Data Protection & GDPR Compliance Statement

Neuranet Solutions Ltd (the Company, we, us, our) is committed to ensuring that personal data is processed in compliance with:

• Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR)
• The Cyprus Data Protection Law 125(I)/2018
• Guidelines issued by the Commissioner for Personal Data Protection (Cyprus)

This document outlines how data is handled in relation to this website.

The website is designed to minimize data processing and does not actively collect personal data.

Specifically:

• no user accounts are created
• no forms collect personal data
• no direct identifiers such as name, email, or phone are requested
• no automated decision-making or profiling occurs

Any limited data processing that may occur is carried out in accordance with Article 6 GDPR.

This includes Article 6(1)(f), legitimate interest, strictly limited to:

• ensuring website security
• monitoring performance
• generating anonymized statistics

Processing is conducted in a manner that does not override the rights and freedoms of users.

The Company applies the principles of:

• data minimization under Article 5(1)(c) GDPR
• privacy by design and by default under Article 25 GDPR

This means:

• only strictly necessary technical data is processed
• anonymization techniques are applied where possible
• no unnecessary tracking technologies are used

The website may use privacy-focused analytics tools configured to:

• avoid collecting identifiable data
• anonymize IP addresses
• process data in aggregated form
• avoid cross-site tracking

No profiling or behavioral tracking is performed. Where analytics tools cannot guarantee full anonymization, user consent mechanisms are implemented.

• No personal data is stored.
• Any technical or anonymized data is retained only for the time necessary for statistical purposes.
• Logs are periodically deleted or anonymized.

The Company does not:

• sell personal data
• share personal data with third parties
• use data for marketing purposes

If analytics providers are used, only non-identifiable data is processed.

No transfers of personal data outside the European Economic Area (EEA) are performed.

If future services require such transfers, they will comply with:

• EU Standard Contractual Clauses (SCCs)
• GDPR Chapter V requirements

Appropriate technical and organizational measures are implemented in accordance with Article 32 GDPR, including:

• secure hosting infrastructure
• access control mechanisms
• data minimization practices
• regular system updates

Under GDPR, individuals have the right to:

• access their personal data (Art. 15)
• rectification (Art. 16)
• erasure (Art. 17)
• restriction of processing (Art. 18)
• data portability (Art. 20)
• object to processing (Art. 21)

However, as no personal data is processed in a substantive way, these rights are not generally applicable in practice.

Users have the right to lodge a complaint with the competent authority:

This GDPR Statement may be updated to reflect:

• regulatory changes
• technical updates
• service modifications

Users are encouraged to review this page periodically.

For any data protection inquiries, please contact: