Data Protection and Privacy Policy

Information notice on the processing of your data under GDPR and applicable data protection regulations

Last Updated: 17.05.2026

Data Collection and Processing Purposes

As Kynic Agent, we process your personal data as a data controller in accordance with GDPR (General Data Protection Regulation) and relevant legislation for the following purposes:

Personal Data Collected:

Identity Information: Name, surname, identification number (when required)

Contact Information: Email address, phone number, address

Customer Transaction Information: Order history, payment details, billing address

Transaction Security Information: IP address, cookie records, log files

Marketing Information: User preferences, interests, interaction data

Processing Purposes:

Establishment and performance of service contracts

Fulfillment of legal obligations

Protection of our legitimate interests

Conducting communication activities

Customer satisfaction measurements

Legal Basis for Data Processing

Your personal data is processed in accordance with the conditions specified in Articles 6 and 9 of GDPR:

Legal Basis:

Your explicit consent

Necessity for the performance or establishment of a contract

Compliance with a legal obligation

Necessity for the purposes of legitimate interests

Data Processing Principles:

Processed lawfully, fairly and transparently

Collected for specified, explicit and legitimate purposes

Adequate, relevant and limited to what is necessary

Accurate and kept up to date

Kept for no longer than necessary

Processed in a manner that ensures appropriate security

Data Security Measures

We implement appropriate technical and organizational measures to ensure the security of your personal data in accordance with Article 32 of GDPR:

Technical Security Measures:

AES-256 bit encryption for data protection

TLS 1.3 protocol for secure data transmission

Hosting in secure data centers (Tier III/IV)

Regular security testing and penetration testing

Automatic backup and disaster recovery systems

Two-factor authentication (2FA)

Organizational Security Measures:

Data processing policies and procedures

Staff privacy and security training

Access authorization and logging systems

Confidentiality agreements and undertakings

Regular audit and control mechanisms

Data Transfer and Sharing

Your personal data may be transferred to third parties domestically and internationally under the conditions specified in Articles 44-50 of GDPR:

Domestic Transfers:

Our business partners (Payment systems, cloud service providers)

Legal advisors and auditors

Authorized public institutions and organizations

Courts and enforcement offices

International Transfers:

AWS (United States, European Region)

Google Cloud Platform (European Region)

Transfers are made where adequate protection exists in the recipient country, or where adequate protection does not exist, with your explicit consent

Confidentiality agreements are signed and adequate security standards are required for all data transfers.

Your Rights Under GDPR

As a data subject under Article 15-22 of GDPR, you have the following rights:

1. Right of Access

You have the right to obtain confirmation as to whether personal data concerning you is being processed.

2. Right to Information

If processed, you can request information about it.

3. Right to Know Processing Purpose

You can learn the purpose of processing and whether they are used in accordance with their purpose.

4. Right to Know Third Parties

You have the right to know third parties to whom personal data is transferred domestically or abroad.

5. Right to Rectification

You can request the rectification of incomplete or inaccurate personal data.

6. Right to Erasure

You can request the deletion or destruction of personal data under the conditions stipulated in Article 17 of GDPR.

7. Right to Notification

You can request that rectification, erasure or destruction operations are notified to third parties to whom personal data has been transferred.

8. Right to Object

You have the right to object to the processing of your personal data.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with your supervisory authority.

Application Method:

To exercise your rights, you can apply in writing with identity verification documents to privacy@kynicagent.com or our company address. Your applications will be concluded free of charge within 30 days.

Cookie Policy

Cookies are used on our website to improve user experience:

Strictly Necessary Cookies:

These cookies are essential for the basic functions of the website. Used for session management and security purposes.

Functional Cookies:

Used to remember your preferences and provide personalized experience.

Analytics Cookies:

Used to collect website usage statistics with tools like Google Analytics. This data is collected anonymously.

Marketing Cookies:

Used to measure the effectiveness of advertising campaigns. Your explicit consent is required for these cookies.

Cookie Management:

You can delete or block cookies from your browser settings. However, in this case, some site features may not work.

You can review our detailed Cookie Policy on our website.

Contact Data Controller

Contact the data controller to exercise your rights under GDPR or for questions