RG Standard Consulting

— Privacy

Privacy Policy.

RG Standard Consulting LTD (“RG Standard Consulting”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard personal data when you visit rgstandard.com, contact us, or engage our services, in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Cyprus data protection law.

Effective date: 13 May 2026 · Last updated: 13 May 2026

1. Data controller

The data controller responsible for your personal data is:

RG Standard Consulting LTD
Limassol, Cyprus
Email: hello@rgstandard.com

For any privacy-related questions or to exercise your rights, please use the contact details above.

2. Personal data we collect

We collect only the personal data necessary for the purposes described below. The categories of data we may process include:

  • Identity and contact data: name, email address, company, role/title, country.
  • Enquiry data: the content of messages you send through our contact form or by email, the engagement type you select, and any information you choose to share with us.
  • Scheduling data: calendar metadata (date, time, time zone, meeting link) processed by our scheduling provider when you book a call.
  • Technical and usage data: IP address (typically truncated), browser type and version, device type, operating system, referring URL, pages visited, approximate location (country/region), and timestamps. Where analytics are enabled, this data is collected in aggregated, pseudonymised form.
  • Cookies and similar technologies: only strictly necessary cookies are set without consent. See section 9.
  • Client engagement data: if you become a client, we process additional data necessary to deliver our services and meet legal, accounting, and tax obligations.

We do not knowingly collect special category data (e.g. health, political opinions, religious beliefs) and ask that you do not submit such data through our forms.

3. How we use your data and legal bases

We process personal data only where we have a lawful basis under Article 6 GDPR. The purposes and corresponding legal bases are:

  • To respond to enquiries submitted via our contact form, email, or scheduling tool — Article 6(1)(b) (steps prior to entering into a contract) and Article 6(1)(f) (legitimate interest in responding to business enquiries).
  • To provide services to clients, manage engagements, issue invoices, and provide support — Article 6(1)(b) (performance of a contract).
  • To comply with legal obligations, including accounting, tax, anti-money-laundering, and record-keeping requirements — Article 6(1)(c).
  • To operate, secure, and improve the website, prevent fraud or abuse, and ensure technical reliability — Article 6(1)(f) (legitimate interests).
  • To send occasional service-related communications to existing clients about their engagement — Article 6(1)(b) and 6(1)(f).
  • For analytics and optional cookies, where used — Article 6(1)(a) (consent), which you may withdraw at any time.

4. How we share your data

We do not sell personal data. We share data only with carefully selected service providers (processors) acting on our documented instructions, and only where necessary. Categories of recipients include:

  • Hosting and infrastructure providers for the website and related services.
  • Form-handling providers for processing contact form submissions.
  • Calendar and scheduling providers for booking calls.
  • Email providers for sending and receiving correspondence.
  • Analytics providers, where consent has been given, configured to respect user privacy.
  • Professional advisors (e.g. accountants, auditors, legal counsel) under duties of confidentiality.
  • Public authorities where required by law, court order, or to protect rights and safety.

All processors are bound by data processing agreements compliant with Article 28 GDPR.

5. International data transfers

Some of our processors may be located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with Chapter V GDPR, such as:

  • Transfers to countries covered by an adequacy decision of the European Commission;
  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Supplementary technical and organisational measures, where required following a transfer impact assessment.

You may request a copy of the safeguards in place by contacting us at the address in section 1.

6. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements. Indicative retention periods:

  • Contact enquiries: up to 24 months from last contact, unless an engagement begins.
  • Client engagement records: for the duration of the engagement and up to 7 years thereafter to comply with Cyprus accounting, tax, and statutory record-keeping obligations.
  • Website logs and security data: typically up to 12 months.
  • Analytics data (where consent given): in aggregated form, up to 26 months.

When retention periods expire, data is securely deleted or irreversibly anonymised.

7. Your rights under the GDPR

Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access — to obtain confirmation of and a copy of the personal data we hold about you (Art. 15).
  • Right to rectification — to have inaccurate or incomplete data corrected (Art. 16).
  • Right to erasure — the “right to be forgotten” in certain circumstances (Art. 17).
  • Right to restriction of processing in certain circumstances (Art. 18).
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format (Art. 20).
  • Right to object to processing based on legitimate interests, including profiling (Art. 21).
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3)).
  • Right not to be subject to automated decision-making producing legal or similarly significant effects (Art. 22). We do not carry out such automated decision-making.

To exercise any of these rights, please email hello@rgstandard.com. We will respond within one month of receiving your request, in line with Article 12(3) GDPR. We may need to verify your identity before fulfilling certain requests.

You also have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for RG Standard Consulting LTD is the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (www.dataprotection.gov.cy). You may also complain to the supervisory authority in your country of residence.

8. Data security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in line with Article 32 GDPR. These measures include encryption in transit (TLS), access controls, least-privilege principles, secure credential management, and regular review of our security practices. In the unlikely event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and, where required, affected individuals without undue delay.

9. Cookies and tracking technologies

Our website uses only strictly necessary cookies by default. These are required for core functionality (e.g. security, session management) and do not require consent under Article 5(3) of the ePrivacy Directive.

Where we use analytics or other non-essential cookies, we do so only after obtaining your prior, freely given, specific, informed, and unambiguous consent through our cookie banner. You may withdraw consent at any time via the cookie settings. Refusing non-essential cookies will not affect your ability to use the website.

10. Children’s privacy

Our services are intended for business professionals and are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Third-party links

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The “Last updated” date at the top of this page indicates when the policy was most recently revised. Where changes are material, we will provide a more prominent notice or, where required by law, obtain your renewed consent.

13. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please contact us at hello@rgstandard.com. We are committed to working with you to obtain a fair resolution of any privacy concern.