Privacy Policy

1. Data Controller

The controller of personal data collected through this website is:

2. Scope of this Policy

This Privacy Policy describes how NXPR Virtual Commerce Services Ltd ("NXPR", "we", "us", "our") processes personal data collected through this corporate website (nxprvirtual.com). This Policy does not cover the processing of personal data on platforms operated by NXPR, which are governed by separate privacy notices.

3. Categories of Personal Data We Process

We may process the following categories of personal data:

a) Inquiry data: name, email address, organisation (if provided), subject, content of the message - when you contact us via email at contact@nxprvirtual.com.

b) Technical data: IP address, browser type and version, operating system, referring URL, pages visited, time and duration of visit (collected via standard web server logs).

c) Cookies and similar technologies: as described in our Cookie Policy. This website uses only strictly necessary technologies; no analytics, advertising, or third-party tracking is deployed.

We do not process special categories of personal data (Article 9 GDPR) through this website.

4. Purposes and Legal Bases of Processing

a) To respond to inquiries submitted via email.
Legal basis: Article 6(1)(b) GDPR (steps taken at the data subject's request prior to entering into a contract) or Article 6(1)(f) GDPR (legitimate interest in responding to inquiries).

b) To ensure the security and proper functioning of the website.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in network and information security).

c) To comply with legal obligations.
Legal basis: Article 6(1)(c) GDPR (compliance with legal obligation).

5. Recipients of Personal Data

We may share personal data with:

• IT service providers acting as data processors (hosting, email infrastructure, security services)
• Legal and professional advisors, where necessary for the establishment, exercise or defence of legal claims
• Public authorities, where required by law

We do not sell personal data to third parties.

6. International Transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with Articles 44 to 50 GDPR, including Standard Contractual Clauses approved by the European Commission.

7. Retention Periods

a) Email correspondence: retained for 24 months from the date of last contact, unless a longer retention is required for legal or contractual purposes.

b) Technical logs: retained for 12 months for security and diagnostic purposes.

c) Cookie data: as described in our Cookie Policy.

8. Rights of Data Subjects

Under the GDPR, you have the right to:

• Access your personal data (Article 15 GDPR)
• Request rectification of inaccurate data (Article 16 GDPR)
• Request erasure (Article 17 GDPR)
• Restrict processing (Article 18 GDPR)
• Data portability (Article 20 GDPR)
• Object to processing (Article 21 GDPR)
• Withdraw consent at any time (Article 7(3) GDPR), without affecting the lawfulness of processing carried out before withdrawal

To exercise these rights, please contact us at contact@nxprvirtual.com with the subject line "Data Protection".

9. Right to Lodge a Complaint

You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus:

10. Automated Decision-Making

We do not use automated decision-making, including profiling, in a way that produces legal effects or similarly significantly affects data subjects.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this Policy indicates when it was last revised. Material changes will be communicated through this website.

12. Contact

For any questions regarding this Privacy Policy or our processing of personal data, please contact us at contact@nxprvirtual.com.