Privacy Policy

Last updated: March 2026

1. Introduction

ODA Dynamic Tech Ltd, trading as Exirom ("we", "our", "us"), is committed to protecting the privacy of our clients, their merchants, and end users. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our payment infrastructure services or visit our website.

2. Data Controller

ODA Dynamic Tech Ltd is the data controller for personal data collected through this website (contact forms, analytics). For payment processing services, Exirom acts as a data processor on behalf of our clients, who remain the data controllers for their merchant and end-user data.

3. Information We Collect

Website visitors: name, email, company, job title, and inquiry details submitted via contact forms. Analytics cookies (if consented) collect anonymized usage data.

Platform clients: transaction data, device information, IP addresses, and business contact details necessary to provide payment processing services.

4. Lawful Basis for Processing

We process personal data based on: (a) consent, for marketing communications and analytics cookies; (b) contract performance, for providing services to clients; (c) legitimate interest, for fraud prevention and service improvement; (d) legal obligation, for regulatory compliance and record-keeping.

5. How We Use Information

Information is used to: process payment transactions, provide analytics and reporting, detect and prevent fraud, respond to inquiries, comply with legal obligations, and improve our services.

6. Data Security

We maintain PCI DSS Level 1 compliance and implement industry-standard security measures including encryption at rest and in transit, role-based access controls, and regular security audits.

7. Data Retention

Website contact form data is retained for 24 months. Transaction data is retained for the period required by applicable regulations and contractual obligations. Business contact data is retained for the duration of the client relationship plus 12 months.

8. International Transfers

Exirom is based in Cyprus (EU). Data may be processed in EU data centers. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

9. Cookies

We use essential cookies for site functionality and, with your consent, analytics cookies to understand usage patterns. You can manage cookie preferences via the "Cookie Preferences" link in our footer at any time.

10. Your Rights

Under GDPR, you have the right to: access your data, rectify inaccurate data, request erasure, restrict processing, data portability, object to processing, and withdraw consent at any time. To exercise these rights, contact us at the address below.

11. Contact

For privacy-related inquiries, contact us at legal@exirom.com.
ODA Dynamic Tech Ltd, 229 Archiepiskopou Makariou III, Limassol 3105, Cyprus.