USPIO website Privacy Notice

• Controller: USPIO LTD, 117 Makariou III Ave & Sisyfou, 5th floor, Limassol 3021, Cyprus 

• Contact: privacy@uspio.ltd 

• Effective date:December 12, 2025

This Privacy Notice applies to the public website https://uspio.ltd, excluding its contact and careers forms, and the emails sent to us. It also does not cover any future CRM or other systems.

1. Summary of key points

  • Scope. This Privacy Notice applies to the processing of personal data on the public website https://uspio.ltd. It does not cover other services, products, or internal systems (e.g., a CRM).
  • Who is the data controller? USPIO LTD (Limassol, Cyprus). Contact: privacy@uspio.ltd.
  • What personal information do we process? Technical logs; your cookie preferences; analytics data only after your consent, your email sent to us at address stated hereinabove.
  • Do we process sensitive personal information? We do not request special‑category (sensitive) data (GDPR Art. 9). If you send such data inadvertently, we will delete or anonymise it when we become aware of it.
  • How do we use your information? To secure and operate the site, respond to your enquiries, and — if you consent — measure aggregated audience analytics.
  • On what legal bases? Legitimate interests; contract/pre‑contract; consent (for non‑essential cookies/analytics only).
  • With whom do we share it? Our staff with a need‑to‑know; our processors: hosting in the EU, CookieScript (Objectis Ltd., LT) for consent management, Google Workspace (EU region) for email, Google Analytics (only after consent).
  • How do we keep it safe? HTTPS (TLS 1.2+), MFA on mailboxes, role‑based access, logging, and incident response procedures.
  • Your rights. Access, rectification, erasure, restriction, portability, object (for legitimate interests), withdraw consent (for analytics), and complain to a supervisory authority.
  • Manage cookies. Use the cookie banner (Accept / Reject / Settings) or see our Cookie Policy.

2. Who we are & what this notice covers

USPIO LTD is the controller of personal data processed via https://uspio.ltd. This notice explains what we collect, why, for how long, with whom we share data, whether we transfer it internationally, your rights under GDPR, and how to contact us. It complements our Cookie Policy.

3. What data we collect and where it comes from

3.1. Casual visit (server logs). IP address, user agent, timestamp, referrer, requested URL and status code; source: your browser / our servers.

3.2. Cookie banner choices. Your consent status by category and a consent‑management identifier; source: our cookie banner (CookieScript).

3.3. Analytics (only after consent). Cookie/device identifiers, truncated IP, page and event data; source: your device and Google Analytics. We enable IP anonymisation in Google Analytics.

3.4. Email to privacy@uspio.ltd. Sender address, headers/metadata, and email content; source: you/your provider.

3.5. Security/error logs (server/WAF). IP, URL, error code, user agent, firewall events; source: our hosting platform.

We do not request sensitive data. We do not ask for special‑category data (GDPR Art. 9). If you send it inadvertently, we will delete or anonymise it as soon as we become aware of it; if immediate deletion is not feasible, we will segregate it and handle it under the same retention as the related correspondence until deletion is possible.

4. Why we use data & legal bases

4.1. Security and reliability of the website (detect abuse, ensure availability): legitimate interests (Art. 6(1)(f)). You may object at any time (see Section 10).

4.2. Running the cookie banner and storing consent records: legitimate interests (compliance with e‑Privacy; proof of consent).

4.3. Analytics / audience measurement: consent (Art. 6(1)(a); set only after opt‑in).

5. Cookies and similar technologies

We use strictly necessary cookies to operate the site and the consent banner; other cookies (e.g., Google Analytics) operate only if you consent via the banner. You can change your choice any time via Settings. Our Cookie Policy lists each cookie (name, provider, purpose, duration, legal basis) and includes provider opt‑out links. The consent banner is provided by CookieScript (Objectis Ltd., Vilnius, Lithuania) and records the time and scope of your consent.

6. Who has access to your data (recipients)

  • USPIO staff on a need‑to‑know basis.
  • Processors: (i) EU hosting (Amazon Web Services EMEA S.à r.l., “AWS” — data is stored and processed in AWS EU data centres (e.g., Ireland/Frankfurt); this includes our web server and WAF/security logs); (ii) CookieScript (consent records); (iii) Google Workspace (EU region) for our email; (iv) Google Analytics (after consent) (Used under Google’s measurement data processing terms; we do not enable Ads/remarketing features). We require processors to follow our instructions and apply appropriate security measures.

7. International data transfers

We store emails in the EU region of Google Workspace and for Google Analytics, the service is provided by Google Ireland Limited. Limited support access by Google may still involve transfers to the USA; where this occurs, we rely on Google LLC’s EU-U.S. Data Privacy Framework certification, and where the DPF is not available or does not apply, we rely on the EU Standard Contractual Clauses (2021) together with Google’s supplementary technical and organisational measures. We also enable IP anonymisation and limit retention to 14 months.

CookieScript (Objectis Ltd., Lithuania) stores consent records in the EU.

8. How long we keep data (retention)

  • Server security/error logs: 30 days (unless needed to investigate incidents).
  • Consent records (cookie banner): typically 6 months (or until you withdraw consent). We can export consent logs on request for audit purposes.
  • Analytics data: 13 months (configurable; only if consented).

9. Your rights under GDPR

You can request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests (Section 4.1/4.5). Where processing is based on consent (analytics or talent pool), you can withdraw consent at any time.

10. How to exercise your rights

Email us at privacy@uspio.ltd from the address you used with us; we may ask for limited information to verify your identity. We aim to respond within one month. For cookie choices, use the banner’s Settings link.

11. How we protect your data (security)

We apply proportionate technical and organisational measures, including: HTTPS with TLS 1.2 or higher for forms/pages; mandatory MFA for mailboxes; role‑based access controls; least‑privilege; logging and monitoring; secure configuration/patching; and incident‑response procedures. We review our measures periodically.

12. Children’s privacy

Our website is for businesses and adults; we do not knowingly collect children’s data. If we become aware that we processed data of a child under 16 without parental consent, we will delete it.

13. Automated decisionmaking

We do not use your data for automated decision‑making or profiling that produces legal or similarly significant effects.

14. Changes to this notice

If we make material changes, we will update this page and indicate the date of change. We may also show a banner for significant updates. We keep prior versions on file and will provide them on request.

15. Questions & complaints

If you have questions, contact privacy@uspio.ltd. You also have the right to lodge a complaint with your local supervisory authority or with the Office of the Commissioner for Personal Data Protection (Cyprus) (https://www.dataprotection.gov.cy/, commissioner@dataprotection.gov.cy).