Privacy Policy

Last updated: 1st January 2026

Data Controller Information

grandfluxium Ltd is the data controller responsible for your personal data. We are registered in Cyprus with registration number HE917358 and VAT number CY91825647X. Our registered office is located at Omirou Avenue 101, 6019 Larnaca, Cyprus.

Data Collection

The data we collect includes personal information that you provide directly to us and information that is automatically collected when you use our website and services. We collect personal data through various means including contact forms, service enquiries, email communications, and website interactions.

Information you provide to us may include your name, email address, phone number, restaurant name, business address, and any other details you choose to share when contacting us or using our services. We also collect technical information such as your IP address, browser type, device information, and website usage patterns.

How We Use Your Information

We use of your data is based on legitimate business interests and your consent where required by law. Your personal information is used to provide our restaurant reputation management services, respond to your enquiries, improve our website and services, and communicate with you about our offerings.

Specifically, we use your information to monitor and manage your restaurant's online reputation, provide customer support, send service updates and marketing communications (with your consent), analyse website performance, and ensure the security of our systems and services.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the specific cookies we use and how to control them, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information with trusted service providers who assist us in operating our website and providing our services, such as hosting providers, analytics services, and customer support tools. These providers are contractually bound to protect your information and use it only for the purposes we specify.

We may also disclose your information if required by law, to protect our rights or the rights of others, or in connection with a business transfer or merger.

Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes outlined in this privacy policy. Personal information collected through contact forms and service enquiries is typically retained for three years after our last interaction with you, unless you request earlier deletion or we are required by law to retain it longer.

Website analytics data and cookies are retained according to our cookie policy, typically for periods ranging from session-based to 26 months depending on the specific technology used.

Your Rights

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data. These include the right to access your data, request corrections to inaccurate information, request deletion of your data, object to processing, request data portability, and withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month and may require verification of your identity for security purposes.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.

However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security of your data.

International Data Transfers

As we operate within the European Union, your personal data is primarily processed within the EU. If we need to transfer your data outside the EU, we will ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this privacy policy or how we handle your personal data, please contact us using the following information:

Supervisory Authority

You have the right to lodge a complaint with the Cyprus Office of the Commissioner for Personal Data Protection if you believe we have not handled your personal data in accordance with data protection laws.