bank account details (if paying by bank transfer)
  • Payment card details (card type, last 4 digits, expiration date)
  • Billing information
  • Payment method preferences
  • Payment history and transaction records
  • Refund and payment status

Purpose: Payment processing, refund issuance, fraud prevention, and financial record-keeping

Security Note: Payment card data is processed through PCI-DSS-compliant payment processors and is not stored on our systems in full.

D. Technical Data

Information about your devices and internet access:

  • Internet Protocol (IP) address
  • Login data and credentials (encrypted)
  • Browser type and version
  • Operating system and platform
  • Device type (mobile, desktop, tablet)
  • Time zone setting and location data
  • Browser plug-in types and versions
  • Cookies and similar tracking technologies
  • Device identifiers
  • Access logs and timestamps

Purpose: Website functionality, security, performance monitoring, user analytics, troubleshooting

E. Usage Data

Information about how you interact with our Website and Services:

  • Pages visited and time spent on each page
  • Products browsed and viewed
  • Orders placed and order history
  • Searches performed on our Website
  • Clicks and interactions with features
  • Downloads and document access
  • IP history and browsing patterns
  • Merchandise preferences
  • Features used and Services accessed

Purpose: Service improvement, personalization, analytics, user experience optimization, marketing optimization

F. Know Your Customer (KYC) Data (only if, by assessing your interaction with us is considered necessary)

Information required for regulatory and compliance purposes:

  • Copies of identity documents (recent and valid)
  • Copies of utility bills showing proof of address
  • Identity cards or passport copies
  • Driver's license copies
  • Tax Identification Number (TIN)
  • Source of funds information (if applicable)
  • Beneficial owner information (if applicable)

Purpose: Fraud prevention, anti-money laundering compliance, regulatory obligations, and customer verification

G. Location Data

Information about your geographic location:

  • Regional settings of your interface
  • Residence country
  • Time zone
  • Interface language preference
  • GPS location (if you permit)
  • Approximate location based on IP address

Purpose: Service localization, regional optimization, delivery planning, service customization

H. Marketing and Communications Data

Information about your preferences for marketing and communications:

  • Marketing preferences (email, SMS, phone, post)
  • Communication channel preferences
  • Frequency preferences for communications
  • Marketing consent status
  • Unsubscribe/opt-out preferences
  • Product and category preferences
  • Communication history
  • We process your personal data to send direct marketing of our Services to you, always within the boundaries of our legitimate interests. For example, we might use your personal data to send you newsletters, push messages, and calls to keep you in touch with our new features and new developments of the current products/services we offer, news and events, and the efficient provision of the full scope of our Services. We will also use your data to send you marketing information regarding our services that we believe may be of interest to you via email or otherwise. This processing is necessary for our legitimate interests (to provide effective and personalized customer services to you and to update you in relation to the Services that are available to you. If you don't want to receive any marketing newsletters or transmit your data to third parties for marketing purposes, nor to receive notifications for updates, you can contact us using our contact email provided herein.

Purpose: Marketing communications, customer preferences management, service information, promotional updates

I. Aggregated Data

Statistical and demographic data that cannot identify you:

  • Aggregated usage statistics
  • Demographic summaries
  • Usage trends and patterns
  • Product popularity metrics
  • Seasonal purchasing patterns
  • Region-based statistics
  • Device type distribution

Status: Aggregated data is not personal data as it does not identify you directly or indirectly.

Important: An example of such Aggregated Data could be that we aggregate your Usage Data to calculate the percentage of users accessing a specific website feature and/or services/product preference. If we combine Aggregated Data with other information in a way that could identify you (or make you identifiable), we will treat the combined data as personal data subject to all protections in this Privacy Notice.

3.2 Information About Children – No Minors Policy

IMPORTANT: We Do NOT Accept Orders from Individuals Under 18 Years of Age

Age Requirement

Our Services are strictly for individuals 18 years of age or older. We do not knowingly collect personal data from individuals under 18 years of age for order purposes.

Key Policy Points:

  • All customers must be at least 18 years old to place orders
  • Individuals under 18 may not create accounts
  • We do not allow orders from individuals under 18
  • We do not process orders on behalf of minors
  • We do not collect data from minors for order purposes
  • Parents/guardians may place orders for minors, but the account must be in the parent's/guardian's name

Age Verification

To comply with legal requirements and protect minors, we collect date of birth to:

  • Verify the customer is at least 18 years old
  • Reject orders from individuals under 18
  • Ensure compliance with age restrictions
  • Maintain legal records of customer age verification
  • Prevent unauthorized account creation by minors

If you provide a date of birth indicating you are under 18:

  • Your order will be automatically rejected
  • Your account registration will not be completed
  • Any data provided will be deleted within 48 hours

4. LEGAL BASIS FOR PROCESSING

4.1 GDPR Legal Bases

Under GDPR Article 6, we process your personal data only when we have a valid legal basis. We rely on the following legal bases:

A. Contract Performance (Article 6(1)(b))

When We Use It:

Processing is necessary to perform a contract we have with you or to take steps at your request before entering into a contract.

Examples:

  • Processing your order and payment information
  • Arranging delivery of merchandise
  • Providing customer service
  • Processing returns and refunds
  • Communicating about your orders

Data Affected: Identity data, contact data, financial data, order information

B. Legal Obligation (Article 6(1)(c))

When We Use It:

Processing is necessary to comply with a legal obligation under applicable law (Cyprus, EU, or other jurisdiction).

Examples:

  • Verify your identity for fraud prevention and AML/KYC compliance
  • Comply with tax and accounting requirements
  • Comply with court orders or regulatory requests
  • Maintain records as required by law
  • Respond to data protection authority requests

Data Affected: Identity data, financial data, KYC data, transaction records

C. Legitimate Interests (Article 6(1)(f))

When We Use It:

Processing is necessary for our legitimate business interests, provided your rights and freedoms do not override our interests.

Our Legitimate Interests:

  • Improving our Website, Services, and customer experience
  • Detecting and preventing fraud and security threats
  • Analyzing Website performance and user behavior
  • Personalizing your user experience
  • Direct marketing and promotional communications
  • Protecting our legal rights and defending against claims
  • Business administration and internal operations
  • Statistical analysis and market research

Your Rights: You have the right to object to processing based on legitimate interests (see Section 12).

Data Affected: Technical data, usage data, location data, aggregated data

D. Consent (Article 6(1)(a))

When We Use It:

Processing is based on your explicit, voluntary consent.

Examples:

  • Opt-in for marketing communications
  • Consent to receive SMS or push notifications
  • Consent to share data with third parties for marketing
  • Cookie consent (non-essential cookies)
  • Consent to store and use location data

Your Rights: You can withdraw consent at any time by contacting us or clicking "unsubscribe" in any communication.

Data Affected: Marketing data, communications data, cookie data (non-essential)

5. HOW WE USE YOUR PERSONAL DATA

5.1 Primary Uses of Your Data

A. Providing and Delivering Our Services

We process your data to:

  • Register your account and manage your customer profile
  • Process and fulfill your orders
  • Arrange payment collection and processing
  • Organize delivery or in-school pickup
  • Provide customer support and respond to inquiries
  • Handle returns, exchanges, and refunds
  • Track order status and delivery
  • Send order confirmations and receipts
  • Manage warranty and quality issues

Data Used: Identity, contact, financial, order information

Legal Basis: Contract performance

B. Compliance and Legal Obligations

We process your data to:

  • Verify your identity (KYC/AML requirements)
  • Prevent fraud and financial crime
  • Comply with tax and accounting requirements
  • Respond to legal requests and court orders
  • Maintain regulatory compliance
  • Conduct suitability and appropriateness assessments

Data Used: Identity data, KYC data, financial data

Legal Basis: Legal obligation, legitimate interests

C. Website and Service Improvement

We process your data to:

  • Analyze Website usage and performance
  • Identify technical issues and troubleshoot problems
  • Optimize user experience and interface
  • Develop new features and Services
  • Understand user preferences and behavior
  • Conduct market research and statistical analysis
  • Monitor Website security and prevent unauthorized access

Data Used: Technical data, usage data, aggregated data

Legal Basis: Legitimate interests

D. Personalization and Customization

We process your data to:

  • Tailor your user experience to your preferences
  • Personalize product recommendations
  • Provide content relevant to your interests
  • Remember your preferences and settings
  • Customize the Website interface for your location and language

Data Used: Location data, preferences, usage data, profile information

Legal Basis: Legitimate interests, consent

E. Marketing and Communications

We process your data to:

  • Send you information about our Services, products, and offers
  • Send newsletters and promotional communications
  • Inform you of new features, products, and developments
  • Invite you to events or special offers
  • Provide news and updates relevant to your interests
  • Conduct marketing campaigns and promotional activities
  • Tailor marketing based on your interests and behavior

Data Used: Contact data, marketing preferences, usage data, interests

Legal Basis: Legitimate interests (for service information), consent (for marketing)

Your Choice: You can opt out of marketing at any time (see Section 5.3).

F. Fraud Prevention and Security

We process your data to:

  • Detect and prevent fraudulent transactions
  • Identify suspicious or malicious activity
  • Protect our Website and Services from cyber threats
  • Verify customer identity and authenticity
  • Monitor for unauthorized access or abuse
  • Conduct security audits and assessments

Data Used: Identity data, transaction data, technical data, behavior patterns

Legal Basis: Legitimate interests, legal obligations

G. Business Operations and Administration

We process your data to:

  • Maintain accurate customer records
  • Manage accounting and financial records
  • Monitor and analyze business performance
  • Respond to customer complaints and disputes
  • Defend our legal rights and interests
  • Comply with regulatory requirements
  • Internal business administration

Data Used: All categories as necessary

Legal Basis: Legitimate interests, legal obligations

5.2 Automated Decision-Making and Profiling

Current Policy:

We do not currently use automated decision-making or profiling to make decisions about you that produce legal or similarly significant effects.

However, we may use:

  • Automated fraud detection systems
  • Automated analytics for Website optimization
  • Automated email filtering for customer service
  • When using our Services, your device automatically transmits to us its technical characteristics. Locale (a set of parameters that determine regional settings of your interface, namely, residence country, time zone, and the interface language) is used for the purpose of providing you with the best possible service within our Website. Using the information about an IP address, cookies files, information about the browser and operating system used, the date and time of access to the site, and the requested page addresses allows us to provide you with the optimal operation on our web application, mobile and/or desktop versions of our application and monitor your behavior for the purpose of improving the efficiency and usability of our Services. We use web analytics tools to track the performance of our website and marketing sources of users by cookies in order to optimize our marketing costs and provide users with a better experience. You may at any time request that we refrain from any such transmissions (to the degree this is possible and subject to any of our legal obligations) by sending your request to the DPO using our EMAIL mentioned herein below using the registered email address you disclosed and registered with us. We will address your request within 30 business days.

Your Rights: If automated decision-making is ever implemented, you will have the right to obtain human intervention and express your point of view (GDPR Article 22).

5.3 Marketing Communications – Your Choices

We Will Send Marketing If:

  • You have provided consent, OR
  • You have purchased from us and we send information about similar products/services

We Will NOT Send Marketing If:

  • You have opted out or unsubscribed
  • You have not provided consent
  • Your preferences indicate you do not want marketing

How to Opt Out of Marketing:

You can stop receiving marketing communications at any time by:

  • Email: Clicking "Unsubscribe" in any marketing email
  • Online: Updating your preferences in your account settings
  • Email: Contacting us at [INSERT EMAIL] with "Unsubscribe" in the subject line

Processing Opt-Out Requests:

We will process your opt-out request within 10 business days and confirm in writing. You should not receive marketing communications after that period.

Important: Opting out of marketing does not affect:

  • Transactional communications (order confirmations, receipts, updates)
  • Service-related communications (customer support, important notices)
  • Legal and compliance communications (as required by law)

6. DATA RETENTION

6.1 Retention Principles

We will not retain your personal data for longer than necessary in light of:

  • The purposes for which it was collected
  • The amount, nature, and sensitivity of the data
  • The potential risk of harm from unauthorized use or disclosure
  • Legal, regulatory, tax, and accounting requirements
  • Our legitimate business needs

6.2 Specific Retention Periods

We retain your personal data according to the following schedule:

Data Category

Retention Period

Reason for Retention

Order Information

3 years after order completion

Dispute resolution, warranty claims, and customer service

Customer Account Data

3 years after last interaction

Account recovery, service history, and customer support

Payment Records

7 years from the transaction date

Tax compliance, accounting requirements, and Cyprus law

Identity and KYC Data

7 years from the last transaction

Anti-money laundering compliance, regulatory requirements

Communication Records

2 years from the date of communication

Dispute resolution, customer service quality assurance

Marketing Preferences

Until you unsubscribe or after 3 years

Compliance with marketing preferences, opt-out records

Website Analytics/Usage Data

1-2 years

Service optimization, performance analysis

Technical/Log Data

90 days to 1 year

Security monitoring, troubleshooting, and system maintenance

Refund and Return Records

3 years

Dispute resolution, transaction history, compliance

6.3 Disposal of Personal Data

Upon Expiration of Retention Period:

When the retention period for your personal data expires, we will:

  • Securely delete your personal data by irreversible destruction (shredding, burning, or digital destruction)
  • Anonymize the data so it cannot identify you (where technically feasible)
  • Retain only aggregated, non-personal data for statistical and analytical purposes

For Data Held by Third Parties:

We will inform all third parties and service providers who hold your data that the retention period has expired and request that they:

  • Implement similar deletion or anonymization procedures
  • Certify that deletion has been completed
  • Return or destroy copies of your data

6.4 Retention Extensions

We may retain your personal data beyond the standard retention period if:

  • We are required to do so by law or court order
  • There is an outstanding dispute, claim, or legal proceeding
  • We need it to defend our legal rights or interests
  • You have requested that we retain it
  • Retention is otherwise required for legitimate business purposes

We will notify you of any extended retention and the reason for it.

7. HOW WE COLLECT YOUR DATA

7.1 Direct Interactions

When You Provide Data Directly:

You provide us with your personal data when you:

  • Create an account on our Website
  • Place an order for merchandise
  • Complete forms on our Website
  • Communicate with us via email, phone, or chat
  • Contact customer service with inquiries or complaints
  • Respond to surveys or feedback requests
  • Subscribe to our newsletter or promotional communications

Data Collected Through Direct Interaction:

  • Identity data (name, email, contact details)
  • Contact data (address, phone number)
  • Financial data (payment information)
  • Order information (products selected, quantities, delivery preferences)
  • Communications (inquiries, feedback, complaints)

Legal Basis: Contract performance, legitimate interests, consent

7.2 Accuracy of Information

Your Responsibility:

The data you provide must be accurate, current, and complete. You are responsible for:

  • Providing correct and truthful information
  • Keeping your information up to date
  • Informing us immediately if your data changes
  • Updating your account if personal information changes

Our Role:

We will:

  • Request corrections if we identify inaccurate data
  • Process updates promptly upon your request
  • Take reasonable steps to verify data accuracy

Consequences of Inaccurate Data:

  • We may not be able to process your order correctly
  • Communications may not reach you
  • We may cancel orders if we cannot verify your identity
  • Your experience may be impacted

If You Discover Inaccurate Data:

Contact us immediately at [INSERT EMAIL] or [INSERT PHONE] to correct your information.

8. HOW MIGHT WE SHARE YOUR PERSONAL DATA

We may disclose data that concerns you only if (i) we are legally required to do so; (ii) if required when you expressly order us to process a transaction or any other service and (iii) it is required for the provision of our Services under our contractual relationship and/or (iv) protection of our legitimate interests, in accordance with the provisions of the GDPR and applicable local legislation as amended from time to time.

We may share your personal data in the following circumstances, the following are examples of where and how your information may be transferred, but please note this is not an exhaustive list and that due to ongoing changes in our IT and operational infrastructure this may change at any time:

  • We may share your data with the ICAN on a confidential basis to provide you with our Services.
  • We may have to share your personal data with third-party service providers, processing data on our behalf, who help us with our business operations. When your personal data is shared with a third party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organization, as it does within it. Your personal data is shared with third-party organizations/entities including but not limited to:


A. Service Providers. We may share your personal data with our trusted third-party service providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT infrastructure, our websites, manage our payment solutions, perform statistical analysis, marketing, and advertising purposes, sending newsletters, provide customer support and perform other important services for us. We will store and process your data following industry best practices and security.


B. Regulator and state authorities. The Company will make such disclosure only if required to be disclosed by the Company by applicable law, regulation, or court order and to the minimum required extent.


C. Other disclosures. In addition to where you have consented to a disclosure of the data or where disclosure is necessary to achieve the purpose(s) for which, it was collected, data may also be disclosed in special situations, where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities, or otherwise where necessary for the establishment, exercise or defense of legal claims. Where reasonably possible, management shall ensure that third parties collecting, storing, or processing personal information on behalf of the Company have:

  • Signed agreements to protect personal information consistent with this Privacy Notice and information security practices or implemented measures as prescribed by GDPR;
  • Signed non-disclosure agreements or confidentiality agreements which include privacy clauses in the contract; and/or
  • Established procedures to meet the terms of their agreement with a third party to protect personal data.

D. International Transfers. We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognized by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.

Should there be a business need to transfer or process your data to company(ies) and/or third parties might imply a transfer of your data to third countries, countries, or regions which do not offer the same level of protection as the laws of your country (for example GDPR) (so-called Third Countries) we will ensure that they are subject to appropriate security measures and safeguards as deemed appropriate under GDPR and other relevant national and international data protection laws or that we otherwise comply with the requirements and standards under Regulation 2016/679 for transferring Personal Data abroad. This may include entering into the appropriate contractual agreements to regulate any such transfers and safeguard any personal information transferred to them. A transfer to a company and/or a third party based in a Third Country would only take place where one of the following applies:

  • The individual has given consent to the transfer of information
  • The transfer is necessary for the performance of a contract between the individual and the Company, or the implementation of pre-contractual measures taken in response to the individual’s request.
  • The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between ICAN and a third party.
  • The transfer is necessary or legally required on important public interest grounds or for the establishment, exercise, or defense of legal claims.
  • The transfer is required by law.
  • The transfer is necessary to protect the vital interests of the individual.
  • The transfer is made under a data transfer agreement.
  • The transfer is otherwise legitimized by applicable law.

Remedial action shall be taken in response to the misuse or unauthorized disclosure of personal information by a third party collecting, storing, or processing personal information on behalf of ICAN. If you want to obtain further information on any data transfers mentioned above, please contact us using the registered email address you disclosed to us via our email disclosed herein.

9. YOUR RIGHTS

Under certain circumstances, in accordance with GDPR and the applicable local legislation as amended from time to time you have rights, which we will always work to uphold. Some of the rights are rather complex and include exemptions, thus we strongly advise you to contact us (at the contact details listed in the section OUR CONTACT DETAILS below) and/or seek guidance from the regulatory authorities for a full explanation of these rights. You can find a summary of your rights below in this section:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
  • The right to access the personal data we hold about you. Upon request and verification of your identity, we will send you a copy of the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed if we have that data.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. We may not always be able to comply with your request of erasure for specific legal reasons, for which you will be notified. Please note that retention requirements supersede any right to erasure requests under the data protection laws.
  • The right to restrict (i.e. prevent) the processing of your personal data. Please note that any requests in relation of the processing of your data means that we may not be able to provide you with the service, in which case you will be notified.
  • The right to object us in using your personal data for a particular purpose or purposes.
  • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

10. LINKS TO OTHER WEBSITES

We may provide links to third-party websites on our Website. These linked websites are not under our control, and we therefore cannot accept responsibility or liability for the conduct of third parties linked to our websites, including without limitation to the collection or disclosure of your data. Before disclosing your data on any other website, we encourage you to examine the terms and conditions of using that website and its privacy policies.

11. CHANGES TO THIS PRIVACY NOTICE


This Privacy Notice was last updated on 17/11/2025

We have the right, at our discretion, to change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection and in order to ensure that the information herein provides relevant and adequate information about our collecting and processing of your data.

In case of any changes will be posted on the revised Privacy Notice on our Website. Changes will take effect as soon as the revised version is made available on our website above. We recommend that you check the Website regularly to keep up-to-date. Your comments and feedback are always welcome. You may contact us at any time through the our email provided above.