Privacy Policy | Chargetower

1. Introduction

Chargetower Defense Ltd (“Chargetower”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website at chargetower.io, use our secure portal at app.chargetower.io, access our API services, or engage with our chargeback alert, dispute resolution, fraud prevention, and identity verification services.

This Privacy Policy applies to all personal information we process as both a data controller and a data processor in connection with our services, and is issued in accordance with the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the Cyprus Law Providing for the Protection of Natural Persons with Regard to the Processing of Personal Data (Law 125(I)/2018).

2. Who We Are

Data Controller

Chargetower Defense Ltd

Parodos Eleftherias Street 14, 4520 Parekklisia, Cyprus

Company Number: HE490563 · VAT: CY60346070E

Email: niko@chargetower.io

Website: chargetower.io

You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus at any time. However, we would appreciate the opportunity to address your concerns in the first instance — please contact us at niko@chargetower.io.

3. Information We Collect

3.1 Information Collected Directly from You

Website visitors:

Contact information (name, email address, company name, phone number)
Communication preferences
Enquiry details and correspondence
Marketing preferences

Portal and API users (authorised clients):

Account credentials and authentication information
User profile information
Service usage data and logs
Technical configuration data
Communication and support correspondence

3.2 Information We Process on Behalf of Clients

As part of our chargeback alert, fraud prevention, and identity verification services, we process customer data on behalf of our merchant clients, including:

Transaction identifiers and references
Chargeback and dispute information
Customer identifiers (as provided by merchants)
Payment card details (last four digits only)
Risk assessment data
Alert and notification data

Important: We act as a data processor for this information. Our merchant clients remain the data controllers and are responsible for ensuring they have appropriate legal bases for sharing this data with us.

3.3 Information Collected Automatically

Website analytics:

IP addresses and location data
Browser type and version
Device information
Pages visited and time spent
Referral sources
Cookie data (see Section 8)

Service analytics:

API usage statistics
Portal access logs
System performance data
Error and diagnostic information

4. Legal Bases for Processing

We process personal information under the following legal bases of Article 6 GDPR:

4.1 As Data Controller

Contract performance (Art. 6(1)(b)): To provide our services and fulfil our contractual obligations
Legitimate interests (Art. 6(1)(f)): For business development, service improvement, and direct marketing to existing business contacts
Legal obligation (Art. 6(1)(c)): To comply with legal and regulatory requirements
Consent (Art. 6(1)(a)): Where you have given specific consent (e.g., marketing communications to new contacts)

4.2 As Data Processor

When processing customer data on behalf of merchant clients, we rely on the documented instructions and legal bases established by our clients as data controllers, in accordance with Article 28 GDPR.

5. How We Use Your Information

5.1 Website Visitors

Respond to enquiries and provide information about our services
Process contact forms and support requests
Send marketing communications (with consent or under legitimate interest, as applicable)
Improve our website and user experience
Conduct market research and analysis

5.2 Portal and API Users

Provide access to our services and maintain user accounts
Deliver chargeback alert, fraud prevention, and identity verification services
Provide technical support and customer service
Monitor service performance and security
Conduct service analytics and improvements
Fulfil our contractual obligations

5.3 Client Customer Data

Generate and deliver chargeback alerts
Provide dispute resolution services
Conduct fraud prevention and identity verification analysis
Generate reports and analytics for clients
Maintain service functionality and security

6. Information Sharing and Disclosure

6.1 Third-Party Service Providers

We may share personal information with trusted third-party service providers who assist us in operating our business, including cloud hosting and infrastructure providers, analytics and monitoring services, communication and support platforms, and security and fraud prevention partners. All third-party processors are contractually obligated under Article 28 GDPR to protect your information and use it only for specified purposes.

6.2 Legal Requirements

We may disclose personal information when required by law, regulation, legal process, or governmental request, or to comply with legal obligations, protect our rights and property, ensure the safety of our users and the public, or investigate potential violations of our terms.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to appropriate data protection safeguards.

6.4 With Your Consent

We may share information for other purposes with your explicit consent.

7. International Data Transfers

Our primary processing takes place within the European Economic Area (EEA). Where we transfer personal information to countries outside the EEA, we ensure appropriate safeguards are in place under Chapter V of the GDPR, including:

Adequacy decisions by the European Commission
Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules
Other legally recognised transfer mechanisms

8. Cookies and Similar Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our website is used.

8.2 Types of Cookies We Use

Essential cookies: Necessary for website functionality and security
Analytics cookies: Help us understand website usage and performance
Functional cookies: Remember your preferences and settings
Marketing cookies: Used to deliver relevant communications (with consent)

8.3 Your Cookie Choices

When you first visit our website, we display a cookie consent banner that allows you to accept all cookies or choose essential-only. We will not place any non-essential cookies on your device until you have given consent through this banner. You can change your choice at any time by clicking the “Cookies” link in the footer of any page. You can also control cookies through your browser settings, though disabling certain cookies may affect website functionality.

9. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations under Cyprus and EU law, and resolve disputes.

Specific retention periods:

Website enquiries: 3 years from last contact
Marketing data: until consent is withdrawn or contact becomes inactive
Client account data: duration of contract plus 7 years for legal compliance
Service usage logs: 12 months for security and performance monitoring
Customer data (processed for clients): as instructed by client or required by law
Financial records: 7 years for Cyprus tax and accounting compliance

When retention periods expire, we securely delete or anonymise personal information using industry-standard methods.

10. Data Security

We implement appropriate technical and organisational security measures, as required by Article 32 GDPR, to protect personal information against unauthorised access, alteration, disclosure, or destruction, including:

Encryption of data in transit and at rest
Regular security assessments and monitoring
Access controls and authentication systems
Staff training on data protection and security
Incident response and breach notification procedures
Regular backup and disaster recovery testing

11. Your Rights

Under the GDPR and Cyprus data protection law, you have the following rights:

Right of access (Art. 15): request a copy of the personal information we hold about you
Right to rectification (Art. 16): request correction of inaccurate or incomplete personal information
Right to erasure (Art. 17): request deletion of your personal information in certain circumstances
Right to restrict processing (Art. 18): request that we limit how we use your personal information
Right to data portability (Art. 20): request a copy of your personal information in a structured, machine-readable format
Right to object (Art. 21): object to our use of your personal information for direct marketing or legitimate interests
Rights related to automated decision-making (Art. 22): request human review of automated decisions that significantly affect you
Right to withdraw consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at niko@chargetower.io. We will respond to your request within one month, though this may be extended in complex cases as permitted by Article 12(3) GDPR.

12. Children’s Privacy

Our services are designed for businesses and are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

13. Marketing Communications

We will only send marketing communications to individuals who have given explicit consent or where we have a legitimate interest (for existing business clients regarding similar services). You can unsubscribe at any time by clicking the unsubscribe link in any marketing email, contacting us at niko@chargetower.io, or updating your preferences in your account settings.

14. Third-Party Links and Services

Our website may contain links to third-party websites, plugins, and services. This Privacy Policy does not apply to these external sites. We recommend reviewing the privacy policies of any third-party services you use.

15. Data Processing for Clients

When providing services to merchant clients, we act as a data processor under Article 28 GDPR. This means we process customer data only on behalf of and according to documented client instructions, clients remain responsible as data controllers, we implement appropriate technical and organisational measures, and we assist clients with their data protection obligations.

Our data processing arrangements with clients are governed by separate Data Processing Agreements (DPAs) that form part of our service contracts.

16. Contact Information

Data Protection Enquiries

Email: niko@chargetower.io

Post: Chargetower Defense Ltd, Parodos Eleftherias Street 14, 4520 Parekklisia, Cyprus

Supervisory Authority

Office of the Commissioner for Personal Data Protection of the Republic of Cyprus

1 Iasonos Street, 1082 Nicosia, Cyprus

Website: www.dataprotection.gov.cy

Email: commissioner@dataprotection.gov.cy

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this policy, notify you via email if you have provided your email address, and post a notice on our website. We encourage you to review this Privacy Policy regularly.

18. Compliance and Governance

This Privacy Policy is designed to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679), the Cyprus Law 125(I)/2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data, the ePrivacy Directive 2002/58/EC and its Cyprus implementation, and other applicable data protection laws. We regularly review our data protection practices to ensure ongoing compliance.