Privacy Policy
How we collect, use, and protect personal data submitted through this website, in accordance with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).
1. Who we are
This website is operated by LEOSAIC, a consulting firm based in Nicosia, Cyprus. For the purposes of GDPR, LEOSAIC is the data controller for personal data collected through this site.
For any questions about this policy or your personal data, contact: fergeson@leosaic.com.
2. What data we collect
We only collect personal data that you actively provide through the contact form. This includes:
- Your full name
- Your email address
- Your organisation (optional)
- The topic of your enquiry (optional)
- The content of the message you send
We do not use cookies for tracking or analytics. We do not run advertising trackers. We do not collect data passively beyond standard web-server logs (IP address, browser type, page requested, timestamp) which our hosting provider, Netlify, retains for operational and security purposes.
3. Lawful basis for processing
We process your personal data under the following lawful bases (Article 6 GDPR):
- Consent (Art. 6(1)(a)) — you tick the consent box on the contact form to authorise us to process your enquiry.
- Legitimate interest (Art. 6(1)(f)) — once you have made contact, we may retain your enquiry to provide a coherent advisory relationship and respond to follow-up questions.
4. How we use your data
We use the personal data you provide solely to:
- Respond to the enquiry you submitted
- Continue the conversation if you engage us for advisory work
- Comply with applicable legal and regulatory obligations
We do not sell your data, share it with marketing partners, or use it for automated decision-making or profiling.
5. Who has access to your data
Personal data submitted through this site is accessed only by LEOSAIC personnel involved in responding to your enquiry. We use the following processors who may handle your data on our behalf:
- Netlify, Inc. — hosting and form-submission infrastructure (servers in the EU and US; covered by EU Standard Contractual Clauses).
- Google LLC (Google Fonts) — typography is loaded from Google's CDN. When you load a page, your IP address is transmitted to Google to deliver the font files. We do not pass any submitted form data to Google.
6. International transfers
Some of our processors (Netlify, Google) are based outside the European Economic Area. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses to ensure an adequate level of protection.
7. How long we keep your data
We retain enquiry data for as long as necessary to respond to you and, if applicable, to deliver advisory services. Where no engagement results, we delete enquiry records within 24 months of the last contact, unless a legal obligation requires longer retention.
8. Your rights under GDPR
You have the following rights regarding personal data we hold about you:
- Right of access (Art. 15) — request a copy of the data we hold about you
- Right to rectification (Art. 16) — correct inaccurate or incomplete data
- Right to erasure (Art. 17) — request deletion of your data
- Right to restrict processing (Art. 18)
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, email fergeson@leosaic.com. We will respond within one month of receipt.
9. Right to lodge a complaint
If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the supervisory authority in Cyprus:
Office of the Commissioner for Personal Data Protection
1, Iasonos Street, 1082 Nicosia, Cyprus
www.dataprotection.gov.cy · commissioner@dataprotection.gov.cy
You may also complain to the supervisory authority in your EU country of residence.
10. Security
Personal data submitted through this site is transmitted over HTTPS. We take reasonable technical and organisational measures to protect data against unauthorised access, loss, or alteration. However, no method of transmission over the internet is fully secure.
11. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision. Material changes will be flagged on the homepage where appropriate.