PillarOne

Legal

Privacy Policy

How we collect, use, and protect your personal data.

This Privacy Policy explains how PillarOne GRC LTD (YS 18KM LTD) processes personal data under the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Cyprus Law 125(I)/2018.

Request ConsultationTalk to an Expert

Last updated: 13 May 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

PillarOne GRC LTD (YS 18KM LTD)
18 Kyriakou Matsi Avenue, 1st Floor
1082 Nicosia, Cyprus
Email: privacy@p1llar.eu

2. Personal Data We Collect

  • Identification & contact data: name, employer, job title, business email, phone number.
  • Enquiry data: the content of messages you send via our contact or consultation forms.
  • Technical data: IP address, browser type and version, device identifiers, time-zone setting, operating system.
  • Usage data: pages visited, referral source, interactions with our website.
  • Cookies and similar technologies as described in our Cookie Policy.

3. Purposes and Legal Bases

  • Respond to enquiries and provide services — Art. 6(1)(b) GDPR (performance of a contract or pre-contractual steps).
  • Operate, secure, and improve the website — Art. 6(1)(f) GDPR (legitimate interests in running a safe, functional service).
  • Comply with legal, regulatory, and tax obligations — Art. 6(1)(c) GDPR.
  • Analytics and marketing communications — Art. 6(1)(a) GDPR (consent, which you may withdraw at any time).

4. Data Recipients

We share personal data only with vetted processors who act on our instructions, including hosting and infrastructure providers, analytics tools, email and CRM platforms, and professional advisors. All processors are bound by written data processing agreements compliant with Art. 28 GDPR.

5. International Transfers

Where personal data is transferred outside the European Economic Area, we rely on adequacy decisions or the European Commission’s Standard Contractual Clauses, supplemented by additional safeguards where necessary.

6. Retention

We retain personal data only as long as necessary for the purposes set out above, to comply with legal obligations (e.g. accounting and AML record-keeping), or to defend legal claims. Enquiry data is typically retained for up to 24 months from last contact.

7. Your Rights

Under the GDPR you have the right to:

  • Access your personal data (Art. 15);
  • Request rectification (Art. 16) or erasure (Art. 17);
  • Restrict or object to processing (Art. 18 and 21);
  • Data portability (Art. 20);
  • Withdraw consent at any time, without affecting prior lawful processing;
  • Lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (dataprotection.gov.cy) or another supervisory authority.

To exercise any right, email privacy@p1llar.eu.

8. Security

We implement appropriate technical and organisational measures aligned with ISO/IEC 27001 to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

9. Changes

We may update this Privacy Policy from time to time. Material changes will be notified on this page with a revised “Last updated” date.