Privacy Policy
Effective: 29 April 2025 Last Revised: 23 May 2025
This Privacy Policy explains how Verinosc CLG (“we”, “us”, “our”) processes personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and Cyprus Law 125(I)/2018. Our public site is still ramping up and remains largely static, but the technologies already in place—and the safeguards applied—are described below.
1 Who we are
Verinosc CLGCompany Limited by Guarantee (non-profit) Reg. No. HE 471839 | Kennedy 70, 2nd Fl., Office 201-202, 1076 Nicosia, Cyprus
We are the data controller (Art 4 § 7 GDPR). Privacy enquiries:
privacy@ledg.it.com +357 9919 0997
A formal Data Protection Officer is not required; our privacy team will respond to all requests.
Processing on our behalf
Development and hosting resources are provided by Promet.ai Ltd., Cyprus, which acts as a data-processor under a GDPR-compliant Data-Processing Agreement (Art 28 GDPR). Promet.ai Ltd. in turn contracts physical hosting from Hetzner Online GmbH (see § 4).
2 What personal data we collect & why
| Audience | Data categories | Purpose & legal basis | Retention |
|---|---|---|---|
| Browsing visitors | None (no cookies, no analytics). Edge/origin logs: IP address, date/time, request URL, user-agent | Legitimate interests Art 6 (1)(f) – ensure security & integrity | Logs deleted after 14 days unless a security investigation requires longer retention |
| Registered users (Keycloak – coming soon) | Display name (optional); e-mail; password hash / IdP token; internal user-ID; access/refresh tokens | • Consent Art 6 (1)(a) – account creation • Legitimate interests Art 6 (1)(f) – secure & administer service | Until account deletion + 12 months of inactivity, then erased or anonymised (unless legal retention applies) |
| Newsletter subscribers (planned) | Name (optional); e-mail | Consent Art 6 (1)(a) | Until you unsubscribe or withdraw consent |
| Contact-form queries / research calls (planned) | Name; e-mail; message content | Legitimate interests Art 6 (1)(f) – respond to enquiries | Deleted after issue resolved or 12 months, whichever occurs first |
We do not carry out automated decision-making or profiling (Art 22 GDPR).
3 Hosting & security
- Static site – Built with Next.js, delivered as static assets
- TLS – All traffic forced over HTTPS (TLS 1.2+)
- Authentication – Keycloak in the same infrastructure; session cookie KEYCLOAK_SESSION (Secure, HttpOnly, SameSite=Lax) set after login, expires at logout or after 8 h inactive
- Infrastructure – EU-based servers rented by Promet.ai Ltd. (Cyprus) from Hetzner Online GmbH (Germany) under GDPR-compliant agreements. Admin access via MFA; IaC with peer review
- Server logs – see § 2; no additional long-term app-level logs
- Data-breach response – We will notify the supervisory authority and affected users within 72 h (Arts 33-34 GDPR)
- International transfers – No personal data transferred outside the EEA
4 Sub-processors
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Promet.ai Ltd. | Infrastructure management & DevOps | Cyprus (EEA) | Art 28 DPA with Verinosc; ISO 27001-aligned controls |
| Hetzner Online GmbH | Physical hosting (servers, backups) – contracted by Promet.ai Ltd. | Germany (EEA) | GDPR DPA with Promet.ai Ltd.; ISO 27001 data centres |
Any future third-party service (e.g. analytics, e-mail delivery) will be listed here before activation.
5 Cookies & similar technologies
Our public pages set no cookies. After you log in, Keycloak sets one strictly necessary session cookie (KEYCLOAK_SESSION) as described above.
6 Children’s data
The site is not directed to children under 16. If we learn a child under 16 registered without parental consent, the account will be deleted immediately.
7 Your rights
You may at any time exercise your GDPR rights: access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent. E-mail privacy@ledg.it.com to submit a request. You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection, Cyprus (https://www.dataprotection.gov.cy).
8 Future updates
Planned launches:
- Newsletter subscriptions
- Community accounts (Keycloak)
- Contact forms & research participation calls
Each feature will go live only after this policy is updated with the relevant processing details.
9 Changes to this policy
When we amend this document, the “Last Revised” date will change. Significant changes will also be highlighted on our homepage.
© 2025 Verinosc CLG. All rights reserved.