Data protection

Privacy
policy

Last updated: June 2025 · Applies to cmdshift.li

1. Data controller

cmd+shift is a brand operated by Inovia AI Solutions, a company registered in Cyprus.
Contact: hello@cmdshift.li

2. Data collected

We only collect the data necessary to operate our services:

  • Contact form: name, email address, phone number (optional), company name, website URL, and message.
  • Analytics: with your consent: pages visited, visit duration, country of origin, and device type. Truncated IP address - non-identifying.
  • Technical data: standard server logs (IP address, user-agent, timestamp) for security purposes.

We do not collect any sensitive data within the meaning of Article 9 GDPR.

3. Purposes of processing

  • Respond to your contact requests and prepare quotes.
  • Improve the site's content and user experience (anonymised analytics).
  • Ensure security and continuity of service.
  • Comply with our legal obligations.

4. Legal basis

Under GDPR (EU 2016/679) and applicable laws, we process your data on the following bases:

  • Performance of a contract - Article 6(1)(b) GDPR - handling contact requests.
  • Legitimate interest - Article 6(1)(f) GDPR - website security and technical logs.
  • Consent - Article 6(1)(a) GDPR - analytics cookies.

5. Processors and international transfers

We rely on third-party technical providers to operate the site. These providers act solely on cmd+shift's instructions in the following areas:

  • Website hosting and delivery - cloud infrastructure.
  • Contact data storage - secure database.
  • Email notifications - sending contact confirmations.
  • Anonymised analytics - with your consent - audience measurement.

These providers may be located outside the European Union. In that case, transfers are governed by Standard Contractual Clauses (SCCs) under Article 46 GDPR. If you have questions about our processors, contact us at hello@cmdshift.li.

6. Retention period

  • Contact data: 3 years after the last interaction, then deletion.
  • Analytics data: 14 months (default GA4 setting).
  • Server logs: 30 rolling days.

7. Your rights

Under GDPR and applicable laws, you have the following rights:

  • Access - to obtain a copy of your data (Article 15 GDPR).
  • Rectification - to correct inaccurate data (Article 16 GDPR).
  • Erasure - to request deletion of your data (Article 17 GDPR).
  • Objection - to object to processing based on legitimate interests (Article 21 GDPR).
  • Portability - to receive your data in a structured format (Article 20 GDPR).
  • Withdrawal of consent - to revoke your consent at any time (cookies).

To exercise your rights: hello@cmdshift.li. We reply within 30 days.

You may also lodge a complaint with the competent data protection authority in your country of residence.

8. Security

We apply appropriate technical and organisational measures: TLS encryption in transit, restricted data access, multi-factor authentication on internal systems, and regular updates.

9. Cookies

For details about the cookies we use, their retention period, and your management options, please see our cookie policy.

10. Changes

This policy may be updated to reflect legal or technical changes. The revision date appears at the top of the page. In case of a material change, we will notify you with a notice on the website.