© 2026. i-Cyprus
Controller – Dataset SIA, a company registered in Latvia at Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia, registration number 40203028151, VAT number LV40203028151.
Personal Data – information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Policy – this privacy policy.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website – the website operated by the Controller at https://i-cyprus.com.
User – any natural person visiting the Website, in particular any natural person using the services provided by the Controller on the Website.
2.1. The Controller collects Users' personal data in connection with their activities on the Website in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality.
2.2. The Controller collects personal data for specific, explicit and legitimate purposes and does not further process them in a manner that is incompatible with those purposes.
2.3. The Controller, on the terms set out in this Policy, collects data to the extent necessary to enable the User to use the services made available on the Website and to the extent of information about the User's activities.
3.1.1. During each visit by a User to the Website, the Controller collects technical data from the User's end device, including but not limited to IP address, source of entry to the site, connection time, URL, browser type and version.
3.1.2. The Controller processes the above-mentioned personal data for the purposes of:
(a) Provision of online services – providing Users with access to content and functionalities available on the Website.
(b) Analytics and statistics – conducting analyses of User activity and preferences in order to improve the functionalities and services provided.
(c) Establishment and pursuit of legal claims – establishing, exercising or defending legal claims.
(d) Error monitoring and debugging – detecting, logging, and resolving technical errors to ensure the Website functions correctly and to improve user experience.
3.2.1. To register an account on the Website, the User is asked by the Controller to provide the following information:
3.2.2. The above-mentioned personal data are processed for the purposes of:
(a) Account management and service provision – managing the User's account and providing services available on the Website.
(b) Analytics and statistics – conducting analyses of User activity and preferences in order to improve the functionalities and services provided.
(c) Establishment and pursuit of legal claims – establishing, exercising or defending legal claims.
3.3.1. For the provision of paid services available on the Website to the User holding an account, the following personal data of the User are processed:
(a) At the order stage: name, surname, billing address, optionally VAT number.
(b) At the payment card verification and payment stage:
At this stage, personal data from scopes (a) and (b) are shared with the payment operator Stripe Payments Europe Ltd, C/O A&L Goodbody, IFSC, North Wall Quay, Dublin 1, Ireland (registration number: 513174). The Controller does not at any time have access to data from scope (b) and does not process them.
3.3.2. Where the User enters into an agreement for the provision of paid services by the Controller via the Website, the personal data provided by the User are processed for the purposes of:
(a) Performance of the contract – provision of paid services on the Website.
(b) Compliance with legal obligations – fulfilment of legal obligations incumbent on the Controller under applicable law, in particular accounting and tax law.
(c) Analytics and statistics – conducting analyses and statistics of User activity.
(d) Establishment and pursuit of legal claims – establishing, exercising or defending legal claims.
3.4.1. Nature of data collection and processing
The Controller maintains a searchable database of basic Cyprus company information obtained from the Cyprus Open Data Portal, specifically the Cyprus Companies Registry dataset available at https://data.gov.cy/en/dataset/1026.
This dataset is published by the Cyprus Department of Registrar of Companies and Official Receiver and is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0), which permits use, distribution, and commercial exploitation of the data with appropriate attribution.
The Controller makes this database freely available to all visitors of the Website without registration or payment, allowing Users to search for basic information about Cyprus companies.
3.4.2. Categories of personal data processed
The categories of personal data processed by the Controller from the Cyprus Open Data Portal include:
The free search database provides basic directory information only. Detailed personal data, official documents, and comprehensive company information are available exclusively through the paid report service (see Section 3.5).
The free search database is intended to display basic directory information only. If the source dataset incidentally contains additional identifiers, the Controller will display and process such data only to the extent necessary for providing the free search service and will assess any requests or objections on a case-by-case basis.
3.4.3. Purpose and legal basis
The Controller processes the above-mentioned personal data for the purpose of providing a free company search service to the public, supporting transparency and certainty in commercial transactions.
Legal basis: Legitimate interest of the Controller (Article 6(1)(f) GDPR).
Legitimate interests:
Balancing test: The processing does not override the interests, rights and freedoms of data subjects because:
3.4.4. Source of personal data
Source: Cyprus Open Data Portal (https://data.gov.cy/en/dataset/1026)
Dataset: Cyprus Companies Registry
Publisher: Cyprus Department of Registrar of Companies and
Official Receiver
License: Creative Commons Attribution 4.0 International (CC
BY 4.0)
Nature of source: Official government open data repository
specifically published for reuse by the public under open data licensing
terms
3.4.5. Frequency of updates
The Controller updates its database periodically when new versions of the dataset are published by the Cyprus government on the Open Data Portal. The Controller does not guarantee real-time accuracy and recommends that Users verify critical information directly with the Cyprus Department of Registrar of Companies or purchase a detailed report for the most current data.
3.4.6. Data subject rights
Right to object: Data subjects have the right to object to the processing of their personal data on grounds relating to their particular situation. However, the Controller may continue processing if it demonstrates compelling legitimate grounds that override the interests of the data subject.
Right to rectification and erasure: The Controller displays data from an official government source. The Controller cannot modify or delete data in the original Cyprus registry. Data subjects wishing to correct, update, or erase their personal data appearing in the Cyprus company registry must contact the Cyprus Department of Registrar of Companies and Official Receiver directly at https://efiling.drcor.mcit.gov.cy.
The Controller will periodically update its database when new versions are published by the Cyprus government, which will reflect any corrections made in the official registry.
Right of access: Data subjects can view their data freely on the Website by searching for the relevant company.
3.5.1. Nature of data collection and processing
The Controller operates as an intermediary service that retrieves detailed Cyprus company information on behalf of Users through paid reports. When a User purchases a detailed company report, the Controller submits an individual request to the Cyprus Department of Registrar of Companies and Official Receiver (https://efiling.drcor.mcit.gov.cy) on behalf of the User, retrieves the requested information, and stores it in the User's account for their future reference.
Paid reports contain comprehensive data and official documents retrieved directly from the Cyprus Department of Registrar of Companies. While some basic information (such as company names and directors' names) may overlap with data available in the free search from the Open Data Portal, the paid reports are retrieved independently from the official registry and contain significantly more detailed personal data and official documentation not available in the Open Data Portal.
Each paid search represents a fresh retrieval of comprehensive, detailed data from the Cyprus registry on behalf of the requesting User.
3.5.2. Categories of personal data processed
The categories of personal data processed by the Controller in paid reports are identical to the categories of personal data disclosed in the Cyprus Department of Registrar of Companies and Official Receiver registry, including but not limited to:
Paid reports contain significantly more detailed personal data than the basic information available in the free search.
Paid reports may include additional identifiers (such as identification or passport numbers), dates of birth, and full addresses where these are disclosed in official registry records. The Controller processes such data only to the extent necessary to retrieve and deliver the requested report to the User and to comply with applicable legal obligations.
3.5.3. Purpose and legal basis
The Controller processes the above-mentioned personal data for the purpose of providing an intermediary service to Users by retrieving and delivering comprehensive Cyprus company information on their behalf, supporting transparency and certainty in commercial transactions, business due diligence, and legal compliance.
Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest consists of providing Users with convenient access to publicly available Cyprus company information by acting as an intermediary between Users and the Cyprus registry.
3.5.4. Important limitations
The Controller does not share the retrieved data with any third parties. Data retrieved on behalf of a User are delivered exclusively to that User and stored in that User's account.
The Controller is not the original source of this data. Users wishing to correct, update or delete their personal data appearing in Cyprus registry records must contact the Cyprus Department of Registrar of Companies and Official Receiver directly, as the Controller acts solely as an intermediary retrieving publicly available information.
3.6.1. What are cookies?
Cookies are small data files, in particular text files, that are stored on the User's end device. Cookies typically contain the name of the website domain from which they originate, their storage time on the end device, and a unique number.
3.6.2. How we use cookies
During each visit by a User to the Website, the Controller attempts to store cookies. Stored cookies are used by the Controller for the purposes of:
(a) Adapting the content of the Website to the User's preferences and
optimising it;
(b) Maintaining the User's session on the Website (after logging in) and
shopping cart functionality, so that the User does not have to re-enter
their login and password on each subpage of the Website;
(c) Security protection (CSRF prevention, bot detection, spam protection).
Note: Analytics and error monitoring are handled through privacy-friendly tools that do not use cookies or use only essential cookies as described in Section 3.6.3 and Section 3.7.
3.6.3. Types of cookies used
The Controller uses the following categories of cookies:
(a) Strictly necessary cookies – essential for the operation of the Website and the provision of services.
The following strictly necessary cookies are used:
| Cookie Name | Purpose | Duration |
|---|---|---|
sessionid |
Maintains your login session and shopping cart | Until browser closed or 14 days of inactivity |
cart |
Provides connection with the shopping cart functionality | 1 day |
csrftoken |
Protects against Cross-Site Request Forgery (CSRF) attacks for your security | 1 year |
cf_clearance |
Cloudflare security cookie - verifies you are a legitimate visitor and protects against bots and malicious traffic | 30 minutes to 24 hours |
rc::a |
Google reCAPTCHA - distinguishes between humans and bots for spam protection | Persistent |
rc::c |
Google reCAPTCHA - distinguishes between humans and bots for spam protection | Session |
cookieyes-consent |
Stores your cookie consent preferences | 1 year |
(b) Privacy-friendly analytics (no consent required)
The Website uses Umami Analytics, a privacy-friendly analytics service that does NOT use cookies and does NOT collect personal data. Umami provides anonymized, aggregated statistics such as page views, referrers, and general geographic location (country level only).
For more information about Umami's privacy practices: https://umami.is/docs/privacy
(c) Analytics cookies (require consent)
The Website also uses Google Analytics, a web analytics service provided by Google LLC, to collect more detailed usage statistics.
Google Analytics cookies used (only with consent):
| Cookie Name | Purpose | Duration |
|---|---|---|
_ga |
Distinguishes unique users for Google Analytics | 2 years |
_gid |
Distinguishes users for 24-hour period | 24 hours |
_gat_gtag_UA_* |
Used to throttle request rate for Google Analytics | 1 minute |
_ga_* |
Stores session state for Google Analytics 4 | 2 years |
3.6.4. Managing cookie preferences
Each User may refuse to allow cookies to be placed on their end device. To do this, the User should use the option to disable the downloading and storage of cookies in their web browser settings.
Deleting cookies may result in the loss of the ability to use some functionalities of the Website.
The Website uses a cookie consent management tool that allows Users to accept or reject non-essential cookies before they are placed. Users can change their cookie preferences at any time by accessing the cookie settings available on the Website.
3.6.5. Analytics services
The Website uses two analytics services:
(a) Umami Analytics (privacy-friendly, no cookies)
Umami is a self-hosted privacy-friendly analytics solution that does not use cookies, does not track individual users, and collects only anonymized, aggregated statistics.
All Umami analytics data is stored on the Controller's own servers located in the Netherlands (DigitalOcean) and is not shared with any third parties. Umami provides only aggregate data such as total page views, popular pages, referral sources, and general geographic location (country level).
No personal data is collected or processed through Umami Analytics.
(b) Google Analytics (with consent only)
When you provide consent via the cookie consent banner, the Website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to help analyze how users interact with the Website. The information generated by the cookies is transmitted to and stored by Google on servers located in the United States.
Google LLC participates in the EU-U.S. Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of data protection.
For more information about Google Analytics: https://policies.google.com/technologies/partner-sites
3.7.1. What is error tracking?
To ensure the Website functions correctly and to quickly identify and resolve technical issues, the Controller uses Sentry, an error tracking and monitoring service provided by Functional Software, Inc. (Sentry), headquartered in San Francisco, United States.
3.7.2. What data does Sentry collect?
When a technical error occurs on the Website, Sentry automatically collects the following information:
This information is collected automatically when an error occurs and is used solely for debugging and improving the Website.
3.7.3. Purpose and legal basis
Purpose: Detecting, diagnosing, and resolving technical errors to ensure the Website operates correctly, maintain security, and improve the user experience.
Legal basis: Legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest consists of maintaining the security, stability, and functionality of the Website and protecting Users from technical issues and security vulnerabilities.
3.7.4. Data retention by Sentry
Error data collected by Sentry is retained for 90 days, after which it is automatically deleted. This retention period allows the Controller sufficient time to identify patterns, diagnose issues, and implement fixes.
3.7.5. International data transfer
Sentry is based in the United States. Error data is transmitted to and stored on Sentry's servers located in the United States. Sentry has implemented Standard Contractual Clauses approved by the European Commission and maintains appropriate technical and organizational security measures.
For more information about Sentry's data protection practices: https://sentry.io/privacy/
3.7.6. Your rights
You have the right to object to error tracking on grounds relating to your particular situation. However, disabling error tracking may affect the Controller's ability to identify and resolve technical issues that affect your use of the Website.
4.1.1. The Controller may share Users' personal data with the following categories of recipients:
(a) Payment processor: Stripe Payments Europe Ltd (Ireland) – for processing payment card transactions.
(b) IT service providers:
(c) Public authorities – where required by applicable law (e.g., tax authorities, law enforcement).
4.1.2. The Controller does not sell or otherwise transfer Users' personal data to third parties for marketing purposes.
4.1.3. Cyprus Open Data (free search): Basic company information from the Cyprus Open Data Portal is displayed publicly on the Website and is accessible to all visitors. This data is published under Creative Commons Attribution 4.0 International (CC BY 4.0) license, which permits public access and redistribution with attribution.
4.1.4. Cyprus registry reports (paid service): Detailed information retrieved from the Cyprus Department of Registrar of Companies on behalf of a User is delivered exclusively to that User and is not shared with other third parties.
4.2.1. Data processing within the EEA
The Controller's servers are located in the Netherlands (European Union). The majority of data processing takes place within the European Economic Area (EEA).
4.2.2. Transfers outside the EEA
Certain third-party service providers used by the Controller may involve data transfers outside the EEA:
(a) Sentry (United States): Error tracking and monitoring services involve data transfers to the United States. Sentry provides appropriate safeguards through Standard Contractual Clauses approved by the European Commission.
(b) Google LLC (United States): Google Analytics services (when consent is given) and Google reCAPTCHA (spam protection) involve data transfers to the United States. Google LLC participates in the EU-U.S. Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of data protection.
(c) Cloudflare (United States): Cloudflare's global network may involve data processing in various locations. Cloudflare provides appropriate safeguards through Standard Contractual Clauses approved by the European Commission.
4.2.3. Where the Controller transfers personal data outside the EEA, it ensures appropriate safeguards are in place, including:
4.2.4. Users may obtain further information about international data transfers and copies of the safeguards in place by contacting the Controller at i-cyprus@i-cyprus.com.
5.1. Account data: Personal data associated with User accounts (email address, password, billing details) are retained for the duration of the account's active use. If an account remains inactive (no login) for 3 years, the Controller may notify the User and request confirmation of continued use. If no response is received within 30 days, the account may be deleted. Users may request deletion of their account at any time by contacting i-cyprus@i-cyprus.com.
5.2. Payment and invoicing data: Personal data processed for the purposes of fulfilling legal obligations (accounting, tax law) are retained for 10 years from the end of the calendar year in which the transaction took place, in accordance with Latvian legal requirements (Law on Accounting, Section 12). This retention period applies even if the User's account is deleted, as retention is required by law.
5.3. Cyprus Open Data database (free search): The Controller maintains a database of basic Cyprus company information obtained from the Cyprus Open Data Portal (https://data.gov.cy/en/dataset/1026) under Creative Commons Attribution 4.0 International (CC BY 4.0) license. This database is updated periodically when new versions of the dataset are published by the Cyprus government (typically quarterly). The data are retained in the database indefinitely as part of the Controller's ongoing service to provide free access to basic Cyprus company information. This indefinite retention is justified by: (1) the data are sourced from an official government open data source licensed for redistribution; (2) processing is based on compelling legitimate interests in transparency; (3) the data are publicly available and regularly updated from the official source. Data subjects wishing to correct or erase their data must contact the Cyprus Department of Registrar of Companies and Official Receiver directly. The Controller will reflect such changes when it updates its database from the next published version of the open data.
5.4. Cyprus registry reports (paid service): When a User purchases a detailed company report, the Controller retrieves the data from the Cyprus Department of Registrar of Companies and Official Receiver and stores the retrieved report in the User's account for the User's future reference. Retrieved reports are retained in the User's account for the following periods:
Exception for legal compliance: Payment records and invoices associated with purchased reports are retained for 10 years from the date of the transaction, as required by Latvian accounting and tax law, even if the User's account and reports are deleted. After 10 years, these records are permanently deleted.
Reports are stored individually per User and are not accessible to other Users or third parties.
5.5. Server logs and analytics data:
Technical data (IP addresses, browser information) collected in server logs are retained for 30 days, after which they are automatically deleted.
Umami Analytics data (anonymized, aggregated statistics with no personal data) is retained indefinitely as it contains no information that can identify individual users.
Error tracking data collected by Sentry is retained for 90 days, after which it is automatically deleted.
Google Analytics data (when consent is given) is retained according to Google's data retention policies and our Google Analytics settings (typically 14-26 months, configurable).
5.6. Cookie data: Session cookies are deleted when the User closes their browser. Persistent cookies (including analytics cookies) are retained for the periods specified in the cookie consent banner (typically up to 2 years for Google Analytics cookies).
5.7. Legal claims: Where personal data are processed for the purpose of establishing, exercising or defending legal claims, the data are retained until the claim is resolved and the applicable limitation period (10 years under Latvian law) has expired.
5.8. Retention schedule summary:
| Data Category | Retention Period | Legal Basis for Retention |
|---|---|---|
| Active account data | While account active | Contract performance |
| Inactive account data | 3 years after last login, then 30-day notice | Legitimate interest + storage limitation |
| Invoices & payment records | 10 years after transaction | Legal obligation (Latvian accounting law) |
| Purchased reports (active account) | While account active (up to 3 years inactivity) | Contract performance + legitimate interest |
| Purchased reports (deleted account) | Deleted immediately (except invoices) | GDPR erasure right |
| Open Data database | Indefinite (updated periodically) | CC BY 4.0 license + legitimate interest |
| Server logs | 30 days | Legitimate interest (security) |
| Umami analytics data (aggregated, no personal data) | Indefinite | Legitimate interest |
| Error tracking data (Sentry) | 90 days | Legitimate interest (debugging) |
| Google Analytics cookies (with consent) | Up to 2 years (_ga, _ga_*), 24 hours (_gid), 1 minute (_gat) | Consent |
6.1. Right of access (Article 15 GDPR)
Each data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:
The Controller shall provide a copy of the personal data undergoing processing free of charge. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs.
6.2. Right to rectification (Article 16 GDPR)
Each data subject has the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Important note regarding Cyprus registry data: The Controller is not the original source of data from the Cyprus registry (both Open Data for free search and official registry data for paid reports). Data subjects wishing to correct their personal data appearing in Cyprus company records must contact the Cyprus Department of Registrar of Companies and Official Receiver directly. The Controller retrieves data as they appear in the public registry and cannot modify the source data. For the Open Data database, corrections will be reflected when the Controller updates its database from new versions published by the Cyprus government.
6.3. Right to erasure / "right to be forgotten" (Article 17 GDPR)
Automatic deletion of inactive accounts: If your account remains inactive (no login) for 3 years, the Controller will send a notification to your registered email address informing you that your account will be deleted in 30 days unless you log in or respond. This policy ensures compliance with the GDPR principle of storage limitation while giving you the opportunity to retain your account if desired.
Each data subject has the right to obtain from the Controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:
Exceptions: The right to erasure does not apply where processing is necessary:
How to exercise this right:
To delete your account and purchased reports: You may request account deletion at any time by contacting i-cyprus@i-cyprus.com. Upon account deletion:
Cyprus Open Data (free search): The Controller processes this data under compelling legitimate interests based on an official government open data source licensed for public reuse (CC BY 4.0). The Controller cannot delete your data from its Open Data database. Data subjects wishing to request changes must contact the Cyprus Department of Registrar of Companies and Official Receiver directly. Changes in the official registry will be reflected in the Controller's database when next updated.
Cyprus registry data in other Users' purchased reports: Cyprus registry data appearing in reports purchased by other Users cannot be deleted, as each User is entitled to retain their own purchased reports.
To modify data in the official Cyprus registry: Cyprus Department of Registrar of Companies and Official Receiver – https://efiling.drcor.mcit.gov.cy
6.4. Right to restriction of processing (Article 18 GDPR)
Each data subject has the right to obtain from the Controller restriction of processing where one of the following applies:
6.5. Right to data portability (Article 20 GDPR)
Each data subject has the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller, where:
6.6. Right to object (Article 21 GDPR)
6.6.1. Each data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on legitimate interests (Article 6(1)(f) GDPR), including profiling based on those provisions.
The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
For Cyprus Open Data (free search): If you object to the processing of your data appearing in the Cyprus Open Data database, please contact i-cyprus@i-cyprus.com with your objection and the specific grounds relating to your particular situation. The Controller will assess your objection and will cease processing unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms. The Controller processes Cyprus Open Data under compelling legitimate interests based on: (1) official government open data licensed specifically for public reuse (CC BY 4.0); (2) public interest in commercial transparency; (3) transparency obligations in commercial law. In most cases, these compelling legitimate grounds will override individual objections. However, the Controller will assess each objection on a case-by-case basis. To remove your data from the original source, contact the Cyprus Department of Registrar of Companies and Official Receiver directly. Changes in the official registry will be reflected in the Controller's database when next updated.
6.6.2. Right to object to direct marketing: Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Note: The Controller does not currently engage in direct marketing activities. Should this change in the future, Users will be informed and given the opportunity to opt out.
6.7. Right to withdraw consent (Article 7(3) GDPR)
Where processing is based on consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw consent as to give it.
To withdraw consent for analytics cookies, Users may use the cookie settings tool available on the Website.
6.8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
Without prejudice to any other administrative or judicial remedy, each data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.
Supervisory authority for Latvia:
Data State Inspectorate (Datu valsts inspekcija)
Address: Blaumaņa iela 11/13-15, Rīga, LV-1011, Latvia
Phone: +371 67 22 31 31
Email: info@dvi.gov.lv
Website:
https://www.dvi.gov.lv
6.9. Automated decision-making and profiling (Article 22 GDPR)
The Controller does not engage in automated decision-making, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them.
7.1. To exercise any of the rights described in Section 6, data subjects may contact the Controller by:
Email: i-cyprus@i-cyprus.com
Post: Dataset SIA, Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia
7.2. The Controller shall respond to requests without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
7.3. The Controller may request additional information necessary to confirm the identity of the data subject making the request.
8.1. The Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
(a) Pseudonymisation and encryption of personal data where appropriate;
(b) The ability to ensure the ongoing confidentiality, integrity,
availability and resilience of processing systems and services;
(c) The ability to restore the availability and access to personal data in a
timely manner in the event of a physical or technical incident;
(d) A process for regularly testing, assessing and evaluating the
effectiveness of technical and organisational measures for ensuring the
security of the processing.
8.2. Payment security: All payment card data are processed by Stripe Payments Europe Ltd using secure encryption protocols. The Controller does not store full payment card numbers and complies with PCI DSS requirements through its payment processor.
8.3. Data transmission: All data transmitted between Users and the Website are encrypted using SSL/TLS protocols (HTTPS).
8.4. Access controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis.
9.1. Data Controller:
Dataset SIA
Krišjāņa Valdemāra iela 18-7
LV-1010 Rīga
Latvia
Registration number: 40203028151
VAT number: LV40203028151
9.2. Contact for data protection matters:
Email: i-cyprus@i-cyprus.com
Postal address: Dataset SIA, Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia
9.3. Data Protection Officer:
The Controller has not appointed a Data Protection Officer as it is not required under Article 37 GDPR. For all data protection inquiries, please contact the Controller using the details in Section 9.2.
10.1. The Controller reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, the Controller's data processing practices, or for other legitimate reasons.
10.2. Users are encouraged to review this Privacy Policy periodically. Continued use of the Website after changes have been made constitutes acceptance of the revised Privacy Policy.
10.3. Where changes are material and affect Users' rights, the Controller will notify Users via email (to the address provided during account registration) or by displaying a prominent notice on the Website.
This section applies to personal data that the Controller obtains from public sources, rather than directly from the data subject.
Identity and contact details of the Controller:
Dataset SIA, Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia
Email: i-cyprus@i-cyprus.com
Categories of personal data:
Company names, registration numbers, basic company information, registered
addresses, directors' names, as disclosed in the Cyprus Open Data Portal.
Source of personal data:
Cyprus Open Data Portal (https://data.gov.cy/en/dataset/1026)
Dataset: Cyprus Companies Registry
Publisher: Cyprus Department of Registrar of Companies and Official
Receiver
License: Creative Commons Attribution 4.0 International (CC BY 4.0)
This is an official government open data repository published specifically for public reuse under an open license.
Purposes of processing and legal basis:
Purpose: Providing a free searchable database of basic Cyprus company information to support transparency in commercial transactions and facilitate public access to open government data.
Legal basis: Legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest consists of providing public access to official open data published by the Cyprus government specifically for reuse, supporting transparency and certainty in commercial activities, and facilitating business due diligence and research. The data are licensed under CC BY 4.0, which explicitly permits commercial use and redistribution with attribution.
Recipients:
This data is displayed publicly on the Website and is accessible to all
visitors without registration. The data may be viewed by anyone who visits
the Website and uses the free search function.
Retention period:
Data are retained in the database indefinitely and are updated periodically
when new versions are published by the Cyprus government on the Open Data
Portal.
Rights of data subjects:
Right of access: You can view your data freely by searching for the relevant company on the Website.
Right to rectification: The Controller displays data from the official Cyprus registry. To correct your data, contact the Cyprus Department of Registrar of Companies and Official Receiver directly. Corrections will be reflected in the Controller's database when it is next updated from the official source.
Right to erasure: The Controller processes this data under compelling legitimate interests based on an official government open data source licensed for public reuse. The Controller cannot delete your data from its database, but you may contact the Cyprus Department of Registrar of Companies to request changes in the official registry.
Right to object: You have the right to object to processing on grounds relating to your particular situation. The Controller will assess whether compelling legitimate grounds exist to continue processing. Contact: i-cyprus@i-cyprus.com
Right to lodge a complaint: You have the right to lodge a complaint with the Data State Inspectorate of Latvia (contact details in Section 6.8).
To modify data in the official Cyprus registry:
Cyprus Department of Registrar of Companies and Official Receiver
Website:
https://efiling.drcor.mcit.gov.cy
Information pursuant to Article 14(5)(b) GDPR: The Controller does not provide individual notification to each data subject whose data appear in the Cyprus registry or Cyprus Open Data Portal. The Controller relies on Article 14(5)(b) GDPR, as the personal data are obtained from publicly accessible official government registers and open data sources specifically published for public access and reuse. Providing individual notice to each data subject would involve disproportionate effort, taking into account the volume of records processed and the fact that the data are already publicly available from the original source.
Automated decision-making:
The Controller does not engage in automated decision-making or profiling in
relation to this data.
Identity and contact details of the Controller:
Dataset SIA, Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia
Email: i-cyprus@i-cyprus.com
Categories of personal data:
Full names, surnames, identification numbers, dates of birth, complete
addresses, detailed roles in companies, share ownership details, official
documents, and other comprehensive information as disclosed in the Cyprus
Department of Registrar of Companies and Official Receiver registry.
Source of personal data:
Cyprus Department of Registrar of Companies and Official Receiver (https://efiling.drcor.mcit.gov.cy) – a publicly accessible official government registry.
Purposes of processing and legal basis:
Purpose: Providing intermediary services to Users by retrieving and delivering comprehensive, detailed Cyprus company information on their behalf to support transparency, business due diligence, legal compliance, and informed commercial decision-making.
Legal basis: Legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest consists of providing Users with convenient access to publicly available Cyprus company information by acting as an intermediary between Users and the Cyprus registry.
Recipients:
Data retrieved on behalf of a User are delivered exclusively to that User
and stored in that User's account. The data are not shared with other third
parties.
Retention period:
Retrieved reports are stored in the User's account indefinitely until the
User requests deletion of the specific report or their entire account.
Rights of data subjects:
You have the right to request access, rectification, erasure, restriction of
processing, data portability, and to object to processing. You also have the
right to lodge a complaint with the Data State Inspectorate of Latvia.
Important note: The Controller is not the original source of Cyprus registry data. To correct or erase your data in the Cyprus registry, please contact the Cyprus Department of Registrar of Companies and Official Receiver directly.
Information pursuant to Article 14(5)(b) GDPR: The Controller does not provide individual notification to each data subject whose data appear in the Cyprus registry or Cyprus Open Data Portal. The Controller relies on Article 14(5)(b) GDPR, as the personal data are obtained from publicly accessible official government registers and open data sources specifically published for public access and reuse. Providing individual notice to each data subject would involve disproportionate effort, taking into account the volume of records processed and the fact that the data are already publicly available from the original source.
Automated decision-making:
The Controller does not engage in automated decision-making or profiling in
relation to Cyprus registry data.
23.01.2024
Now you can get information about companies from the British Virgin Islands (BVI)
07.11.2023
We would like to inform you that we are currently experiencing temporary issues with payment processing.