Privacy Policy
Last Updated: February 2025
AutoFlow Systems is committed to protecting your privacy and personal data. This policy explains how we collect, use, store, and protect your information when you use our website and training services. We comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. Data Controller Information
Contact Information
Company: AutoFlow Systems
Address: 95 Archbishop Kyprianos, 3036 Limassol, Cyprus
Phone: +357 25 867423
Email: privacy@domain.com
Data Protection Officer: Available upon request
As the data controller, AutoFlow Systems determines the purposes and means of processing your personal data. We are responsible for ensuring that your data is processed lawfully, fairly, and transparently in accordance with applicable data protection regulations.
2. Data Collection and Usage
Personal Data We Collect
- Contact Information: Name, email address, phone number, postal address
- Professional Information: Job title, company name, industry, technical background
- Course Data: Enrollment records, progress tracking, assessment results, certifications
- Communication Data: Messages sent through contact forms, email correspondence, support requests
- Technical Data: IP address, browser type, device information, website usage patterns
- Financial Data: Payment information, billing address, transaction records (processed by secure third-party providers)
How We Collect Data
- Direct Collection: When you fill out forms, register for courses, or contact us
- Automatic Collection: Through cookies, analytics tools, and website interaction tracking
- Third-Party Sources: Partner organizations, referral programs, professional networks (with your consent)
- Course Activities: During training sessions, assessments, and certification processes
Purposes of Data Processing
- Service Delivery: Providing automation engineering courses, assessments, and certifications
- Communication: Responding to inquiries, sending course updates, and providing customer support
- Administration: Managing enrollments, tracking progress, and maintaining student records
- Marketing: Sending relevant course information and industry updates (with your consent)
- Website Improvement: Analyzing usage patterns to enhance user experience and functionality
- Legal Compliance: Meeting regulatory requirements and protecting our legal interests
3. Legal Basis for Processing
Consent
- • Marketing communications
- • Optional cookies and tracking
- • Newsletter subscriptions
- • Third-party integrations
Contract Performance
- • Course delivery and support
- • Assessment and certification
- • Payment processing
- • Student record maintenance
Legitimate Interest
- • Website analytics and improvement
- • Fraud prevention and security
- • Business development
- • Customer support optimization
Legal Obligation
- • Tax and accounting records
- • Regulatory compliance
- • Certification authority requirements
- • Data breach notifications
4. Data Sharing and Third Parties
We share your data with the following types of third parties:
Certification Bodies
Professional certification organizations that validate and issue industry credentials for completed courses.
Payment Processors
Secure payment service providers that handle financial transactions and billing information.
Technology Service Providers
Cloud hosting, email services, analytics platforms, and other technical infrastructure providers.
Legal and Professional Advisors
Lawyers, accountants, auditors, and other professional service providers when legally required or necessary for business operations.
Data Transfer Safeguards
When transferring data outside the European Economic Area, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for countries with equivalent data protection laws
- Binding Corporate Rules for multinational service providers
- Explicit consent for specific transfer purposes
5. Data Retention
| Data Type | Retention Period | Purpose |
|---|---|---|
| Contact Form Data | 3 years | Customer service and follow-up |
| Student Records | 7 years | Certification validation and academic records |
| Financial Records | 7 years | Tax compliance and accounting requirements |
| Marketing Data | Until consent withdrawn | Course promotion and industry updates |
| Website Analytics | 2 years | Website optimization and user experience |
| Security Logs | 1 year | Fraud prevention and system security |
Data is automatically deleted at the end of the retention period unless legal requirements mandate longer storage. You can request earlier deletion of your data subject to legal and contractual obligations.
6. Your Rights
Right to Access
Request a copy of your personal data we hold and information about how it's processed.
Right to Rectification
Correct inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data when it's no longer necessary or consent is withdrawn.
Right to Restrict Processing
Limit how we use your data while resolving disputes about accuracy or lawfulness.
Right to Data Portability
Receive your data in a structured format and transfer it to another service provider.
Right to Object
Object to processing based on legitimate interests, including direct marketing activities.
Right to Withdraw Consent
Withdraw consent for marketing communications and optional data processing activities.
Right to Lodge a Complaint
File a complaint with the Cyprus Data Protection Commissioner or your local supervisory authority.
How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided below. We will respond within one month of receiving your request.
Email: privacy@domain.com
Phone: +357 25 867423
Post: AutoFlow Systems, 95 Archbishop Kyprianos, 3036 Limassol, Cyprus
7. Data Security
Technical Safeguards
Encryption
All data transmitted and stored is encrypted using industry-standard protocols (TLS 1.3, AES-256).
Access Controls
Multi-factor authentication and role-based access controls limit data access to authorized personnel only.
Monitoring
Continuous monitoring systems detect and alert on potential security threats and unauthorized access attempts.
Backups
Regular encrypted backups ensure data recovery capability while maintaining security standards.
Organizational Measures
- Regular security training for all staff handling personal data
- Data protection impact assessments for new processing activities
- Incident response procedures for potential data breaches
- Regular security audits and penetration testing
- Confidentiality agreements for all employees and contractors
- Secure disposal procedures for obsolete data and equipment
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay. We will provide clear information about the nature of the breach, potential consequences, and measures taken to address the incident.
8. Updates to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify registered users via email about significant changes
- Post a notice on our website homepage for 30 days
- Request renewed consent where legally required
We encourage you to review this policy periodically to stay informed about how we protect your personal data. Continued use of our services after policy updates constitutes acceptance of the revised terms.
Contact Our Privacy Team
If you have questions about this privacy policy or our data practices, please contact our privacy team:
Privacy Officer: privacy@domain.com
Response Time: Within 72 hours for privacy inquiries
Office Hours: Monday-Friday, 8:00 AM - 6:00 PM EET