Privacy Policy

This Privacy Policy explains how TITANIUM STANDARD LTD, a company registered in the Republic of Cyprus under registration number HE305146, with registered office at 4 Spiridonos Lamprou, Vashiotis Sterea Court No. 5, Flat/Office 001 3106, Limassol, Cyprus (“Company”, “we”, “us”, “our”), collects, uses, stores, shares and protects personal data when you visit https://titanstd.com.cy, contact us, create an account, place an order, use our services, or otherwise interact with us.

We process personal data in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), and the Protection of Natural Persons Against the Processing of Personal Data and the Free Movement of such Data Law of the Republic of Cyprus, Law 125(I)/2018, as amended.

1. Who is responsible for your personal data

For the purposes of the GDPR, the data controller is:

Company name: TITANIUM STANDARD LTD
Registration number: HE305146
Registered office: 4 Spiridonos Lamprou, Vashiotis Sterea Court No. 5, Flat/Office 001 3106, Limassol, Cyprus
Telephone: +357 95 123 229

2. What personal data we collect

Depending on how you use our website and services, we may collect the following categories of personal data:

2.1 Identity and contact data

This may include your name, surname, company name, job title, email address, telephone number, billing address, shipping address and country of residence.

2.2 Order and transaction data

This may include details of products or services you purchased, order number, invoice details, payment status, delivery details, returns, refunds, customer support records and related correspondence.

2.3 Payment data

We do not usually store full payment card details ourselves. Payments are processed by third-party payment providers. We may receive limited payment information, such as payment confirmation, transaction ID, payment status and billing details.

2.4 Technical and usage data

This may include your IP address, browser type, device type, operating system, referral source, pages viewed, time spent on the website, approximate location, cookie identifiers and similar technical information.

2.5 Communication data

This includes information you provide when you contact us by email, contact form, live chat, telephone, social media or any other communication channel.

2.6 Marketing data

This may include your newsletter subscription status, marketing preferences, consent records, campaign engagement, email opens and clicks.

2.7 Business customer data

If you act on behalf of a company, we may process your business contact details, position, company details, VAT number and business correspondence.

We do not intentionally collect special categories of personal data, such as health data, biometric data, political opinions, religious beliefs or trade union membership, unless this is strictly necessary and lawful for a specific purpose.

3. How we collect personal data

We may collect personal data directly from you when you:

  • visit our website;
  • create an account;
  • place an order;
  • subscribe to our newsletter;
  • complete a contact form;
  • communicate with us;
  • request support;
  • participate in a promotion, survey or campaign.

We may also receive limited personal data from third parties, such as payment processors, delivery companies, analytics providers, advertising platforms, fraud prevention providers, accountants, tax advisers or business partners.

4. Why we process your personal data and legal bases

We only process personal data where we have a lawful basis under GDPR.

Purpose of processingCategories of dataLegal basis
To process and fulfil your orderIdentity, contact, order, payment and delivery dataPerformance of a contract
To provide customer supportContact, order and communication dataPerformance of a contract / legitimate interests
To issue invoices and keep accounting recordsIdentity, contact, order and invoice dataLegal obligation
To manage returns, refunds and complaintsOrder, payment and communication dataPerformance of a contract / legal obligation / legitimate interests
To operate and secure the websiteTechnical and usage dataLegitimate interests
To prevent fraud and misuseTechnical, transaction and account dataLegitimate interests / legal obligation
To send newsletters and marketing communicationsContact and marketing dataConsent / legitimate interests where permitted
To analyze website performanceTechnical and usage dataConsent, where required, or legitimate interests for essential analytics
To comply with legal, tax and regulatory dutiesRelevant customer, transaction and accounting dataLegal obligation
To establish, exercise or defend legal claimsRelevant records and correspondenceLegitimate interests / legal obligation

Our legitimate interests include operating our business, improving our website and services, protecting our systems, preventing fraud, responding to customer requests, keeping business records and enforcing our legal rights.

5. Cookies and similar technologies

Our website may use cookies and similar technologies.

Some cookies are strictly necessary for the website to function, for example to enable security, shopping cart functionality, checkout, account login and basic website operation.

Other cookies, such as analytics, advertising, remarketing or social media cookies, will be used only where legally permitted and, where required, after you have given consent through our cookie banner or cookie settings.

We may use services such as:

  • Google Analytics;
  • Google Tag Manager;
  • Meta Pixel;
  • TikTok Pixel;
  • YouTube embeds;
  • live chat tools;
  • email marketing tools;
  • advertising and remarketing platforms.

6. Marketing communications

We may send you marketing communications if you have subscribed to our newsletter, requested information from us, purchased similar products or services from us, or otherwise provided valid consent where required by law.

You can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us at office_TSL@titanstd.com.cy.

If you unsubscribe from marketing communications, we may still send you non-marketing messages, such as order confirmations, invoices, delivery updates, service messages or legal notices.

7. Who we share personal data with

We may share personal data with the following categories of recipients where necessary:

  • payment processors;
  • banks and financial service providers;
  • delivery and courier companies;
  • IT, hosting and cloud service providers;
  • website platform providers;
  • email and newsletter providers;
  • analytics and advertising providers;
  • customer support and CRM providers;
  • accountants, auditors, tax advisers and legal advisers;
  • fraud prevention and security providers;
  • public authorities, courts, regulators or law enforcement bodies where required by law;
  • business partners, only where necessary for providing the relevant service.

We require service providers acting as processors to process personal data only according to our instructions and to apply appropriate security and confidentiality measures.

8. International transfers

Where possible, we store and process personal data within the European Economic Area (“EEA”).

However, some of our service providers may process personal data outside the EEA, for example in the United States, the United Kingdom or other countries.

Where personal data is transferred outside the EEA, we will ensure that appropriate safeguards are in place, such as:

  • an adequacy decision by the European Commission;
  • Standard Contractual Clauses approved by the European Commission;
  • additional technical and organizational safeguards where required;
  • another lawful transfer mechanism under the GDPR.

9. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to fulfil contractual, legal, accounting, tax, reporting and compliance obligations.

In general:

Type of dataTypical retention period
Account dataFor as long as your account remains active, then deleted or anonymized within a reasonable period
Order, invoice and transaction recordsUsually up to 6 years or longer if required by applicable tax, VAT, accounting or legal obligations
Customer support correspondenceUsually up to 3 years after the issue is resolved, unless longer retention is needed
Marketing consent recordsUntil consent is withdrawn and for a reasonable period thereafter to evidence compliance
Technical logsUsually between 30 days and 24 months, depending on security and operational needs
Legal claims recordsFor the period necessary to establish, exercise or defend legal claims

For Cyprus VAT purposes, taxable persons are generally required to retain books and records for at least six years.

10. How we protect your personal data

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

These measures may include:

  • access controls;
  • password protection;
  • encryption where appropriate;
  • secure hosting;
  • data minimization;
  • internal confidentiality obligations;
  • staff access restrictions;
  • regular review of service providers;
  • backup and recovery procedures;
  • security monitoring.

No website or online transmission is completely secure. However, we take reasonable steps to protect your personal data.

11. Your rights under GDPR

Subject to the conditions and limitations under the GDPR, you have the following rights:

  • Right of access — to ask whether we process your personal data and to receive a copy of it.
  • Right to rectification — to correct inaccurate or incomplete personal data.
  • Right to erasure — to request deletion of your personal data where there is no lawful reason for us to keep it.
  • Right to restriction of processing — to ask us to limit how we process your data.
  • Right to data portability — to receive certain personal data in a structured, commonly used and machine-readable format.
  • Right to object — to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

GDPR Articles 15–21 cover core data subject rights, including access, rectification, erasure, restriction, portability and objection.

12. How to exercise your rights

You can exercise your rights by contacting us at:

Email: office_TSL@titanstd.com.cy
Postal address: 4 Spiridonos Lamprou, Vashiotis Sterea Court No. 5, Flat/Office 001 3106, Limassol, Cyprus

We may need to verify your identity before responding to your request.

We will respond to your request without undue delay and, in any event, within one month of receiving it. This period may be extended by up to two further months where necessary, depending on the complexity and number of requests. Article 12 GDPR sets this one-month response period and allows an extension in complex cases.

13. Right to complain

If you believe that your personal data has been processed unlawfully or that we have not handled your request properly, you have the right to lodge a complaint with the supervisory authority in Cyprus:

Office of the Commissioner for Personal Data Protection Republic of Cyprus

You may also have the right to lodge a complaint with the data protection authority in the EU Member State where you live, work or where the alleged infringement took place.

14. Children’s privacy

Our website and services are not intended for children under the age of 14. We do not knowingly collect personal data from children under 14 without appropriate parental or guardian consent.

If you believe that a child has provided us with personal data without appropriate consent, please contact us at office_TSL@titanstd.com.cy, and we will take appropriate steps.

Cyprus sets the age for a child’s own consent for information society services at 14 where processing is based on consent.

15. Third-party websites

Our website may contain links to third-party websites, plugins or services. We are not responsible for the privacy practices, content or security of third-party websites. You should read their privacy policies before providing personal data to them.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on this page with a new “Last updated” date.

If changes are material, we may notify you by email or by a prominent notice on our website, where appropriate.

17. Contact us

For questions about this Privacy Policy or how we process personal data, please contact us:

TITANIUM STANDARD LTD
Registration number: HE305146
Registered office: 4 Spiridonos Lamprou, Vashiotis Sterea Court No. 5, Flat/Office 001 3106, Limassol, Cyprus
Email: office_TSL@titanstd.com.cy
Telephone: +357 95 123 229