PRIVACY POLICY

Last updated: February 2025

1. Introduction

LINK4TECH LTD (Company number: HE421920), registered at Lemesou Avenue 60, Nicosia, Strovolos 2014, Cyprus ("LINK4TECH", "we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website link4.tech, use our services, access our APIs, or interact with us in any way.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Data Controller

LINK4TECH LTD acts as the data controller for the personal data collected through our website and services. For any data protection inquiries, please contact us at:

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide Directly

  • Contact information: name, surname, email address, phone number
  • Communication data: messages, inquiries, and feedback submitted through our contact and feedback forms
  • Newsletter subscription data: email address
  • Account data: login credentials, registration details
  • Business information: company name, job title, business requirements

3.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage data: pages visited, time spent on pages, referring URLs, click patterns
  • Cookie data: information collected through cookies and similar technologies (see our Cookie Policy)
  • Analytics data: data collected through Google Analytics, including session information, user interactions, and traffic sources

3.3 Data Collected Through Our APIs

If you use our API services (Payment Gateway, Processing API, 3D Secure API), we may collect:

  • API authentication data: API keys, access tokens, and authentication credentials
  • Transaction data: payment processing data, transaction identifiers, amounts, and statuses
  • Integration data: technical logs, error reports, and API usage statistics

3.4 Payment Data

When payment services are processed through our solutions or partner platforms (including Google Pay and Apple Pay), we may process:

  • Payment instrument data: tokenised card data, payment method identifiers
  • Transaction details: transaction amounts, currency, merchant identifiers, timestamps
  • Authentication data: 3D Secure authentication results, device fingerprints

We do not store full card numbers, CVVs, or PINs. All payment data is processed in compliance with PCI DSS and PCI 3DS standards.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: where you have given clear consent for us to process your personal data for a specific purpose (e.g., newsletter subscription, cookie consent)
  • Contract performance: where processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring network security
  • Legal obligation: where processing is necessary to comply with a legal obligation to which we are subject

5. How We Use Your Data

We use your personal data for the following purposes:

  • To provide, operate, and maintain our services, including software development, API services, and payment processing solutions
  • To respond to your inquiries, requests, and support tickets
  • To process and manage your account, subscriptions, and service agreements
  • To send you newsletters, updates, and marketing communications (where you have consented)
  • To process payments and transactions through our payment processing solutions
  • To facilitate transactions via digital wallets such as Google Pay and Apple Pay
  • To comply with regulatory and legal requirements, including PCI DSS, PCI 3DS, anti-money laundering (AML), and know-your-customer (KYC) obligations
  • To detect, prevent, and address fraud, security breaches, and technical issues
  • To analyse usage patterns and improve the performance and functionality of our website, APIs, and services
  • To enforce our Terms and Conditions and protect our legal rights

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

  • Service providers: third-party vendors who assist us in operating our website and services (e.g., hosting providers, email service providers, analytics providers)
  • Payment processors and financial institutions: to facilitate payment transactions, including card networks (Visa, Mastercard), acquiring banks, and digital wallet providers (Google Pay, Apple Pay)
  • Affiliated companies: entities within the LINK4TECH and Link4Pay group of companies
  • Legal and regulatory authorities: when required by law, regulation, or legal process, including law enforcement, regulators, and courts
  • Business partners: trusted partners who work with us to provide services to you, subject to appropriate data protection agreements
  • Professional advisors: lawyers, auditors, and consultants as necessary

We do not sell your personal data to third parties. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other lawful transfer mechanisms under applicable data protection law

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. The retention period may vary depending on the context and nature of the data:

  • Contact form submissions: retained for up to 3 years from the date of submission
  • Newsletter subscriptions: retained until you unsubscribe
  • Account data: retained for the duration of your account and for up to 5 years after closure
  • Transaction data: retained for a minimum of 5 years as required by financial regulations
  • API usage data: retained for up to 2 years for security and troubleshooting purposes

9. Your Rights

Under applicable data protection laws, you have the following rights:

  • Right of access: you have the right to request a copy of the personal data we hold about you
  • Right to rectification: you have the right to request correction of inaccurate or incomplete personal data
  • Right to erasure: you have the right to request deletion of your personal data in certain circumstances
  • Right to restrict processing: you have the right to request that we restrict the processing of your personal data
  • Right to data portability: you have the right to receive your personal data in a structured, commonly used, machine-readable format
  • Right to object: you have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: where processing is based on consent, you have the right to withdraw that consent at any time
  • Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority, including the Office of the Commissioner for Personal Data Protection in Cyprus

To exercise any of these rights, please contact us at [email protected].

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • PCI DSS and PCI 3DS certified systems for payment data processing
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Employee training on data protection and information security
  • Secure software development lifecycle (SSDLC) practices
  • 24/7/365 monitoring and incident response capabilities

11. Google Pay and Apple Pay

When you use Google Pay or Apple Pay through services powered by LINK4TECH:

  • We receive only tokenised payment data necessary to process the transaction
  • We do not receive or store your actual card numbers
  • All transactions are processed in accordance with the respective platform's terms and security standards
  • Your use of Google Pay and Apple Pay is also subject to Google's and Apple's respective privacy policies
  • We comply with all applicable payment network rules and regulations for digital wallet transactions

12. API Users

If you access our services through our APIs (Payment Gateway, Processing API, 3D Secure API):

  • You are responsible for ensuring that your use of our APIs complies with applicable data protection laws
  • You must provide appropriate privacy notices to your own end users regarding data processed through our APIs
  • We act as a data processor on your behalf for data processed through our APIs, as specified in our data processing agreements
  • API authentication credentials must be kept confidential and not shared with unauthorised parties
  • You must promptly notify us of any security breaches that may affect data processed through our APIs

13. Third-Party Services

Our website and services may contain links to third-party websites and integrate with third-party services, including:

  • Google Analytics (for website analytics)
  • Google reCAPTCHA (for spam and abuse prevention)
  • Zoho SalesIQ (for live chat support)
  • Social media platforms (Facebook, LinkedIn)

These third-party services have their own privacy policies and we are not responsible for their practices. We encourage you to review the privacy policies of any third-party services you interact with.

14. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at: