Privacy Policy

Last Updated:  June, 1 2025

Welcome to Sushko Family Office LTD!

This Privacy and Cookie Policy (hereinafter “Privacy and Cookie Policy”) constitutes an agreement between  Sushko Family Office LTD, (hereinafter - “Company”, “We”, “Our”, “Us”) and a capable natural person (hereinafter “User”, “You”, “Your”), who uses Our website sfo.global (hereinafter “Website”) according to the Terms and Conditions, in regard to Your Personal Data Processing.

You agree that by accessing the Website, You have read, understood, and agreed to be bound by this Privacy and Cookie Policy. If You do not agree with this Privacy and Cookie Policy, You are expressly PROHIBITED from accessing the Website. 

Supplemental Terms and Conditions that may be posted on the Website are hereby expressly incorporated herein by reference.

1. DEFINITIONS

  1. Consent. Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes, signifies agreement to the Processing of Personal Data relating to the Data Subject.
  2. Cookies. Small text files that websites store on Your device (computer, phone, or tablet) during Your visit. They help remember Your preferences, settings, and enhance website functionality by providing a more personalized experience. Some Cookies are essential for the Website to operate, while others are used for analytics, advertising, and improving Your interactions.
  3. Controller. Sushko Family Office LTD as a company which determines the purposes and means of Processing Your Personal Data.
  4. Co-Controller. The natural or legal person (and others) who determines the purposes and means of Processing with another controller.
  5. Data Protection Authority (DPA). The public organization or governmental body that protects the Data Subjects from unlawful Processing and supervises the application of the data protection laws.
  6. Data Subject. The natural person whose Personal Data is processed. In the context of this Privacy and Cookie Policy, this refers to You, the User of Company’s Website.
  7. Legal Ground for Processing. One of the legally defined grounds for which the Processing of Personal Data is permitted. There are the following grounds:
  • Consent;
  • Legitimate interest (e.g., for analytics and improvement of the Website);
  • Obligation (e.g., compliance with tax laws).
  1. Personal Data. Any information relating to an identified or identifiable Data Subject.
  2. Personal Data Breach. A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
  3. Processing. Any action or set of actions with Personal Data.
  4. Processor. The natural or legal person, who processes Personal Data on behalf of the Controller.
  5. Profiling. Any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a Data Subject to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  6. Third Party. Any person or entity, except the subject of Personal Data, the Controller or Processor and the Data Protection Authority, to whom the Controller or Processor transfers Personal Data.
  7. Any other terminology used in this Privacy and Cookie Policy but not defined herein has the meaning provided for in the Terms and Conditions.

2. Data Subject’s Rights

  1. You have the following rights regarding the Personal Data:
  2. Right to Access Personal Data. You can receive information regarding specific Personal Data the Company has collected about You, as follows:
    • Purpose of the Processing;
    • Categories of Personal Data concerned;
    • Recipients of categories of recipients to whom the Personal Data has been, or will be, disclosed;
    • The envisaged period for which the Personal Data will be stored, or the criteria used to determine that period;
    • The existence of the right to rectification, erasure, or restriction of Processing Personal Data concerning You or to object to such Processing;
    • The right to lodge a complaint with a DPA;
    • Where Personal Data is not collected from You, any available information as to the source;
    • The existence of any automated decision-making, including profiling, as well as the significance and envisaged consequences of such Processing for You;
    • Where Personal Data is transferred outside of the EEA (which consists of EU member states and Iceland, Lichtenstein, and Norway), You have the right to request information about the appropriate safeguards in place, including transfers to US. companies under the EU-US Data Privacy Framework.
  3. Right to Rectification of Personal Data. You can request that We correct Your Personal Data if it has been changed or incorrectly collected.
  4. Right to Erasure (Deletion) of Personal Data. You can request that We delete Personal Data, such as when it is no longer needed for the purposes for which it was collected and there is no other legal ground for the Processing.
  5. Right to Restrict Processing of Your Personal Data. You can request a restriction on Processing Your Personal Data under certain conditions, such as when the accuracy of the data is contested, or the Processing is unlawful.
  6. Right to Personal Data Portability. You can receive Personal Data in a human and machine-readable format for transmission to another controller, where technically feasible.
  7. Right to Object. You can object to Personal Data Processing, for example, if Personal Data is processed for marketing purposes, unless we need this Personal Data for Our legitimate interest.
  8. Right to Reject Automated Individual Decision-Making (Profiling). You can have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects.
  9. Right to Withdraw Consent. You can withdraw Your Consent for Personal Data Processing if the Company uses Consent as the ground for Processing.
  10. Right to Opt-Out from Marketing/Send Out. You can withdraw Your Consent on Personal Data Processing for marketing and send-out purposes.
  11. Right to Ask a Question and/or Make a Claim on Data Processing. You are allowed to ask the Company any question according to Personal Data Processing or privacy legislation.
  12. Please bear in mind that if You exercise such rights this may affect Our ability to provide You with Website.

3. Data Subject’s Rights Enforcement

  1. You can enforce Your rights regarding Your Personal Data by contact Us.
  2. Types of Requests. You can make requests related to any rights provided for in Sections II and III of this Privacy and Cookie Policy.
  3. Response Time. Upon receipt of Your request, We will acknowledge it and respond within 30 calendar days. In some cases, mainly if Your request is complex, We may extend this period by up to an additional 60 calendar days. If an extension is necessary, We will notify You of the reason and the expected timeframe within the first 30 calendar days.
  4. Identity Verification. To protect Your Personal Data, We may ask for additional information to verify Your identity before processing Your request. This is to ensure that Your Personal Data is not disclosed to unauthorized parties.

4. Consent

  1. Your Consent plays a key role in how We process Your Personal Data. By using Our Website or by explicitly agreeing to certain types of Personal Data Processing. You give Us permission to handle Your Personal Data under the following conditions stated herein.
  2. Obtaining Consent. We will always seek Your explicit Consent when Processing Your Personal Data for purposes that are not based on other legal grounds, such as the fulfillment of a contract or a legitimate interest. For example, You will be asked to provide Consent for receiving marketing e-mails.
  3. Right to Withdraw Consent. You have the right to withdraw Your Consent at any time. Once Consent is withdrawn, We will cease Processing Your Personal Data for the specific purpose to which Your Consent is applied. Withdrawal of Consent does not affect the lawfulness of Processing carried out before the withdrawal. You can withdraw Your Consent by:
    • Contacting Us directly through the methods listed in this Privacy and Cookie Policy.
    • Following the unsubscribe or opt-out instructions provided in Our communications (e.g., marketing e-mails).
  4. Impact of Withdrawing Consent. Withdrawing Consent for certain types of Processing (such as marketing communications) will not affect Your ability to use the Website. However, some features, such as personalized advertisements, may no longer be available if Consent is withdrawn.

5. Personal Data

  1. The Company processes Your Personal Data when You interact with the Website. The following Section describes how and why We collect, use, and store Your Personal Data:
  2. User’s Website Visit. When You visit the Website, You give Us the Personal Data under the following conditions:
    • Personal Data. When You visit the Website, We collect Your IP address and Cookies.
    • Purpose of Collection. To load the Website accurately and conduct analytics on how the Website is used.
    • Source of Collection. Collected automatically when You access Our Website.
    • Legal Ground. Legitimate interest and/or Consent.
    • Retention Period. We retain Personal Data collected during Your visit to Our Website for as long as necessary to fulfil the purpose of optimizing the Website's performance, ensuring security, and conducting analytics. Once these purposes are fulfilled, the Personal Data will be deleted unless it is required for statutory retention obligations or for evidence purposes during statutory limitation periods.
  3. User’s Contact the Support and/or Contact Form. When You contact Us, You give Us Your Personal Data under the following conditions:
    • Personal Data collected. It depends on a case-by-case basis but can include name, e-mail, phone number, Application-related documents (CV, cover letters) and any other Personal Data You provide in Your request.
    • Purpose of collection. To respond to Your emails, inquiries, provide support, information and improve Our Website
    • Source of collection. This Personal Data is collected directly from You when You reach out to customer support.
    • Legal ground. Consent.
    • Retention Period. We retain Your Personal Data for as long as necessary to address Your inquiries and provide support in accordance with Our contractual obligations. Once the inquiry is resolved and there is no further need for the Personal Data, We delete it unless We are required to retain it for legal purposes, such as statutory limitation periods or to comply with retention obligations related to consumer protection laws.
  4. Other Processing Conditions. These are other conditions apply to Your Personal Data Processing:
  5. Data source. We process Personal Data that You provide to Us directly or that We collect automatically during Your use of Our Website. If We process Personal Data from Third Parties in the future, We will notify You accordingly.

6. Cookies

1. To ensure the proper functioning of Our Website, We use Cookies to store information. Cookies serve various purposes, including:

  • Web analytics;
  • Tracking your shopping cart;
  • Maintaining site settings and preferences.

2. By using Our Website, You consent to Our use of Cookies for current and future sessions. You may choose to disable Cookies in your web browser; however, please note that certain functionalities of the website may become limited or non-functional without Cookies enabled.

7. Personal Data Transmission and Storage

  1. Transmission in General. We may transmit Your Personal Data to Processors, Co-Controllers, and Third Parties in accordance with this Privacy and Cookie Policy and applicable data protection laws. These transmissions are conducted for the purposes of operating the Website or if based on Our legitimate interest.
  2. Transmission in Specific Situations. We may transfer Your Personal Data based on the following legal grounds:
    • Adequacy Decision: Transfers under the EU-US Data Privacy Framework, which is recognized by the European Commission as providing an adequate level of protection.
    • Standard Contractual Clauses: In cases where the EU-US Data Privacy Framework does not apply, We use EU-approved Standard Contractual Clauses to ensure that Your Personal Data is protected.
  3. Legal Obligations: We may also share Your Personal Data with law enforcement agencies, courts, or other governmental authorities if We are legally required to do so. This includes cases where We believe it is necessary to comply with a legal obligation or to protect the rights, property, or safety of the Company, Our Users, or public order.

8. List of Processors

  1. We may share Your Personal Data with Third Parties (Processors) for the purposes of providing access to Website to You.
  2. Below is a list of the key Processors We work with:
Processor Software Purpose Privacy Policy
Google Google Analytics Website analytics Google Privacy Policy

9. List of Co-Controllers

  1. In some instances, the Company may share Your Personal Data with Co-Controllers. These are Third Parties with whom We jointly determine the purposes and means of Personal Data Processing.
  2. Below is a list of the key Co-Controllers We work with:
Co-Controller Software Purpose Privacy Policy
Google Google Ads Advertising and remarketing campaigns Google Privacy Policy
Google Google Workplace Sending and storage of messages received from website Google Privacy Policy

3. These Co-Controllers collaborate with Us for specific Personal Data Processing. We may share Your Personal Data with other Co-Controllers when it is necessary to provide You with the Website.

10. Advertising

  1. We may use Your Personal Data for advertising and marketing purposes, both directly and through Third Party platforms. Below are the ways in which Your Personal Data may be used for advertising:
  2. Direct Marketing. With Your Consent, We may send You e-mails for promotional purposes. You can unsubscribe from these communications at any time by following the instructions provided in the e-mails or by contacting Us directly.
  3. Targeting Marketing. We may use targeted marketing campaigns through Third Party services, such as Google Ads, to deliver personalized advertisements to You. This is done with Your Consent, and We may use the following types of Personal Data for targeting:
    • Name and contact details (e.g., e-mail),
    • Interests and behaviors (based on browsing activity),
    • Information about Your interactions on the Website.
  4. Basis of Targeting Marketing. When We collaborate with Third Party platforms (e.g., Google Ads) for targeted marketing, they may process Your Personal Data in accordance with their own privacy policies. You can manage Your preferences and opt out of targeted ads via the settings on these platforms.
  5. Right Exercise on Targeted Marketing. You have the right to opt out of receiving targeted advertisements and marketing communications. You can manage Your advertising preferences directly through the platform settings (e.g., Google, Linkedin) or contact Us to exercise Your rights.

11. Other Processing

  1. Profiling. The Company does not currently use any automated Processing that results in decisions based solely on automated means (including profiling) that produce legal effects or significantly affect You.
  2. Selling Personal Data. We do not sell Your Personal Data to Third Parties. Any transfer of Personal Data to Third Parties is strictly for the purposes outlined in this Privacy and Cookie Policy and with Your explicit Consent when required.

12. Minors

  1. We do not knowingly collect Personal Data from minors under 18 years of age.
  2. If You believe We have collected Personal Data from a minor, please contact Us and We will take immediate actions to delete the collected Personal Data.

13. Personal Data Protection

  1. We take the security of Your Personal Data seriously and implement various technical and organizational measures to protect it from unauthorized access, loss, or misuse. These measures include:
    • Training employees in cyber security and data privacy;
    • Employees distribute access to Personal Data;
    • Integration with Third Party’s software through official APIs;
    • Strong password requirements.

14. Data Breach Notification

  1. We take Personal Data Breaches seriously and follow strict procedures in the event of a Personal Data Breach. If the Personal Data Breach occurs, We will take the following steps:
  2. Response Team. If the Personal Data Breach is detected, a team consisting of specialists, including external specialists, and the management of the Company must be established. The team should deal with eliminating Personal Data Breach and/or minimizing any consequences. One of the authorized members of the group shall alert the DPA about the Personal Data Breach, and, if necessary or required, also Data Subjects.
  3. Notifying the DPA. The DPA must be informed through any designated by the DPA means of communication within 72 hours after the occurrence of the Personal Data Breach with the following information: 
    • The nature of the Personal Data Breach.
    • Data Subjects impacted by the Personal Data Breach.
    • The name and contact details of the responsible person from whom more can be obtained more information.
    • The possible consequences of the Personal Data Breach.
    • The measures taken or proposed to address the Personal Data Breach. 
  4. Notifying You. If the Personal Data Breach may lead to a violation of Your rights and freedoms or has a high risk of this, We shall immediately inform You in any possible means of communication, in particular the e-mail of the fact of the Personal Data Breach and report the following information:
    • The nature of the Personal Data Breach.
    • The name and contact details of the responsible person from whom more can be obtained more information.
    • The possible consequences of the Personal Data Breach. 
    • The measures taken or proposed to address the Personal Data Breach.
    • The measures on how to reduce the risks of the Personal Data Breach. 
  5. We will always aim to take immediate action to minimize the impact of any Personal Data Breach and ensure that Your Personal Data is protected.

15. Governing Law and Dispute Resolution

  1. This Privacy and Cookie Policy will be governed in accordance with the laws of the Republic of Cyprus.
  2. In the event of a dispute, before initiating any formal legal proceedings, we ask that you contact us directly to seek a resolution. We will endeavour to respond to your concerns promptly and resolve any complaints to your satisfaction.
  3. Any dispute arising out of or in connection to this Privacy and Cookie Policy, shall be subject to the exclusive jurisdiction of the competent courts of the Republic of Cyprus.

16. Miscellaneous

  1. Effective date. This version of the Privacy and Cookie Policy is valid from the Effective date specified above.
  2. Changes. We may make changes from time to time without Your Consent. The new version will be valid from the time of the changes noted at the beginning of this Privacy and Cookie Policy.
  3. Assignment. You cannot transfer or give away Your rights and responsibilities under this Privacy and Cookie Policy without Our permission. If You try to do so, it will be invalid. We can give Our rights and responsibilities under this Agreement to someone else without asking for Your permission.
  4. Headings. The headings in this Privacy and Cookie Policy are just to help You understand what each section is about, and they will not change the meaning of anything. When We use words like "including" or "such as," it does not mean that we have listed everything that could be included.
  5. Severability. If any provision of this Privacy and Cookie Policy is held to be invalid or unenforceable, that provision will be deemed severable, and the remaining provisions will continue in full force and effect. The invalid or unenforceable provision will be replaced by a valid and enforceable provision that accomplishes the same purpose as the original provision, to the extent possible.
  6. Languages. This Agreement is available in English.

17. Support

  1. How You Can Contact Us. If You have any questions regarding this Privacy and Cookie Policy, how Your Personal Data is Processed, or if You would like to exercise any of Your rights, You can contact Us via the following methods:
    • Sushko Family Office
    • Registration number:
    • Email: info@sfo.global
    • Phone: +357 240 21 831
    • Address: Stratigou Timayia 15, Linda court, 6st floor, 6051, Larnaca, Cyprus
  2. Support Terms. We strive to deal with all inquiries or complaints as soon as possible. Our team will provide You with a response within 30 (thirty) calendar days of receiving Your enquiry or complaint.
  3. Contact Our Processors and Co-Controllers. You can make inquiries or complaints to Our Processors and Co-Controllers via any available means of contact on their websites. The timing and procedure for responding depend on the internal policies of Our Processors and Co-Controllers.
  4. Contact DPA. For further assistance, You may contact DPA.