Privacy Policy

Last updated: March 2026 

This Privacy Policy explains how Extreme Mobiles Ltd collects, uses, and protects your personal data when you use our website, place an order, visit our store, or interact with our services. 

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Cyprus data protection laws. 

  1. Company Information (Data Controller)

Extreme Mobiles Ltd 
201 Arch. Makariou 
Lakatamia 2311, Nicosia, Cyprus 
Company Registration Number: HE187654 
Phone: +357 22454494 
Email: info@extrememobiles.com.cy 
Website: www.extrememobiles.com.cy 

For the purposes of data protection law, Extreme Mobiles Ltd acts as the data controller of your personal data. 

  1. Personal Data We Collect

We may collect and process the following categories of personal data: 

Information you provide directly 

  • Full name  
  • Billing and shipping address  
  • Email address  
  • Telephone number(s)  
  • Account login details (if applicable)  

Order and transaction data 

  • Products purchased  
  • Payment details (processed securely via third-party providers)  
  • Order history and invoices  

Technical and usage data 

  • IP address  
  • Browser type and device information  
  • Website interaction and browsing behaviour  

Customer support data 

  • Communications via email, phone, or contact forms  
  • Service and repair requests  

  1. How We Use Your Data

We use your personal data for the following purposes: 

  • To process and deliver orders  
  • To manage payments and prevent fraud  
  • To provide customer support and after-sales service  
  • To communicate order updates and important information  
  • To improve our website, products, and services  
  • To comply with legal and regulatory obligations  
  • To provide personalised content, product recommendations, and direct marketing communications (only where you have provided consent or where permitted by law)  

  1. Automated Decision-Making and Profiling

We may use personal data to carry out automated processing and profiling for the following purposes: 

  • Fraud detection and prevention  
  • Order risk assessment and payment verification  
  • Personalised product recommendations  
  • Marketing and advertising (including remarketing where applicable)  
  • Website analytics and customer behaviour analysis  

Such processing is based on our legitimate interests or your consent, where required. 

Where such processing produces legal effects or significantly affects you, we implement appropriate safeguards, including: 

  • The right to request human intervention  
  • The right to express your point of view  
  • The right to contest the decision  

  1. Legal Basis for Processing

We process your personal data under the following legal bases: 

  • Contractual necessity – to fulfil your order  
  • Legal obligation – for accounting, tax, and compliance requirements  
  • Legitimate interests – to improve services, marketing, and prevent fraud  
  • Consent – where required (e.g. cookies and marketing communications)  

Each processing activity is supported by an appropriate legal basis. For example: 

  • Order processing → Contractual necessity  
  • Fraud prevention → Legitimate interests  
  • Marketing communications → Consent  

If you do not provide certain personal data required to process an order, we may not be able to complete the transaction or provide our services. 

Where we rely on legitimate interests, we ensure that such interests are not overridden by your fundamental rights and freedoms. 

  1. Sharing Your Data

We may share your personal data with trusted third parties where necessary: 

  • Courier and delivery partners (e.g. ACS Courier, BoxNow 
  • Payment service providers (secure payment processing and fraud checks 
  • IT and system providers (e.g. hosting providers, WooCommerce, SAP systems)  
  • Analytics and marketing providers (where applicable)  
  • Accountants, auditors, and legal advisors  

Some of these third parties may act as data processors on our behalf. 

We do not store or have access to full payment card details. 
All payment transactions are encrypted and processed by PCI-DSS compliant providers. 

All third parties are contractually required to process your data in accordance with GDPR. 
We ensure that all such third parties provide sufficient guarantees to implement appropriate technical and organisational measures. 

  1. International Data Transfers

We may transfer your personal data outside the European Economic Area (EEA), where necessary, for example when using cloud services, analytics tools, or payment providers. 

Where such transfers occur, we ensure appropriate safeguards are in place, including: 

  • EU Standard Contractual Clauses (SCCs)  
  • Transfers to countries with an adequacy decision by the European Commission  

  1. Data Retention

We retain personal data only for as long as necessary: 

  • Order and invoice data: up to 6–10 years (legal obligation)  
  • Customer accounts: until deletion request or prolonged inactivity  
  • Marketing data: until consent is withdrawn  
  • Support communications: as required for service and warranty records  

Data is securely deleted or anonymised when no longer required. 

  1. Data Security

We implement appropriate technical and organisational measures to protect your data, including: 

  • Secure payment processing systems  
  • Access control and authentication procedures  
  • Protection against unauthorised access, loss, or misuse  

We also ensure that personal data: 

  • Is limited to what is necessary (data minimisation 
  • Is accurate and kept up to date  

While we take all reasonable precautions, no system can guarantee absolute security. 

  1. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and where feasible within 72 hours, and, where required, inform affected individuals in accordance with GDPR. 

  1. Cookies and Tracking Technologies

We use cookies and similar technologies in accordance with GDPR and the ePrivacy Directive. 

Cookies are used to: 

  • Ensure proper website functionality  
  • Analyse traffic and user behaviour  
  • Provide personalised content and advertising  

Where required, we obtain your consent before placing non-essential cookies. 

You can manage or withdraw your consent at any time via our cookie banner or your browser settings. 

For full details, please refer to our Cookies Policy. 

  1. Third-Party Links

Our website may contain links to third-party websites. 
We are not responsible for their content or privacy practices. 

  1. Your Rights Under GDPR

You have the following rights: 

  • Right of access  
  • Right to rectification  
  • Right to erasure (“right to be forgotten” 
  • Right to restrict processing  
  • Right to data portability  
  • Right to object to processing  
  • Right to object to direct marketing at any time  
  • Right to withdraw consent at any time  

To exercise your rights, contact: info@extrememobiles.com.cy 

You also have the right to lodge a complaint with the supervisory authority: 

Office of the Commissioner for Personal Data Protection 
1 Iasonos Street, 1082 Nicosia, Cyprus 
Website: www.dataprotection.gov.cy 

  1. Children’s Data

Our services are not directed to individuals under the age of 18. 
We do not knowingly collect personal data from minors. 

  1. Business Transfers

In the event of a merger, sale, restructuring, or transfer of business assets, personal data may be transferred as part of the transaction, subject to appropriate safeguards. 

  1. Changes to This Policy

We may update this Privacy Policy from time to time. 
Changes will take effect immediately upon publication on this page. 

  1. Contact Us

If you have any questions about this Privacy Policy or how your data is handled: 

Extreme Mobiles Ltd 
Email: info@extrememobiles.com.cy 

Need a Help?

Subscribe us

Working Hours