Privacy Policy
Preamble:
ADMINZA LTD (HE 459075) (hereinafter the “Service Provider”) understands that its customer’s privacy (hereinafter the “Customer”) is important and that its Customer cares about how their Personal Data is used. The Service Provider respects and values the privacy of all of the Customers and will only collect and use Personal Data in ways that are described here, and in a way that is consistent with the Service Provider’s obligations and the Customer’s rights under the Data Protection Law.
All capitalized terms used herein and not otherwise defined herein shall have the meanings ascribed to such terms in the Terms and Conditions and the DPA available on the Website.
1. Information About the Service Provider
1.1. ADMINZA LTD, is a private limited liability company by shares, incorporated and existing under the laws of the Republic of Cyprus, registered with the Registrar of Companies of the Republic of Cyprus under number HE 459075, with its registered office located at John Kennedy, 8, IRIS BUILDING, 7th floor, Office 740B, 3106, Limassol, the Republic of Cyprus.
1.2. The Service Provider is the legal and beneficial owner of the domain name of the Website, as well as of the System, and it is the sole operator of the Website: https://adminza.ai/ (hereinafter the “Website”) and the System.
1.3. Service Provider’s email address is: dpo@adminza.ai
1.4. Service Provider’s postal address is: John Kennedy, 8, IRIS BUILDING, 7th floor, Office 740B, 3106, Limassol, the Republic of Cyprus.
2. What Does This Policy Cover?
2.1 This Privacy Policy explains how the Service Provider uses the Customer’s Personal Data: how it is collected, how it is held, and how it is Processed. It also explains the Customer’s rights under the Data Protection Law, in relation to its Personal Data.
3. What Is Personal Data?
3.1 Personal Data is defined by the Regulation (EE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), which applies as of 25 May 2018 (hereinafter the “GDPR”) and Law 125(I)/2018 of the Republic of Cyprus and any successor legislation or regulation (collectively, “the Data Protection Law”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
3.2 The Personal Data that the Service Provider collects from its Customers is set out in Article 5 below.
4. Use of AI and Automated Processing
4.1. In the course of providing the System and the Services, the Service Provider may use automated and artificial intelligence-assisted processing technologies to process Personal Data included in documents, data, or content submitted by Customers. Such processing may include automated recognition, classification, extraction, conversion, and analysis of information.
4.2. Automated and AI-assisted processing is used solely to support the provision of the Services and does not involve automated decision-making producing legal effects concerning Data Subjects or similarly significantly affecting them within the meaning of Article 22 of the GDPR.
4.3. The Service Provider does not use Personal Data submitted through the System to train or develop general-purpose artificial intelligence models for use outside the provision of the Services.
5. What Are The Customer’s Rights?
5.1 Under the Data Protection Law, the Customer has the following rights, which the Service Provider will always work to uphold:
a) The right to be informed about the Service Provider’s collection and use of the Customer’s Personal Data.
b) The right to access the Personal Data the Service Provider holds about the Customer. Please refer to Article 10 hereinbelow.
c) The right to have the Customer’s Personal Data rectified if any of the Customer’s Personal Data held by the Service Provider is inaccurate or incomplete.
d) The right to be forgotten, i.e. the right to ask the Service Provider to delete or otherwise dispose of any of the Customer’s Personal Data that the Service Provider holds.
e) The right to restrict (i.e. prevent) the processing of the Customer’s Personal Data.
f) The right to object to the Service Provider using the Customer’s Personal Data for a particular purpose or purposes.
g) The right to withdraw consent. Where the processing of Personal Data is based on the Data Subject’s consent, the Data Subject has the right to withdraw such consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The withdrawal of consent may result in the Service Provider being unable to provide certain features or services where consent is the applicable lawful basis for such processing.
h) The right to data portability. This means that, if the Customer has provided Personal Data to the Service Provider directly, the Service Provider is using it with the Customer’s consent or for the performance of a contract, and that data is processed using automated means, the Customer can ask the Service Provider for a copy of that Personal Data to re-use with another service or business in many cases.
i) Rights relating to automated decision-making and profiling. The Service Provider does not carry out automated decision-making or profiling that produces legal effects concerning Data Subjects or similarly significantly affects them within the meaning of Article 22 of the GDPR.
5.2 For more information about the Service Provider’s use of the Customer’s Personal Data or exercising the Customer’s rights as outlined above, please contact the Service Provider using the details provided in Article 11.
5.3 It is important that the Customer’s Personal Data is kept accurate and up-to-date. If any of the Personal Data the Service Provider holds about the Customer changes, please keep the Service Provider informed, as long as the Service Provider has that data.
5.4 Further information about the Customer’s rights can also be obtained from the Commissioner for Personal Data Protection of the Republic of Cyprus at https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument .
5.5 If the Customer has any cause for complaint about the Service Provider’s use of its Personal Data, it has the right to lodge a complaint with the Commissioner for Personal Data Protection of the Republic of Cyprus. The Service Provider would welcome the opportunity to resolve the Customer’s concerns themselves however, so please contact the Service Provider first, using the details in Article 11.
6. What Personal Data Does The Service Provider Collect and How?
6.1 The Service Provider may collect and hold some or all of the Personal Data set out in the table below, using the methods also set out in the table. The Service Provider does not collect any ‘special category’ or ‘sensitive’ Personal Data.
| Data Collected | How We Collect the Data |
| Data about the Customer’s use of the Website and the System, e.g. IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, timing, frequency, pattern of the Customer’s service use. | Upon visiting the Website and accessing the System. |
| Personal characteristics, e.g. name, gender, age. | On Registration or thereafter. |
| Identification documentation, e.g. passport, ID card. | On Registration or thereafter. |
| Corporate information: e.g. entity name, registration number, registered office, company details, management information, ownership information, personal details of owners and senior management, website address. | On Registration or thereafter. |
| Contact information, e.g. address, email, telephone number. | On Registration or thereafter. |
| Online identifiers, e.g. username, IP address. | On Registration. |
| Banking information, e.g. card number, beneficial owner’s name, expiry date; | On Subscription. |
| News and marketing information. | On Registration. |
| Information included in source documents uploaded in the System by the Customer. | During the provision of the Services and access to the System. |
| Information that the Service Provider receives from the Customer’s use of the System and/or the Services. | During the provision of the Services and access to the System. |
7. How Does The Service Provider Use Customer’s Personal Data?
7.1 Under the Data Protection Law, the Service Provider must always have a lawful basis for using Personal Data. The following table describes how the Service Provider uses the Customer’s Personal Data, and the Service Provider’s lawful bases for doing so:
| What The Service Provider Does | What Data The Service Provider Uses | Service Provider’s Lawful Basis |
| For analysing the operation of the Website and the Services. | Data about the Customer’s use of the Website and the System, e.g. IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, timing, frequency, pattern of the Customer’s service use. | Legitimate interests in monitoring and improving the Website and the Services. |
| Personal Data is used for Registration and Subscription. | Personal characteristics, e.g. name, gender, age. | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services.
For compliance with our legal obligations. |
| Personal Data is used for Registration and Subscription. | Identification documentation, e.g. passport, ID card. | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services.
For compliance with our legal obligations. |
| Personal Data is used for Registration and Subscription. | Corporate information: e.g. entity name, registration number, registered office, company details, management information, ownership information, personal details of owners and senior management, website address. | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services.
For compliance with our legal obligations. |
| Personal Data is used for Registration and Subscription and communicating with You. | Contact information, e.g. address, email, telephone number. | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services.
For compliance with our legal obligations. |
| Personal Data is used for Registration and Subscription. | Online identifiers, e.g. username, IP address. | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services. |
| Personal Data is used for Subscription. | Banking information, e.g. card number, beneficial owner’s name, expiry date; | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services. |
| Direct or other marketing. | News and marketing information. | Consent. |
| Personal Data is collected and stored at Amazon Web Services. | Information included in source documents uploaded in the System by the Customer. | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services. |
| Personal Data is collected and stored at Amazon Web Services. | Information that the Service Provider receives from the Customer’s use of the System and/or the Services. | Performance of a contract.
Legitimate interests in the proper administration of the System and provision of the Services. |
7.2 With the Customer’s permission, the Service Provider may also use the Customer’s Personal Data for direct or other marketing purposes, which may include, inter alia, contacting the Customer by email and/or telephone and/or text message and/or post with information, news, and offers on the Service Provider’s services. The Customer will not be sent any unlawful marketing or spam. The Service Provider will always work to fully protect the Customer’s rights and comply with the Service Provider’s obligations under the Data Protection Law, and the Customer will always have the opportunity to opt-out. The Service Provider will always obtain the Customer’s express opt-in consent before sharing the Customer’s Personal Data with third parties for marketing purposes and the Customer will be able to opt-out at any time.
7.3 The Service Provider will only use the Customer’s Personal Data for the purpose(s) for which it was originally collected unless the Service Provider reasonably believes that another purpose is compatible with that or those original purpose(s) and need to use the Customer’s Personal Data for that purpose. If the Service Provider does use the Customer’s Personal Data in this way and the Customer wishes the Service Provider to explain how the new purpose is compatible with the original, please contact the Service Provider using the details in Article 11.
7.4 If the Service Provider needs to use the Customer’s Personal Data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, the Service Provider will inform the Customer and explain the legal basis which allows the Service Provider to do so.
7.5 In some circumstances, where required by applicable law, the Service Provider may process the Customer’s Personal Data without its knowledge or consent. This will only be done within the bounds of the Data Protection Law and the Customer’s legal rights.
8. How Long Will The Service Provider Keep The Customer’s Personal Data?
8.1 The Service Provider will not keep the Customer’s Personal Data for any longer than is necessary in light of the reason(s) for which it was first collected. The Customer’s Personal Data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
| Type of Data | How Long We Keep It |
| Data about the Customer’s use of the Website and the System, e.g. IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, timing, frequency, pattern of the Customer’s service use. | For the duration of the Term and for the period of 2 (two) years after the expiration of the Term. |
| Personal characteristics, e.g. name, gender, age. | For the duration of the Term. |
| Identification documentation, e.g. passport, ID card. | For the duration of the Term. |
| Corporate information: e.g. entity name, registration number, registered office, company details, management information, ownership information, personal details of owners and senior management, website address. | For the duration of the Term. |
| Contact information, e.g. address, email, telephone number. | For the duration of the Term. |
| Online identifiers, e.g. username, IP address. | For the duration of the Term. |
| Banking information, e.g. card number, beneficial owner’s name, expiry date; | For the duration of the Term. |
| News and marketing information. | For the duration of the Term and for the period of 2 (two) years after the expiration of the Term. |
| Information included in source documents uploaded in the System by the Customer. | For the duration of the Term. |
| Information that the Service Provider receives from the Customer’s use of the System and/or the Services. | For the duration of the Term. |
9. How and Where Does The Service Provider Store or Transfer The Customer’s Personal Data?
9.1 The Service Provider will only store the Customer’s Personal Data in Amazon Web Services (hereinafter “AWS”), a Sub-contractor to the Service Provider. This means that the Customer’s Personal Data will be fully protected under the Data Protection Law. Please refer to https://aws.amazon.com/compliance/gdpr-center/ for more information on the compliance of AWS with the GDPR.
9.2 Without prejudice to the foregoing, the provision of the System and the Services may involve the processing of Personal Data by third-party service providers located outside the European Economic Area.
9.3 Where Personal Data is transferred to or processed in jurisdictions that do not provide an adequate level of data protection within the meaning of applicable Data Protection Laws, the Service Provider ensures that appropriate safeguards are implemented, including the use of standard contractual clauses or other lawful transfer mechanisms recognised under the GDPR.
10. Does the Service Provider Share The Customer’s Personal Data?
10.1 The Service Provider will share the Customer’s Personal Data to the entities, and for the purposes, listed and described in Annex B to the DPA available at https://adminza.ai/ from time to time, and/or as provided below.
10.2 If the Service Provider sells, transfers, or merges parts of its business or assets, the Customer’s Personal Data may be transferred to a third party. Any new owner of the Service Provider’s business may continue to use the Customer’s Personal Data in the same way(s) that the Service Provider has used it, as specified in this Privacy Policy.
10.3 In some limited circumstances, the Service Provider may be legally required to share certain Personal Data, which might include the Customer’s, if the Service Provider is involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
10.4 The Service Provider may share the Customer’s Personal Data with other companies in its group (including its subsidiaries or holding company and its subsidiaries), or companies the Service Provider licenses its Services, or rights thereunder, to under a franchise or other related agreement, for direct or other marketing purposes.
10.5 If any of the Customer’s Personal Data is shared with a third party, as described above, the Service Provider will take steps to ensure that the Customer’s Personal Data is handled safely, securely, and in accordance with the Customer’s rights, the Service Provider’s obligations, and the third party’s obligations under the Data Protection Law.
10.6 If the Service Provider sell, transfer, or merge parts of the Service Provider’s business or assets, the Customer’s Personal Data may be transferred to a third party. Any new owner of the Service Provider’s business may continue to use the Customer’s Personal Data in the same way(s) that the Service Provider has used it, as specified in this Privacy Policy.
10.7 In some limited circumstances, the Service Provider may also be legally required to share certain Personal Data, which might include the Customer’s, if the Service Provider are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
11. How Can A Customer Access Its Personal Data?
11.1 If the Customer wants to know what Personal Data the Service Provider has about the Customer, the Customer can ask the Service Provider for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.
11.2 All subject access requests should be made in writing and sent to the email or postal addresses shown in Article 11.
11.3 Normally, there is no fee payable for a subject access request. If the Customer’s request is ‘manifestly unfounded or excessive’ (for example, if You make repetitive requests) a fee may be charged to cover the Service Provider’s administrative costs in responding.
11.4 The Service Provider will respond to the Customer’s subject access request within 1 (one) month of receiving it. Normally, the Service Provider aims to provide a complete response, including a copy of the Customer’s Personal Data within that time. In some cases, however, particularly if the Customer request is more complex, more time may be required up to a maximum of 2 (two) months from the date the Service Provider receives the Customer’s request. The Customer will be kept fully informed of the Service Provider’s progress.
12. How Does The Customer Contact the Service Provider?
12.1 To contact the Service Provider about anything to do with the Customer’s Personal Data and data protection, including to make a subject access request, please use the following details:
12.2 Email address: dpo@adminza.ai
12.3 Postal Address: John Kennedy, 8, IRIS BUILDING, 7th floor, Office 740B, 3106, Limassol, the Republic of Cyprus.
13. Changes to this Privacy Policy
13.1 The Service Provider may change this Privacy Policy from time to time. This may be necessary, for example, if the applicable law changes, or if the Service Provider changes its business in a way that affects Personal Data protection.
13.2 If a change is material, the Service Provider will try to provide at least 30 (thirty) calendar days’ written notice prior to any new terms taking effect. What constitutes a material change will be determined at the Service Provider’s sole discretion. During this time, if the Customer does not agree with the notified change, the Customer may terminate the Terms and Conditions in the manner provided therein.
13.3 By continuing to use the Service, after those changes become effective, the Customer agrees to be bound by the revised Privacy Policy.