PRIVACY POLICY

Last Updated: April 2026

  1. General Overview

This Privacy Policy forms an integral part of the General Terms of Use of CRESTLINK SOLUTIONS LTD (hereinafter – “Provider” or “we”, “us”, “our”). We are committed to the protection of personal data in accordance with the GDPR (Regulation EU 2016/679).

  1. Data Processing for Performance Marketing

To provide our performance marketing services, we process personal data to run paid traffic, tie analytics to KPIs, and manage measurable funnels. Whether and to what extent we process personal data depends on the specific strategy (Meta, Google, CRM integrations) selected by the User.

  1. Categories of Data

The Provider may have access to:

  • Identification and contact data of the User’s representatives (names, emails, phone numbers);
  • End-user data collected via GA4, Meta Pixels, and server-side tagging, including IP addresses and cookie identifiers;
  • CRM data and email contact lists provided by the User for the purpose of business communication and lead tracking;
  • Billing details required for tax and accounting purposes.

By providing a phone number, the User agrees that we may contact them via SMS or messaging apps (e.g., Slack) for account-related updates and project decisions.

  1. Roles in Data Processing

The User acts as the data controller regarding their customers’ and leads’ data. The Provider acts as a data processor, processing such data based on the User’s instructions to achieve CPA, CPL, and ROAS goals.

  1. How We Protect Data

The Provider implements appropriate technical and organizational measures, including technical guardrails during account audits and funnel building, to ensure a level of security appropriate to the risks. Data is processed lawfully, fairly, and in a transparent manner.

  1. Third-Party Vendors and Data Transfer

We use third-party vendors for hosting, analytics, and advertising (e.g., Google Ads, Meta Business Suite, GA4). We store and process personal data primarily within the European Union. Any transfer of data outside the EU is governed by standard contractual clauses or other legal mechanisms.

  1. Data Retention

The Provider processes personal data for the purpose of performance of the contract with the respective User, the Provider will process the personal data for the entire duration of the contract. We may retain data for a limited period post-termination to fulfill legal requirements (tax and accounting) or to resolve disputes. Contact information from “Get in Touch” or “Get a Proposal” forms is stored to provide the requested service and may be retained for future business communication unless deletion is requested.

  1. Users’ Rights

Individuals have the right to access their data, request rectification or erasure, and the right to data portability. You also have the right to object to the processing of your data.

  1. Contact and Complaints

For all data protection inquiries, please contact us at info@crestlink.solutions. In accordance with the jurisdiction of the Republic of Cyprus, you also have the right to file a complaint with the Commissioner for Personal Data Protection of Cyprus.