Privacy Policy

Effective date: 26.06.2025

1. Who We Are

This Privacy Policy describes how BARHEADS DESIGN LAB LTD (referred to as “we”, “our”, or “us”) collects, uses, and protects personal data through our website and digital services.

We are a company registered in Cyprus, with operations across Europe and beyond.

Contact information:
Email: [email protected]
Business address: Franklinou Rousvelt, 170
LIMASSOL CHAMBER, 2nd floor
Omonia, 3048, Limassol, Cyprus

2. Scope of This Policy

This policy applies to all visitors to our website and users of our services, including those located in the European Economic Area (EEA), the United Kingdom, and other jurisdictions worldwide.

This Policy applies to data processing activities carried out as part of:

  • Website management www.barheads.com (“Website”).

  • Requests sent through the feedback forms posted on the Website.

  • Sending newsletter.

  • Interaction with clients, service providers and partners.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws, including California’s CCPA, if relevant.

3. What Personal Data We Collect

The categories of personal data we collect depend on how you interact with us, use the Website, and the requirements of the Applicable Legislation.

We may collect and process the following categories of personal data:

  • Identification data: name, email address, phone number, company name

  • Technical data: IP address, browser type, device information, language settings

  • Behavioral data: pages visited, time spent on Website, referral sources

  • Cookies and tracking data: gathered through analytics and advertising tools (e.g. Google Analytics, Google Tag Manager)

4. What does Personal Data Processing mean

“Personal Data Processing” covers “any operation” performed on personal data “such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

5. How We Collect Data

  • When you fill out contact or inquiry forms

  • When you subscribe to our newsletter or marketing updates

  • Automatically through cookies, tags, or similar technologies

  • Via consent management platforms (CMP), in line with Consent Mode v2

We use Google Tag Manager to implement and manage tags, and integrate with Google-certified CMP partners to manage user consent as required.

6. What is our role with respect to your Personal Data

With respect to personal data collected via the website or social networks (LinkedIn, Facebook), we may act as data controller, joint controller, or data processor, depending on the circumstances.

  • Data controller is entity or individual who decides why and how personal data is processed and is responsible for making sure the law is followed, including getting consent and protecting the rights of data subjects.

  • Joint data controller is two or more parties who jointly determine the purposes and means of processing, sharing responsibility for compliance with the law. For example, when processing data from social networks, we may be a joint controller for the data you provide and statistical data from social networks, while the social networks themselves are independent controllers for other processing of your data.

  • Data processor is an entity that processes personal data on behalf of a data controller in accordance with its instructions, including the collection, storage, organization, analysis, and deletion of data.

7. Legal Basis for Processing (GDPR – Article 6)

We process your personal data based on the following lawful grounds:

  • Your consent (e.g. for marketing or cookies)

  • Performance of a contract (e.g. to respond to a business inquiry)

  • Legitimate interests (e.g. internal analytics and service improvement)

  • Compliance with legal obligations

8. Our principles of Processing

  • Lawfulness, Fairness, and Transparency

  • Purpose Limitation

  • Data Minimization

  • Accuracy

  • Integrity and Confidentiality

  • Accountability

  • Lawful Bases for Processing

  • Data Subject Rights

  • International Data Transfers Security

9. Use of Data

We use your personal data to:

  • Respond to inquiries and provide consultancy services

  • Manage projects and customer communications

  • Analyze and optimize website performance

  • Provide personalized advertising or retargeting (only with consent)

  • Comply with applicable laws and contractual obligations

  • Provide a better user experience by improving functionality, usability, user flow and interface of the Website

  • Provide you with marketing and newsletter emails concerning our services, compliance guidance, as well as general updates

  • Communicate with the visitors, participants, or subscribers

  • Handle requests from visitors via the communication channels

  • Obtain statistical information about the reach of the communication channels

  • Conduct customer surveys, marketing campaigns, market analyses, or other promotions and events

  • Provide Website users with the experience and impressions of others from cooperation with us

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable core website functionality

  • Collect analytics data (Google Analytics)

  • Manage advertising preferences and consent (via CMP)

  • Measure effectiveness of marketing campaigns

Our site implements Google Consent Mode (v2) to respect your privacy choices. When you visit our site, you will be presented with a cookie consent banner that allows you to choose whether or not to allow analytics and advertising cookies.

For more information, please refer to our Cookie Policy.

11. Data Sharing

We do not share your personal data for direct marketing purposes, but we may transfer it to our technical partners:

  • Cloud service providers (e.g. hosting, CRM)

  • Analytics and marketing service providers (e.g. Google, Meta)

  • Third-party partners involved in project delivery (where necessary)

  • Regulatory authorities or legal entities (if required)

We ensure all third parties meet the same level of data protection we uphold.

Some of these providers may be located outside the EU. In such cases, we ensure adequate safeguards are in place (e.g. Standard Contractual Clauses).

12. Your Rights (EU/EEA Users)

Under GDPR, you have the right to:

  • Access your data

  • Correct inaccurate information

  • Withdraw your consent at any time

  • Request data deletion (“right to be forgotten”)

  • Object to data processing

  • Request data portability

  • Lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at [email protected].

13. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by applicable law:

  • Inquiry/contact form data: up to 2 years, after the last communication, unless otherwise provided by the relevant legislation

  • Analytics data: up to 2 years

  • Marketing data: until it is not deleted by End User or respective Social Media

  • Subscription Data: as long as you remain a subscriber

  • Contract Data: 2 years after termination (in case of contractual relationship)

  • Feedback Data: as long as your feedback remains on our Website

14. Data Security

We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse, including access controls, encryption, and secure storage in accordance with GDPR standards.

15. Changes to This Policy

We reserve the right to modify this policy. Updates will be published on this page with a revised effective date. We recommend checking this page regularly to stay informed.

16. International Visitors

Our website may be accessed from outside the European Union. Regardless of location, we aim to apply GDPR-level data protection standards. Users from California (USA), Brazil, or Canada may have additional rights under their local laws.