Privacy Policy

The data controller responsible for your personal data is:

• KYPOS LTD, trading as Reon Living
• Registration number: HE 488430
• Registered office: Βορείου Ηπείρου 2/Q2, 8035 Paphos, Cyprus
• You can reach us for any data protection enquiry through our contact page or by writing to our registered address

We keep data collection to a minimum. We only gather information that is necessary to respond to your enquiries and operate our website:

• Contact details (name, email, phone number) when you submit an enquiry or request a quote
• Information about your pool and requirements to help us recommend the right system
• Technical data (IP address, browser type, device information) collected automatically when you visit our website
• Communication records when you contact us via WhatsApp, email, or phone

Under the GDPR, we must have a lawful basis for processing your personal data. Depending on the activity, we rely on:

• Your consent — when you voluntarily submit a contact form or reach out to us (Article 6(1)(a) GDPR)
• Contractual necessity — when processing is needed to provide you with a quote or fulfil a purchase (Article 6(1)(b))
• Legitimate interests — for website security, spam prevention, and improving our services, where these interests do not override your rights (Article 6(1)(f))
• Legal obligation — when we must comply with applicable laws, such as tax or accounting requirements (Article 6(1)(c))

We use a minimal set of cookies and similar technologies. Strictly necessary ones load without consent under ePrivacy Art. 5(3) because the site cannot function without them. Analytics and marketing cookies only load if you opt in per category, either via the cookie banner or via the Cookie preferences link in the footer. We do not sell personal data and we do not engage in cross-site profiling beyond what is disclosed below.

• Cloudflare Turnstile (cf_chl_* and similar) — Strictly necessary — anti-spam protection on the contact form. Duration: short-lived (session, up to 30 minutes). Legal basis: ePrivacy Art. 5(3) security exception.
• Admin session cookie (HttpOnly) — Strictly necessary — keeps our team signed in to the admin area; not set on public pages. Duration: session. Legal basis: ePrivacy Art. 5(3).
• Vercel Web Analytics — Analytics — cookieless measurement of aggregate page views; no personal data collected. Duration: not applicable (cookieless). Legal basis: consent (Art. 6(1)(a)).
• Vercel Speed Insights — Analytics — Core Web Vitals measurement to monitor site performance. Duration: not applicable (cookieless). Legal basis: consent (Art. 6(1)(a)).
• Google Ads conversion tracking (_gcl_*) — Marketing — measures conversion attribution from Google Ads campaigns and may set cookies on .googletagmanager.com and .doubleclick.net. Duration: up to 90 days for _gcl_au. Legal basis: consent (Art. 6(1)(a)). Conversion data is shared with Google Ireland Ltd as joint controller.

We never sell your personal data. We only share it with trusted service providers who help us operate our website and business: Some of these recipients are based outside the European Economic Area. In those cases, transfers are protected by Standard Contractual Clauses approved by the European Commission and, for transfers to the United States, by the EU–US Data Privacy Framework where the recipient is certified.

• Cloudflare — website security and spam protection (Turnstile verification)
• Vercel — website hosting infrastructure
• Meta (WhatsApp) — only if you choose to contact us via WhatsApp
• Google Ireland Ltd — Google Ads conversion measurement and remarketing audiences (loaded only with your consent)
• BINDER GmbH (Germany) — when needed to fulfil product orders and warranties

We take reasonable measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes secure hosting with encryption, access controls limiting data to authorised personnel, and regular review of our security practices.

Under the GDPR, you have the following rights regarding your personal data. To exercise any of these rights, contact us using the details in the Contact section below.

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your data ('right to be forgotten')
• Restriction — ask us to limit how we process your data
• Portability — receive your data in a commonly used, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — withdraw your consent at any time, without affecting the lawfulness of prior processing
• Complaint — if you believe your rights have been violated, you may lodge a complaint with the Commissioner for Personal Data Protection of Cyprus (www.dataprotection.gov.cy) or the supervisory authority in your EU member state of residence

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specifically:

• Contact form enquiries — up to 3 years after our last interaction
• Website analytics data — aggregated and anonymised, retained indefinitely
• Contractual records — as required by Cyprus tax and commercial law (typically 6 years)
• You can request deletion of your data at any time by contacting us

For any questions about this privacy policy, to exercise your GDPR rights, or to raise a data protection concern, please contact:

• KYPOS LTD (trading as Reon Living)
• Βορείου Ηπείρου 2/Q2, 8035 Paphos, Cyprus
• Registration number: HE 488430
• Use our website contact page or write to our registered address
• Data protection enquiries: privacy@reon.living
• We aim to respond to all data protection requests within 30 days