Last updated: 26 April 2026. This page explains how Cava Robustos collects, uses, and protects your personal data when you visit shop.cavarobustos.com, place an order, or contact us.
1. Who we are
The website shop.cavarobustos.com is operated by:
Christofi General Importing LTD, trading as Cava Robustos
Tasou Markou 15, Paralimni 5281, Cyprus
Email: info@cavarobustos.com · Phone: +357 23 825838
We are the data controller for the personal data described in this policy, in the meaning of Regulation (EU) 2016/679 (GDPR) and the Cyprus Law 125(I)/2018 implementing it.
2. What data we collect
We only collect data that is strictly necessary for the purposes described below:
- Order data — first and last name, billing & shipping address, email, phone, items ordered, order total, payment method (cash on delivery), order date.
- Account data (only if you create an account) — username, hashed password, account preferences and order history.
- Communication data — the content of any email, phone call or web form you send us.
- Technical data — IP address, browser type, device type, pages viewed, referring URL, timestamps. This is collected automatically by our server logs and the cookies described in section 6.
- Cookie consent state — whether you accepted or rejected non-essential cookies (stored in your browser’s local storage).
We do not collect financial card details. Payment is on delivery; no card data is processed by this website.
3. Why we collect it (legal basis)
- Performance of a contract (Art. 6(1)(b) GDPR) — to fulfil your order, arrange delivery, handle returns, and provide after-sales service.
- Legal obligation (Art. 6(1)(c) GDPR) — to issue invoices, keep accounting records, and comply with Cypriot tax and consumer-protection law.
- Legitimate interests (Art. 6(1)(f) GDPR) — to keep our website secure, prevent fraud and abuse, and analyse traffic to improve our service. These interests are balanced against your privacy rights.
- Consent (Art. 6(1)(a) GDPR) — for non-essential cookies and any future marketing communications. You may withdraw consent at any time.
4. Who we share your data with
We never sell or rent your personal data. We share it only with the following categories of recipients, each of whom acts as a processor on our behalf under a written agreement:
- Zoho Corporation (Zoho Books, EU data centre) — we send your name, address, contact details and order line items to Zoho Books to issue invoices and keep accounting records. Zoho is GDPR-compliant and stores data in the EU.
- Our hosting provider — the website is hosted on infrastructure based in the European Union. The hosting provider may process server logs (including IP address) for security and operational purposes.
- Delivery partners — if your order is delivered by a courier, your name, shipping address and phone number are shared with the courier solely to deliver your order.
- Authorities — we may disclose data if compelled by a court order, the Cyprus Tax Department, or another competent authority.
5. How long we keep it
- Order and invoice records: 7 years (statutory minimum under Cypriot tax law).
- Account records: until you ask us to delete the account, or 3 years after your last login if longer.
- Server and security logs: up to 90 days.
- Marketing consent: until you withdraw it.
6. Cookies
This site uses two categories of cookies and similar technologies:
- Strictly necessary (no consent required) — cookies that keep your shopping cart contents, preserve your login session, and remember your cookie consent choice. Without these the shop cannot function.
- Optional (consent required) — if we add analytics or marketing tools in the future, they will only run after you click Accept all in the cookie banner. You can change your choice at any time by clearing your browser’s local storage for this site.
We do not currently use Google Analytics, Meta Pixel, or similar trackers.
7. International transfers
All processors we work with store and process data inside the European Economic Area (EEA). If a transfer outside the EEA ever becomes necessary, we will rely on Standard Contractual Clauses or another approved transfer mechanism under Chapter V of the GDPR.
8. Your rights
Under the GDPR and Cyprus Law 125(I)/2018 you have the right to:
- Access the personal data we hold about you and obtain a copy.
- Have inaccurate or incomplete data rectified.
- Have your data erased (“right to be forgotten”), subject to our legal retention obligations.
- Restrict or object to processing.
- Receive your data in a portable, machine-readable format.
- Withdraw any consent you have given, at any time.
- Lodge a complaint with the Cyprus supervisory authority — the Office of the Commissioner for Personal Data Protection (dataprotection.gov.cy).
To exercise any of these rights, email info@cavarobustos.com with the subject line “Data request”. We will respond within 30 days.
9. How we keep your data secure
The website is served over HTTPS with a valid TLS certificate. Personal data is stored in a database protected by access controls and regular backups. Administrative access is restricted to authorised personnel of Christofi General Importing LTD. Where credentials must be stored (such as Zoho API tokens), they are encrypted at rest using AES-256.
10. Children
We sell wine, spirits, tobacco and other age-restricted products. Our shop is intended for use by adults only. We do not knowingly process personal data of anyone under 18 years of age.
11. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top of the page reflects the latest revision. Material changes will be highlighted on the homepage for at least 14 days.
12. Contact
Questions about this policy or how we handle your data?
Christofi General Importing LTD — Tasou Markou 15, Paralimni 5281, Cyprus
info@cavarobustos.com · +357 23 825838
