Privacy Policy

AS Mono Supplies Ltd ("Mono Supplies", "we", "us", or "our") is a B2B hospitality equipment supplier incorporated and headquartered in Nicosia, Cyprus. We supply premium hotel room equipment, FF&E, and OS&E products to hotels, resorts, and hospitality operators across Europe, the Middle East, Australia, and internationally.

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you:

• Visit our website at monosupplies.com
• Correspond with us by email, telephone, or any other channel
• Engage with our marketing, sales, or commercial outreach

As a company headquartered in Cyprus, an EU Member State, AS Mono Supplies Ltd is subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Cyprus Law on the Protection of Natural Persons with regard to the Processing of Personal Data (Law 125(I)/2018).

We also comply with applicable local law in the jurisdictions where we operate:

In all cases, we apply the GDPR as our baseline, the highest standard, across all our operations globally.

3.1 Data You Provide Directly

• Contact details: name, job title, company name, email address, telephone number, postal address
• Account credentials: username and password for our procurement portal
• Procurement data: product enquiries, purchase orders, quotes, delivery addresses, invoicing details
• Communications: content of emails, messages, and other correspondence
• Marketing preferences: your choices regarding receipt of marketing communications

3.2 Data Collected Automatically

• Technical data: IP address, browser type, operating system, device identifiers
• Usage data: pages visited, time on site, links clicked, referring URL, search terms
• Cookie data: session and persistent cookies as described in Section 9

3.3 Data Obtained from Third Parties

In the course of our B2B lead generation and business development, we may obtain business contact information from publicly available sources, third-party data enrichment services, and industry databases.

Under the GDPR, our legal bases for processing are:

• To provide, manage, and fulfil our products and services, including processing orders and issuing invoices
• To operate our B2B procurement portal, including account management and access to login-gated pricing
• To respond to your enquiries and communicate about our products and services
• To conduct B2B sales and marketing, including sending relevant product information and commercial offers
• To analyse website usage and improve our Services
• To detect, prevent, and investigate fraud, security incidents, and misuse
• To comply with legal and regulatory obligations including tax, accounting, and export control requirements
• To enforce our contractual rights and terms of business

6.1 Within Our Business

Personal data is accessible only to employees and authorised personnel who require it to perform their functions, subject to internal access controls and confidentiality obligations.

6.2 Service Providers and Processors

We engage third-party service providers for IT infrastructure, email delivery, CRM, accounting, payment processing, website analytics, and data enrichment. We execute Data Processing Agreements with all processors.

6.3 Legal and Regulatory Authorities

We may disclose data to competent authorities where required by law, court order, or regulatory requirement.

Personal data may be transferred to countries outside the EEA, including the UAE, Saudi Arabia, Qatar, Bahrain, Australia, and China. Where we transfer personal data outside the EEA, we rely on adequacy decisions, Standard Contractual Clauses, or other GDPR-approved mechanisms.

You may request further information by contacting us at anastasios@monosupplies.com.

We retain personal data for no longer than necessary for the purposes for which it was collected.

Our websites use cookies and similar technologies to operate, improve, and analyse our Services.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our websites and portal.

Depending on your location and applicable law, you have some or all of the following rights:

To exercise any of these rights, contact us as set out in Section 15. We will respond within one calendar month.

We implement appropriate technical and organisational measures to protect personal data, including:

• Encrypted data transmission (TLS/HTTPS) across all web properties
• Login-gated access controls for our procurement portal
• Access restrictions limiting data access to authorised personnel on a need-to-know basis
• Regular review of information security practices and third-party processor controls
• Contractual security obligations imposed on all data processors via DPAs

In the event of a personal data breach, we will notify the competent supervisory authority within 72 hours as required under the GDPR.

Our websites may contain links to third-party websites. This Privacy Policy does not apply to those third-party sites. We encourage you to review their own privacy policies before submitting any personal data.

Our Services are directed exclusively at businesses and business professionals. We do not knowingly collect or process personal data from individuals under the age of 16. If you believe we may hold data relating to a child, please contact us immediately.

We reserve the right to update or modify this Privacy Policy at any time. Where changes are material, we will provide prominent notice on our website and, where appropriate, notify you directly by email.

Your continued use of our Services after any changes constitutes acknowledgement of the updated Policy.

For any questions about this Privacy Policy, to exercise your data protection rights, or to report a potential privacy issue:

We aim to acknowledge all data-related requests within 5 business days and resolve them within 30 calendar days.