Privacy Policy

Privacy Policy
Last updated: 6 December 2025

This Privacy Policy explains how ALLANTIKA ANDREAS HADJICOSTAS LTD (“we”, “us”, “our”) collects and processes personal data when you use the website hadjicosta.com (the “Website”).

By using the Website, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for the processing of your personal data is:

ALLANTIKA ANDREAS HADJICOSTAS LTD
B’ Aradippou Industrial Area
47, Pigasou Str., P.C. 7100, Larnaca, Cyprus
Email: [email protected]
Website: hadjicosta.com

2. What personal data we collect

We only collect personal data that you voluntarily provide or that is necessary for the technical operation and security of the Website.

2.1. Contact form

When you contact us through the contact form, we collect:

• Name
• Surname
• Email address
• Phone number
• Your message / comments

2.2. Automatically collected data (basic technical logs)

When you visit the Website, our server may automatically log standard technical information, such as:

• IP address
• Date and time of access
• Pages visited
• Browser type and version
• Operating system

This information is generally collected in log files for security and technical purposes.

2.3. Google reCAPTCHA v3

We use Google reCAPTCHA v3 to protect the Website from spam and abuse.
When reCAPTCHA is active, Google may collect and process information such as:

• IP address
• Browser and device information
• Referrer URL
• User interactions (mouse movements, keystrokes, time spent, etc.)

Google acts as an independent controller for this data. Details on how Google processes data and uses cookies can be found in Google’s Privacy Policy and “How Google uses cookies”:

• https://policies.google.com/privacy policies.google.com+1
• https://policies.google.com/technologies/cookies

---

3. Purposes and legal bases of processing

We process your personal data for the following purposes and on the following legal bases under Article 6 GDPR: dataprotection.gov.cy

3.1. Responding to your enquiries

• Purpose: To receive, review and respond to your messages sent via the contact form or email.
• Legal basis:
  • Performance of a contract or taking steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR), where your enquiry relates to our products/services; and/or
  • Our legitimate interest in responding to general enquiries and maintaining business relationships (Art. 6(1)(f) GDPR).

3.2. Website operation and security

• Purpose: To operate, maintain and secure the Website (e.g. server logs, security monitoring).
• Legal basis: Our legitimate interest in ensuring the security and proper functioning of the Website (Art. 6(1)(f) GDPR).

3.3. Protection against spam and abuse (Google reCAPTCHA)

• Purpose: To protect our contact form and Website from automated abuse, spam and malicious traffic.
• Legal basis: Our legitimate interest in securing our online services and protecting them from misuse (Art. 6(1)(f) GDPR). Google Cloud Documentation+1

We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects on you.

---

4. Recipients of personal data

We may share your personal data with:

• IT and hosting providers who host and maintain the Website and who act as our processors under GDPR-compliant agreements.
• Google LLC and/or Google Ireland Ltd., in relation to the use of Google reCAPTCHA (independent controller). policies.google.com+1

We do not sell or rent your personal data to third parties.

---

5. International transfers

In the context of Google reCAPTCHA and other Google services, your data may be transferred outside the European Economic Area (EEA), including to the United States.

Such transfers are based on appropriate safeguards as required by the GDPR (e.g. standard contractual clauses and/or adequacy decisions, as implemented by Google). For more information on how Google handles international data transfers, please refer to Google’s Privacy Policy:
https://policies.google.com/privacy policies.google.com+1

---

6. Data retention

We retain your personal data only for as long as necessary for the purposes described above:

• Contact form data: kept for as long as necessary to handle your enquiry and, where relevant, for the duration of any contractual relationship and subsequent retention periods required by law (e.g. tax or accounting obligations).
• Server logs: typically retained for a short period necessary for security and troubleshooting, unless a longer retention is required in case of security incidents.

When the retention period expires, data is securely deleted or anonymised.

---

7. Your rights as a data subject

Under the GDPR, you have the following rights in relation to your personal data: dataprotection.gov.cy

• Right of access: to obtain confirmation whether we process your personal data and to receive a copy.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of your personal data in certain circumstances.
• Right to restriction of processing: to request that we limit processing in specific cases.
• Right to data portability: to receive certain data in a structured, commonly used and machine-readable format and to transmit it to another controller.
• Right to object: to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests.
• Right to withdraw consent: where processing is based on consent (not generally the case here), you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at: [email protected].

---

8. Right to lodge a complaint

If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the competent supervisory authority:

Commissioner for the Protection of Personal Data
15 Kypranoros Street
1061 Nicosia, Cyprus
Website: https://www.dataprotection.gov.cy dataprotection.gov.cy+1

---

9. Security of your personal data

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

---

10. Links to other websites

The Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party sites you visit.

---

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.