Privacy Policy
Effective date: 16 April 2026
This Privacy Policy explains how Arfil LTD (“we”, “us”, “our”) collects and uses personal data when you visit https://arfil.eu (the “Website”).
1. Data Controller
Arfil LTD
Cyprus company registration number HE 425840
Solomou Solomou 10, Flat/Office 1, Empa 8250, Paphos, Cyprus
For any privacy-related request — access, correction, erasure, objection, portability, or to withdraw consent — contact us at ArfilLTD@protonmail.com.
2. What We Collect
2.1 Information you provide
When you submit the contact form on our Website, we collect: your name, email address, phone number (optional), and any information you include in your message.
2.2 Information collected automatically
With your consent (see “Cookies” below), we collect: pages you visit, time spent, clicks and scroll behaviour; approximate location based on IP address (city / country); browser, operating system, device type; session recordings (mouse movements and clicks — without form input content).
If you decline optional cookies, none of the information in 2.2 is collected.
3. Why We Use Your Data — Legal Bases (GDPR Art. 6)
- Replying to your enquiry — contact form data — Art. 6(1)(b), pre-contractual measures.
- Improving the Website — analytics data — Art. 6(1)(a), your consent.
- Meeting legal obligations (tax, accounting) — contact form data — Art. 6(1)(c).
- Defending legal claims — any of the above — Art. 6(1)(f), legitimate interest.
We do not use your data for automated decision-making or profiling.
4. Cookies & Similar Technologies
Our Website uses two categories of cookies and local storage:
Essential — strictly necessary for the site to function (for example, remembering your cookie choice). These are stored without consent under ePrivacy Directive Art. 5(3).
Analytics (optional) — loaded only after you click “Accept All” on our cookie banner. We currently use Microsoft Clarity (Microsoft Ireland Operations Limited, One Microsoft Place, Carmanhall and Leopardstown, Dublin 18, D18 P521, Ireland) for heatmaps and session replay.
You can withdraw consent at any time by clicking the “Cookie settings” link in the Website footer — this clears your choice and reloads the page so optional cookies are dropped.
5. Recipients & Service Providers
We share data only with processors necessary to operate the Website. We use the following categories of recipients:
- Hosting provider — stores Website files and processes incoming requests.
- Analytics provider — receives anonymised usage data only after you opt in (see § 4).
- Translation widget — loads client-side scripts when you change language.
- Email delivery — transmits contact-form submissions to us.
- Cyprus authorities — only where compelled by law (tax, court order, etc.).
The list of named providers in each category may change over time as we add or remove tools. The current named providers, as of the effective date above, are: Hostinger International Ltd (hosting); Microsoft Clarity (analytics, see § 4); GTranslate Inc. (translation widget); the SMTP service of our hosting provider (email delivery). Updates to this list are reflected by republishing this page with a new effective date.
6. Where Your Data Is Stored
Hosting servers are located within the European Union. Microsoft Clarity may transfer aggregated analytics data to the United States under the EU–US Data Privacy Framework. No special-category data (health, biometrics, etc.) is collected or transferred.
7. How Long We Keep It
- Contact form messages: up to 3 years from last contact, then deleted.
- Analytics: 1 year (the analytics provider’s default), then aggregated.
- Server logs: 30 days.
8. Your Rights (GDPR Art. 15–22)
You have the right to: access your data; correct it; delete it; restrict its processing; object to processing; request portability; and withdraw consent at any time. To exercise any of these, contact us at ArfilLTD@protonmail.com.
You may also lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus — www.dataprotection.gov.cy.
9. Children
The Website is not directed at children under 14 years of age (GDPR Art. 8 read together with Cyprus implementing law). We do not knowingly collect data from children under 14.
10. Changes to This Policy
If we change this policy, the new version will appear on this page and the effective date at the top will be updated. Material changes (new processors, new data categories, change in retention) will be highlighted in the cookie banner for one week.