Privacy Policy

Last updated: May 2026

1. Introduction

ODA Dynamic Tech Ltd, trading as Exirom ("we", "our", "us"), is committed to protecting the privacy of our clients, their merchants, and end users. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our payment infrastructure services or visit our website.

2. Data Controller

ODA Dynamic Tech Ltd is the data controller for personal data collected through this website (contact forms, analytics). For payment processing services, Exirom acts as a data processor on behalf of our clients, who remain the data controllers for their merchant and end-user data.

3. Information We Collect

Website visitors: name, email, company, job title, and inquiry details submitted via contact forms. We also use limited website analytics to understand page views, traffic sources, approximate location, browser and device type, and site performance.

Platform clients: transaction data, device information, IP addresses, and business contact details necessary to provide payment processing services.

4. Lawful Basis for Processing

We process personal data based on: (a) consent, for marketing communications and optional marketing cookies; (b) legitimate interests, for limited audience measurement, site security, fraud prevention, and service improvement; (c) contract performance, for providing services to clients; (d) legal obligation, for regulatory compliance and record-keeping. Where consent is legally required for a particular analytics or marketing activity, we will request it before enabling that activity.

5. How We Use Information

Information is used to: process payment transactions, provide analytics and reporting, detect and prevent fraud, respond to inquiries, comply with legal obligations, improve our services, and understand which website content is useful to visitors.

6. Data Security

We maintain PCI DSS Level 1 compliance and implement industry-standard security measures including encryption at rest and in transit, role-based access controls, and regular security audits.

7. Data Retention

Website contact form data is retained for 24 months. Transaction data is retained for the period required by applicable regulations and contractual obligations. Business contact data is retained for the duration of the client relationship plus 12 months.

8. International Transfers

Exirom is based in Cyprus (EU). Data may be processed in EU data centers. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions). Website analytics data may be processed by our analytics service provider.

9. Cookies

We use essential cookies for site functionality. We also use limited analytics cookies, enabled by default so we can understand site usage in aggregate. You can opt out at any time via the "Cookie Preferences" link in our footer. If you opt out, we disable analytics collection in the browser and remove standard analytics cookies where technically possible.

We do not use website analytics for advertising personalization, cross-site advertising, or individual-level profiling. Marketing cookies are optional and are only enabled if you select "Accept All" or enable Marketing in cookie preferences.

10. Your Rights

Under GDPR, you have the right to: access your data, rectify inaccurate data, request erasure, restrict processing, data portability, object to processing, and withdraw consent at any time. You also have the right to object to processing based on legitimate interests, including limited website analytics. To exercise these rights, contact us at the address below or use cookie preferences for analytics and marketing choices.

11. Contact

For privacy-related inquiries, contact us at legal@exirom.com.
ODA Dynamic Tech Ltd, 229 Archiepiskopou Makariou III, Limassol 3105, Cyprus.