GDPR Compliance Policy

P.TH. EXTREME MOBILES LIMITED

1. Introduction

P.TH. EXTREME MOBILES LIMITED ("the Company") is committed to ensuring the protection of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

This policy outlines how we ensure compliance with GDPR principles when processing personal data through our website:
https://www.extrememobiles.com.cy/

2. Company Details

Company Name: P.TH. EXTREME MOBILES LIMITED
Registration Number: HE 187654
VAT Number: CY10187654W
Address: Arch. Makariou III, 201, Pano Lakatamia, 2311, Nicosia, Cyprus
Email: info@extrememobiles.com.cy
Phone: +357 22 454 494

3. Scope of This Policy

This policy applies to:

  • All personal data processed by the Company

  • Data collected via the website and WooCommerce platform

  • Data processed through third-party integrations and services

4. GDPR Principles

We adhere to the following GDPR principles:

4.1 Lawfulness, Fairness and Transparency

Personal data is processed lawfully, fairly, and transparently.

4.2 Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

4.3 Data Minimisation

We only collect data that is necessary for the purposes for which it is processed.

4.4 Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date.

4.5 Storage Limitation

Personal data is retained only for as long as necessary for legal and operational purposes.

4.6 Integrity and Confidentiality

We implement appropriate security measures to protect personal data.

5. Legal Bases for Processing

We process personal data under the following lawful bases:

  • Contractual necessity – order processing and service delivery

  • Legal obligations – tax, accounting, and regulatory requirements

  • Legitimate interests – fraud prevention, system security, service improvement

  • Consent – marketing communications, cookies, and tracking

6. Data Collection and Processing Activities

We process personal data through:

  • WooCommerce customer accounts and orders

  • SMS OTP authentication system

  • Marketing platforms (email and SMS campaigns)

  • Analytics and tracking tools

  • ERP integration (SAP Business One)

7. Data Sharing and Processors

We may share personal data with trusted third parties, including:

  • Payment providers (JCC)

  • Courier/logistics providers (ACS, Cyprus Post, BOXNOW, DHL)

  • Hosting provider (Hetzner, Germany)

  • Marketing platforms (Sendy, SMS providers)

  • Analytics and advertising platforms (Google, Meta, TikTok)

  • ERP system (SAP Business One)

All processors are contractually bound to ensure GDPR compliance.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions where applicable

9. Data Subject Rights

We respect and facilitate the following rights:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Right to withdraw consent

Requests can be submitted via:
📧 info@extrememobiles.com.cy

10. Data Retention Policy

We retain data in accordance with legal and operational requirements:

  • Order and financial data: 7–10 years

  • Customer accounts: Until deletion request

  • Marketing data: Until consent withdrawal

  • Technical/analytics data: Up to 26 months

11. Data Security Measures

We implement appropriate technical and organizational measures, including:

  • SSL encryption

  • Secure hosting infrastructure

  • Role-based access controls

  • Firewall and bot protection (Cloudflare Turnstile)

  • Secure authentication mechanisms (SMS OTP)

12. Data Breach Procedures

In the event of a data breach:

  • We will assess the risk immediately

  • Notify the relevant supervisory authority within 72 hours (if required)

  • Inform affected users where there is a high risk

13. Third-Party Integrations

We ensure that all third-party integrations:

  • Are GDPR-compliant

  • Process data only as necessary

  • Provide appropriate safeguards

14. Staff Awareness and Responsibility

Where applicable, personnel handling personal data are expected to:

  • Follow data protection principles

  • Maintain confidentiality

  • Report any data incidents immediately

15. Policy Updates

This policy may be updated periodically to reflect legal or operational changes.

16. Contact

For any GDPR-related inquiries:

📧 info@extrememobiles.com.cy
📞 +357 22 454 494

Last updated: March 2026

Need a Help?

Subscribe us

Working Hours