Privacy Policy

Last Updated: 1st January 2026

Introduction

embervector Ltd ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our microfinance services.

As a licensed microfinance institution operating in Cyprus and serving clients across the European Union, we comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws.

Data Controller Information

embervector Ltd is the data controller for the purposes of data protection law. Our details are:

  • Company Name: embervector Ltd
  • Registration Number: HE945261
  • Address: Poseidonos Avenue 119, 3007 Limassol, Limassol District, Cyprus
  • Email: [email protected]
  • Phone: +357 25288895

Data Collection

The data we collect from you depends on how you interact with our services. We may collect the following types of personal information:

Information You Provide Directly

  • Contact details (name, email address, phone number, postal address)
  • Business information (company name, industry, business registration details)
  • Financial information (income, expenses, financial statements, credit history)
  • Identity verification documents (passport, national ID, proof of address)
  • Communication records (emails, phone calls, meeting notes)
  • Application and loan-related information

Information We Collect Automatically

  • Website usage data (pages visited, time spent, click patterns)
  • Technical information (IP address, browser type, device information)
  • Cookies and similar tracking technologies (see our Cookie Policy for details)

How We Use Your Information

We process your personal data for various purposes based on different legal grounds under GDPR:

Service Delivery and Contract Performance

  • Processing loan applications and providing microfinance services
  • Conducting credit assessments and risk evaluations
  • Managing customer accounts and relationships
  • Providing customer support and responding to enquiries
  • Processing payments and managing financial transactions

Legal and Regulatory Compliance

  • Complying with anti-money laundering (AML) and know your customer (KYC) requirements
  • Meeting regulatory reporting obligations
  • Preventing fraud and financial crime
  • Maintaining records as required by law

Legitimate Business Interests

  • Improving our services and website functionality
  • Conducting market research and business analysis
  • Protecting our business and customers from security threats
  • Internal administration and record-keeping

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to control them, please refer to our Cookie Policy.

Data Sharing and Disclosure

We may share your personal information in the following circumstances:

  • With regulatory authorities and government agencies as required by law
  • With credit reference agencies and fraud prevention services
  • With professional advisors (lawyers, accountants, auditors) bound by confidentiality
  • With service providers who assist us in delivering our services (IT support, payment processors)
  • In connection with business transfers, mergers, or acquisitions
  • When you have given explicit consent for specific disclosures

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Customer account information: For the duration of our relationship plus 7 years after account closure
  • Loan application data: 7 years from application date (whether approved or declined)
  • Financial transaction records: 7 years from transaction date
  • Marketing communications: Until you unsubscribe or withdraw consent
  • Website analytics data: 26 months from collection

These retention periods may be extended if required by law, regulation, or for the establishment, exercise, or defence of legal claims.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right of Rectification: You can ask us to correct inaccurate or incomplete data
  • Right of Erasure: You can request deletion of your data in certain circumstances
  • Right to Restrict Processing: You can limit how we use your data in specific situations
  • Right to Data Portability: You can receive your data in a structured, machine-readable format
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at [email protected] or +357 25288895. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication systems
  • Staff training on data protection and security
  • Incident response and breach notification procedures

International Data Transfers

We primarily process data within the European Economic Area (EEA). If we need to transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • European Commission adequacy decisions
  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules or certification schemes

Contact Information

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

  • Email: [email protected]
  • Phone: +357 25288895
  • Post: Data Protection Officer, embervector Ltd, Poseidonos Avenue 119, 3007 Limassol, Limassol District, Cyprus

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Cyprus Data Protection Commissioner or your local supervisory authority.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

Legal Basis for Processing

We process personal data based on one or more of the following legal grounds under Article 6 of GDPR:

  • Contract Performance: Processing necessary for performing our services
  • Legal Obligation: Processing required to comply with legal or regulatory requirements
  • Legitimate Interest: Processing necessary for our legitimate business interests
  • Consent: Where you have given specific consent for certain processing activities
  • Vital Interests: Processing necessary to protect someone's life