Is Marotino GDPR compliant?

Yes. Marotino CY Ltd (Cyprus, EU) is the data controller for EU/EEA users and fully complies with GDPR (EU) 2016/679. We implement data protection by design, conduct privacy impact assessments, and notify authorities within 72 hours of a breach.

What personal data does Marotino collect?

We collect name, email, and message content when you contact us via web forms. We also collect anonymised analytics data (pages visited, device type) via cookie-consented tools. We do not sell personal data.

How do I submit a GDPR data subject request?

Email hello@marotino.com with your name and request type (access, deletion, rectification, portability). We confirm receipt within 24 hours and respond within 30 calendar days.

Trust Center

GDPR Compliance

Our commitment to protecting your data under the General Data Protection Regulation.

Last updated: April 3, 2026

Our Commitment

Marotino is fully committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We uphold the principles of data protection by design and by default across every aspect of our operations. Whether we act as a data controller (determining the purposes and means of processing your personal data) or as a data processor (processing data on behalf of our clients), we implement appropriate technical and organizational measures to ensure lawful, fair, and transparent processing of personal data.

We continuously review and improve our data protection practices to maintain the highest standards of privacy and security for our users.

Data Controller

The data controller responsible for your personal data depends on your geographic location:

EU, EEA & Middle East

Marotino CY LTD
Evripidou 9A
3031 Limassol, Cyprus
hello@marotino.com

Americas & Asia

Marotino INC
66 West Flagler Street
Miami, FL 33130, USA
hello@marotino.com

For users outside the EU/EEA whose data is processed by Marotino INC, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Legal Bases for Processing

We process personal data only when we have a valid legal basis under Article 6 of the GDPR. The legal bases we rely on include:

Consent (Art. 6(1)(a))

We obtain your explicit, informed consent before processing personal data for specific purposes, including analytics cookies and marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Performance of a Contract (Art. 6(1)(b))

We process personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes delivering our services, managing your account, processing payments, and providing customer support.

Legitimate Interest (Art. 6(1)(f))

We may process personal data based on our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include maintaining website security, analyzing performance, preventing fraud, and internal administration.

Legal Obligation (Art. 6(1)(c))

We process personal data where necessary to comply with a legal obligation, such as tax reporting and financial record-keeping.

Data We Process

We collect and process the following categories of personal data: contact form submissions (name, email, company, message content), website usage data (pages visited, device info), and cookie data (only non-essential cookies with your explicit consent).

Your Rights Under GDPR

If you are located in the EU/EEA, or if your data is otherwise subject to the GDPR, you have the following rights: right of access (Art. 15), right to rectification (Art. 16), right to erasure (Art. 17), right to restrict processing (Art. 18), right to data portability (Art. 20), right to object (Art. 21), and rights related to automated decision-making (Art. 22).

To exercise any of these rights, please contact our Data Protection Officer at hello@marotino.com. We will respond to all legitimate requests within 30 days.

Data Protection Officer

Data Protection Officer
Marotino CY LTD
Evripidou 9A
3031 Limassol, Cyprus
Email: hello@marotino.com

Data Processing Agreements

Marotino maintains Data Processing Agreements (DPAs) with all third-party sub-processors that handle personal data on our behalf. These DPAs ensure that our sub-processors are contractually bound to process personal data in accordance with the GDPR and implement appropriate security measures.

International Transfers

When personal data is transferred outside of the EU/EEA, we ensure that adequate protection is in place through the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or applicable adequacy decisions.

Data Breach Notification

In the event of a personal data breach, Marotino will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Art. 33), and will notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Art. 34).

Cookie Compliance

Marotino follows a consent-first approach to cookies. Non-essential cookies are blocked by default until you provide explicit opt-in consent. You can withdraw or modify your consent at any time through the cookie settings link in the website footer.

Supervisory Authority

As Marotino CY LTD is established in Cyprus, our lead supervisory authority is:

Commissioner for Personal Data Protection
Republic of Cyprus
Website: www.dataprotection.gov.cy

We encourage you to contact us first at hello@marotino.com so that we can address your concerns directly before you escalate to a supervisory authority.

Contact

Data Protection Officer
Email: hello@marotino.com

EU, EEA & Middle East

Marotino CY LTD
Evripidou 9A
3031 Limassol, Cyprus
hello@marotino.com

Americas & Asia

Marotino INC
66 West Flagler Street
Miami, FL 33130, USA
hello@marotino.com