1. Who We Are
M.I.I Asset & Operations Management L.T.D ("M.I.I", "we", "us", "our") is an independent asset and operations management firm registered in Cyprus (Registration No. HE 489505), headquartered at Agias Lavras 7, Aradippou, 7204, Larnaca, Cyprus. This Privacy Policy explains how we collect, use, and protect personal data obtained through this website (www.mii-management.com) and our contact channels.
2. Data We Collect
We may collect the following categories of personal data:
- Contact information — name, email address, and any phone number submitted via our contact form or email correspondence.
- Enquiry content — property details and operational information you choose to share when contacting us.
- Technical data — IP address, browser type, and pages visited, collected automatically by our hosting provider's server infrastructure for performance monitoring purposes (see Section 4).
We do not collect sensitive personal data (as defined under GDPR Article 9). We do not operate advertising networks or deploy tracking cookies of our own.
3. How We Use Your Data
Personal data is used exclusively to:
- Respond to your enquiries and evaluate potential engagements.
- Communicate updates relevant to a confirmed mandate or ongoing relationship.
- Comply with applicable legal and regulatory obligations.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Data Processors
Web3Forms — When you submit the contact form, your name, email address, and message are transmitted to Web3Forms (web3forms.com), a third-party form processing service. Web3Forms acts as a data processor on our behalf and may process data on servers located outside the European Economic Area. Appropriate safeguards are in place in accordance with GDPR Chapter V. See the Web3Forms Privacy Policy.
GoDaddy / Secureserver.net — This website is hosted on GoDaddy's shared hosting platform. GoDaddy automatically injects a performance monitoring script into all pages hosted on their platform. This script connects to secureserver.net and may collect technical performance data (page load times, server response metrics). This is a hosting-provider function we cannot disable at the website level. See GoDaddy's Privacy Policy for details.
All fonts used on this website are self-hosted. No requests are made to Google Fonts or any other font CDN, meaning no personal data is transferred to font providers during normal page loading.
5. Legal Basis for Processing
We process personal data on the basis of:
- Consent (GDPR Art. 6(1)(a)) — when you submit the contact form and tick the GDPR consent checkbox.
- Legitimate interests (GDPR Art. 6(1)(f)) — responding to business enquiries and maintaining our website infrastructure.
- Legal obligation (GDPR Art. 6(1)(c)) — where required by applicable law.
6. Cookies & Local Storage
This website stores one item in your browser's localStorage: a key named cookieConsent that records whether you accepted or declined our cookie notice. This item contains no personal data and is not transmitted to any server. It is a strictly necessary functional preference and is exempt from the prior-consent requirement under the ePrivacy Directive. For full details, see our Cookie Policy.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Enquiry data not resulting in a confirmed engagement is deleted within 24 months. You may request earlier deletion at any time (see Section 8).
8. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data ("right to be forgotten").
- Restriction — request that we restrict processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at maroun@mii-management.com. We will respond within 30 days. You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection: www.dataprotection.gov.cy.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including HTTPS encryption for all data in transit and restricted access to contact data.
10. International Transfers
Where personal data is transferred outside the European Economic Area (e.g. via Web3Forms), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, in accordance with GDPR Chapter V.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this page periodically.
12. Contact & Data Controller
M.I.I Asset & Operations Management L.T.D is the data controller responsible for your personal data. For any privacy-related questions or to exercise your rights:
Email: maroun@mii-management.com
Address: Agias Lavras 7, Aradippou, 7204, Larnaca, Cyprus