Personal Data Privacy Policy

What is the purpose of this Personal Data Privacy Policy

This Privacy Policy is intended to provide you, with information on how Epic Ltd (“Epic”, “we”, “us” or “our”) collects, uses, discloses and processes your Personal Data when you use our services, products, websites and applications, and also to inform you about your rights under the national data protection law and Regulation (EU) 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data [General Data Protection Regulation (“GDPR”)].

Who we are

Epic Ltd is a private company registered under the laws of the Republic of Cyprus with registration number HE 141156, having its registered address at 16 Kyriakou Matsi Avenue, Eagle House, 10th floor, 1082 Agioi Omologites, Nicosia and its headquarters at 87 Kennedy Avenue, 1077 Nicosia, Cyprus. GoMo (EE59153) is a trading name of Epic Ltd.

We use third parties (agents and partners) who act on our behalf in:

• promoting and selling our products and services through our brands;
• concluding contracts with customers, including on-premises contracts, distance contracts (e.g., via telephone), and off-premises contracts (e.g., Door-to-Door); this also includes any actions before contract conclusion, such as completeness and validity checks, as well as quality control of the required documents.
• electronic identification of prepaid mobile phone holders (digital prepaid registration);
• contacting the customer and providing support;
• collecting information regarding your satisfaction with our products and services.

We have appointed a Data Protection Officer, and the contact details are as follows:

87 Kennedy Avenue, 1077 Nicosia, Cyprus, P.O. Box 20683 – CY 1662, email address: dpo@epic.com.cy, fax number 96969151.

What personal data are processed 

The Personal Data processed by us or our agents vary according to the interaction we have with you and the services/products we offer you. Personal Data may include, amongst others: 

• Customer Data - your name, surname, national identification number/passport number, email address, residence and billing address, contact number(s), payment records, invoices issued per service per month, details of authorised representatives per contract, direct debit details (where needed), debit or credit card details (where needed), any customer preferences (where needed), voice recordings, live chats history and complaints filed through Epic call center or through any one of our other support channels; 
• Data for identification of a prepaid mobile phone holder (through a physical store and/or electronic identification) – in addition to the data mentioned above, for purposes of electronic identification of prepaid mobile holders, the following are also collected - Photo, real-time selfphoto (selfie), biometric data (as resulting from the comparison of the photo of the identity card (and/or other identification document) with the selfie sent, metadata, results of document recognition and biometric comparison of the photos; 
• Traffic & location data, called subscriber number, date, starting time and duration of the calls made and/or the data volume transmitted, IP address, internet browsing, number of identification of subscriber devices, details of modem data, TV traffic data, Set Top Box data, TV channels and programs watched, Video on Demand (VOD) data, billing records;
• Mobile App data – Personal data required for the following Google Firebase services: Firebase Cloud Messaging services and Firebase Crashlytics, as set out in the Privacy Policy of Google Firebase found here, https://firebase.google.com/support/privacy;CCTV data - Closed Circuit Surveillance System processing in our premises (such as stores, office and other premises) where needed for security purposes. 

Personal data that may be processed by other controllers:

• Network optimization data - When installing the My Epic application, you may consent to the processing of network-related data by umlaut communications GmbH, Am Kraftversorgungsturm 3, 52070 Aachen, Germany for network optimization purposes. You may withdraw your consent at any time via the My Epic application. The controller for such data is umlaut communications GmbH, Am Kraftversorgungsturm 3, 52070 Aachen, Germany. Umlaut privacy policy.

Where do we collect the data, we process

We process Personal Data which we collect from you, in our stores, via our websites (including MyGoMo), our mobile apps (which you can download on iOS or Android), the electronic identification system of mobile phone holder, call center and eStore or via our agents and partners and through alternative sales channels such as Telesales and Door-to-Door.

We may also collect and process Personal Data which we lawfully obtain not only from you but from third parties such as credit reference agencies, or companies that process card payments.

What security measures are taken  

The security of your Personal Data is important to us. We take technical, contractual, administrative, and physical security actions to protect your Personal Data. Our employees with access to your Personal Data process those data in adherence with the principles set forth in this Privacy Policy and according to all applicable legislation.

What is the Purpose of Processing Personal Data and the Legal Basis of such processing 

Your Personal Data shall be processed by us, our agents and partners, solely for the purposes of: 

• providing services to you;
• subscriber billing and interconnection payments;
• managing your account and help you manage your account;
• getting in touch with you (e.g. if we need to tell you about any problems with a service);
• recovering any money you might owe us;
• maintaining our client relationship management systems;
• client support;
• checking your creditworthiness, credibility and payment integrity so we can assess and decide on whether we can provide products and services by instalments;
• resolving client complaints and handling requests and enquiries;
• initiating or participating in litigation procedures;
• conducting surveys about our products and services (e.g. for the quality and/or improvement of products/services and/or customer service)
• conducting investigations relating to disputes, billing, suspected illegal activities or fraud;
• processing of payment instructions, through direct debit facilities or through any other way of payment chosen by you and/or credit facilities requested by you;
• analysing your use of our products and services to help us improve, review, develop and efficiently manage the products and/or services offered to you;
• managing our network;
• helping you issue an insurance coverage for your device;
• your Personal Data may be shared with other network operators to enable the making and receiving of calls, and/or to investigate fraud. We may also need to give your Personal Data to emergency services;
• providing you with services via mobile apps such as My Epic app & TV Go by Epic, which you can download via Google Play Store (Android devices) or App Store (Apple devices). 

The above purposes of processing fall under one of the following legal basis:

• for the performance of a contract, processing of Personal Data is necessary in order for us to proceed in providing you with the products and services that you have requested.
• for compliance with a legal obligation, processing of Personal Data is necessary in order to comply with a provision contained in legislation to which we are subject.
• for the purposes of safeguarding legitimate interests, a legitimate interest is when we have a business or commercial reason to use your information, by respecting fundamental rights and freedoms.
• when you have provided your consent to us; in such a case the lawfulness of the processing is based on the specific consent you have provided. You have the right to withdraw your consent at any time, without affecting, however, processing already performed prior to the receipt of your revocation.  

Recipients of your Personal Data

All recipients of Personal Data act under strict contractual obligations which they have undertaken after signing the relevant agreements with us, requiring them to maintain the confidentiality of all Personal Data and to use such data solely for purposes related to the provision of our services and products.

Recipients of Personal Data include the following:

• our agents, partners and suppliers, enabling us to provide you with the products and services that you have requested timely and efficiently;
• other network operators;
• companies which provide us with support, analytics and maintenance of our applications, such as My Epic app & TV Go by Epic;
• authorised service centers for the repairing of devices sold by us;
• consulting, technical and support service providers;
• commercial and credit information providers;
• companies providing credit risk management, debt recovery and call center services;
• companies for the storing, managing and protecting information, as well as cloud storage companies;
• banking institutions and card payment processing companies;
• insurance companies;
• our external legal advisors;
• our accountants;
• any court, supervisory, or public authority as required by law;
• an acquiring entity, in connection with an Epic corporate re-organisation, merger or amalgamation, or a sale of all or a substantial portion of our assets, provided that the Personal Data disclosed continues to be processed only for the purposes permitted by this Privacy Policy and according to applicable legislation, by the entity acquiring the data;
• people or entities to which you have instructed us to disclose your Personal Data.

How do we transfer data about you

In some cases, Epic’s suppliers, subcontractors, and partners are established outside the EU and/or EEA. These partners are contractually bound to Epic through appropriate transmission tools that ensure the necessary security safeguards, maintain the confidentiality of Epic’s data and our customers’ Personal Data, and comply with the obligations of General Regulation 2016/679 (Articles 44 and 45).

How long we keep your Personal Data

We retain your Personal Data for the duration of the contract and/or for as long as we are required to perform the contract and/or as long as permitted by law. Upon expiration or termination of your contract with us and in the absence of any outstanding balances, legal disputes, claims or complaints on your behalf, your Personal Data may be retained for satisfying the requirements of the following laws:

• The Retention of Telecommunication Data for the Purpose of the Investigation of Serious Criminal Offences Law of 2007 (Law 183 (I) / 2007) for the purpose of criminal offences;
• The Limitation of Conduct Rights Law 2012 (Law 66 (I) / 2012) for the purpose of Court claims;
• The Value Added Tax Law of 2000 (95 (I) / 2000) and the Taxation and Collection of Taxes Act of 1978 (Law 4/1978) for the purpose of taxation;
• The Provision and Use of Payment Services and Access to Payment Systems Act of 2018 (Law 31 (I) / 2018) for the purpose of payments;
• Identification of SIM and/or eSIM Prepaid Mobile Telephony Service Subscriber Identity Card Holders and/or Users Act of 2024 (63(I)/2024).

The data collected and processed by us (or by our agents and partners) are retained in accordance with our data retention policy, and the periods are presented in the table below. After these periods have elapsed, the data is deleted and cannot be recovered in any way.

Category of data Retention Period

How we treat your Personal Data for marketing activities

We may process your Personal Data to inform you about our products, services and offers that may be of interest to you or your business.

The Personal Data that we process for this purpose consists of information you provided to us and data we collect when you use our services, e.g. from the use of your mobile plans. We study such information to form a view on what products may be of interest to you. We process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on our products and services.

We only use your Personal Data for the above purposes if you have provided your explicit consent or if it is in our legitimate interest to do so. You have the right to object at any time to the processing of your Personal Data for marketing purposes, by contacting Epic at 136 or by sending an email to dpo@epic.com.cy or, by visiting one of our stores and completing the Data Subject Request Form.

If you are a user of the GOMO plan, you can change your preferences via the MyGoMo portal or by contacting us through our website www.gomo.cy.

How do we use cookies

We use cookies on our website to manage sessions, provide personalised web pages, adjust advertising and other content to reflect your specific needs and interests in order to generally improve your user experience. Cookies can also be used to compile anonymous, aggregated statistics that allow us to understand how people use the site and help us to improve the structure and its content. These cookies do not store any Personal Data. More information on cookies can be found in the cookies policy on our websites (www.epic.com.cy and www.gomo.cy ).

Withdrawal of consent

Unless processing is necessary in order for us to proceed in providing you with the products and services that you have requested, you may withdraw your consent for data processing at any time. Possible withdrawal does not affect the lawfulness of processing based on consent before such withdrawal.

In order to exercise this right, you may contact us or send an email to dpo@epic.com.cy or visit an Epic store and complete the Data Subject Request Form. If you are GoMo plan user, you may contact us via MyGoMo portal.

What are your rights

According to GDPR, you have the following rights that you can exercise free of charge:

• right of access – You have a right to request a copy of the Personal Data we hold and be informed on how it has been processed.
• right to rectification - If you believe any of the Personal Data we hold about you is incorrect or inaccurate, you can request that we update it.
• right to erasure - In some circumstances, such as where we no longer have a justifiable reason to continue to process your data, you can request we delete it.
• right to restriction of processing – You have the right to request the restriction of processing of your Personal Data where the accuracy of the data is contested, when you consider the processing as unlawful but you do not wish the erasure of your data, when data are no longer needed for the purpose of processing but they are required by you for possible legal claims or when you have objected the processing pursuant to article 21(1) of GDPR.
• right to data portability - You have the right to receive the Personal Data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party.
• right to object - Where we are processing your Personal Data for the purposes of direct marketing, or any legitimate interests that we are relying upon, you can object at any time to this processing.

Epic is obliged to respond to your request in any case, within one month from the date of receipt of the request. This deadline may be extended by a further two months, if necessary, taking into account the complexity of the request and the number of requests. However, if this right is subject to exceptions, then the request may be rejected, and you will be informed of the reasons.

Exercising a data subject right

In case you wish to exercise any of your rights as they arise from the GDPR, you can do so by contacting us in the following ways:

• in any of our physical stores (https://www.epic.com.cy/en/stores),
• by calling our call center,
• through our live chat,
• via email from the Contact Us of My Epic App,
• via email from our website’s contact us, or
• through the DPO's office at the following email address: dpo@epic.com.cy
• If you are GoMo plan user, you may contact us only via the MyGoMo portal.

In all cases, for the execution of the request, it is understood that the data subject (or his/her authorised representative) will be identified with identification documents or information that you provided to us during the registration process for our services and the completion of the Data Subject Request Form. In addition, you may be asked to verify your email and/or registered contact number so that we can share this information with you electronically, ensuring that it will be shared with you in an encrypted and password-protected manner. Alternatively, you can pick them up from any of our stores.

If your Personal Data has been provided to us by a third party, you should contact that third party/organisation to submit such queries, complaints and/or requests.

Lodging of complaints

If you have a complaint, you can contact us. We will do our best to help but if you’re not satisfied with our response, you have the right to lodge a complaint with the supervisory authority, the Office of the Commissioner for Personal Data Protection, Kypranoros 15, Nicosia 1061, Cyprus, P.O. Box 23378, 1682 Nicosia, Cyprus, tel: +357 22818456, fax: +357 22304565, email: commissioner@dataprotection.gov.cy.

Changes to this Privacy Policy

We may, from time to time, change our Privacy Policy as new services are added or old ones changed. Changes will be effective when notice of those changes is posted on our website (www.epic.com.cy and www.gomo.cy). Please check this Privacy Policy regularly for updates.

Privacy Policy

Last updated: 02/12/2025

BUSINESS

• Small Business Solutions
• Medium & Large Business Solutions
• Contact us for your business needs

ABOUT

• News
• Company
• Our Awards
• Careers
• Pre-contractual Terms
• Terms & Conditions

eStore HELP

• Support
• Delivery Information
• Returns & Cancellations
• eStore Terms & Conditions
• Privacy Statement / Policy
• Cookie Policy
• Submit a Complain
• Contact Us

LOOKING FOR

• Devices
• Plans
• Services
• Stores
• e-Invoice
• Support

• Business
  • Business
  • Small Business Solutions
  • Medium & Large Business Solutions
• Devices
  • Phones
  • Tablets
  • Wearables
  • Networking
  • Accessories
• Plans
  • Mobile
  • Mobile Internet
  • Home Internet
  • TV
  • Pay As You Go
  • Epic One
  • Youth Offers
  • Renewals
• Services
  • Mobile
  • Fixed Telephony
  • Pay As You Go
  • Data Services
  • Apps
• Unlimited Online
• my epic app
• Payments & Top Up