Privacy Policy

Introduction

OpenFrontiers Ltd ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services. As a Cyprus-based company, we comply with the General Data Protection Regulation (GDPR) and Cyprus data protection laws.

Data Controller Information

OpenFrontiers Ltd is the data controller for the personal data we process. Our contact details are:

Data We Collect

We collect and process the following types of personal data through our data collection processes:

• Contact Information: Name, email address, phone number, postal address
• Financial Information: Details about your debts, income, expenses, and financial situation (only when you engage our services)
• Communication Records: Records of correspondence, consultation notes, and service-related communications
• Website Usage Data: IP address, browser type, pages visited, time spent on pages, referring websites
• Cookies and Tracking Data: Information collected through cookies and similar technologies as detailed in our Cookie Policy
• Identity Verification: Documentation required for regulatory compliance and identity verification

How We Use Your Information

We process your personal data for the following purposes and on the following legal bases:

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

• Service Providers: Third-party companies that provide services such as IT support, payment processing, and professional services
• Legal and Regulatory Authorities: When required by law, court order, or regulatory requirements
• Creditors and Financial Institutions: As necessary for debt restructuring negotiations and agreements
• Professional Advisors: Lawyers, accountants, and other professional advisors when necessary for service provision

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal requirements. Our data retention periods are as follows:

• Client Files: 7 years after the end of the client relationship (regulatory requirement)
• Website Analytics: 26 months (Google Analytics default)
• Marketing Data: Until consent is withdrawn or 3 years of inactivity
• Enquiry Data: 2 years from last contact if no service relationship is established

Your Rights

Under GDPR and Cyprus data protection law, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing based on consent

To exercise any of these rights, please contact us using the contact information provided below.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, secure data transmission, regular security assessments, and staff training on data protection.

International Data Transfers

We primarily process data within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please contact us using the following information:

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Cyprus Data Protection Commissioner or your local supervisory authority.