Privacy Policy

1 Who We Are

The data controller for personal data collected through www.mcrevnex.com is:

The Office of the Commissioner for Personal Data Protection is the supervisory authority in Cyprus responsible for enforcing GDPR. You have the right to lodge a complaint with them at any time.

2 Data We Collect

2.1 Data You Provide Directly

• Contact & inquiry data: name, business email address, company name, job title, phone number, and any message content submitted through our "Request Demo" or contact forms.
• Client account data: business contact details, billing information, and credentials necessary to provide access to PropGuard™ services under a signed B2B agreement.

2.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps.
• Cookie data: session identifiers and analytics identifiers (see Section 9 and our Cookie Policy).

2.3 Data We Do Not Collect

• We do not collect special category (sensitive) personal data such as racial origin, health, biometric or genetic data.
• We do not collect personal data from individuals under the age of 18.

3 How We Use Your Data

• To respond to your demo requests and commercial inquiries.
• To provision, maintain, and support PropGuard™ services under a contract.
• To send service-related communications (not marketing) unless separate consent is given.
• To analyse website usage (in aggregated, anonymised form) and improve our services.
• To comply with legal obligations applicable to a company registered in Cyprus and operating in the EU.
• To detect and prevent fraud, abuse, or security incidents.

4 Legal Basis for Processing

• Contractual necessity (Art. 6(1)(b) GDPR): Processing required to fulfil our B2B service agreement or to take pre-contractual steps at your request.
• Legitimate interests (Art. 6(1)(f) GDPR): Responding to inquiries, securing our platform, and improving our website — where our interests do not override your rights.
• Legal obligation (Art. 6(1)(c) GDPR): Where processing is required under Cyprus law or EU regulations.
• Consent (Art. 6(1)(a) GDPR): For non-essential cookies and any optional marketing communications. You may withdraw consent at any time without affecting prior processing.

5 Data Sharing & Processors

We do not sell your personal data. We share data only where necessary:

• Service providers (data processors): Cloud hosting providers, email delivery platforms, and analytics tools — all operating under data processing agreements that ensure GDPR compliance.
• Professional advisors: lawyers and accountants, bound by confidentiality obligations.
• Legal authorities: where required by applicable Cypriot or EU law, court order, or regulatory request.

6 International Data Transfers

Our servers are located within the European Economic Area (EEA). Where we engage processors outside the EEA, we ensure adequate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions recognised under GDPR Art. 45.

You may request details of any applicable transfer mechanism by contacting us at privacy@mcrevnex.com.

7 Data Retention

• Inquiry data: Retained for up to 24 months after last contact, or until you request deletion.
• Client contract data: Retained for the duration of the contract plus 7 years to comply with Cypriot accounting and tax law.
• Website analytics data: Aggregated or anonymised after 26 months.
• Security & access logs: Retained for up to 12 months.

After the applicable retention period, data is securely deleted or anonymised.

8 Your Rights Under GDPR

As a data subject in the EU/EEA (including Cyprus), you have the following rights:

To exercise any of these rights, email us at privacy@mcrevnex.com. We will respond within 30 days. No fee is charged unless requests are manifestly unfounded or excessive.

Cyprus supervisory authority: Office of the Commissioner for Personal Data Protection — www.dataprotection.gov.cy

9 Cookies

We use cookies and similar technologies on our website. Essential cookies (necessary for the website to function) are deployed without consent. Non-essential cookies (analytics, preferences) require your consent, which you can manage via our cookie banner.

For full details, including a breakdown of individual cookies and how to opt out, please see our Cookie Policy.

10 Children's Privacy

Our website and services are directed exclusively at business professionals (B2B). We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us immediately at privacy@mcrevnex.com and we will delete it without delay.

11 Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• TLS/HTTPS encryption for all data in transit.
• Access controls and role-based permissions for internal systems.
• Regular security audits and vulnerability assessments.
• Staff training on data protection obligations.

No transmission over the internet is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Art. 33–34.

12 Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on our website and/or by email where appropriate. The "Effective Date" at the top of this page will always reflect the latest revision. We encourage you to review this page periodically.

13 Contact Us

For any privacy-related questions, requests, or to exercise your GDPR rights: