Effective Date: 01/10/2025

1.Introduction
TOREXA LTD (“we”, “our”, “us” or the “Website” accordingly) respects your privacy and is committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit the Website.
We act as the Data Controller for the personal data processed via the Website unless otherwise stated.

2. Information We collect
We may collect and process the following categories of personal data:
· Identity Data: Name, username, etc.;
· Contact Data: Email address, phone number, postal address;
· Technical Data: IP address, browser type, operating system, device information;
· Usage Data: How you use the Website, including interactions, pages visited, and time spent;
· Marketing & Communications Data: Preferences in receiving newsletters, promotions, and notifications.
We may collect this data directly from you (via forms, account registration, or communications) or automatically (through cookies and analytics tools).

3. Lawful Basis for Processing
We process personal data under one or more of the following lawful bases:
· Consent (Article 6(1)(a)): When you opt-in for newsletters or marketing;
· Contract (Article 6(1)(b)): When processing is necessary to provide services or fulfill an agreement;
· Legal Obligation (Article 6(1)(c)): To comply with tax, accounting, or regulatory requirements;
· Legitimate Interests (Article 6(1)(f)): For analytics, service improvement, fraud prevention, and ensuring security, provided these interests are not overridden by your rights.

4. How We use your information
We use personal data to:
· Provide and maintain services;
· Manage user accounts and transactions;
· Send service-related updates and communications;
· Customize and improve your experience with the Website;
· Conduct analytics, monitor performance, and prevent fraud;
· Comply with legal requirements.

5. Data sharing
We may share personal data with:
· Service providers and vendors (hosting, analytics, payment processors);
· Professional advisers (lawyers, auditors);
· Regulatory authorities when legally required;
· Business partners or buyers in the event of a merger, sale, or restructuring.
We require all third parties to respect the security of personal data and process it in compliance with GDPR.

6. International datatransfers
If we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards, such as:
· Adequacy decisions by the European Commission;
· Standard Contractual Clauses (SCCs);
· Other legally recognized mechanisms.

7. Data retention
We retain personal data only as long as necessary for the purposes collected, or as required by law. When no longer needed, data is securely deleted or anonymized.

8. Your GDPR rights
Under GDPR, you have the right to:
· Access – request a copy of your personal data;
· Rectification – correct inaccurate or incomplete data;
· Erasure (Right to be Forgotten) – request deletion of your data;
· Restriction – limit processing in certain circumstances;
· Data Portability – request transfer of your data to another provider;
· Object – to processing based on legitimate interests or direct marketing;
· Withdraw Consent – when processing is based on consent.
To exercise your rights, contact us at info@torexa.ltd.

9. Cookies and tracking
We use cookies and similar technologies to analyze traffic, improve services, and enhance user experience. You can manage cookie preferences via your browser settings or through our cookie banner. For more details, see our Cookie Policy.

10. Security
We apply appropriate organizational and technical measures to protect personal data against loss, misuse, unauthorized access, or disclosure. However, no transmission over the internet is 100% secure – therefore, We can never guarantee absolute security of your personal data, and would like to draw your attention to the necessity of keeping your personal data safe by taking all appropriate reasonable measures.

11. Children’s privacy
Our services are not directed to children under 16. If we discover that we have collected data from a minor without parental consent, we will delete it immediately.

12. Supervisory authority
You have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe your GDPR rights are infringed. A list of DPAs can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

13.  Changes to this policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Effective Date.”

14.  Contact Us
If you have questions or wish to exercise your rights, please contact us at:
Data Controller: TOREXA LTD
Email: info@torexa.ltd
Address: 7-9, Riga Feraiou, Office 310, Nicosia, 1087, Cyprus