Privacy Policy

Last updated: 4 June 2026

1. Who We Are

Bolton Technologies Ltd (hereinafter “BTS”, “we”, “us” or “our”) is a company registered in Cyprus, with registered office at 195 Makarios III Avenue, Limassol, Cyprus. We operate the website bts.com.cy and provide datacenter, hosting, IT services, cybersecurity, and software development solutions.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Cyprus Processing of Personal Data (Protection of the Individual) Law of 2001 (as amended), BTS is the data controller.

2. Data Protection Officer

If you have any questions about this Privacy Policy or our data practices, you may contact our Data Protection Officer at:

  • Email: [email protected]
  • Post: Data Protection Officer, Bolton Technologies Ltd, 195 Makarios III Avenue, Limassol, Cyprus

3. Personal Data We Collect

We collect personal data in the following ways:

3.1 Contact Form

When you submit our contact form, we collect:

  • Full name
  • Email address
  • Service interest (optional)
  • Message content

3.2 Automatically Collected Data

When you visit our website, our server may automatically log:

  • IP address
  • Browser type and version
  • Pages visited and time of access
  • Referring URL

This data is collected via standard web server logs and is used solely for security monitoring and performance optimisation. We do not use third-party analytics or tracking services on this website.

3.3 Cookies

We use strictly necessary cookies for website functionality. For full details, see our Cookie Policy.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 GDPR:

  • Consent (Art. 6(1)(a)): When you voluntarily submit the contact form, you consent to the processing of your data for the purpose of responding to your enquiry.
  • Legitimate Interest (Art. 6(1)(f)): We process server log data to maintain the security and integrity of our website and infrastructure.
  • Contractual Necessity (Art. 6(1)(b)): When processing is necessary to provide our services to you under an existing agreement.
  • Legal Obligation (Art. 6(1)(c)): Where we are required by law to process or retain certain data.

5. How We Use Your Data

We use personal data exclusively for:

  • Responding to your enquiries and requests
  • Providing, maintaining, and improving our services
  • Ensuring the security of our website and infrastructure
  • Complying with legal obligations

We do not sell, rent, or trade your personal data to third parties. We do not use your data for automated decision-making or profiling.

6. Data Sharing & Third Parties

We may share your personal data with:

  • Email service provider: Contact form submissions are sent via Microsoft 365 (Microsoft Corporation). Microsoft acts as a data processor under our instructions and is bound by a Data Processing Agreement (DPA) and Standard Contractual Clauses (SCCs).
  • Infrastructure providers: Our website is served through Cloudflare Inc., which may process certain connection data (IP addresses) as part of its CDN and security services. Cloudflare acts as a data processor under its DPA.

We will never share your data with third parties for marketing purposes.

7. International Data Transfers

Your data is stored and processed within the European Union. Our primary infrastructure is located in our datacenter in Limassol, Cyprus (EU member state).

Where data is transferred to processors outside the EEA (e.g., Microsoft, Cloudflare), such transfers are safeguarded by:

  • EU-U.S. Data Privacy Framework adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable

8. Data Retention

We retain personal data only for as long as necessary:

  • Contact form submissions: Retained for up to 12 months after the last communication, unless a business relationship is established.
  • Server logs: Automatically deleted after 90 days.
  • Contractual data: Retained for the duration of the contract and up to 6 years thereafter as required by Cyprus tax and commercial law.

9. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data.
  • Right to Rectification (Art. 16): Request correction of inaccurate data.
  • Right to Erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”).
  • Right to Restrict Processing (Art. 18): Request limitation of processing.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • TLS/SSL encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • ISO 27001 certified information security processes
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • 24/7 Network Operations Center (NOC) monitoring

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

12. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the:

Office of the Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia, Cyprus
Tel: +357 22 818 456
Website: dataprotection.gov.cy

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.