Privacy Policy

RADIACODE LTD (“we”, “us”, “our”) value your privacy and are committed to transparency in how we handle your personal data. This Privacy Policy lets you know how and for what purposes we are processing your information. We pledge that we will take reasonable steps to ensure that your personal data will only be used in ways that comply with this Privacy Policy and applicable regulations.

This Privacy Policy governs the processing of personal data in your interactions with us, including when you: (1) visit (use) our website located at: https://www.radiacode.com/ (the “Website”), (2) communicate with us and as otherwise described in this Privacy Policy.

Before you share any personal data with us, please review this Privacy Policy and our Terms and Conditions (the “Terms”).

When you choose to use our Radiacode App or RadiaVerse interactive radiation portal including the Interactive map, please, see the Privacy Policy for the Radiacode App and Interactive map for describes how your personal information is collected and used.

1. Who we are?

RADIACODE LTD, duly incorporated in and registered under the laws of the Republic of Cyprus, with a registered office at 10 Spyrou Kyprianou, Germasogeia, 4040 Limassol, Cyprus acts as a data controller. It means we determine the purposes and means of the processing of personal data.

Since we are registered under the law of the Republic of Cyprus, the personal data authority overseeing us regarding the personal data processing is the Commissioner for Personal Data Protection. You always have the right to make a data protection-related complaint at any time to a supervisory authority. You may also contact your local data protection authority. A list of local data protection authorities is available here.

You can exercise your data protection rights and contact us with any privacy-related questions without creating an account on the Website. You can reach us by sending an email to security@radiacode.com or by writing to us at our postal address above, addressed to the “Privacy team”.

2. How do we collect personal data?

We process personal data in the following ways:

  1. when you provide us with personal data. You provide us with your personal data in order to realize the purposes of the processing. For example, in order to create an account on the Website, and carry out marketing or informational mailings, we need the personal data we receive from you;
  2. when personal data is collected automatically. There are tools that allow us to collect technical personal data about you when you use Website. For certain purposes (e.g. to enable you to technically use the Website, to track and fix bugs on the Website), we automatically collect your personal data where there is a legal basis to do so.
  3. when information is provided from other sources: we might receive information about you from other sources (e.g. when you connect to our Website via a third party service)

3. How do we process personal data?

We process your personal data only when it is necessary to achieve the purpose of the personal data processing and only to the extent necessary to achieve the purpose of the processing. Furthermore, we keep your personal data for a limited period of time and once the processing period has expired, we delete all existing copies of your personal data.

Is it mandatory to provide personal data? What happens if you do not provide it?

In most cases, you are free to decide whether to provide us with your personal data. However, for some purposes we cannot provide you with certain features or services without specific information:

  • Account registration and use of your account on the Website. To create and use an account, you need to provide at least your email address. If you do not provide this information, you will not be able to create an account and use the related functionality.
  • Placing an order and receiving a device. To process your order and deliver the device, we need information such as your full name, delivery address, email address and phone number. If you decide not to provide this information, we will not be able to process your order or deliver the device to you.
  • Technical and usage data. Certain technical data (such as IP address, device and usage information) are necessary to provide you with the Website and to ensure its security and proper functioning. If you block these data completely (for example, by blocking all cookies and similar technologies), some parts of the Website may not work correctly or may be unavailable.

Providing your personal data for marketing communications and for analytics / preference cookies is not required by law or by contract. If you do not provide your consent for these purposes, this will not affect your ability to use the Website or place orders, but you may receive a less personalized experience and will not receive our marketing updates.

Below we have provided you with a full description of the data processing purposes of the users (visitors) of the Website, what personal data we process, legal basis of data processing and information about the retention period.

Processing of customer support inquiries for analysis, issue resolution, and routing to relevant internal departments to ensure high-quality service
Processed personal data
  • Email address
  • Category of the issue
  • Other data that you provide in the issue and further correspondence
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Retained for the duration of the inquiry and up to 6 years thereafter to establish or defend potential legal claims within applicable Cypriot limitation periods.

Handling customer support cases related to problematic or delayed orders
Processed personal data
  • Full name
  • email
  • order ID
  • phone number
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Retained for the duration of the inquiry and up to 6 years thereafter to establish or defend potential legal claims within applicable Cypriot limitation periods.

Warranty and after-sales service
Processed personal data
  • Full name
  • email
  • order ID
  • phone number
  • device serial number
  • reason of return or repair
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Up to 6 years after resolution of the warranty or repair request within applicable Cypriot limitation periods.

Issuing compensation (e.g., voucher or refund) to customers
Processed personal data
  • Full name
  • email
  • order ID
  • phone number
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Up to 6 years from the end of the tax year in which the compensation was issued, extendable up to 12 years in cases of suspected deceit or deliberate omission under Cypriot tax and VAT law.

Registration of an account on the Website
Processed personal data
  • Email
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Until the user deletes the account and up to 6 years thereafter to protect the organization’s legitimate interests within applicable Cypriot limitation periods.

Placing an order for a device and making payments
Processed personal data
  • Order details
  • full name
  • phone number
  • IP address
  • email address
  • billing information
  • shipping information
  • updates on status of transactions
Legal basis for the processing

Contract (Terms)

Data retention period

Up to 6 years from the end of the tax year in which the transaction occurred, extendable up to 12 years in cases of suspected deceit or deliberate omission under Cypriot tax and VAT law

Invoicing
Processed personal data
  • Full name
  • email address
  • phone number
  • postal address
  • user’s country and province/state level
  • IP address
  • browser info and operating system
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Up to 6 years from the end of the tax year in which the invoice was issued, extendable up to 12 years in cases of suspected deceit or deliberate omission under Cypriot tax and VAT law.

Informing about transactions and other service-related communication
Processed personal data
  • email address
  • transaction data
Legal basis for the processing

Legitimate interest (GDPR Art. 6(1)(f)) in providing reliable and efficient service communication.

Data retention period

Up to 6 years from the end of the tax year in which the related transaction occurred, extendable up to 12 years in cases of suspected deceit or deliberate omission under Cypriot tax and VAT law.

Delivering the device to the customer
Processed personal data
  • Full name
  • phone number
  • delivery postal address
  • order ID
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Up to 6 years from the end of the tax year in which the delivery occurred, extendable up to 12 years in cases of suspected deceit or deliberate omission under Cypriot tax and VAT law. Courier providers retain tracking information for shorter operational periods (e.g., Cyprus Post: 1 year with pseudonymisation thereafter; FedEx and UPS: up to 90 days; ACS: approximately 4 months with partial anonymisation).

Filling out and managing your account on the Website
Processed personal data
  • email address
  • order details
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data retention period

Until the user deletes the account and up to 6 years thereafter to protect the organization’s legitimate interests within applicable Cypriot limitation periods.

Collecting feedback
Processed personal data
  • Email address
  • full name
  • date of the order
Legal basis for the processing

Legitimate interest (GDPR Art. 6(1)(f)) in enhancing our services and customer satisfaction

Data retention period

30 days from the date the feedback was submitted. If no feedback is submitted, the retention period is 30 days from the date the feedback invitation was sent.

Sending forgotten basket notifications
Processed personal data
  • Full name
  • email address
  • phone number
  • postal address
  • user’s country and province/state level
  • IP address
  • browser information
  • browser and operating system
Legal basis for the processing

Legitimate interest (GDPR Art. 6(1)(f)) in supporting a smooth and user-friendly shopping experience.

Data retention period

60 days from the user’s last activity related to the shopping cart (creation, update, or attempt to check out)

Pre-order, presale, backstock & waitlist with partial payment options to lift sales
Processed personal data
  • Full name
  • email address
  • phone number
  • postal address
  • user’s country and province/state level
  • IP address
  • browser information
  • browser and operating system
Legal basis for the processing

Legitimate interest (GDPR Art. 6(1)(f)) in managing and optimising our sales processes.

Data retention period

Up to 6 years from the end of the tax year in which the partial payment was made, extendable up to 12 years in cases of suspected deceit or deliberate omission under Cypriot tax and VAT law.

Ensuring proper operation of the Website, identifying and fixing technical issues
Processed personal data
  • Usage Information (manufacturer, model, OS, time zone, language, region)
  • Device Information (device type, features used, access times, IP)
Legal basis for the processing

Legitimate interest (GDPR Art. 6(1)(f)) in ensuring the stability and security of our digital services.

Data retention period

Within approximately 30 days, and no later than 90 days from the date on which the technical event or log was generated.

Email address collection for the purpose of future marketing mailings
Processed personal data
  • email address (mandatory)
  • full name (optional)
Legal basis for the processing

Consent (GDPR Art. 6(1)(a)

Data retention period

Until consent is withdrawn or no longer necessary for the purpose. As a general industry practice, marketing consent is reviewed every 3 years to ensure it remains valid and up to date.

Sales analysis based on completed orders
Processed personal data
  • Full name
  • email address
  • phone number
  • postal address
  • order details
  • amount purchased
  • delivery status
  • communication channel
Legal basis for the processing

Legitimate interest (GDPR Art. 6(1)(f)) in improving our offering, plan stock and resources, and ensuring our business operates efficiently.

Data retention period

For analytics purposes, personal data is retained for up to 3 years based on legitimate interest in improving our offering, plan stock and resources, and ensuring our business operates efficiently.

Website traffic, conversion, and remarketing analytics via Google Analytics
Processed personal data
  • Online identifiers (IP address, cookies, device ID)
  • browsing data
  • Email address
  • user interactions (clicks, page views)
Legal basis for the processing

Consent (GDPR Art. 6(1)(a)

Data retention period

Up to 1 year, 1 month and 4 days from the date the data was collected, or until consent is withdrawn, whichever occurs first

Website traffic, user interaction, conversion, and marketing attribution analytics using Amplitude
Processed personal data
  • Country
  • device information (browser, OS, device type)
  • session data and session replay recordings
  • page views
  • user actions
  • clicks
  • navigation events
  • marketing data (UTM parameters, referrers, campaign identifiers)
Legal basis for the processing

Consent (GDPR Art. 6(1)(a)

Data retention period

Up to 1 year or until consent is withdrawn, whichever occurs first; Session replay data: stored for a maximum of 30 days or until consent is withdrawn, whichever occurs first

Online advertising and customer acquisition via Google Ads
Processed personal data
  • IP address
  • device information (device type, features used, access times)
  • browser information
  • events (incl. clicks)
  • advertising ID
  • item purchased
  • transaction ID
  • amount purchased
  • currency
Legal basis for the processing

Consent (GDPR Art. 6(1)(a)

Data retention period

Up to 1 year and 24 days from the date the data was collected, or until consent is withdrawn, whichever occurs first.

Understanding user behaviour and preferences via Microsoft Clarity
Processed personal data
  • Device information (device type, features used, access times, IP)
  • usage information (manufacturer, model, OS, time zone, language, region)
  • customer preferences signals, including CMS
  • customer activity, including products viewed and/or included in shopping carts
  • shipping information
Legal basis for the processing

Consent (GDPR Art. 6(1)(a)

Data retention period

Up to 1 year from the date the data was collected, or until consent is withdrawn, whichever occurs first

Marketing and advertising via Meta Pixel
Processed personal data
  • IP address
  • referrer URL
  • device information (device type, features used, access times, IP)
  • browser information
  • user interactions (pseudonymised)
  • email (pseudonymised)
  • first name (pseudonymised)
  • last name (pseudonymised)
  • city (pseudonymised)
  • ZIP (pseudonymised)
  • country (pseudonymised)
Legal basis for the processing

Consent (GDPR Art. 6(1)(a)

Data retention period

Up to 180 days from the date the data was collected, or until consent is withdrawn, whichever occurs first

Please note that we don’t process or have access to your personal data related to making payments (bank card details, payment card expiration date, the security code, others). Your personal data related to making a payment is processed by the third-party payment providers we engage to process and make your payment.

4. How long do we keep your personal data?

We keep your personal data for as long as necessary to fulfill the purpose of the processing. Specific timeframes are specified in Section 3.

Under certain circumstances, we may be required to retain your personal data for a longer period of time in accordance with applicable law or regulatory requirements. This may include but is not limited to, situations involving legal proceedings, investigations, or government inquiries. We will only retain your personal data for as long as necessary to comply with these legal obligations, and we will take appropriate measures to ensure its security and confidentiality during this period.

5. Sharing your data with third parties

Your privacy is of utmost importance to us, and we handle your personal data with the highest level of care and responsibility. We only share your personal data when this is necessary and lawful, and we always remain responsible for such sharing as a data controller.

We may share your personal data in the following situations:

  • To comply with applicable law. We may disclose your personal data where this is necessary to comply with legal obligations, such as to respond to subpoenas, court orders, or other lawful government requests. We may also share your personal data if we believe in good faith that such disclosure is necessary to protect our rights, enforce our Terms, investigate fraud, or protect the safety of you or others.
  • To accomplish the purposes set forth above. To provide our services and operate the Website, we work with carefully selected service providers (processors) who act on our instructions and only process personal data on our behalf. We choose these service providers with care and require them to implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure or misuse. We do not allow our service providers to use your personal data for their own purposes.

Depending on the specific service you use, we may share different categories of personal data with our service providers. In particular:

  • Hosting providers receive data that are necessary to store and operate the Website (for example, account data, order data and technical logs).
  • Payment service providers receive the data necessary to process your payments (for example, information about your order, full name, email address and other payment-related identifiers). We do not receive or store your full bank card details.
  • Customer support and communication tools receive the data you provide when contacting us or placing orders (for example, your name, email address, order details and the content of your messages).
  • Professional consultants, lawyers, and notaries. In certain situations, we may share your personal data with professional advisers such as legal counsel, regulatory consultants, auditors, or notaries. We disclose your personal data to such advisers only when this is necessary and justified, for example to protect or exercise our legal rights and interests or to obtain legal or regulatory advice and support regarding contractual, corporate, compliance or other matters. We share with these professionals only the minimum amount of personal data necessary for them to provide their services. All such advisers are bound by confidentiality obligations and are required to protect personal data in accordance with applicable laws, professional ethical standards, and—where applicable—contractual data protection obligations.

We transfer your personal data to third parties only in accordance with the requirements of the GDPR. With each service provider that processes personal data on our behalf, we conclude a written data processing agreement or rely on an equivalent contractual mechanism. These agreements require our service providers to:

  • process personal data only on our documented instructions;
  • protect personal data with appropriate technical and organisational measures;
  • keep personal data confidential; and
  • assist us in fulfilling our obligations towards data subjects.

Where our partner offers its own GDPR-compliant data processing agreement, we may adhere to such agreement. In such cases, our relationship with that partner – including the transfer of personal data – is governed by those data processing terms.

INTERNATIONAL DATA TRANSFERS

Some of our service providers are located outside the European Economic Area (EEA) or may store your personal data on servers located outside the EEA. This includes, for example, certain hosting, payment and customer support providers.

When we transfer your personal data to a country outside the EEA that does not provide an adequate level of data protection, we ensure that appropriate safeguards are in place as required by the GDPR. These safeguards may include:

  • relying on a decision of the European Commission that the country provides an adequate level of protection; and/or
  • entering into Standard Contractual Clauses adopted by the European Commission with the relevant recipient; and, where necessary,
  • implementing additional contractual, technical and organisational measures to protect your personal data.

You can obtain a list of third parties (our processors), more information about transfers of your personal data and copies of the relevant safeguards (where applicable) by contacting us at: security@radiacode.com.

6. Use of Shopify as our e-commerce platform

Our online store is hosted and operated using the services of Shopify Inc. or its relevant affiliates (“Shopify”). Shopify provides the technical platform that enables us to sell our products and manage transactions. As part of providing these services, Shopify processes certain personal data on our behalf in accordance with its Data Processing Addendum (DPA).

Shopify Network Intelligence and Enhanced Services

Shopify may also process certain technical and usage data to provide what it calls Enhanced Services, which may include:

  • improving the security, stability, and performance of the Shopify platform;
  • providing analytics and insights to help us understand store performance;
  • enabling more relevant or customized experiences, including contextual advertising or recommendations.

These activities are described in detail in Shopify’s documentation, including its Consumer Privacy Policy and Network Intelligence disclosures.

You can learn more about Shopify’s data practices and available privacy choices at:

https://privacy.shopify.com

7. How we process cookies

In order to enhance the functionality of the Website and make it more user-friendly, we may use cookies. A cookie is a piece of data that can be stored on the browser of your computer or mobile device you use to access the Website. It enables the Website to “remember” your activity or preferences for a certain period of time or during a specific session. The information does not always may identify you, but it can give you a more personalized web experience.

For information about the specific cookies and tracking technologies we use, their providers, retention periods, and how you can manage your preferences, see our Cookie Notice.

8. Rights under GDPR

As a data subject, you have certain rights regarding your personal information. We are committed to upholding these rights and ensuring that you can exercise them effectively.

Below, you can find the information regarding your rights as a data subject under EU legislation:

Right of access

This right allows you to request access to the personal data we hold about you.

To exercise this right, please contact us at the e-mail indicated above. Upon receiving your request, we will provide you with a copy of the personal data we process in the form in which you have requested the provision of this information. Please note that in some cases we may charge you a reasonable fee for providing this information. If we are unable to fulfil your request for any reason, we will provide you with an explanation and inform you of your rights to appeal the decision.

Right to rectification

This right enables you to request the correction or updating of any inaccurate or incomplete personal data we hold about you.

You can exercise this right in two ways:

1. by yourself by following these steps:

- log in to your account on the Website

- open a personal profile on the Website

- locate personal data you wish to correct and edit it

- save the changes to update your data instantly

2. by contacting us at e-mail indicated above. Upon receiving your request for rectification, we will review the accuracy and completeness of your personal data and make any necessary corrections or updates.

Right to erasure

This right allows you to request the deletion or destruction of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed (or, as we all know, the “right to be forgotten”).

You can exercise this right by contacting us at e-mail indicated above. Upon receiving your request for erasure, we will assess whether the conditions for erasure are met and, if so, promptly delete or anonymize your personal data from our systems and notify any third parties to whom the data have been disclosed. Also, we may delete, block or anonymize the personal data that is linked to your account in the Products in accordance with clauses 11.2 of the Terms and Conditions.

Right to restrict processing

This right allows you to request the restriction of processing of your personal data in certain circumstances, such as when the processing is unlawful, when we no longer need the personal data, or when you have objected to the processing.

To exercise this right, please contact us at the e-mail indicated above. Upon receiving your restriction to processing will not process your personal data (except for storage) unless it is based on consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

Right to data portability

This right allows you to receive a copy of your personal data in a structured, commonly used, and machine-readable format if it is technically possible to do so and to transmit those data to another controller.

To exercise this right, please contact us at the e-mail indicated above. Upon receiving your request for data portability, we will provide you with a copy of your personal data in the requested format, where technically feasible.

Right to object

This right enables you to object to the processing of your personal data in certain circumstances, such as where the processing is based on legitimate interests or for direct marketing purposes.

To exercise this right, please contact us at the e-mail indicated above. Upon receiving your objection to processing, we will assess the validity of your objection and, if valid, cease processing your personal data for the purposes to which you have objected.

Right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data at any time. This means that if we are processing your personal data based on your consent, you have the right to revoke that consent.

To exercise this right, please contact us at the e-mail indicated above. Upon receiving your request to withdraw consent if we do not have any other legal basis for processing your personal data, we will stop processing it.

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

Since we are established in Cyprus, our lead supervisory authority is the Office of the Commissioner for Personal Data Protection of Cyprus. However, you are free to contact any EU or EEA data protection authority that is competent under Article 77 GDPR.

If you believe that our processing of your personal data violates applicable legislation, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where the alleged breach took place. A list of EU supervisory authorities and their contact details is available here.

Automated decision-making and profiling

Under the GDPR, you have the right not to be subject to automated decisions that significantly affect you, unless specific conditions apply. You also have the right to obtain meaningful information about the logic involved, the potential consequences, and to request human review of such decisions.

We do not make decisions about you based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you within the meaning of the GDPR. We may use profiling in a limited way in the context of performance and targeting cookies to better understand how users interact with the Website and to show you more relevant content or advertisements. Such profiling does not produce legal or similarly significant effects for you. You can disable such cookies at any time through the cookie settings described in Section 6, or you can object to such processing by contacting us at privacy@radiacode.com.

Please note that these rights are subject to certain limitations and exceptions as provided by law. To exercise any of these rights or for further inquiries, please contact us using the provided contact information.

We will review your request as soon as possible, but not more than within one (1) month. Please keep in mind that this period may be extended for an additional two (2) months, if necessary, based on the complexity and number of your requests. In that case, we will tell you about the extension within one (1) month of receipt of your request and explain the reasons for the delay.

9. Children’s privacy

We do not knowingly collect or solicit your personal data to anyone under the age of 13 (in USA) or 16 (in European Economic Area) or knowingly allow such persons to use our Website. If you are under the age of 13 (or 16, where applicable), please do not provide any personal data to us. If we learn that we have collected personal data about a child under the age of 13 (or 16, where applicable), we will delete that personal data as soon as possible. If you believe that we might have any personal data from or about a child under the age of 13 (or 16, where applicable), please contact us at the e-mail indicated above.

10. Changes to the privacy policy

This Privacy Policy may be changed from time to time due to the implementation of new technologies, changes in applicable laws or for other purposes.

When we make changes, we will update the “Last update” date at the top of this Privacy Policy. For material changes that significantly affect your rights or the way we process your personal data, we will take additional steps to inform you, such as:

  • displaying a prominent notice on the Website; and/or
  • sending you an email notification if we have your email address and the changes are relevant to your relationship with us.

Your continued use of the Website after the effective date of the updated Privacy Policy will be subject to the new Privacy Policy. If we make any changes that require your explicit consent for further processing of your personal data, we will request your consent or renewed consent (in case it was obtained previously).