BoloDeCoco
Legal

Privacy Policy

We take the protection of your personal data seriously. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, submit an enquiry, or book a call with us.

Last updated: 22 May 2026

01

Controller

BOLO DE COCO LTD
Registration Number (HE): HE 490597
Organisation Number: 675481
VAT Number: 60344777O
Registered office: Dimotikis Agoras, 20, 6021 Larnaca, Cyprus

Contact for privacy matters:
Email: contact@bolodecoco.com
Book a call: bolodecoco.com/book

02

What data we collect

Depending on how you interact with the website, we may collect:

  • Identification and contact data, such as your name, company name, email address, phone number, and any information you include in a contact form or email.
  • Booking data, such as your selected meeting time, time zone, and any details you provide when scheduling a call.
  • Communication data, such as the content of messages you send to us.
  • Technical data, such as IP address, browser type, device information, and server log data.
  • Cookie and consent data, where applicable.
03

How we collect your data

We collect personal data when you:

  • browse our website;
  • contact us through a form, email, or other channel;
  • schedule a meeting;
  • interact with embedded or linked third-party tools, where applicable.
04

Purposes and legal bases

We process personal data for the following purposes:

a. Responding to enquiries and pre-contract communication

We use your data to review and respond to your enquiry, assess your request, and communicate with you before any engagement.

Legal basis: Article 6(1)(b) GDPR — steps prior to entering into a contract; Article 6(1)(f) GDPR — legitimate interests in managing business enquiries.

b. Scheduling and managing calls

We use your data to organise discovery calls, consultations, or other meetings.

Legal basis: Article 6(1)(b) GDPR; Article 6(1)(f) GDPR.

c. Operating, securing, and improving the website

We process technical and log data to maintain security, functionality, and reliability.

Legal basis: Article 6(1)(f) GDPR — legitimate interests in website security and operation.

d. Cookies and similar technologies

Where non-essential cookies, analytics, or embedded third-party tools are used, we process related data only on the basis of consent.

Legal basis: Article 6(1)(a) GDPR — consent.

05

Recipients and processors

We may share personal data with service providers that help us operate the website and our communications:

  • Zeeg (scheduling) — EU-based, GDPR-compliant scheduling tool. Hosted in the European Union. Processes booking data (name, email, selected time, notes) on our behalf to organise calls.
  • Resend (transactional email) — US-based email delivery provider. Processes the content of messages you send us so that they can be delivered to our inbox.
  • Supabase / Lovable Cloud (database & hosting infrastructure) — used to store form submissions and serve the website.
  • Legal, accounting, or regulatory advisers where strictly necessary.

We do not sell personal data, and we share it only to the extent necessary for the purposes described above.

06

International transfers

Some of our processors are located outside the European Economic Area (EEA):

  • Resend, Inc. is established in the United States. Transfers rely on the EU–U.S. Data Privacy Framework and, where applicable, on the European Commission's Standard Contractual Clauses (SCCs) together with supplementary safeguards.
  • Zeeg data remains hosted within the EU; no international transfer is required for scheduling.
  • Supabase / Lovable Cloud hosting infrastructure is provisioned in EU regions where available. Where any sub-processor lies outside the EEA, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) with supplementary safeguards.

You can request more information on the safeguards in place by contacting us at contact@bolodecoco.com.

07

Retention

We keep personal data only for as long as necessary for the purposes described above:

  • contact and enquiry data: up to 24 months after the last meaningful contact;
  • booking and meeting coordination data: up to 24 months after the meeting;
  • server logs: usually 30 to 90 days, unless longer retention is required for security or legal reasons;
  • cookie consent records: stored in your browser for up to 12 months, after which you will be prompted again.
08

Your rights

Under the GDPR, you may have the right to:

  • access your personal data;
  • rectify inaccurate data;
  • erase your data;
  • restrict processing;
  • object to processing;
  • data portability;
  • withdraw consent at any time, where processing is based on consent.

To exercise your rights, contact us at contact@bolodecoco.com or via our booking page. You can withdraw cookie consent at any time using the Cookie Settings link in the website footer.

09

Complaints

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority in Cyprus.

Office of the Commissioner for Personal Data Protection
P.O. Box 23378
1682 Lefkosia / Nicosia, Cyprus
Email: commissioner@dataprotection.gov.cy

10

Cookies and third-party tools

This website may use cookies or similar technologies.

  • Strictly necessary cookies may be used without consent where they are required for the operation of the website.
  • Non-essential cookies or trackers, including analytics, marketing technologies, or embedded third-party services that set such cookies, will only be loaded after the required consent has been obtained.

Zeeg (scheduling)

We use Zeeg, an EU-based scheduling tool, to coordinate meetings. Zeeg is hosted in the European Union and is designed for GDPR compliance, which means booking data stays within the EEA. When you book a meeting, the data you provide (name, email, selected time, notes) is processed by Zeeg on our behalf for the sole purpose of organising the call.

Because Zeeg is a third-party embedded service, we do not load it automatically. On the booking page you will see a clear notice and a "Load scheduler" button. The Zeeg widget — and any cookies it requires to function — only loads after you click it (or if you have previously enabled marketing cookies through our cookie banner).

Resend (email delivery)

When you contact us through a website form, your message and contact details are transmitted via Resend, our transactional email provider, so they can be delivered to our inbox. Resend is established in the United States; transfers rely on the EU–U.S. Data Privacy Framework and SCCs where applicable (see Section 6).

What we actually store on your device

This website does not set tracking cookies. We use a single entry in your browser's localStorage named bdc_cookie_consent_v1 to remember your cookie preferences for up to 12 months. No analytics or marketing trackers are loaded unless you opt in through the cookie banner.

11

Children's data

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12

Automated decision-making

We do not carry out automated decision-making or profiling that produces legal effects or similarly significantly affects you, within the meaning of Article 22 GDPR.

13

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The updated version will be published on this page with a revised date.