Privacy Policy

Updated on March 25th, 2021

 (hereinafter referred to as “Platform”, “we”, “our” and “us”) is always committed to maintaining the accuracy, confidentiality, and security of the Personal Data of each user and is a privacy conscious organization.

The term the “website” used in the present provisions is a reference to

The term “Services” means the technical and marketing services are being provided by Tossox Holdings Limited to enable and facilitate marketplace for Users of the Platform.

1. Information we may collect from you

Once you interact with the website, such as register your personal account on the Platform and use our Services via a browser on another electronic device, the Personal Data begins to be automatically obtained:

a.1) obligatory regarding a Customer:

*Please pay your attention to the following: we DO NOT STORE AND DO NOT HAVE AN ACCESS to your card expiry date, billing address and CV code. For Visa cards we DO NOT HAVE A FULL ACCESS to the card number (e.g. 1234 5678 **** **00).

a.2) optionally:

b.1) obligatory regarding an Expert:

* Please pay your attention to the following: we DO NOT STORE AND DO NOT HAVE AN ACCESS to your card expiry date, billing address and CV code. For Visa cards we DO NOT HAVE A FULL ACCESS to the card number (e.g. 1234 5678 **** **00).

b.2) optionally:

You may also provide us with other information through your personal account on the Platform by updating or adding information, through your participation in community discussions, online chats, dispute resolution, or when you otherwise communicate with us regarding our Services.

We also gather certain information in connection to your interaction with our Services automatically and store it in log files. This information may include:

2.  Cookies and Web beacons

We use Cookies, Web beacons and another similar technologies to gather information about the webpages you view, the links you click and other actions you may take when using our Platform.

Cookies” are small text files stored by your web browser when you use websites.

For more information about using Cookies and how you can control Cookies please review our Cookie Policy.

3. For what purposes we use your Personal Data?

We collect and use your Personal Data with your consent to provide you with access to the Platform and our Services, contact you about your account and our Services, and to detect, prevent, mitigate and investigate fraudulent or illegal activities. The personal information you submit to us may be used to manage our relationship with you, including any of your requests, or to customize or improve the Platform and related Services offered to you. In particular, but not limited to, we may gather your Personal Data for:

Subject to user’s prior consent cookies or other similar technologies may be used to provide you by electronic means with advertising and promotion materials based upon your browsing activities and interests (for more information see Cookie Policy).  You may at any time request that we discontinue sending you advertising and promotion materials, emails or other correspondence.

When we believe it is necessary to comply with applicable laws or to exercise or defend our legal rights or protect your legal interests or those of any third party, we may also disclose and transfer your Personal Data to our professional advisers, law enforcement agencies, insurers, government and regulatory authorities and other organizations, courts, pre-trial investigation institutions, or as otherwise required or permitted by applicable laws.

Personal Data collected for the purposes specified in this Privacy Policy shall not be processed in any way incompatible with these legitimate purposes or legal requirements: your Personal Data is used only for above mentioned purposes, unless it is required or permitted by law.

We may use technologies considered automated decision making or profiling implement and at the same time we implement and apply suitable measures to safeguard each User’s rights and freedoms and legitimate interests. For more information please review the User Agreement. We will not make automated-decisions about you that would legally or significantly affect you, unless we have your consent, or we are required by law to use such technology. Please take into account that we consider your consent to be explicitly given when you accept the Experthouse User Agreement.

4. Ways you can control processing and profiling of your Personal Data

For the purposes of this Provision the following definitions will be used:

«Controller» means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Your Personal Data Controller is Tossox Holdings Limited, a company incorporated under the laws of the Republic of Cyprus, with its registered address at Agias Philaxeos 131, office 301, 3083 Limassol, Cyprus. If you have any requests, questions or concerns about our use of your Personal Data and this Privacy Policy, please contact us at The person submitting the request must clearly indicate his/her full name and add a copy of his/her personal identification document or sign the request electronically.

The Controller is responsible for the collection, use, disclosure, retention and protection of your personal information.

«Processor» means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.

Being a Data Subject, each user has the following rights:

4.1 THE RIGHT OF ACCESS TO DATA: the right to obtain from the controller confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and the information about the purposes of the processing; the categories of Personal Data concerned; the recipients or categories of recipient to whom the Personal Data have been or will be disclosed; to obtain from Tossox Holdings Limited a copy of the Personal Data undergoing processing in accordance with the applicable law; the existence of automated decision-making, including profiling.

If any further copies of the Personal Data undergoing processing were requested, the Controller may charge a reasonable fee based on administrative costs.

4.2 THE RIGHT OF RECTIFICATION: the right to obtain from the Controller the rectification of inaccurate Personal Data concerning the User or to have the incomplete Personal Data completed by providing a relevant request. 

4.3 THE RIGHT TO BE FORGOTTEN / TO ERASURE: the right to obtain from the Controller the erasure of Personal Data concerning the User. Please note that the Controller shall have the obligation to erase Personal Data in the case of one of the following grounds applies:

- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- the User withdraws consent on which the processing is based and where there is no other legal ground for the processing;

- the User objects to the processing and there are no overriding legitimate grounds for the processing;

- the Personal Data have been unlawfully processed;

- the Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.

4.4 THE RIGHT TO RESTRICTION OF PROCESSING: the right to obtain from the Controller restriction of processing where one of the following applies:

- the accuracy of the Personal Data is contested by the User;

- the processing is unlawful and the User opposes the erasure of the Personal Data and requests the restriction of their use instead;

- the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;

- the User has objected to processing (including profiling)* pending the verification whether the legitimate grounds of the Controller override those of the data subject.

*if processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the Controller or by a third party

4.5 THE RIGHT TO OBJECT: the right to object to the processing of the Personal Data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.

4.6 THE RIGHT TO LODGE A COMPLAINT: the right to lodge a complaint with a supervisory authority in Cyprus – IDPC – Office of the Information and Data Protection Commissioner.

4.7. THE RIGHT TO DATA PORTABILITY: the right to receive the Personal Data concerning the User, which was provided by the User for the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the Personal Data have been provided.

4.8 The Controller shall provide information on action taken on a request to the User within one (1) month of receipt of the request. That period may be extended by two (2) further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the User of any such extension within one (1) month of receipt of the request, together with the reasons for the delay.

4.9 The consent the User gives us to the processing of the Personal Data is to be freely given. So each User has the right to withdraw his or her consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. We kindly ask you to note that after you withdraws your consent, you will not be able to use our Services and the Platform no more: it only happens because we need to collect your Personal Data to provide safe, quality and legally compliant services for you. If you do decide to withdraw your consent, please contact us at

4.10 Each User can contact regarding the described rights or by Customer Support phone 1-855-407-7728. In accordance with the obligation of the Controller to use all reasonable measures to verify the identity of an individual who send the request, Tossox Holdings Limited as the Controller will inquire the additional personal identifying information of you including, but not limited to, the number of your passport or ID card, the expiry date, the full name and surname, and the country and the date of issue.

5. Data Retention period

We retain personal information for as long as your account is active or as necessary for the duration of the purposes outlined in this Privacy Policy. Notwithstanding the duration of the purposes or the status of your account, we may retain your information if necessary to comply with our legal or professional obligations, enforce our agreements, or resolve disputes.

6. Children's privacy protection

We understand the importance of protecting children's online privacy. Our Platform is considered to be general audience and is not designed for or intentionally targeted at children under the age of 16. If a children has provided us with Personal Data without parental or guardian consent, the parent or guardian should contact to remove the information.

7. Third-party websites

We are not responsible for the protection of the User's privacy on websites of third parties, even if such websites are accessed by the User through links provided on this website. We recommend to review carefully privacy policies of each website different from

8. Legal basis

We collect and process Personal Data in accordance with Cyprus Data Protection Act, Chapter 440 of the Laws of Cyprus, the General Data Protection Regulation and other legal acts. All employees, agents and employees of the agents of Tossox Holdings Limited who know the secret of the Personal Data must keep it safe even after termination of the employment or contractual relationship.

For the purpose of the processing of the Personal Data, Tossox Holdings Limited may engage data processors and/or, at its sole discretion, hire other individuals to perform certain functions on behalf of Tossox Holdings Limited. In such cases, Tossox Holdings Limited shall take necessary measures to ensure that such Personal Data is processed by the Personal Data processors in accordance with instructions of Tossox Holdings Limited and applicable legislation. Tossox Holdings Limited shall also require the Personal Data processors to implement appropriate measures for the security of Personal Data. In such cases, Tossox Holdings Limited shall ensure that such engaged individuals will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.

Our legal basis to process your Personal Data depends on the Personal Data concerned and the specific context in which we collect it. We process your Personal Data only when the following applies:

- the User has given consent to the processing of his or her Personal Data for the purposes set forth herein and one or more specific purposes;

- processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract;

- processing is necessary for compliance with a legal obligation to which the Controller is subject;

- processing is necessary in order to protect the vital interests of the User or of another natural person;

- processing is necessary for the performance of a task carried out in the public interest;

- processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the User which require protection of Personal Data, in particular where the User is a child.

9. What measures do we apply for the information security?

We have in place reasonable commercial standards of technology and operational security and appropriate legal measures to protect all personal information provided by Users from unauthorized access, disclosure, alteration, risks of loss, misuse or unlawful erasure, as well as from any other unauthorized form of processing.

For registered Users of the Platform the Personal Data provided is protected by a password. We recommend that you do not disclose your password to anyone. If you share a computer with others, you should not choose to save your log-in information (e.g., user ID and password) on that shared computer. Remember to sign out of your account and close your browser window when you have finished your session.

We kindly ask you to note that we cannot guarantee the privacy or security of your Personal Data once you provide it for any third party and we encourage you to evaluate the privacy policy before deciding to share your Personal Data.

10. Disclosure of information to third parties

We may disclose and transmit (whether within or outside the jurisdiction of the Tossox Holdings Limited (that is the Controller) your Personal Data to our business partners, to hosting providers and SMS-providers engaged by us to assist us to provide Services for you or who otherwise process Personal Data for the purposes described in this Privacy Policy or notified to you when we collect your Personal Data.  Your personal information may also be disclosed to employers of the Tossox Holdings Limited and legal consultants in order to respond to your requests or inquiries.

We do not have an access to the full financial information provided by you entering in transaction (please see the provisions 1.a.1 and 1.b.1 of this Privacy Policy). The financial institutions you have chosen process and have an access to the full pack of your financial data you provided during the transaction.

Personal information may also be disclosed to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

All of these disclosures may involve the transfer of personal information to countries or regions without data protection rules similar to those in effect in your area of residence.

By providing information, you are consenting to the disclosures described above.

11. Changes to this Privacy Policy and future developments

We continually improve and update our Platform to enhance your experience and the Services we provide for you. As a result, our Privacy Policy continues to evolve. As soon as we implement new technology or provide new services, we will update our Privacy Policy accordingly. We encourage you to refer to this page on an ongoing basis for our most current Privacy Policy and practices.

If our information practices change at any time in the future, we will post the policy changes on this page including the effective date of the amended version of the Privacy Policy and such modified or amended Privacy Policy shall be effective as to you and your information as of that effective date. If we make any material changes we will announce it and notify you by means of a notice on this Platfrom’s website.

12. Final provisions

12.1 We may scan messages automatically and check for spam, viruses, phishing and other malicious activity, illegal or prohibited content or violations of our User Agreement, this Privacy Policy and the Cookie Policy.

12.2 We may process and retain your Personal Data on our servers and elsewhere in the world where our data centers are located.

12.3 These Privacy Policy provisions are subject to the law of the Republic of Cyprus. All the disputes regarding the provisions of this Privacy Policy shall be settled by negotiation and, in case of failure to resolve an issue by negotiation, the dispute shall be taken to courts of the Republic of Cyprus.

12.4 You can visit this website not providing any information about yourself, however, if you want to use the Services of the Platform, we will ask you to provide your Personal Data and to carry out established identification procedures. If you not register on the Platform, we do not collect your Personal Data, however, your Personal Data may be gathered by Google Analytics and Yandex Metrica.

12.5 By visiting our Platform and/or using the Services of the Platform, you acknowledge and confirm that you have read the Privacy Policy, understand it and agree with it. We kindly ask you to note that when visiting this website, you have a responsibility to make sure that you are familiar with the latest version of the Privacy Policy that applies to you at the time you are visiting the website.