Privacy Policy

Shiny Shield Global Services Limited, a company registered in the Republic of Cyprus, with registered office at Dali Industrial Zone, 2546, Nicosia, Cyprus, Europe, Company Registration Number HE 459565, (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, store, and protect personal data when you access or use our website(s), applications, platform, or services (collectively, the “Services”).

By using or accessing the Services, you agree to the collection and use of personal data in accordance with this Privacy Policy and applicable laws (including the EU General Data Protection Regulation — “GDPR”).

This Privacy Policy should be read in conjunction with our Terms of Service (or General Conditions) and the Data Processing Agreement (DPA), which are incorporated by reference.

1. Definitions & Scope

“Personal Data” means any information relating to an identified or identifiable natural person (data subject), including but not limited to names, identification numbers, email address, IP address, usage data, or other identifiers.

“Processing” means any operation or set of operations performed on personal data (e.g. collection, recording, storage, adaptation, disclosure, erasure).

“Data Controller” means the entity that determines the purposes and means of processing personal data. “Data Processor” means the entity which processes data on behalf of the Controller.

In this context, for the personal data we collect from users of the Services, we are generally the Data Controller, except where otherwise agreed (for example via the DPA) and in relation to data processed on behalf of you (the customer) in which you may act as Data Controller and we as Data Processor.

This Privacy Policy applies to:

  • Users of our website(s) and platform

  • Customers (i.e. entities subscribing to our Services)

  • End Users (where applicable, in relation to data collected via your use of our platform)

  • Visitors, prospects, and individuals who interact with us or our Services

It does not (unless stated otherwise) apply to third-party websites linked from our Services or third parties’ own data practices (you should check their privacy policies).

2. What Personal Data We Collect

We may collect the following categories of data:

2.1 Data you provide directly

  • Account / registration data: name, company name, email address, username, password, contact details

  • Billing / payment data: billing address, VAT number, payment method, transaction histories

  • Content / usage data: documents, data, messages, files, or materials you upload or submit to train, configure, or operate your instances / chatbots / automations

  • Support / communication data: your communications (email, chat, support tickets) with us, feedback, surveys, correspondence

  • Verification / identity data: in some cases, identification documents or business registration documents (to comply with KYC / anti-fraud, if needed)

2.2 Data collected automatically / passively

  • Usage / analytics data: how you and your users use the Services (pages visited, features used, timestamps, clicks, logs)

  • Technical / device data: IP address, browser type and version, operating system, device identifiers, screen resolution, language preference, locale, cookie identifiers

  • Cookies & tracking technologies: we use cookies, web beacons, pixels, and similar technologies to collect data (see section on Cookies below)

  • Log data: server logs, error logs, diagnostic data

2.3 Data from third parties

We may receive personal data about you from third parties, such as:

  • Third‐party service providers (e.g. identity verification, payment processors, analytics)

  • Publicly available sources (e.g. business registries, corporate databases)

  • Affiliates or partners (if coordinated)

We combine such data with other data we hold to improve our Services or for other legitimate purposes, subject to legal constraints.

3. Purposes & Legal Basis for Processing

  1. Software and Services Delivery

    • Purpose: to allow the conclusion and execution of the Contract with the Customer, and to fulfill the related legal obligations.

    • Legal basis:

      • Performance of the Contract and/or pre-contractual measures (art. 6(1)(b) GDPR).

      • Compliance with legal obligations (art. 6(1)(c) GDPR).

    • Consequence of failure to provide data : the impossibility of concluding the Contract and using the ShinyBots Software and Services.

  2. Answers to Customer Requests

    • Purpose: to manage and respond to requests for information and/or assistance that the Customer sends to the Data Controller’s contact details or via the Software’s functions.

    • Legal basis: performance of the Contract and/or pre-contractual measures (art. 6(1)(b) GDPR).

    • Mandatory : processing is necessary to respond to customer requests.

  3. Extraordinary operations

    • Purpose: to evaluate and/or participate in extraordinary transactions (merger, acquisition, sale, spin-off).

    • Legal basis: legitimate interest of the Data Controller (art. 6(1)(f) GDPR).

  4. Right of defense

    • Purpose: to guarantee the Company’s right of defense in court or arbitration, in relation to any disputes arising from the Contract or from commercial relations with the Customer.

    • Legal basis: legitimate interest of the Data Controller (art. 6(1)(f) GDPR).

  5. Customer satisfaction surveys

    • Purpose: to collect voluntary feedback from Customers on the ShinyBots Software and Services, in order to improve the Owner’s offering.

    • Legal basis: legitimate interest of the Data Controller in evaluating Customer satisfaction.

    • Voluntary nature : participation in these surveys is always voluntary.

  6. “Soft marketing” communications

    • Purpose: to send commercial, promotional and advertising communications via email regarding products or services similar to those already purchased by the Customer.

    • Legal basis: legitimate interest of the Data Controller (art. 130 co. 4 Privacy Code).

    • Right to object : the Customer may object at any time, without charge, by following the instructions provided in each communication or by contacting the Owner.

  7. Marketing (Newsletters and other non-similar communications)

    • Purpose: sending, via email and/or SMS, promotional and advertising material relating to the Data Controller’s products and services, even if not similar to those already purchased.

    • Legal basis: explicit, free and informed consent (art. 6(1)(a) GDPR).

    • Optionality : failure to consent does not affect the possibility of concluding the Contract or using the Software and ShinyBots Services.

    • Revocation of consent : the Customer may revoke consent at any time by writing to the Owner or using the link present in each commercial communication. The revocation does not affect the lawfulness of the processing carried out before the revocation itself.

4. Cookies & Tracking Technologies

We and our third-party service providers use cookies and similar technologies (e.g. local storage, pixel tags, analytics tags) to collect data about your use of the Services, customize your experience, analyze trends, and deliver marketing content.

You may control or block cookies via your browser or device settings. However, disabling some cookies may limit or disable features of the Platform.

We use different categories of cookies, including:

  • Essential / strictly necessary cookies: required for basic operation of the Services

  • Performance / analytics cookies: to understand how users interact, measure usage

  • Functional cookies: to remember preferences

  • Marketing / advertising cookies: to deliver or measure advertisements

We will present you with a cookie/banner notice when required by law and allow you to manage your preferences.

ShinyBots uses cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in

  • Understanding how you use our product

In this cookie policy we describe what type of cookies ShinyBots uses and how to disable them. If you cannot find the specific information that you are looking for, feel free to contact us at support@shinyshieldglobal.com.

What are cookies? Cookies are small text files that are placed on your computer or mobile device by websites you visit. They are widely used in order to make a website work, or work more efficiently, as well as to provide information to the owners of the site. These cookies contain a unique code which allows us to recognize your browser during your visit to our website (also known as a ‘session’ cookie) or later, repeated visits (so-called permanent cookies).

The content of a cookie usually consists of the name of the server that placed the cookie, an expiration date and a unique numeric code. Based on your surfing habits, a cookie remembers your preferences. These personal interests are stored on the hard drive of your computer. Cookies make the interaction between you, the visitor, and the website easier, faster and help you to navigate between the different parts of a website.

Cookies are also used to make the content of, or the publicity on a website more relevant for the visitor. Finally, a cookie will ensure that the content is adaptable to your personal taste and needs.

What types of cookies does ShinyBots use?

  • Required cookies: Certain cookies are necessary in order for the website to operate correctly and remain secure. For example, we use cookies to authenticate you. When you log on to our website, authentication cookies are set which let us know who you are during a browsing session. We have to load essential cookies for legitimate interests pursued by us in delivering our Sites essential functionality to you.

  • Analytical Cookies: Analytics cookies collect information about your use of our site, and enable us to improve the way it works. We use Microsoft clarity and Google Analytics to collect anonymized user data about how you use our webpages.

  • How can you block or eliminate cookies: We only use cookies when you are logged into our service. When creating an account you will be asked to accept our terms and conditions. You can allow, eliminate, or block cookies in your computer’s configuration settings according the internet browser you are using. In certain cases, some web services will be blocked when certain cookies are not allowed to operate correctly or when they are blocked by the user.

5. Disclosure & Sharing of Personal Data

We may share your personal data in the following contexts:

  • Service providers / subcontractors: to assist with payment processing, hosting, analytics, operations, security, support

  • Affiliates / group companies: for internal functions, but only under common obligations

  • Legal, regulatory or governmental authorities: when required by law, regulation, court order, or to protect rights, property, or safety

  • Business transfers: in connection with merger, acquisition, sale of assets, or corporate restructuring

  • With your consent: for third parties or marketing when you have consented

When we share data with third parties, we require them to comply with confidentiality and data protection obligations consistent with this Privacy Policy and applicable law.

In particular, when transferring data outside the European Economic Area (EEA), we will ensure proper safeguards (e.g. standard contractual clauses, adequacy decisions, binding corporate rules, or your explicit consent) are in place.

6. International Transfers

Because our infrastructure and service providers may be located in jurisdictions outside Cyprus (within and outside the EEA), your personal data may be transferred internationally.

Whenever such transfers occur, we ensure that:

  • the recipient is subject to adequate data protection law, or

  • we implement appropriate safeguards (e.g. EU Standard Contractual Clauses, data transfer agreements) or

  • we rely on your explicit consent (if applicable)

We will provide further details about the transfer destinations and safeguards upon request.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal, regulatory, tax, or accounting obligations, resolve disputes, enforce agreements, or as long as needed for legitimate business purposes.

After the retention period:

  • We will delete or anonymize the data, or

  • If deletion is not practicable (e.g. backups, legacy systems), restrict processing to permitted purposes only

Specific retention periods may vary by data type (e.g. transaction data, log data, account data). We may retain billing and transaction data longer if required by law (e.g. tax or audit rules in Cyprus).

8. Your Rights & Choices

Under GDPR and applicable law, you have certain rights in relation to your personal data:

  • Right of access: you can request copy of data we hold about you

  • Right to rectification: you can request correction of inaccurate or incomplete data

  • Right to erasure (“right to be forgotten”): you may request deletion of your personal data (subject to legal constraints)

  • Right to restriction of processing: limit how we use your data

  • Right to data portability: receive your data in machine-readable format

  • Right to object: oppose processing of your data (especially for direct marketing or processing based on legitimate interest)

  • Right to withdraw consent: where processing is based on consent

  • Right to lodge a complaint: with a supervisory authority (e.g. the Cyprus Data Protection Commissioner)

To exercise these rights, please contact us using the contact details below. We may ask for proof of identity before fulfilling a request to protect your security.

Note: these rights are subject to conditions and exceptions (e.g. legal obligations or legitimate interests may override in limited cases).

9. Security

We implement technical and organizational measures aimed at protecting personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These may include:

  • Encryption in transit (TLS/SSL)

  • Encryption at rest (where possible)

  • Access controls, role-based permissions

  • Firewalls, intrusion detection

  • Regular security audits, vulnerability assessments

  • Secure coding practices

  • Incident response procedures

However, no method of transmission over the Internet or method of storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach we will notify you and relevant authorities as required by law.

10. Children & Minors

Our Services are not intended for individuals under 18 years old (or the applicable age under local law). We do not knowingly collect Personal Data from minors. If we become aware that we have collected data from a minor without verification of consent (where required), we will take steps to delete that data.

11. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time, to reflect changes in legal, technical or business practices. We will notify you of material changes (e.g. via email or via notice in our platform) at least 30 days before they take effect (unless immediate change is required by law).

Your continued use of the Services after the effective date of changes will constitute acceptance of those changes.

We encourage you to review this Privacy Policy periodically.

12. Contact Information

If you have questions, suggestions, or wish to exercise your rights, please contact:

Shiny Shield Global Services Limited
Address: Dali Industrial Zone, 2546, Nicosia, Cyprus, Europe.
Email: support@shinyshieldglobal.com

You may also lodge complaints with the Cyprus Commissioner for Personal Data Protection (or the relevant supervisory authority in your country), if you believe your rights are violated.

Last revised: 1/10/2025