Your cart is empty
Privacy Notice
Version: 1.0
Last modified: June 23, 2025
Introduction
We respect your privacy and are committed to protecting your personal data when you use our website (https://great.tech/) including any mobile or a device-specific version of the website (together the “Website”) and purchase products on the Website. “Personal data” refers to any information that can be used to identify an individual, either directly or indirectly.
This Privacy Notice does not apply to personal data processing that occurs on other websites or platforms operated by GR8 Tech, or in the context of your relationship with GR8 Tech as a business partner, job applicant, employee, or contractor. Those processing activities are subject to separate privacy notices.
Table of contents:
- Who we are
- Our data protection officer
- How is your personal data processed?
- What personal data we process
- How we use your personal data
- How we share your personal data
- International data transfers
- Data security
- Data retention
- Your data protection rights
- Automated decision-making
- Children’s Privacy
- Changes to this Privacy Notice
- Contacting us
-
Who We Are
There are a number of companies within GR8 Tech group, including parent and ultimate holding companies, affiliates, subsidiaries, and business units (“we”, “us”, “our”). Any of these companies within GR8 Tech group may access your personal data.
The data controller, responsible for determining how your personal data is processed, is Ater-Tech Limited (reg. no. ΗΕ 445116).
You can contact us:
- By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
- By email to: [email protected].
-
Our Data Protection Officer
If you have any questions about this Privacy Notice or want to know more about how we handle your personal data, please contact our data protection officer (DPO):
- By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
- By email to: [email protected].
-
How is Your Personal Data Collected?
In most cases, we collect personal data directly from you. For example, when you place an order for branded products on our Website, contact us regarding returns or exchanges, or subscribe to our newsletter.
When you interact with our Website, we may collect information from your device, including details about the device’s hardware and software, usage of the Website, traffic data, IP address, etc.
In certain cases, we may collect information about you from third parties or publicly available sources such as analytics providers, advertising service providers, providers of data feeds, etc.
You are not legally required to provide us with your personal data. However, if you choose not to provide certain information, we may be unable to process your order or supply the requested goods. Providing us with complete and accurate information is crucial.
-
What Personal Data We Process
We may process the following categories of personal data about you.
| Categories of personal data | Types of data |
| Identity and Contact Data | Includes your full name, phone number, email address, and delivery address (country, city, zip code). |
| Communication Data | Records of any communications you have with us via email, phone, messenger apps, or our official social media channels when you reach out with inquiries or requests. |
| Purchase Data | Details of your purchases such as product type, size, quantity, order ID, delivery information, and information related to returns, exchanges, refunds, and payment processing. |
| Payment Data | Information about your payment method (e.g., credit/debit card type, digital wallet), transaction ID, billing address, payment status, and other data needed to complete and verify your payments. Please note that while we collect this information, actual payment processing is handled securely by third-party payment providers. |
| Device Data | When you access our Website, we collect information from your device, which includes details about the device’s hardware and software, how you use the Website, traffic data, IP address, etc. |
| Usage Data | This information may pertain to you, your preferences, or your device, and is collected during your interactions with our website. While it typically does not directly identify you, it can improve and personalize your browsing experience. |
| Marketing Data | Information about your preferences and interests, used to send promotional offers, newsletters, and updates about our products and services. This also includes your marketing communication preferences and choices. |
-
How We Use Your Personal Data
We will use your personal data for the following purposes and related lawful bases:
| Purpose of processing | Categories of personal data | Lawful basis |
| To develop and improve our Website and enhance user experience | Device Data
Usage Data |
Legitimate interests (e.g., keeping the Website functional, secure, and relevant to users) |
| To detect and prevent fraud and other illegal activities (for example, bot usage) | Device Data
Usage Data |
Legitimate interests (e.g., ensuring ensure security of the Website and our business) |
| To process your orders and deliver products as requested by you | Identity and Contact Data
Communication Data Purchase Data |
Contract
Legitimate interests (e.g., ensuring effective and timely order fulfillment and delivery, verifying payments) |
| To handle returns, refunds, and exchanges | Identity and Contact Data
Communication Data Purchase Data |
Contract
Legitimate interests (e.g., ensuring customer satisfaction or streamlining operations) |
| To provide customer service support, including responding to your inquiries, handling feedback, and managing complaints, claims, or disputes | Identity and Contact Data Communication Data Purchase Data |
Contract
Legitimate interests (e.g., delivering effective customer support and dispute resolution) |
| To comply with applicable laws and regulations, in particular those related to tax, accounting, consumer rights | Identity and Contact Data
Communication Data Purchase Data |
Legal obligations
Legitimate interests |
| To use data analytics to improve our Website, products and services, performance, customer relationships and experiences | Identity and Contact Data
Communication Data Purchase Data Device Data Usage Data Marketing Data |
Legitimate interests (e.g., understanding and improving our products and services, and audience engagement) |
| To deliver marketing communications and measure and understand the effectiveness of our advertisements | Identity and Contact Data
Communication Data Purchase Data Device Data Usage Data Marketing Data |
Legitimate interests (e.g., to tailor our marketing activities and send most relevant communications) Consent (where legally required) |
| For intra group data sharing such as sharing personal data with other entities within GR8 Tech group | Identity and Contact Data
Communication Data Purchase Data Device Data Usage Data Marketing Data |
Legitimate interest (e.g., internal administration, centralized services, and business operations) |
-
How We Share Your Personal Data
-
-
Sharing Your Personal Data within GR8 Tech Group
-
Your personal data will be shared with companies within the GR8 Tech group, in compliance with applicable data protection laws and the provisions of this Privacy Notice, for the following purposes:
- Ensuring uninterrupted business processes;
- Effectively managing human resources;
- Obtaining legal, compliance, or financial assistance;
- Fulfilling our regulatory obligations;
- Conducting reporting and overseeing group activities;
- System maintenance support and hosting of data;
- For the continuity of business in the event of a merger or takeover.
Entities within the GR8 Tech group are required to implement appropriate technical and organizational measures, including security measures, to safeguard your personal data.
-
Sharing Your Personal Data with Our Service Providers
We may share your personal data with our service providers. We enter into contracts with our service providers and ensure they take good care of your personal data. We engage service providers for the following services:
| Categories of providers | Purpose of sharing |
| IT and data storage services | To store data and documents and facilitate both internal and external communications |
| Payment services providers | To process payment transactions and manage billing operations securely |
| Delivery and postal services providers | To deliver products to you and handle returns or exchanges |
| Marketing and sales services providers | To communicate with you, and send you marketing notifications and offers |
| Electronic signature services | To facilitate the electronic signing and sending of documents if necessary |
| Data analytics providers | To measure and understand our audience, tailor our marketing services, improve your website experience |
| Security services provider | To prevent automated abuse, scraping, and other fraudulent activities (for example, using malicious bots) |
| Audit, legal, and compliance services | To obtain expert advice and services from consultants, lawyers, accountants, and other professional service providers |
-
Sharing Your Personal Data in other Circumstances
We may share your personal data under the following circumstances:
- When mandated by applicable law or regulation, such as disclosures to governmental, regulatory, or enforcement authorities;
- To comply with a court order;
- To protect ourselves and/or in connection with legal proceedings; and
- During negotiations of a takeover, purchase, merger, or sale of assets, and in accordance with such transactions.
-
International Data Transfers
As a multinational business, we collaborate with service providers in various countries, including those outside the European Economic Area (EEA) and the United Kingdom (UK). To ensure an adequate level of data protection, we implement the following measures:
| Transfer mechanism | Description |
| Adequacy decision | We may transfer personal data to a third country that has received an official determination of “adequacy” from the relevant regulatory authorities. For more information about “adequacy decisions” for the EEA, click here. For more information about “adequacy regulations” for the UK, click here. |
| Appropriate safeguards | We establish appropriate safeguards by using binding, standard data protection clauses adopted by the relevant regulatory authorities. These clauses are enforceable by data subjects within the United Kingdom and/or the European Economic Area. For more information about the Standard Contractual Clauses for the EEA and UK, click here. For more information about the international data transfer addendum and international data transfer agreement for the UK, click here. |
| Derogations | Depending on the circumstances, we may also collect and transfer personal data based on specific derogations, such as explicit consent from the data subject, the necessity of performance under a contract involving the data subject, important public interest reasons, or the establishment, exercise, or defense of legal claims. |
If you want further information on the specific transfer mechanism used by us when transferring your personal data, please contact us at [email protected].
-
Data Security
We implement appropriate security, technical, and organizational measures to protect your personal data against theft, loss, or unauthorized access. We limit access to your data on a genuine business need-to-know basis. If you suspect that your personal data has been compromised, please contact us immediately for investigation. We have established procedures to address potential data security breaches and will inform you and any relevant regulator of a suspected breach, as legally required.
-
Data Retention
We do not retain your personal data longer than necessary. The duration for which we keep your personal data varies depending on many factors. To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of harm from unauthorized use or disclosure, the processing purposes, and whether these purposes can be achieved by other means, along with legal requirements.
When determining the relevant retention periods for your personal data, we will take into account factors including:
- Our contractual obligations and rights in relation to the information involved;
- Legal obligations under applicable law;
- Our legitimate interests (e.g., to protect our business against potential legal claims);
- Guidelines issued by relevant data protection authorities.
For instance, the default data retention period for most processing activities is 3 years. If we enter into a contract with you by purchasing our products, we may retain your information further for a period of time specifically required by applicable regulations or laws, such as retaining the information for tax and accounting record keeping obligations.
When we no longer need to keep your personal data, we delete or anonymise it in accordance with applicable security standards, so it can never be linked back to an individual. You can request information about the retention period applicable to you by contacting us at [email protected].
-
Your Data Protection Rights
| Privacy right | Description |
| Right to access | You have the right to obtain confirmation that your personal data is processed and to obtain a copy of your personal data. |
| Right to rectification | You have the right to ask us to rectify data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete. |
| Right to erasure | You have the right to ask us to delete your personal data in certain circumstances. |
| Right to restriction of processing | You have the right to ask us to restrict the processing of your personal data in certain circumstances but we need to verify whether we have overriding legitimate grounds to use it. |
| Right to object to processing | You have the right to object to processing if we are able to process your data based on our legitimate interests. Please note that in some cases, we may demonstrate that we have legitimate grounds to process your data which override your rights and freedoms. |
| Right to data portability | You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. |
| Right to withdraw consent | When we rely on consent to process your personal data, you have the right to withdraw your consent at any time. |
| Right to complain | You can lodge a complaint about the way we process your personal data with the relevant data protection authority, particularly in the country where you habitually reside, work, or believe an infringement has occurred.
We ask that you contact us at [email protected] in the first instance to allow us the opportunity to address your concerns. |
You are not required to pay any charge for exercising your data protection rights. We have one month to respond to you. Please contact us at [email protected] if you wish to exercise your data protection rights. We may need to request specific information from you to confirm your identity before complying with your request.
-
Automated Decision-Making
Automated decision-making takes place when an electronic system uses personal data to make a decision without human involvement. We do not use automated decision-making which produces legal effects concerning you or similarly significantly affects you.
Nevertheless, under the applicable data protection laws, you have the right to not be subject to a decision based solely on automated processing, without human involvement, that has a legal effect or significantly affects you. This right allows you to request the involvement of one of our employees or representatives in the decision-making process.
-
Children’s Privacy
GR8 Tech’s overall business activity is not targeted at individuals under the age of 18. While we do not knowingly collect personal data from minors or have reason to believe they are using our Website or placing orders, we encourage parents and guardians to monitor and guide their children’s online activity.
-
Changes to this Privacy Notice
We may, from time to time, change or update this Privacy Notice. All changes to this Privacy Notice will be published on this page. We recommend that you revisit and read this Privacy Notice regularly to ensure that you are up-to-date. In case of substantial changes to this Privacy Notice, we will take additional steps to ensure you are aware of them.
-
Contacting Us
If you have any questions or comments about this Privacy Notice or want to know more about how we use your personal data, please contact our data protection officer (see section 2).
* * *
