Privacy Policy

This Privacy Policy explains how grendavoli.top Ltd ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Last updated: 15th January 2026

Data Controller Information

grendavoli.top Ltd is the data controller for the personal information processed through our website and services. Our registered office is located at Poseidonos Avenue 142, Nicosia, 1070, Cyprus. Company registration number: HE852147.

Data We Collect

The data we collect includes personal information that you voluntarily provide to us and information that is automatically collected when you use our website. We collect the following types of personal data:

Information You Provide

• Contact information including name, email address, phone number, and company details
• Communication preferences and marketing consent
• Messages and enquiries submitted through our contact forms
• Account information if you create an account with our services
• Business information related to your review management requirements

Information Automatically Collected

• Device information including IP address, browser type, and operating system
• Website usage data including pages visited, time spent, and navigation patterns
• Technical information for website performance and security monitoring
• Cookie data as described in our Cookie Policy

How We Use Your Information

We use your personal data for legitimate business purposes and only with appropriate legal basis. The use of your data includes providing our services, improving our offerings, and maintaining customer relationships. Specifically, we use your information to:

• Provide and deliver our review management services
• Respond to your enquiries and provide customer support
• Process service requests and manage business relationships
• Send important service updates and technical notifications
• Improve our website functionality and user experience
• Comply with legal obligations and protect our business interests
• Send marketing communications where consent has been provided
• Conduct analytics to understand service usage and performance

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Consent: Where you have given clear consent for specific processing activities
• Contract: Where processing is necessary to perform our services or enter into a contract
• Legitimate Interest: Where we have a legitimate business interest that doesn't override your rights
• Legal Obligation: Where we must process data to comply with legal requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our cookie usage, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information with trusted service providers who assist us in operating our business, subject to appropriate data protection agreements. This includes:

• Cloud hosting providers for website and data storage
• Email service providers for communication delivery
• Analytics providers to understand website usage
• Payment processors for billing and invoicing
• Legal and professional advisors where necessary

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place through adequacy decisions, Standard Contractual Clauses, or other approved mechanisms to protect your data.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Our data retention periods are based on business requirements, legal obligations, and your relationship with our company. Generally, we retain customer data for the duration of our business relationship plus seven years for legal and tax purposes. Marketing data is retained until consent is withdrawn or for a maximum of three years from last engagement.

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Request limitation of processing in specific situations
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing based on legitimate interest or for marketing purposes
• Withdrawal of Consent: Withdraw consent where processing is based on consent

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include encryption, access controls, regular security assessments, and staff training on data protection principles.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please reach out using the following contact information:

• Email: [email protected]
• Phone: +357 22606535
• Address: grendavoli.top Ltd, Poseidonos Avenue 142, Nicosia, 1070, Cyprus

Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority if you believe we have not handled your personal data in accordance with applicable law. In Cyprus, the supervisory authority is the Commissioner for Personal Data Protection.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

Governing Law

This Privacy Policy is governed by the laws of Cyprus and the European Union. Any disputes arising from this policy will be subject to the jurisdiction of the courts of Cyprus.