Privacy Policy

AD Vending is a Cypriot business that installs and manages vending machines in commercial spaces across Cyprus.

Data Controller: AD Vending, Larnaca, Cyprus. For data protection matters contact ademetriou.vending@gmail.com.

When you fill in the contact form we collect: your name, your email address, your phone number (optional), the type of your space, the location in Cyprus, and anything you write in the message field.

If you contact us through WhatsApp you are using a third party service (Meta Platforms). Data collection by WhatsApp is governed by that company's own privacy policy.

Our hosting provider (Netlify) automatically logs technical visit data (IP address, user agent, request time) for security and correct operation of the site.

We use the information you provide solely to respond to your enquiry, arrange an on site visit, prepare a proposal for installing a vending machine, and continue the conversation that you started.

We do not use your information for advertising, we do not sell it to third parties, and we do not use it for automated decision making or profiling.

Processing is based on Article 6(1)(b) of the GDPR (pre contract steps at your request), as you contact us to explore a potential business relationship. Alternatively, where that basis does not apply, we rely on Article 6(1)(f) of the GDPR (our legitimate interest in responding to enquiries).

Netlify, Inc. (USA, operating under Standard Contractual Clauses): hosts the site and processes contact form submissions on our behalf.

Google LLC / Meta Platforms: only if you choose to email us from a Gmail address or message us on WhatsApp. In those cases your message passes through their respective networks under their own terms.

We do not share personal data with any other third parties unless required by law or at your request.

We keep your correspondence for as long as it takes to handle your enquiry and any follow up cooperation. If no cooperation materialises, we delete your data within 24 months of last contact.

If we enter a contract, we keep the records that Cypriot tax and commercial law require (typically 6 years after the end of the relationship).

You have the right to request access to your personal data, rectification or erasure, restriction of processing, data portability, and to object to processing based on legitimate interest.

To exercise any of these rights, email ademetriou.vending@gmail.com. We respond within 30 days as required by the GDPR.

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (commissioner@dataprotection.gov.cy, www.dataprotection.gov.cy).

The site is served over HTTPS with modern TLS only. We apply security headers (HSTS, Content Security Policy, Permissions Policy, X Frame Options) to reduce attack surface.

Form submissions are stored in Netlify's protected environment. Access to the data is limited to the people directly involved in handling enquiries.

This site does not use tracking cookies or visitor analytics tools (Google Analytics, Facebook Pixel or similar). We do not personalise content based on your browsing history.

We use only browser local storage (localStorage) to remember whether you have already seen the cookie notice. This never leaves your browser and cannot identify you.

If we ever add tools that use cookies we will ask for explicit consent through a banner before activating them.

We may update this policy from time to time. The last updated date appears at the top of the text. Material changes will be announced on the website for a reasonable period.