Privacy policy

The controller of personal data collected through this website is Kisku Ltd, a company incorporated in Cyprus with a presence in Paphos, operating the Affinity brand and this marketing site (“Affinity”, “we”, “us”). Contact details are those published on the site or that you provide via the contact form.

Where we act as a processor for a customer, their documentation applies to that processing; this policy covers the marketing site and the contact channels described here.

Minimisation and proportionality: we only process data needed to respond to you, run the site securely, and meet legal duties.

No visitor profiling: we do not use audience measurement, behavioural advertising, or equivalent tracking on this site—consistent with our minimum-exposure approach.

No misuse of data: we do not sell personal data or share it for purposes beyond those described here.

This policy applies to your use of this website and to messages sent through the contact form. It does not replace specific agreements (for example, service terms) where those apply.

Essential technical data: IP address, browser type, language and, where applicable, access logs and timestamps for security, abuse prevention, incident handling, and legal compliance. This site does not use analytics or advertising cookies or equivalent visitor tracking; we do not build commercial profiles from your browsing on these pages.

Information you choose to provide: name, email, organisation (if you add it) and the content of your message when you use the contact form or other channels we offer.

To handle and respond to enquiries, including relevant commercial or support follow-up, based on your consent or, where applicable, steps taken at your request before entering a contract.

To secure and operate the site (for example, abuse prevention or technical incidents) and, where required, to meet legal obligations. Legitimate interests in a reliable service are balanced against your rights and minimisation; we do not carry out solely automated decision-making with legal or similarly significant effects for you on this site.

We keep data only as long as needed for the purposes collected and for any statutory retention periods. Contact messages are kept while the thread is handled and for a reasonable period afterwards, unless a longer retention duty applies.

We may share data with processors that provide strictly necessary services (for example, hosting, delivery or relay of the contact form, or technical support), under appropriate contracts or safeguards as required by law. We do not share data for advertising audience analytics on this site or for sale.

If a processor is outside the European Economic Area, we use recognised transfer tools (such as standard contractual clauses) where needed.

Where the GDPR or similar law applies, you may have rights of access, rectification, erasure, restriction, objection and data portability, and you may withdraw consent at any time without affecting prior lawful processing.

You may also lodge a complaint with your local supervisory authority. To exercise rights or ask about this policy, use the contact form or the details provided on the site.

We apply reasonable technical and organisational measures to protect data against unauthorised access, loss or alteration. No system is perfectly secure; if you notice a possible issue related to this site, please tell us.

This site is not directed at children under 16. If you believe we have collected a child’s data without appropriate consent, contact us so we can address it.

We may update this policy to reflect legal or site changes. The current version will always be on this page; for material changes we will indicate them reasonably. Please review this policy from time to time.