Legal

Privacy Policy

This policy explains how Tech Spectrum (Cyprus) Ltd collects, uses and protects your personal data, and your rights under UK GDPR and GDPR.

Last updated: May 2026 Tech Spectrum (Cyprus) Ltd — HE 486281 UK GDPR & GDPR Compliant

1 Who We Are

Tech Spectrum (Cyprus) Ltd ("Tech Spectrum", "we", "us", "our") is a company incorporated in Cyprus (Registration No. HE 486281), with its registered office in Nicosia, Cyprus.

We are the data controller for any personal data collected through this website (www.techspectrum.cy) and through any direct communications with us.

Although Tech Spectrum is incorporated in Cyprus, this website is accessible to users in the United Kingdom. We therefore comply with both the UK GDPR (as retained in UK law by the Data Protection Act 2018) and the EU GDPR (Regulation 2016/679).

2 Data We Collect

We collect personal data only where it is necessary. The categories we may collect are:

Information you provide directly

  • Contact enquiries — your name, email address, and the content of your message when you use our contact form or email us directly.
  • Business communications — correspondence, proposals and engagement-related communications where you or your organisation engages with us commercially.

Information collected automatically

  • Technical data — IP address, browser type and version, operating system, referring URL, pages visited and time spent on the site. This data is collected via server logs and, where consented to, analytics tools.
  • Cookie data — see Section 5 for full details.

Information we do not collect

We do not collect special category data (such as health, ethnic origin, or political opinions), payment card data, or data from individuals we know to be under 18.

3 How We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to enquiries and communicate with prospective and existing clients and partners.
  • To manage and administer commercial engagements and contractual relationships.
  • To operate, maintain and improve this website.
  • To understand how visitors use the site so we can improve content and user experience (analytics, only with your consent).
  • To comply with legal obligations to which we are subject.

We do not use personal data for automated decision-making or profiling, and we do not sell personal data to any third party.

4 Legal Basis for Processing

We rely on the following legal bases under UK GDPR / GDPR Article 6:

  • Legitimate interests (Art. 6(1)(f)) — responding to business enquiries, operating and securing the website, and maintaining commercial records. We have assessed that our legitimate interests are not overridden by your rights.
  • Contract (Art. 6(1)(b)) — processing necessary to enter into or perform a contract with you or your organisation.
  • Legal obligation (Art. 6(1)(c)) — processing required by applicable law (e.g. retaining financial records).
  • Consent (Art. 6(1)(a)) — analytics cookies and any optional marketing communications, where we ask for your explicit consent first. You may withdraw consent at any time.

5 Cookies

This website uses cookies — small text files stored on your device. A cookie consent banner is shown on your first visit, and you can update your preferences at any time using the Cookie Settings button at the bottom of any page.

Cookie Type Purpose Duration
ts_cookie_consent Essential Stores your cookie preference so the banner is not shown on every visit. 1 year (localStorage)
_ga Placeholder Google Analytics — distinguishes unique users. Not currently active; will be enabled only with your consent if analytics is introduced. 2 years
_ga_* Placeholder Google Analytics — maintains session state. Not currently active. 2 years

Analytics cookies are not currently in use on this site. The table above is provided for transparency and will be updated if analytics tools are activated in the future. Only essential cookies are set at present.

Managing cookies

You can control cookies through the Cookie Settings button at the bottom of this page, or through your browser settings. Note that disabling cookies may affect the functionality of some websites. For more information, visit allaboutcookies.org.

6 Sharing Your Data

We do not sell, rent or trade personal data. We may share data in the following limited circumstances:

  • Service providers — third-party suppliers who process data on our behalf (e.g. website hosting, email), bound by data processing agreements and permitted only to process data for specified purposes.
  • Delivery partners — where an engagement involves a third-party delivery partner, only the minimum necessary data is shared and only under appropriate confidentiality arrangements.
  • Legal requirements — where disclosure is required by law, court order, or regulatory authority.
  • Business transfers — in the event of a merger, acquisition or sale of assets, personal data may be transferred as part of that transaction, subject to equivalent protections.

7 International Transfers

Tech Spectrum is incorporated in Cyprus, which is an EU member state. Personal data processed in connection with our Cyprus operations is therefore subject to GDPR protections within the EU/EEA.

Where data is transferred to countries outside the UK or EU/EEA (for example, to delivery partners in other regions), we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), EU Standard Contractual Clauses (SCCs), or reliance on an adequacy decision.

For UK residents: Cyprus is covered by a UK adequacy decision, meaning transfers of personal data from the UK to our Cyprus operations do not require additional safeguards.

8 Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Our general approach is:

  • Enquiry data — retained for up to 2 years from last contact if no engagement results, or for the duration of the relationship plus a reasonable period thereafter.
  • Contract and commercial records — retained for 7 years in line with standard accounting and legal obligations.
  • Website analytics data — retained in accordance with the analytics provider's settings; we apply data minimisation and anonymisation where available.
  • Cookie consent records — stored locally on your device; cleared when you clear your browser data.

When data is no longer required it is securely deleted or anonymised.

9 Your Rights

Under UK GDPR and GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at info@techspectrum.cy. We will respond within one calendar month.

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your data where there is no compelling reason for continued processing.

Right to Restriction

Ask us to restrict processing of your data in certain circumstances.

Data Portability

Receive your data in a structured, machine-readable format where processing is consent or contract based.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Withdraw Consent

Where processing is based on consent, withdraw it at any time without affecting prior processing.

Right to Complain

Lodge a complaint with a supervisory authority (see below).

Supervisory authorities

If you are in the United Kingdom, you may complain to the Information Commissioner's Office (ICO) — 0303 123 1113 — ico.org.uk/make-a-complaint.

If you are in the EU / Cyprus, you may complain to the Cyprus Commissioner for Personal Data Protection.

We would, however, appreciate the chance to address any concerns directly before you approach a regulator.

10 Security

We implement appropriate technical and organisational measures to protect personal data against accidental loss, destruction, alteration, unauthorised disclosure or access. These include TLS encryption in transit, access controls, and periodic security reviews.

Where we engage third-party processors, we require equivalent standards of security by contract. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, affected individuals without undue delay.

11 Third-Party Links

This website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We recommend reviewing the privacy policy of any site you visit.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of the page will reflect any revisions. Where changes are material, we will take reasonable steps to bring them to your attention.

Continued use of the website after any update constitutes acceptance of the revised policy.

13 Contact Us

For any questions about this policy, to exercise your rights, or to raise a privacy concern, please contact us:

Tech Spectrum (Cyprus) Ltd

Registration No: HE 486281
Nicosia, Cyprus

info@techspectrum.cy

We aim to respond to all privacy-related requests within one calendar month in accordance with our obligations under UK GDPR and GDPR.