Privacy Policy

Kypos Ltd operates Logis.cy. For the purposes of the GDPR and Cyprus data-protection law, Logis acts as controller for personal data processed to operate the marketplace, manage onboarding, maintain accounts, secure the platform, communicate with users, collect Logis fees, and meet legal obligations.

Where a client and provider use the platform to exchange data for a professional mandate, each party remains responsible for its own independent compliance in relation to the personal data it discloses or receives. In some B2B cases, Logis may also process personal data as a processor under the DPA available through the platform.

The data we process depends on how you use the platform, but may include account, identity, business, engagement, support, technical, and payment-related information.

• Identity and contact data such as names, work email addresses, phone numbers, and professional roles.
• Business and onboarding data such as company details, registration data, tax identifiers, licenses, and verification records.
• Marketplace and engagement data such as instructions, messages, uploaded files, service requests, provider responses, billing references, and audit trails.
• Technical and usage data such as device, log, session, browser, IP, and security event information.

We use personal data only where we have a lawful basis, including performance of a contract, legitimate interests, legal obligation, and consent where required.

• To create and administer accounts, verify providers, and manage marketplace participation.
• To match clients and providers, route enquiries, support communications, and facilitate workflow steps.
• To operate security controls, prevent fraud, investigate misuse, scan files, and maintain auditability.
• To bill Logis fees, issue transactional communications, respond to support requests, and comply with regulatory, accounting, and legal obligations.

We disclose data on a need-to-know basis to the parties involved in the relevant service request, engagement, or operational workflow. When a client chooses to engage with a provider, data submitted through the platform may be made available to that provider so the requested services can be assessed or delivered.

We may also disclose information to advisors, payment partners, hosting and infrastructure vendors, analytics or support vendors, law-enforcement authorities, regulators, insurers, and professional advisers where necessary for the purposes described in this Policy.

In the event of a merger, acquisition, corporate restructuring, asset sale, or similar transaction involving Logis, personal data may be transferred to the successor entity as part of the business assets, subject to this Policy and applicable data-protection law. We will notify affected users of any change in controller identity where required by the GDPR.

The platform uses automated security and workflow controls, including malware scanning, anomaly detection, logging, and limited AI-assisted processing where enabled as part of product functionality. Those controls are used to protect the service, improve routing, and support operational workflows rather than to replace professional judgment.

Where automated processing is used, it does not produce legal effects or similarly significant decisions concerning individuals solely on the basis of automated processing. If automated decision-making is introduced in the future in a way that produces such effects, we will provide meaningful information about the logic involved, the significance, and the envisaged consequences, and will ensure a mechanism for human review in accordance with Article 22 of the GDPR.

We apply technical and organisational measures appropriate to the nature of the data and the platform. Retention periods depend on the data category, the contractual relationship, legal obligations, active disputes, and platform-security needs. Because Logis is not offered as a long-term document archive, users should retain their own records outside the platform.

Some of our service providers may process personal data outside Cyprus or the EEA. Where that occurs, we rely on a recognised transfer mechanism and implement supplementary measures where appropriate.

• Cloud, hosting, infrastructure, communications, support, security, and analytics vendors may have access to limited categories of personal data.
• Service providers are bound by contractual confidentiality and data-protection commitments proportionate to their role.
• A current subprocessor list may be provided on request where Logis is acting as processor under the DPA.

Subject to applicable law, you may request access, rectification, erasure, restriction, portability, or objection, and you may withdraw consent where processing depends on consent. You also have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you.

Requests should be sent to privacy@logis.cy. We will respond within one month of receipt, or inform you if an extension of up to two additional months is necessary due to the complexity or volume of requests. The first copy of your personal data will be provided free of charge; further copies may be subject to a reasonable administrative fee.

We may need to verify your identity before acting on a request. Certain requests may be declined or limited where retention is required for the establishment, exercise, or defence of legal claims, fraud prevention, tax compliance, or other regulatory obligations.

We send essential service communications where necessary to operate accounts, engagements, billing, and compliance workflows. We may also send updates, newsletters, or product notices where permitted by law or where you have opted in. You may unsubscribe from non-essential marketing at any time using the link provided in each communication or by contacting us.

Our use of cookies and similar technologies is described in the Cookie Policy. Non-essential analytics or preference technologies are used only where the applicable consent standard has been met.

The platform is designed for business and professional use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data has been collected from a person under 18 without appropriate authorisation, we will take steps to delete that data promptly.

If you have a concern about how personal data is handled, please contact privacy@logis.cy first so we can try to resolve it. You also have the right to lodge a complaint with Office of the Commissioner for Personal Data Protection in the Republic of Cyprus or with another competent supervisory authority under the GDPR.