- BATTERIES
- AA-AAA Rechargeable
- AGM Batteries
- Battery Cells
- Button Cell
- Camera Batteries
- Drone Batteries
- eBike Batteries
- eBook Reader Batteries
- GPS Batteries
- Hearing Aid Batteries
- Laptop Batteries
- Lawnmower Âatteries
- LifePO4
- Phone Batteries
- Portable Router Batteries
- Power Tool Batteries
- RC Device Batteries
- Tablet Batteries
- Vacuum Cleaner Batteries
- Wireless Speaker Batteries
- BATTERY CHARGERS
- POWER BANKS
- POWER INVERTERS
- POWER SUPPLIES
- SOLAR ENERGY
- UPS
Data Protection Policy
Last Updated: 15.01.2026
1. Introduction
This Data Protection Policy describes how CL DATAFLOW TECHNOLOGY LIMITED (“we,” “us,” or “our”) protects and manages personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Cyprus Data Protection Law (Law 125(I)/2018).
This policy should be read together with our Privacy Policy.
2. Data Controller Information
Company Name: CL DATAFLOW TECHNOLOGY LIMITED
Registered Address: Vyzantiou 52, Strovolos, CY-2064 Nicosia, Cyprus
Business Registration Number: ΗΕ 53216
VAT Number: CY 10053216V
Contact Email: info@dataflow.com.cy
3. Our Commitment to Data Protection
We are committed to:
- Protecting your personal data and privacy
- Processing personal data lawfully, fairly, and transparently
- Collecting only necessary data for specified purposes
- Maintaining accurate and up-to-date data
- Storing data securely and only for as long as necessary
- Respecting your rights regarding your personal data
4. Data Protection Principles
We adhere to the following GDPR principles:
- Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
- Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.
- Data Minimization: We collect only data that is adequate, relevant, and necessary.
- Accuracy: We keep personal data accurate and up to date.
- Storage Limitation: We retain data only for as long as necessary.
- Integrity and Confidentiality: We process data securely to protect against unauthorized access, loss, or destruction.
- Accountability: We are responsible for demonstrating compliance with these principles.
5. Security Measures
5.1 Technical Measures
We implement the following technical security measures:
- Encryption: SSL/TLS encryption for data transmission
- Secure Storage: Encrypted databases and secure servers
- Access Controls: Role-based access controls and authentication
- Firewalls: Network firewalls and intrusion detection systems
- Regular Updates: Security patches and software updates
- Backup Systems: Regular encrypted backups
- Payment Security: PCI DSS compliant payment processing
5.2 Organizational Measures
We implement the following organizational security measures:
- Staff Training: Regular data protection training for employees
- Confidentiality Agreements: All staff sign confidentiality agreements
- Access Policies: Strict access control policies
- Incident Response: Procedures for handling data breaches
- Regular Audits: Security and compliance audits
- Vendor Management: Due diligence on third-party service providers
6. Data Breach Procedures
6.1 Detection and Response
In the event of a data breach:
- We will immediately investigate and contain the breach
- We will assess the risk to individuals’ rights and freedoms
- We will notify the relevant supervisory authority within 72 hours (if required)
- We will notify affected individuals without undue delay (if high risk)
- We will document all breaches and remedial actions taken
6.2 Notification Requirements
We will notify:
- Supervisory Authority: Office of the Commissioner for Personal Data Protection in Cyprus within 72 hours
- Affected Individuals: Without undue delay if the breach poses a high risk to their rights and freedoms
7. Third-Party Data Sharing
7.1 Service Providers
We may share data with trusted third-party service providers who assist in:
- Payment processing
- Shipping and delivery
- IT services and hosting
- Email marketing
- Analytics and website optimization
All third-party service providers are:
- Contractually obligated to protect your data
- Required to comply with GDPR
- Prohibited from using your data for their own purposes
7.2 Data Processing Agreements
We have Data Processing Agreements (DPAs) with all third-party processors to ensure they:
- Process data only as instructed by us
- Implement appropriate security measures
- Assist us in fulfilling data subject rights
- Notify us of any data breaches
8. International Data Transfers
If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Binding Corporate Rules (where applicable)
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required by law:
- Order Data: 7 years (for accounting and tax purposes)
- Account Information: Until account closure or deletion request
- Marketing Data: Until consent withdrawal or unsubscribe
- Legal Obligations: As required by Cyprus and EU law
After the retention period, data is securely deleted or anonymized.
10. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data (“right to be forgotten”)
- Right to Restrict Processing: Request limitation of data processing
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at info@dataflow.com.cy.
11. Children’s Data
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information immediately.
12. Compliance and Monitoring
We regularly:
- Review and update our data protection policies and procedures
- Conduct security assessments and audits
- Train staff on data protection requirements
- Monitor compliance with GDPR and Cyprus data protection laws
13. Contact and Complaints
If you have questions or concerns about our data protection practices, please contact us:
Email: info@dataflow.com.cy
Address: Vyzantiou 52, Strovolos, CY-2064 Nicosia, Cyprus
13.1 Right to Lodge a Complaint
You have the right to lodge a complaint with the supervisory authority if you believe your data protection rights have been violated:
Office of the Commissioner for Personal Data Protection
Iasonos 1, 1082 Nicosia, Cyprus
Website: www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy
14. Updates to This Policy
We may update this Data Protection Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the “Last Updated” date.
15. Related Policies
This policy should be read together with: