MENU
ZY IMMO Capital

Data Processing Policy


Data Processing Policy

Effective Date: October 2025

1 / Who We Are

ZY IMMO Capital Ltd (“we”, “us”, “our”) is a Cyprus-registered SaaS PropTech platform operating across Cyprus and the European Union. We act as an independent data controller for the personal data we collect and determine how and why it is processed (GDPR Art. 4(7)).

Supervisory Authority: Office of the Commissioner for the Protection of Personal Data (Cyprus).

2 / Scope & Legal Framework

This Policy explains how we handle data belonging to investors, partners, developers, suppliers and visitors of our websites, Telegram platform and related integrations. We comply with the General Data Protection Regulation (EU 2016/679) and Cyprus Law 125(I)/2018.

3 / Categories of Data Processed

  • Identity & Contact: name, company, role, license or registration numbers.
  • KYC / Compliance: ID verification, proof of funds or address (where required by law).
  • Contract & Legal Records: NDAs, referral agreements, membership and payment metadata (no card data stored).
  • Platform Activity: bot interactions, requests, preferences and audit logs.
  • Marketing & Communication: consents, unsubscribes, campaign analytics.
  • Technical: IP, device, timestamps and cookies (see Cookie Policy).

4 / Purpose & Legal Basis (GDPR Art. 6)

  • Account creation & service delivery: performance of contract (Art. 6 (1)(b)).
  • Payments & invoicing: contract and legal obligations (tax/accounting).
  • KYC / AML checks: legal obligation under AML law (Art. 6 (1)(c)).
  • Security & fraud prevention: legitimate interests (Art. 6 (1)(f)).
  • Marketing & communication: consent (Art. 6 (1)(a)) or legitimate interest (Art. 6 (1)(f)), with right to object (Art. 21).
  • Regulatory inquiries & dispute management: legal obligations and legitimate interests.

Consent may be withdrawn at any time without affecting earlier lawful processing (GDPR Art. 7).

5 / Direct Marketing Rules (Cyprus & EU)

Electronic communications are used only with valid consent and always include an opt-out. We comply with GDPR Arts. 6, 7 and 21 and Law 112(I)/2004.

6 / Data Processors (GDPR Art. 28)

We use audited and contract-bound processors for cloud storage, communication, e-signature and payments, including:

  • Cloud & Media Hosting (document storage, KYC uploads, teasers).
  • CRM & Email Infrastructure (transactional and notification services).
  • E-signature & Legal workflow (NDA and collaboration agreements).
  • Payments via PCI-compliant providers (JCC and others).
  • Analytics & Security (logging, intrusion detection).

All processors operate under GDPR-compliant Data Processing Agreements ensuring confidentiality and technical safeguards.

7 / International Transfers (GDPR Ch. V)

Any cross-border transfer uses approved mechanisms such as EU adequacy decisions or Standard Contractual Clauses (SCCs). Where required, we conduct transfer impact assessments and apply additional safeguards.

8 / Retention

  • Contract & account records: for the life of the relationship + 6 years (legal periods).
  • KYC / AML: minimum five (5) years after termination or longer if required.
  • Marketing data: until withdrawal of consent + short suppression window.
  • Technical logs: for security and audit within proportionate time frames.

After expiry, data are securely deleted or anonymised unless law requires retention.

9 / Security (GDPR Art. 32)

We maintain strong technical and organisational measures – encrypted transfer and storage, access control, vendor due diligence, backups and confidentiality commitments for staff and partners.

10 / Breach Notification (GDPR Arts. 33-34)

In the unlikely event of a personal data breach, we will notify the Cyprus Commissioner within 72 hours and affected individuals without undue delay where required.

11 / Your Rights (GDPR Arts. 12-23)

  • Access to data (Art. 15)
  • Rectification (Art. 16)
  • Erasure – “Right to be forgotten” (Art. 17)
  • Restriction (Art. 18)
  • Portability (Art. 20)
  • Objection to processing (Art. 21)
  • No automated decisions with legal effect (Art. 22)

To exercise rights, contact us through the official Telegram platform of ZY IMMO Capital Ltd. Users may also lodge a complaint with the Cyprus supervisory authority.

12 / Children

Our platform is intended for professional use only and is not directed to minors. We do not knowingly collect data from children under the age set by law.

13 / Cookies & Tracking

Cookies are used for essential functionality and analytics with user consent. See our Cookie Policy for details and controls.

14 / Updates to this Policy

We may update this Policy as regulations or technology evolve. The current version and effective date are always published on this page.

© 2025 ZY IMMO Capital Ltd · Reg. No. HE 475591 · Limassol, Cyprus

News
Off-Market Intelligence 2026
Off-Market Intelligence 2026 10 22 2025, 08:18

Off-Market Intelligence: Why Discreet Deals Define Real Estate Investing in 2026As cross-border investors seek security, discretion, and verified returns, “off-market”...

Why Cyprus Will Be a Smart Investment Destination in 2026
Why Cyprus Will Be a Smart Investment Destination in 202610 22 2025, 04:46

Home / Insights / Cyprus 2026

Cyprus real estate market analysis 2015 - 2024
Cyprus real estate market analysis 2015 - 202402 15 2025, 11:07

Analyzing the Cypriot real estate market from 2015 to 2024 reveals notable trends in property prices and rental yields. Here's...

Opening a Company in Cyprus for German Entrepreneurs.
Opening a Company in Cyprus for German Entrepreneurs.01 26 2025, 14:32

Why Choose Cyprus?Cyprus is an ideal destination for German entrepreneurs thanks to its favorable tax regime, EU membership, and strategic...