Privacy Policy

Last Updated: May 2026

Welcome to PK Headway Solutions Ltd. We respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, available at – https://pkheadwaysolutions.com/ or contact us through the website or by other communication channels.

Owner and Data Controllers

Data Controller - Reg. number: HΕ 434139, Address: Αναστασίου Σιούκρη, 1, THEMIS COURT, Floor 4, Flat/Office 402, 3105, Limassol, Cyprus. Сontact email: [email protected]

Data Subject - You or the User.

When you visit our Website, you become our user ("User").

Type of User Description:

Visitor - The User who visits our Website.
Business Contact - a User who contacts us, requests information about our services, or communicates with us as a potential client, partner, supplier, or representative of a company.

TYPE OF DATA WE COLLECT, PURPOSE, AND LEGAL BASIS

Data Sources: We collect information in several ways:

Data You Provide: We may collect personal data that you provide to us when you contact us through the Website, send us an email, or communicate with us by any other means. This may include your name, email address, phone number, company name, position, and the content of your message.
Automatically Collected Data: When you visit our Website, certain technical information may be collected automatically, such as your IP address and basic information about your device, browser, and system. This information is used to ensure the proper functioning and security of the Website.
Sensitive Information: We do not intentionally collect, request, or otherwise process any special categories of personal data within the meaning of Article 9 of the GDPR, or any other sensitive data protected under applicable data protection laws, unless such processing is required or permitted by law. You should not provide such data to us through the Website, by email, or by any other communication channel. If such data is provided voluntarily, incidentally, or without our request, we will process it only where necessary and in accordance with the GDPR.

Data Subject	Personal Data	Purpose	Data Source	Legal Basis
Visitor	Technical data, such as IP address, browser type, device information, and basic website usage data	To operate, maintain, and secure the Website	Collected automatically when you visit the Website	Legitimate interest
Visitor	Strictly necessary cookie	To ensure the proper functioning and security of the Website	Cookie stored on your device when visiting the Website	Legitimate interest
Business Contact	Name, email address, phone number, company name, position, and message content	To respond to your enquiry and communicate with you	Provided by you when you contact us through the Website, by email, or by any other communication channel	Legitimate interest (or steps prior to entering into a contract)
Business Contact	Business correspondence and communication records	To maintain communication and manage potential cooperation	Created or provided during communication with us	Legitimate interest
Business Contact	Business contact details of representatives of existing or potential clients, partners, suppliers, or other organisations	To manage business relationships, provide services, discuss cooperation, and keep business records	Provided by you, your organisation, or during business communication	Legitimate interest or performance of a contract

COOKIES AND OTHER TRACKING TECHNOLOGIES

What are cookies: Cookies are small text files placed on your device when you visit a Website. They allow the Website to function properly and may store limited technical information.
Cookies used by our Website: Our Website uses only one strictly necessary cookie. This cookie is required for the proper technical operation, security, and functionality of the Website.
Information stored by the cookie: The strictly necessary cookie may store limited technical information required for the operation of the Website, such as session information, security preferences, or other technical identifiers. It is not used for marketing, advertising, profiling, or tracking users across other Websites.
Cookies we do not use: We do not use marketing cookies, advertising cookies, preference cookies, analytics cookies, pixels, web beacons, or similar tracking technologies.
Legal basis: The legal basis for using the strictly necessary cookie is our legitimate interest in ensuring the proper functioning and security of the Website.
Storage duration: The strictly necessary cookie is stored on your device, not in our internal systems. Technical data generated when you visit the Website may be stored in our server logs as described in this Privacy Policy. The cookie remains on your device only for as long as required for its technical purpose and, in any case, not longer than required. You may delete cookies through your browser settings, although this may affect the proper functioning of the Website.

DATA RETENTION

General retention principle: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including responding to enquiries, maintaining business communication, and complying with applicable legal obligations.
Communication data: Personal data provided when you contact us, including your name, contact details, and message content, is retained for up to 3 years after the last interaction, unless a longer retention period is required for legal, regulatory, or legitimate business purposes.
Technical data: Certain technical data collected automatically when you visit the Website may be retained for a limited period as necessary to ensure the proper functioning, security, and integrity of the Website.
Extended retention: We may retain personal data for a longer period where necessary to comply with legal obligations, resolve disputes, enforce agreements, or protect our legal interests.

WHERE DO WE STORE THE COLLECTED INFORMATION

Storage location: Your personal data is stored and processed on secure servers located in the Republic of Cyprus, within the European Economic Area (EEA).
Data protection measures: Personal data stored on our servers is protected by appropriate technical and organisational measures designed to prevent unauthorised access, loss, misuse, or disclosure.

WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION

We do not sell or rent your personal data. We share personal data only where necessary for the operation of the Website, communication with you, or compliance with legal obligations.

Hosting and IT providers: Your personal data may be processed by our hosting and IT service providers located in the Republic of Cyprus or elsewhere within the EEA, who store and maintain the infrastructure of the Website. These providers act as data processors and are bound by contractual obligations to ensure the confidentiality and security of your personal data.
Business communication: Where you contact us as a representative of a company or organisation, your personal data may be shared internally within our organisation or with relevant contractors strictly on a need-to-know basis for the purpose of responding to your enquiry, maintaining communication, or managing potential cooperation.
Legal requirements: We may disclose personal data where required to do so by applicable law, regulation, court order, or request from competent authorities, or where necessary to establish, exercise, or defend legal claims.
Business transactions: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to a third party involved in such transaction, subject to appropriate safeguards.

DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

General principle: As a general rule, personal data is stored and processed within the European Economic Area (EEA), including in the Republic of Cyprus.
Limited transfers: We do not intentionally transfer personal data outside the EEA. However, in limited circumstances, such transfers may occur, for example, where a service provider or contractor engaged by us is located outside the EEA or where it is necessary for the purposes described in this Privacy Policy.
Safeguards: In the event that personal data is transferred outside the EEA, we ensure that such transfers are carried out in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). In particular, we ensure that at least one of the following safeguards is in place: the transfer is made to a country that is subject to an adequacy decision adopted by the European Commission, or appropriate safeguards are implemented, such as the execution of Standard Contractual Clauses (SCCs) or other legally recognised transfer mechanisms. Further information about such safeguards may be obtained by contacting us.
Protection of personal data: We take all reasonable technical and organisational measures to ensure that personal data transferred outside the EEA is subject to an adequate level of protection and is processed in a manner consistent with this Privacy Policy and applicable law.

HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement appropriate technical and organisational measures in accordance with Article 32 of the GDPR to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

Access to personal data is limited to authorised personnel and contractors who need such access for the purposes described in this Privacy Policy and who are subject to confidentiality obligations.

In the event of a personal data breach, we will take appropriate steps to contain and mitigate the incident and, where required, notify the competent supervisory authority and affected individuals in accordance with applicable data protection laws.

WHAT ARE YOUR PRIVACY RIGHTS?

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under applicable data protection laws, including the General Data Protection Regulation (GDPR):

The right of access, which allows you to request a copy of your personal data and information about how it is processed;
The right to rectification, which allows you to request correction of inaccurate or incomplete personal data;
The right to erasure, which allows you to request deletion of your personal data, subject to applicable legal restrictions;
The right to restriction of processing, which allows you to request that we limit the processing of your personal data in certain circumstances;
The right to object, which allows you to object to the processing of your personal data based on legitimate interests;
The right to data portability, which allows you to request transfer of your personal data to another controller;
The right to withdraw consent at any time, where we process your personal data on the basis of your consent, without affecting the lawfulness of processing carried out before withdrawal.

You may exercise your rights by contacting us at: [email protected]

Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, including the Office of the Commissioner for Personal Data Protection (Republic of Cyprus), or another authority in your place of residence.

UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our personal data processing practices, the operation of the Website, or applicable legal requirements.

The updated version will be indicated by a new “Last updated” date and will become effective once published on the Website.

HOW CAN YOU CONTACT US ABOUT THIS POLICY?

Please feel free to contact us in case you have any queries or complaints in respect to this Privacy Policy or about the way we process your Personal data by using the following details:

Contact email: [email protected]

* We may request additional information to verify your identity before processing your request *