Політика конфіденційності

1. Introduction & Who We Are

Nexora Cyprus ("Nexora Cyprus", "we", "us", or "our") is a corporate services provider incorporated and operating in Paphos, Cyprus. We provide Cyprus company formation, corporate tax structuring advisory, IP Box advisory, nominee services, annual compliance, and related corporate administrative services to clients worldwide.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at nexoracyprus.com, contact us, or engage our services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Processing of Personal Data (Protection of Individuals) Law of 2018, as amended (Cyprus Law 125(I)/2018).

If you have any questions about this policy or our data practices, please contact us at privacy@nexoracyprus.com.

2. What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

• Identity data: Full name, date of birth, nationality, passport or national identity card details.
• Contact data: Email address, telephone number, country of residence, and postal address.
• Business data: Company name, industry, proposed business activities, existing corporate structure, and source of funds information.
• Correspondence data: The content of emails, messages, and enquiry form submissions you send to us.
• Technical data: IP address, browser type, operating system, pages visited, and time of access when you visit our website.
• KYC / due diligence data: Identity documents, proof of address, source of funds declarations, and other documents required for anti-money laundering compliance.

We do not knowingly collect personal data from individuals under the age of 18.

3. How We Use Your Data

We use your personal data for the following purposes:

• Responding to enquiries: To process and respond to your questions, quote requests, and consultation requests submitted via our website or by email.
• Service delivery: To incorporate your Cyprus company, maintain your corporate records, provide nominee services, file compliance documents, and deliver all contracted services.
• KYC / AML compliance: To verify your identity and source of funds as required by Cyprus AML legislation (Law 188(I)/2007 and related instruments) and as a condition of providing regulated services.
• Client relationship management: To manage our ongoing client relationship, including billing, account management, and service improvements.
• Legal and regulatory compliance: To comply with applicable laws, court orders, regulatory requirements, and requests from competent authorities.
• Marketing communications: To send you relevant regulatory updates, tax alerts, and information about our services, where you have consented or where we have a legitimate interest to do so. You may opt out at any time.

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

• Contractual necessity (Art. 6(1)(b)): Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract (e.g., responding to enquiries, delivering services).
• Legal obligation (Art. 6(1)(c)): Where we are required to process data to comply with AML obligations, regulatory requirements, or other legal duties to which we are subject.
• Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate business interests — such as improving our services, managing our business, and communicating relevant updates — provided these interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your data for a specific purpose, such as subscribing to our newsletter. You may withdraw consent at any time.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations:

• Enquiry data: Data collected from website enquiries or consultations that do not result in an engagement is retained for up to 3 years from last contact, after which it is securely deleted.
• Client data: Data relating to active or former clients, including KYC documentation, correspondence, and service records, is retained for a minimum of 7 years following the end of the client relationship, in compliance with Cyprus AML obligations under Law 188(I)/2007.
• Financial records: Accounting and billing records are retained for the periods required under Cyprus tax and corporate law.

After the applicable retention period, personal data is securely deleted or anonymised.

6. Data Sharing

We do not sell, rent, or trade your personal data. We may share your data with:

• Service providers: Third-party providers who assist us in delivering our services (e.g., licensed auditors, legal counsel, registered agents, cloud storage providers). These parties are bound by confidentiality obligations and are only permitted to process data on our instructions.
• Regulatory and governmental authorities: The Cyprus Registrar of Companies, Cyprus Tax Department, Cyprus Bar Association (for AML reporting obligations), competent AML supervisory authorities, and other authorities as required by law or court order.
• Professional advisers: Our legal advisers, accountants, and insurers, where necessary for the conduct of our business and subject to professional confidentiality obligations.

We will not share your personal data with third parties for their own marketing purposes.

7. Your Rights Under GDPR

Subject to applicable exemptions, you have the following rights in relation to your personal data:

• Right of access: To obtain a copy of the personal data we hold about you.
• Right to rectification: To have inaccurate or incomplete personal data corrected.
• Right to erasure: To request deletion of your personal data where there is no legitimate reason for us to continue processing it.
• Right to restriction: To request that we restrict processing of your data in certain circumstances.
• Right to data portability: To receive your personal data in a structured, machine-readable format and to transmit it to another controller.
• Right to object: To object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

To exercise any of these rights, please contact us at privacy@nexoracyprus.com. We will respond within 30 days. We may need to verify your identity before processing your request.

8. Cookies

Our website uses cookies to ensure essential functionality and to improve your experience. For detailed information about the cookies we use, how they work, and how to manage your cookie preferences, please see our Cookie Policy.

9. International & Cross-Border Data Transfers

As a Cyprus-based company serving international clients, your personal data may be transferred to and processed by our service providers located within the European Union (EU) or European Economic Area (EEA). All such transfers are subject to appropriate safeguards under GDPR.

Where data is transferred outside the EU/EEA (for example, to a non-EEA service provider), we ensure such transfers are governed by appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or the adequacy decisions in force.

10. Contact Us for Privacy Matters

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please contact us: