Privacy Policy

We’re LAGATE BUSINESS LTD, operating under the name Buyora. Our registered address is: Thessalonikis, 41, Geri, 2200, Nicosia, Cyprus We specialise in online purchase dispute resolution and claims assistance services. This notice explains how and why we use your personal data when you:

• Contact us to inquire about our services (Potential Client).
• Register and use our dispute resolution services (Client).

Have a question about this notice or want to contact our Data Protection Officer (DPO)? Fill out our Contact Us form and mention that your request is for the attention of the DPO. This privacy policy outlines how Buyora, a brand of LAGATE BUSINESS LTD, collects, uses, and protects your personal information in accordance with the General Data Protection Regulation (GDPR). Buyora provides a consumer protection service for online shoppers, acting as an intermediary between customers and merchants to handle disputes, refunds, and legal claims.

1. 1. Information Collection

   Buyora collects personal data from users to facilitate dispute resolution and provide its services. This includes:

   • Name and contact details.
   • Payment information (note that full credit card details are not stored by Buyora).
   • Purchase history and related transaction details.
   • Any other information necessary to fulfil the purpose of dispute resolution.

   Buyora ensures that the data collected is adequate, relevant, and limited to what is necessary for the stated purposes. The lawful basis for processing personal data is determined and documented. This could be for the performance of a contract, compliance with a legal obligation, or legitimate interests, and the user is informed of this. When collecting data, Buyora will specify the purposes for which the data is being collected.

2. 2. Use of Information

   The personal data collected is used to:

   • Provide dispute resolution and refund services.
   • Negotiate with merchants for refunds or replacements.
   • File formal legal notices if the merchant does not cooperate.
   • Facilitate chargeback requests with banks.
   • Provide legal support through partner law firms.
   • Manage the operation and optimisation of the platform.
   • Verify, identify, and authenticate user data.
   • Personalise services.
   • Prevent and detect fraud and security incidents.
   • Manage any disputes with users.

   Data will only be used forcompatible purposes, and new purposes will be identified and documented. Buyora ensures that data is not kept for longer than necessary. If data is kept for archiving, research or statistical purposes, appropriate safeguards are implemented. Buyora will regularly review its data processing to ensure that the purposes are still relevant.

3. 3. Data Sharing

   Data is shared only with the following categories of recipients:

   • Partner banks and payment service providers to process transactions.
   • Merchants, to facilitate dispute resolution.
   • Legal representatives, when necessary for dispute resolution.
   • Service providers, for user support, advertising and payment services, with limited access and a contractual obligation to comply with applicable regulations.
   • Third-party companies within the European Union and United Kingdom, when a payment service is used.
   • When required by law, to comply with administrative and legal procedures.

   Data will not be shared with third parties outside the European Union unless it is legally required, or an appropriate safeguard is in place. Buyora will ensure that there is an ’adequacy decision’ or that one of the ’appropriate safeguards’ is in place. When sharing data, Buyora ensures that each recipient is aware of their data protection obligations.

4. 4. Data Security

   Buyora implements technical and organisational measures to ensure the security of personal data, including:

   • Data collection via plugins for contact and registration forms, only for the purposes indicated.
   • Secured data transmission via SSL/TLS encryption.

   Buyora ensures the confidentiality, integrity and availability of its systems. Data is stored and processed in a way that ensures it is protected from accidental loss, destruction, or damage, and unauthorised or unlawful processing. Security measures are regularly reviewed and updated.

5. 5. User Rights

   Users have the following rights under the GDPR:

   • The right to be informed: To receive transparent and concise information about what Buyora does with their data.
   • Right of access: To obtain a copy of the personal data held by Buyora and information about how the data is processed.
   • Right to rectification: To correct inaccurate or incomplete personal data.
   • Right to erasure (’right to be forgotten’): To request the deletion of their personal data under certain conditions.
   • Right to restriction of processing: To limit the processing of their personal data under certain conditions.
   • Right to data portability: To receive their data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
   • Right to object: To object to the processing of their personal data in certain circumstances.
   • Rights in relation to automated decision making and profiling: Including the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.

   To exercise these rights, users can contact Buyora at:

   • Email: help@wearebuyora.com
   • Physical address: Thessalonikis, 41, Geri, 2200, Nicosia, Cyprus

   Requests must be accompanied by a copy of a valid identity document and include the address where the editor can contact the applicant. Responses will be provided within one month of receiving the request, which may be extended by two months if necessary, due to the complexity or volume of requests. Buyora informs individuals of any rectification, erasure or restriction of their data.

6. 6. Data Retention

   Buyora retains personal data for as long as necessary to provide services or assistance. Some information may be retained even after account closure to meet legal obligations, resolve disputes, prevent fraud, or enforce terms and conditions. Buyora has a data retention policy that is regularly reviewed and updated. Personal data is erased or anonymised when it is no longer needed. If personal data is retained for archiving, research or statistical purposes, appropriate safeguards are in place.

7. 7. Cookies

   Buyora may use cookies, which are electronic files placed on a user’s device, to collect standard information such as volume, type, and configuration of site traffic, to improve the services offered. Cookies from the site editor and/or third parties may be placed on a device with the user’s consent. Users can accept or refuse cookies via a banner upon their first visit to the site.Consent is obtained before placing any non-essential cookies. This consent is valid for thirteen (13) months and can be withdrawn at any time.

8. 8. Contact

   For any questions regarding personal data or to exercise GDPR rights, contact Buyora at help@wearebuyora.com.

9. 9. Data Protection Officer

   Buyora has a designated Data Protection Officer (DPO), to ensure compliance with the GDPR. The DPO can be contacted at help@wearebuyora.com.

10. 10. Personal Data Breaches

    Buyora has put in place a process to detect and manage data breaches. Buyora will report data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach. Buyora will also inform affected individuals of a breach if it is likely to result in a high risk to their rights and freedoms. Buyora keeps records of any data breaches.