top of page

Privacy Policy

1. Who we are

This website is operated by Ledgerro Accounting & Tax Ltd (hereinafter referred to as “Ledgerro”, a company established in the Republic of Cyprus. Ledgerro provides accounting, tax, and related advisory services.

​

Ledgerro processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Cyprus Data Protection Law 125(I)/2018.​

​

2. What data we collect

2.1 Information you provide

​

When you contact us or use our services, you may provide:

  • Identification and contact details (name, email, phone, company, role).

  • Information about your business and accounting or tax situation.

  • Content of messages sent through forms, chat or email.

  • Billing or payment-related information where we issue invoices (card data itself is processed by payment providers if/when used).​

​

2.2 Information collected automatically

When you visit our website, technical data is collected automatically, such as:

​

  • IP address, browser type, device type and operating system.

  • Pages visited, access times and basic interaction with the site.

  • Cookies that are strictly necessary for the operation of the site and cookie banner (see Cookies Policy).​

​

At present, we do not intentionally use separate analytics or advertising tools on this site; if this changes, this Policy and our Cookies Policy will be updated and additional consent will be requested where required.​

​

3. Why we use your data (legal bases)

​

We process personal data only where there is a lawful basis under GDPR:

​

  • To respond to enquiries and provide services

    • When you contact us, we use your details to respond and, if you become a client, to perform the contract we enter into with you (GDPR Art. 6(1)(b)).​

​

  • To manage our business relationship with you

    • Invoicing, accounting records, client files and communication history are necessary for our legitimate interests in operating an accounting and tax practice, and for performance of our contract with you.​

​

  • To comply with legal and regulatory obligations

    • We may need to process and retain data to comply with tax, accounting, anti‑money laundering and professional obligations under Cyprus and EU law (GDPR Art. 6(1)(c)).​

​

  • To maintain and secure the website

    • Limited technical data and essential cookies are used to keep the site running, prevent abuse and detect errors; this is based on our legitimate interest in providing a secure, functional website (GDPR Art. 6(1)(f)).​

​

  • With your consent

    • If in future we use non‑essential cookies or send marketing emails, we will do so only where you have given consent (GDPR Art. 6(1)(a)), which you can withdraw at any time.​

​

4. Who we share data with

​

We do not sell your personal data. We may share it with:

​

4.1 Service providers

​

These providers act as processors and only process data on our instructions, under appropriate contracts:

  • Wix.com Ltd. – website hosting, content management and infrastructure (Wix CMS, Wix Chat).​

  • Usercentrics A/S – consent management platform used to display the cookie banner and store your choices.​

  • Email and productivity services (e.g. Gmail / Google Workspace) – used for email communication and internal collaboration.​

​

If we later use other services (e.g. analytics, secure storage, payment processors), they will be added to this list and covered by suitable data processing agreements.​

​

4.2 Professional and legal recipients

​

  • Auditors, accountants or legal advisers supporting our regulatory, tax or legal obligations.

  • Public authorities, regulators, tax offices or courts where required by law or in order to establish, exercise or defend legal claims.​

​

4.3 International transfers

​

Some service providers (for example Wix and Google) are located outside the European Economic Area. Where personal data is transferred outside the EEA, we use safeguards such as Standard Contractual Clauses or other mechanisms permitted under GDPR to ensure an appropriate level of protection.​

​

5. How long we keep your data

​

We retain personal data only for as long as necessary for the purposes described above and to comply with legal obligations:

​

  • Client and engagement records: normally at least six years after the end of the relationship, to meet Cyprus tax and accounting rules.​

  • Enquiries where you do not become a client: generally up to three years from last contact, unless a longer period is needed for legal reasons.

  • Technical and security logs: kept for a short, limited period necessary to ensure security and diagnose issues.

​

When data is no longer needed, it is securely deleted or anonymised.​

​

6. Your rights

​

Under GDPR and Cyprus law, you have the following rights, subject to certain conditions and exemptions:​

  • Right of access – obtain confirmation whether we process your data and receive a copy.

  • Right to rectification – have inaccurate or incomplete data corrected.

  • Right to erasure – request deletion of your data, where there is no overriding reason for us to keep it.

  • Right to restriction – ask us to limit the way we use your data in certain situations.

  • Right to data portability – receive data you provided to us in a structured, commonly used, machine‑readable format, where processing is based on consent or contract and carried out by automated means.

  • Right to object – object to processing based on our legitimate interests, including any direct marketing.

  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time; this does not affect processing carried out before withdrawal.

​

To exercise any of these rights, contact us at privacy@ledgerro.com.

​

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus if you believe your data protection rights have been infringed.​

​

7. Security

We take appropriate technical and organisational measures to protect personal data, including secure hosting, access controls, encryption in transit (HTTPS) and restricting access to authorised personnel only. Despite these measures, no system is completely secure, so you should also take care when transmitting information over the internet.​

​

8. Children

Our website and services are aimed at businesses and adults. We do not knowingly collect personal data relating to children under 16. If you believe a child has provided us with personal data, please contact us so that we can delete it where appropriate.​

​

9. Cookies and similar technologies

Our use of cookies is described in more detail in our Cookies Policy, which forms part of this Privacy Policy. At present, only essential cookies are used to operate the website and cookie banner; if additional analytics or marketing tools are introduced in the future, the Cookies Policy and banner will be updated and your consent will be requested where required.​

​

10. Changes to this Privacy Policy

We may update this Policy from time to time, for example to reflect changes in our services, technologies or legal obligations. The “Effective” date at the bottom indicates the latest version. Significant changes will be highlighted on the website and, where appropriate, notified by email.​

​

Effective date: 21 December 2025

​

Last updated: 21 December 2025

bottom of page