Privacy Policy

legal

Privacy Policy

Last updated: 2 June 2026 · CYDGX Limited (trading as PHILOSHOPIC) · Nicosia, Cyprus

CONTENTS

1. Who we are 2. What we collect 3. How we use your data 4. Legal basis 5. Cookies 6. Key service providers 7. Sharing your data 8. International transfers 9. Data retention 10. Your rights 11. Security 12. Children 13. Changes to this policy 14. Contact us

This policy explains how CYDGX Limited (trading as PHILOSHOPIC) collects, uses, and protects personal data in connection with this website. This is a business-to-business website. We do not sell products or services directly to consumers through this site.

1. Who we are

CYDGX Limited is a company registered in Cyprus, trading under the name PHILOSHOPIC. We develop and provide retail technology solutions — including loyalty platforms, digital voucher management systems, and payment integration middleware — to retail businesses and their partners across Europe, the Middle East, and Africa.

For the purposes of the General Data Protection Regulation (GDPR) and the Cyprus Law on the Protection of Natural Persons with regard to the Processing of Personal Data (Law 125(I)/2018), CYDGX Limited is the data controller for personal data collected through this website. CYDGX Limited has not appointed a Data Protection Officer as it is not required to do so under Article 37 GDPR. We are not engaged in large-scale systematic monitoring of individuals, nor do we process special categories of data on a large scale. Privacy-related enquiries may be directed to privacy@philoshopic.com.

Registered office: CYDGX Limited, Nicosia, Cyprus
Website: www.philoshopic.com
Contact: privacy@philoshopic.com

2. What we collect

We collect only the personal data necessary to respond to your enquiry or improve your experience on this website. We collect data in the following ways:

Information you provide directly

Name, job title, company name, email address, and phone number when you submit a contact or enquiry form
The content of your message or enquiry
Any other information you voluntarily include in your communication with us

Information collected automatically

Your IP address and approximate geographic location
Browser type, version, and operating system
Pages visited, time spent on each page, and referring URLs
Device type and screen resolution
Cookie identifiers — see Section 5 for details

Website technologies

This website is built on WordPress with the Bricks Builder framework, hosted on Hostinger. We use Google Analytics for website analytics and Microsoft Office 365 for email and business communications. We do not currently use live chat tools, CRM platforms connected to this website, social media pixel tracking, or third-party newsletter software in connection with this site.

We do not collect sensitive personal data (such as health information, financial account details, political opinions, or biometric data) through this website.

3. How we use your data

Purpose	Data Used	Legal Basis
Responding to enquiries submitted via our contact form	Name, email, phone, company, message content	Legitimate interests / Pre-contractual steps
Sending information about our products and services where requested	Name, email, company	Consent or Legitimate interests
Analysing website usage to improve content and user experience	Usage data, cookies, IP address	Legitimate interests

4. Legal basis for processing

We process personal data on the following legal bases under Article 6 of the GDPR:

Legitimate interests (Art. 6(1)(f)): responding to business enquiries, analysing website usage, and maintaining the security of our systems. We have assessed that our legitimate interests are not overridden by your rights and freedoms.
Pre-contractual steps (Art. 6(1)(b)): where you have contacted us with a view to entering into a business relationship, processing is necessary to take steps at your request.
Legal obligation (Art. 6(1)(c)): where we are required to process data to comply with a legal obligation.
Consent (Art. 6(1)(a)): where we ask for and you provide consent, such as for optional marketing communications. You may withdraw consent at any time by contacting us.

5. Cookies

This website uses cookies — small text files stored on your device — to enable core functionality and to help us understand how visitors use the site. Analytics cookies are only placed after you provide consent through our cookie banner. You may withdraw or modify your consent at any time through the cookie preferences tool available on this website.

Cookie Type	Purpose	Duration
Essential cookies	Required for the website to function correctly — including session management and security	Session
Analytics cookies	Help us understand how visitors interact with the site — pages visited, time on site, referral sources. We use this to improve content and navigation.	Up to 24 months
Preference cookies	Remember your settings and choices to improve your experience on return visits	Up to 12 months

We do not use advertising or tracking cookies to serve you targeted advertising. You can manage or disable cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the site. Disabling essential cookies may impair site functionality.

6. Key service providers

We use the following key service providers in connection with our business and the operation of this website. Each is subject to appropriate data processing agreements and operates in compliance with applicable data protection law:

Provider	Purpose	Location
Google Analytics (Google LLC)	Website analytics — understanding visitor behaviour and improving site content, configured to minimise data collection in accordance with applicable law.	USA (SCCs in place)
Microsoft Office 365 (Microsoft Corporation)	Email, document collaboration, and internal business communications	EU/USA (SCCs in place)
Hostinger	Website hosting and infrastructure	EU (Lithuania)
WordPress / Bricks Builder	Website content management system — self-hosted on Hostinger infrastructure	EU (self-hosted)

This list covers our primary processors. We review our processor relationships periodically and update this list accordingly. You may request a full subprocessor list by contacting privacy@philoshopic.com.

8. International data transfers

CYDGX Limited is based in Cyprus, an EU member state. Personal data collected through this website is processed within the European Economic Area (EEA) in the first instance.

PHILOSHOPIC operates across multiple countries, including the Kingdom of Saudi Arabia, the Gulf region, and Africa. Where data is transferred outside the EEA in connection with the operation of our business or service providers, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Other lawful transfer mechanisms under Chapter V of the GDPR

You may request details of the safeguards in place for any specific transfer by contacting us at privacy@philoshopic.com.

9. Data retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.

Enquiry and contact form data: retained for up to 3 years from the date of last contact, or longer if a business relationship develops
Website analytics data: retained in aggregated form for up to 24 months
Legal and compliance records: retained for the period required by applicable law

When data is no longer required, it is securely deleted or anonymised.

10. Your rights

Under the GDPR, you have the following rights in relation to your personal data:

Right of access: to request a copy of the personal data we hold about you
Right to rectification: to request correction of inaccurate or incomplete data
Right to erasure: to request deletion of your data where there is no compelling reason for continued processing
Right to restriction: to request that we limit how we use your data in certain circumstances
Right to data portability: to receive your data in a structured, machine-readable format where processing is based on consent or contract
Right to object: to object to processing based on legitimate interests, including direct marketing
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal
Right to object to direct marketing: you have the absolute right to object at any time to the processing of your personal data for direct marketing purposes. Where you object, we will cease processing your data for that purpose immediately.

To exercise any of these rights, please contact us at privacy@philoshopic.com. We will respond within one month of receiving your request. There is no charge for exercising your rights.

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus:

Office of the Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia, Cyprus
www.dataprotection.gov.cy

11. Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect data against unauthorised access, loss, destruction, or alteration. These include encrypted data transmission (HTTPS), access controls, and regular security reviews.

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals in accordance with our legal obligations.

12. Children

This website is directed at business professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@philoshopic.com and we will take steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

Where changes are material, we will take reasonable steps to bring them to your attention.

14. Contact us

If you have any questions about this Privacy Policy, or if you wish to exercise any of your data protection rights, please contact us:

CYDGX Limited (trading as PHILOSHOPIC)
Nicosia, Cyprus
Email: privacy@philoshopic.com
Website: www.philoshopic.com

We aim to respond to all privacy-related enquiries within 5 business days, and to all formal rights requests within one month as required by law.