Privacy Policy
Data Protection and Privacy Statement
1. Who We Are and What This Document Covers
Willowserve Solutions Ltd operates www.willowserve.solutions (the “Website”). As a business based in Cyprus, we handle information about the people we work with, serve, and interact with through our digital channels.
This statement explains the approach we take when handling personal information about individuals. It covers all the ways we collect, store, use, and manage information connected to identified or identifiable people. Everyone who provides information to us whether as a client, prospect, employee, visitor, or business partner should read this document to understand their options and rights.
Our Legal Status: Willowserve Solutions Ltd is incorporated in Cyprus. We function as a data controller under the General Data Protection Regulation (GDPR) and the Cyprus Data Protection Law (Law 125(I)/2018).
Our Address:
Vasileos Pavlou Str 25A
Engomi
Nicosia 2412
Cyprus
Our Contact Point for Data Issues: info@willowserve.solutions
2. What Information Do We Gather and Why?
2.1 Information from People Seeking Our Services
When you reach out to us via a web form, email, phone, or in person we receive whatever details you share. This typically includes your name, job title, organization, email address, phone number, and the substance of your inquiry. If your interaction leads to a formal engagement, we also gather additional information needed to deliver the service: financial details, tax information, identification documents, family or corporate structure information, or any other material you provide as part of the working relationship.
Why we collect this: To understand your needs, respond to your inquiry, deliver the service you’ve engaged us for, and maintain records of what we’ve done for you.
Legal basis for processing: Our contractual obligation to you (if you’re a client), our legitimate business interest in responding to inquiries and following up on opportunities, and compliance with legal and regulatory requirements (such as anti-money laundering checks).
How long we keep it: While you’re a client, for the entire engagement and beyond typically 5 to 10 years after the engagement ends, depending on the nature of the service and what the law requires us to retain.
2.2 Information from Colleagues, Partners, and Referral Sources
We maintain records of people in our professional network colleagues at other firms, business development contacts, referral partners, and others we interact with in a professional capacity. We record their names, organization affiliations, roles, email addresses, phone numbers, and notes about our interactions, past conversations, or shared interests.
Why we collect this: To build and maintain our professional relationships, to stay informed about the market and potential opportunities, to reach out when we believe our services may be relevant to them, and to facilitate referrals and collaboration.
Legal basis for processing: Our legitimate business interest in developing professional relationships and growing our client base. We only reach out to people in this category if they’ve previously engaged with us or if there’s a reasonable business relationship to establish.
How long we keep it: Indefinitely, unless you ask us to remove you from our contact list or until we determine the relationship is no longer active. If you ask us not to contact you, we keep minimal information (enough to honor your request) and discard the rest.
2.3 Information from Website Visitors
When you visit www.willowserve.solutions, we collect certain information automatically. This includes your IP address, the pages you visit, the time you spend on each page, the browser type and device you’re using, and, if you arrived via a link from another site, the originating website. Some of this happens through cookies (see Section 5 for details). If you sign up for our newsletter, request a document, or fill out a contact form, we also collect the information you explicitly type in.
Why we collect this: To understand how people use our website, to fix problems or improve our content, to send you information you’ve requested, to measure the effectiveness of our digital marketing efforts, and to personalize your experience if you return.
Legal basis for processing: Our legitimate business interest in understanding our audience and optimizing our digital presence. For marketing communications, we process based on your explicit consent (when you opt in to a newsletter) or your prior interaction with us.
How long we keep it: Website analytics data is typically retained for up to 2 years. Subscriber lists and contact form submissions are kept until you unsubscribe or ask to be removed, or until they’re no longer relevant to our business relationship.
2.4 Information Related to Employment and Recruitment
When you apply for a job with us, we collect your CV, contact details, educational background, work experience, references, and any information you provide in application materials or assessments. If you’re hired, we gather additional information needed for employment administration: identification documents, tax information, bank details, and employment contract details.
Why we collect this: To evaluate your qualifications for the role, to conduct background checks where appropriate, to administer your employment (payroll, benefits, compliance), and to maintain personnel records.
Legal basis for processing: Our legitimate business interest in identifying suitable candidates and managing our workforce. For some background checks, we rely on legal obligations. For successful candidates, processing is necessary for the employment contract and legal compliance.
How long we keep it: Unsuccessful applicants’ information is retained for a reasonable period (typically 6 to 12 months) in case similar roles open up. Employee records are retained for the duration of employment plus the legally required period afterward (typically 5+ years).
2.5 Information from Suppliers and Service Partners
We collect and maintain information about suppliers, contractors, consultants, and other business partners. This includes business contact details, company information, individuals’ names and titles, correspondence, invoices, and records of the services they’ve provided.
Why we collect this: To manage commercial relationships, to process invoices and payments, to conduct due diligence checks (including anti-money laundering and sanctions checks), and to maintain records of services delivered to our clients.
Legal basis for processing: Our legitimate business interest in managing supplier relationships and legal/regulatory compliance (particularly around financial due diligence and fraud prevention).
How long we keep it: For the duration of the business relationship plus 7 years afterward (for financial and tax record purposes).
2.6 Information About Event Attendees
If you register for or attend a webinar, conference, training session, or other event we organize or co-organize, we collect your registration details and may take notes or photographs during the event.
Why we collect this: To manage attendance and logistics, to send event materials and follow-ups, to measure event success, and to use content (like photos) for marketing purposes (with consent where required).
Legal basis for processing: Performance of the registration agreement and our legitimate business interest in marketing our events and services. For photography and video use, we rely on consent.
How long we keep it: Event attendee records are kept for marketing and relationship-building purposes (typically 2–3 years). Photos or recordings are kept for as long as they’re useful for our marketing and business development.
3. Who We Share Your Information With
3.1 General Principle
We don’t sell or rent your information to third parties. We share information only when necessary to deliver our services, when you’ve asked us to, when the law requires it, or when we have a legitimate business reason.
3.2 Categories of Recipients
Our Team and Advisors: Anyone within Willowserve Solutions Ltd who needs the information to do their job (deliver your service, process your inquiry, etc.). We also share information with our accountants, auditors, and legal advisors when required.
Service Providers: We use external providers for specific functions (website hosting, email delivery, cloud storage, payment processing, event management). These providers are bound by confidentiality agreements and can only use your information as instructed.
Legal and Regulatory Bodies: We share information when required by law, court order, or regulatory authority (such as tax authorities, anti-money laundering regulators, or law enforcement).
Professional Referral Partners: If you’ve agreed to be introduced to another professional (accountant, lawyer, etc.) or if we believe a referral partner can better serve your needs, we may share relevant information with that partner. We only do this with your permission or when it’s clearly in your interest.
Prospective Business Buyers: If Willowserve Solutions Ltd is sold or merges with another entity, your information may be transferred as part of that transaction. We’ll notify you if this happens in a way that materially affects how your data is handled.
3.3 International Transfers
Because we serve clients across multiple countries, information may be transferred outside Cyprus and the European Economic Area. When we do this to countries without an equivalent level of data protection, we use Standard Contractual Clauses or other legally approved mechanisms. You can ask us for details about any specific transfer.
4. Your Rights and Choices
The GDPR and Cyprus law give you specific rights over your information. Here’s what you can do:
4.1 Right to Know What We Hold
You can ask us what information we hold about you, what we use it for, and who we’ve shared it with. We’ll provide this within 30 days, free of charge (unless your request is excessive or repetitive, in which case we may charge a modest fee).
4.2 Right to Correct or Complete
If information we have about you is inaccurate, incomplete, or outdated, you can ask us to update it. We’ll make changes promptly.
4.3 Right to Have Information Deleted
In certain situations, you can ask us to delete information about you. This typically applies if:
- The information is no longer needed for why we collected it
- You withdraw consent (if that was our legal basis)
- You object to processing (for example, to marketing emails)
- The information was collected unlawfully
- We’re legally required to delete it
We may be unable to delete information if we’re legally required to keep it (for example, tax records) or if deleting it would prevent us from fulfilling a contract with you.
4.4 Right to Restrict or Object
You can ask us to limit how we use your information or to stop processing it altogether in some cases. For example, if we’re processing based on a legitimate business interest and you believe our interest doesn’t outweigh your rights, you can object.
4.5 Right to Receive Your Information
You can request your information in a structured, commonly used format (such as a spreadsheet) and, in some cases, ask us to transfer it directly to another organization.
4.6 Right to Withdraw Consent
If we’ve asked for your permission to process information (such as for marketing emails), you can withdraw that permission at any time. This doesn’t affect processing that happened before you withdrew consent.
4.7 How to Exercise Your Rights
To exercise any of these rights, contact us at info@willowserve.solutions.
Tell us clearly what you’re requesting. We’ll respond within 30 days. If your request is complex, we may ask for a bit longer, but we’ll let you know.
If you’re not satisfied with our response, you can lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus (https://www.dataprotection.gov.cy).
5. How We Protect Your Information
We take information security seriously. We use:
- Encryption: Data moving between your device and our systems is encrypted. Sensitive data stored in our systems is encrypted as well.
- Access Controls: Only people who need information to do their jobs can access it.
- Secure Infrastructure: We use secure hosting providers and regularly review our systems for vulnerabilities.
- Staff Training: Our team is trained in data protection and confidentiality.
- Incident Response: If a security problem occurs, we have procedures to contain it, investigate it, and notify affected people as required by law.
However, no system is 100% secure. If you believe your information has been compromised, contact us immediately at info@willowserve.solutions.
6. Information About Children
Our services and website are intended for adults. We don’t knowingly collect information about children under 14 years old. If we become aware that we’ve collected information about a child under 14, we’ll delete it promptly. If you believe we’ve collected information about a child, please let us know immediately.
7. How Long We Keep Information
Our retention approach depends on the type of information and why we collected it:
|
Category |
Retention Period |
Reason |
|
Active Client Files |
During engagement + 7–10 years |
Legal, tax, and regulatory requirements; ability to defend disputes |
|
Prospect/Business Contact |
3–5 years or until relationship ends |
Legitimate business interest; market knowledge |
|
Newsletter Subscribers |
Until unsubscribe |
Marketing consent |
|
Website Analytics |
24 months |
Website improvement and performance measurement |
|
Job Applicants (Unsuccessful) |
12 months |
Potential future opportunities; compliance |
|
Job Applicants (Successful) |
Duration of employment + 5+ years |
Personnel and employment law requirements |
|
Supplier Records |
Duration of relationship + 7 years |
Financial and tax compliance |
|
Event Attendees |
2–3 years |
Relationship building; event follow-up |
In all cases, we delete information earlier if you ask us to (subject to legal requirements) or if we determine it’s no longer needed.
8. Automated Decision-Making
We don’t make significant decisions about you using automated means (like algorithms or AI) without human review. If we did, you’d have the right to request manual review of the decision.
9. Third-Party Links
Our website may contain links to other websites. This privacy statement applies only to www.willowserve.solutions. We’re not responsible for how other websites handle your information. We recommend reviewing their privacy statements before providing information to them.
10. Changes to This Statement
We may update this statement from time to time to reflect changes in our practices, new technology, or changes in the law. We’ll post the updated version on our website with a new “Last Updated” date. If changes are significant and affect your rights, we’ll try to give you advance notice.
11. Questions or Concerns?
If you have questions about how we handle information, if you’d like to exercise any of your rights, or if you have concerns about our practices, please get in touch:
Willowserve Solutions Ltd
Vasileos Pavlou Str 25A
Engomi
Nicosia 2412
Cyprus
Email:
info@willowserve.solutions
Supervisory Authority (if you’d like to file a formal complaint):
Office of the Commissioner for Personal Data Protection
Republic of Cyprus
https://www.dataprotection.gov.cy
