top of page


Eptagon Group of Companies Privacy Policy


1. Who We Are


EPTAGON GROUP OF COMPANIES (which includes Bioland Holdings Ltd and its affiliates and/or subsidiaries and Bioland Energy Cyprus Ltd and its affiliates and/or its subsidiaries) is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with the EU  2016/679 General Data Protection Regulation (GDPR) and the respective Law within the Cyprus Republic providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018).


Please read this Privacy Policy to learn about your rights, what information we collect, why we collect it and how we use it and how we protect the data collected.


This website is operated by EPTAGON GROUP LTD.


2. Why Do We Have a Privacy Policy


To inform you of our policies regarding the collection, use, and disclosure of personal data when you use our Services and the choices you have with the data we receive.


3. Who Can You Contact for Privacy Questions or Concerns


If you have questions or comments about this Privacy Policy or how we handle your personal data, please direct your correspondence to or call to 24505050 and ask to talk to the Data Protection Officer.


We aim to respond within 30 (thirty) days from the date we receive privacy-related communications.


4. What is GDPR?

EU 2016/679 General Data Protection Regulation – GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for EU residents. The new EU data protection regime extends the scope of the EU data protection law to all companies even outside the EU when they process data of EU residents.


5. How and when we collect your personal data?

We obtain your personal data mainly through any information you provide directly to us or through information provided by third parties. Below is a list of ways in which we collect your personal data:


a) Personal data collected directly from you, including:

  • when you become or contact us to become our client.

  • when you become or contact us to become our supplier or vendor.

  • when we are establishing a business relationship.

  • when you make requests to receive our products or services.

  • when we perform services through a contract.

  • when you provide products or services on our behalf as an agent or sub-contractor.

  • when you contact us for an enquiry, complaint or for any other reason (including submission of an employment application).

  • when you become our employee.

  • when you subscribe to our newsletter.

  • when you enter into our promotions, contests, and giveaways.

  • when you engage with or contact us through our social media accounts or websites.

b) Personal data collected from other sources, including:

  • from legal entities with whom we have a professional relationship, for example when you are an employee in a customer’s or partner’s or subcontractor’s or agent’s company offering services or support to us.

  • via third parties, including:

- our agents who have passed on your personal data to us

- our service providers

- our subcontractors

- applicants who intend to use our services and/or products


c) Personal data collected from publicly available sources, including:

  • the internet

  • the Department of Registrar of Companies and Official Receiver 

  • the press, the media and google analytics


6. Types of Personal Data Collected


We may collect the following personal data from you depending on the product or service we provide to you or which we receive from you:


  • Contact details such as your name, address, telephone number, e-mail address and fax number.

  • Identification details such as a copy of your ID, passport or driving license (e.g. when providing transportation services, becoming an employee or any procedure that requires the collection of such documents).

  • CV’s when you are interested in working with us or becoming an employee

  • Financial information such as your bank account number and account details when we need to perform a bank transaction.

  • Annual energy consumption statement when you intend to use our services and/or products

  • Details of any transactions you carry out with us.

  • Property Details such as Building Permits and title deeds of the property you intend to use our services and/or products.

  • Closed Circuit Television (CCTV) recordings in case you enter our office or warehouse premises or any of our PV Parks.

  •  Details of your driving behaviour through a GPS system or tachograph, when you drive vehicles if such systems are installed

  • Health Information when you become an employee and enter in the Company’s Medical Insurance Scheme or when your health condition is a critical factor in order to perform a specific job requirement.

  • Details of your visit to our website and information collected through cookies and other tracking technologies including your IP address and domain name, your browser version, and operating system and your location data.

  • Records of any correspondence and/or communications we have with you.

  • Details of contracts you enter into with us.

  • Your marketing preferences.

  • Other information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, email, online, or otherwise.

  • Data from websites such as the Internet Protocol (IP) address of your computer, web browser and operating system, device type (laptop, smartphone, tablet), communication language and region, basic server connection information and information collected through Cookies.

  • Photos in case you are present in one of our events where we have taken photos


7. Why we collect your personal data?

We shall process and use your information where we have your consent or we have a lawful reason for using it subject to applicable law. Most commonly, we will use your personal data in the following circumstances:


a) Where we need to perform the contract or arrangement we have entered into or agreed with you or in order to take certain steps prior to entering into a contract with you such as:


(i) Processing is necessary for us in order to provide you with our products or services or information, and more specifically in order to:


  • review any proposal made by you and provide you with a quotation

  • perform any licensing procedures that involve governmental authorities and organizations in order to enter in a contractual agreement with you.

  • prepare your installation or leasing contract

  • to perform any licensing procedures necessary for providing you with our products and/or services and your details are included in the title deeds or building permits of the property.

  • communicate with you in order to manage our business relationship with you and resolve any complaints and/or enquiries you may have;

  • notify you about any changes to our products and/or services, including pricing;

  • recover any payment due to us in respect of the products and/or services we provide to you.


(ii) Processing is necessary for us in order to enter in a contractual agreement with you in case you become an employee


(iii) Processing is necessary for us in order to enter in a contractual agreement in case you provide services or products


b) Where we need to comply with a legal obligation


Such obligations and requirements impose on us necessary personal data processing activities for compliance with governmental regulatory bodies, court orders, tax law and/or other reporting obligations for carrying out our business and be compliant with regulatory obligations imposed on us.


c) Where we have appropriate legitimate interests to use your personal data


In some cases, we may process your personal data to pursue legitimate interests of our own or those of third parties provided your interests and fundamental rights are not overridden by our interests. More specifically, we may process your personal data in order to:


  • maintain our accounts and records;

  • enhance the security of our network and information systems;

  • identify, prevent and investigate fraud and other unlawful activities, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality;

  • safeguard the security of our people, premises and assets and prevent trespassing through video surveillance;

  • manage our infrastructure, business operations and comply with internal policies and procedures;

  • Comply with procedures of other organizations and public authorities that are needed to perform our activities;

  • modify or otherwise improve our products, services and communications;

  • defend, investigate or prosecute legal claims;

  • receive professional advice (e.g. tax or legal advice);

  • perform data analytics (such as market research, trend analysis, financial analysis and customer segmentation).

  • Retrieve any applications you have done with our Company in case you need a future upgrade of our products, or request of further services from us.

  • Provide you with after-sales support according to our maintenance agreements

  • Provide you support regarding the claims of the products received within the warranty period

  • Help you enrol in an online monitoring platform to monitor the energy performance of your PV System (where applicable).

  • Provide you with benefits (e.g health insurance) when you become an employee


d) Where you have given us your consent

  • In some cases, where you have given us your consent to process your personal data for one or more specific purposes (e.g Communicate with you for any job openings if we hold your CV within the period mentioned on our data retention policy,  or for marketing purposes).

You may withdraw your consent to such processing at any time. Please note that any processing that was carried out prior to the withdrawal of your consent shall not be affected in any way.

8. Children's Privacy

We may occasionally collect personal data from data subjects under the age of 18 (for purposes of any grants or landowner or other). In that case, we obtain explicit consent from both parents to process that kind of data.

9. With whom we may share your personal data


We may share your personal data with third parties as listed below. When we do so, we request from such third parties to have appropriate technical and organizational measures in place to protect your personal data. We will not share any of your personal data for any purpose other than the purposes described in this privacy statement, nor will we sell your personal data to anyone.

  • Competent authorities and governmental services (e.g land registry, department of town planning and housing, district administrations, Cyprus Energy Regulatory Authority, Ministry of Energy) as part of the necessary procedures we need to perform in case you are applying for one of our services or comply with legislation relevant to health and safety issues (e.g notification to the department of labour inspection in case of an accident)

  • Service providers we have chosen to support us by offering technical expertise in order to perform/improve our activities or legal obligations

  • Training centres and governmental organizations that subside employee training (e.g Human Resource Development Authority) in case you are one of our employees

  • Benefit providers (i.e insurance providers), pension and payroll administrators in case you are one of our employees

  • Auditors and accountants

  • External consultants

  • Members of the Eptagon Group of Companies and/or affiliates and/or subsidiaries

  • Suppliers who provide product guarantees of the products that we buy some of which may be a European or International Companies


10. Data Retention Period


Unless a longer retention period is required by applicable laws, we will retain your information for as long as we have a business relationship with you. More specifically:

(a) Once our business relationship with you has ended (end or cancel of contractual agreement), we may keep your personal data for the longest of the following periods:


  • Retention Period as defined by the Limitation of Actionable Rights Law 66(I)/2012

  • the end of the period in which legal action or investigations might arise in respect of the products and services provided or received.


This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as processing any disputes or claims pending for any services or products.


(b) If you have received a quotation from us:

  • As a home potential client, the retention period is 2 years after receiving our quotation. If your property is not suitable for PV Installation or you don’t have all the necessary documentation for application purposes, your personal data will be immediately destroyed.

  • As a landowner for leasing contracts, the retention period is up until we reach to an agreement. If we don’t reach to an agreement or if the land is not suitable for the development of a PV Park, your data will be destroyed immediately.


(c) Personal Data related to HR issues

  • Once you have sent us your CV, your personal data will be kept for a maximum of 12 months if you are unsuccessful in a job opening and we deem it necessary to keep your information for future job openings. Your data may be destroyed at any time within the 12-month period if evaluated and deemed that is no longer necessary to keep.  

  • Annual leave records will be kept for 2 years after the ending of each financial year.

  • Employee files including employment contracts will be kept for a period defined in paragraph 10 (a)

  • Recordings of any CCTV are automatically deleted after 7 days.

  • Training applications to the HRDA will be kept for 7 years according to the tax law

  • Details on the timesheet when you become an employee are kept for 12 months.

  • Investigations regarding Health and Safety Incidents and Accidents will be kept for 10 years as required by the law.


(d) Supplier personal data and any other data arising for bookkeeping purposes will be kept for a period of 7 years as required by the tax law.


We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it to protect legitimate company interests (e.g. statute of limitations periods).


11. What are the rights of the Data Subject?


The Data Controller must inform the Data Subject of his/her rights. GDPR grants numerous rights to the Data Subject, such as:


  • Right to Information (Article 12):

The Data Subject has the right to concise, transparent, intelligible and easily accessible information without undue delay and in any event within one month of receipt of a request for such information. The information is provided free of charge unless requests are malicious in intent or excessive, in particular, because of their repetitive character, then our Company may either: a) Charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or b) Refuse to act on the request.


  • Right to Information during the process of obtaining consent (Articles 13 & 14):

During the process of obtaining consent, our Company informs the Data Subject of the purpose of collecting his/her Personal Data, the period for which the Personal Data will be stored, his/her rights, the categories of Data and the source of any Data that has not been collected by Eptagon Group of Companies.


  • Right of Access (Article 15):

The Data Subject has the right to obtain a copy of his/her Personal Data and to be fully informed about the Data, the purposes of the processing, the categories of Personal Data, the storage period and the criteria used to determine that period, the recipients to whom the data has been disclosed and the source of any Data that has not been collected by Eptagon Group of Companies.


  • Right to Rectification/Amendment (Article 16):

The Data Subject has the right to demand the rectification/completion of inaccurate Personal Data and his/her demand must be satisfied without undue delay.


  • Right to Erasure “Right to be Forgotten” (Article 17):

The Data Subject has the right to demand the erasure of his/her Personal Data and his/her demand must be satisfied without undue delay unless the Data Controller has an overriding legitimate interest.


  • Right to Restriction of Processing (Article 18):

The Data Subject has the right to demand the restriction of processing when he/she questions the accuracy of the Personal Data or the processing is unlawful or no longer essential.


  • Right to Notification (Article 19):

The Data Controller must communicate any rectification or erasure of Personal Data or restriction of processing to each recipient to whom the Personal Data has been disclosed and inform the Data Subject accordingly.


  • Right to Data Portability (Article 20):

The Data Subject has the right to receive his/her Personal Data in digital form and to transmit it to another organization or to demand its direct transmission to another organization. This does not apply to Public bodies but it does apply to the Eptagon Group of Companies.


  • Right to Object (Article 21):

Processing stops after such an objection, unless the Data Controller has an overriding legitimate interest.


  • Right to Non-Automated Individual Decision-Making (Article 22):

The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her.


The Data Subject has the right to submit a complaint to the Commissioner for Personal Data Protection at any time if he/she believes that any of his/her rights have been violated.


Furthermore, the Data Subject has the right to withdraw his/her consent at any time. If you wish to withdraw your consent you should notify our Data Protection Officer by writing at 3 Eleftherias Ave., 7102, Aradippou, Cyprus or via email at


Withdrawal of consent does not affect the legality of the processing which was based on it prior to withdrawal. If Eptagon Group of Companies has a legitimate interest in retaining the Data Subject’s Personal Data, his/her request to withdraw consent and have the data deleted may be denied.

12. Handling leaks of Personal Data


Our Company informs the Commissioner for Personal Data Protection in detail of any leak and/or violations within 72 hours of being made aware of such a leak/violation. Our Company informs the Data Subject (natural person) when there is a high risk of violation of his/her rights and freedoms.



13. Safeguarding your data


We use a range of administrative, technical and technological measures to keep your information safe and secure both physically and electronically. We require our staff and any third parties who carry out any work for our companies or at our premises or servers to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.


14. Statistical Analysis


Based on the data we collect, we can export anonymous, aggregated statistics that allow us to understand how people use the website and help us to improve the structure and its content. These cookies do not store any personally identifiable information.


15. Cookies and other technologies


Some information about you is automatically collected through cookies and other technologies. Read more about cookies below.

a) What Cookies are?

A cookie is a small text file that visited websites save on your computer or device. Cookies are used to provide visitors access to various functions. The cookies do not cause damage to your device in any way.


b) Why we use cookies?

The use of cookies on our website aimed for a better navigation experience of visitors to our website and to provide personalized web pages to reflect the needs and interests of the visitor.

Cookies can also be used to export anonymous, aggregated statistics that allow us to understand how visitors use the website and help us improve the structure and its content. These cookies cannot verify the identity of the visitor.


c) Types and Categories of Cookies

There are two types of cookies, persistent cookies and session cookies.

Session Cookies expire and no longer have any effect when you close your browser. Persistent Cookies remain on your device until you erase them or they expire.

d) The two types of cookies can be distinguished in three categories:

• Functionality Cookies

These cookies allow the website to remember choices you make (such as your username, language or region you are in) and provide enhanced, more personalized features.


• Performance/Analytics Cookies

These cookies collect aggregated information anonymously, in a form that does not allow direct association with a particular person. This information helps improve websites by identifying any problems that visitors may encounter during their visit and by learning which pages they visited.


• Targeting Cookies

These cookies are used to provide ads more relevant to you and your interests. It can be used for targeted advertising/offers. They are usually placed to remember your visit to a website and share that information with other marketing channels.


e) Disable cookies


You can change your browser settings to reject some or all cookies. However, disabling cookies may occur to the unavailability of some of our website features.


16. Changes to This Data Protection Policy


The Company may modify this Data Protection Policy at any time without notice.

You are advised to review this Data Protection Policy periodically for any changes. Changes to this Data Protection Policy are effective when they are posted on this page.


17. Prevailing Language

This Policy may be executed in multiple counterparts in the English language, each of which shall be deemed an original but which, taken together, shall constitute one and the same instrument. Should any conflict arise between the English language version of this Policy and any translation hereof, the English language version shall prevail.

bottom of page