Last Updated: January 26, 2026
We take the protection of your personal data very seriously. This summary explains in simple terms how we handle your data to comply with European data protection laws (GDPR).
Who is responsible for your data? J.H. MOLA Business Support Ltd. is the company responsible for your data. You can reach us at [email protected].
What data do we collect and why? We only collect the data we need to provide our services to you, operate our website, and communicate with you. This includes your name, email, and payment information. We always need a legal reason to process your data, such as your consent or a contract with you.
Where is your data stored? Our CRM and marketing platform is provided by GoHighLevel, a US-based company. This means your data is processed on servers in the United States, hosted on Google Cloud and Amazon Web Services. To legally transfer your data, we use the EU-U.S. Data Privacy Framework (for which our provider is certified) and Standard Contractual Clauses. Our provider also has an ISO 27001 certification for their security management system.
How long do we keep your data? We only keep your data for as long as we need it for the purpose it was collected, or as long as the law requires (for example, for invoices).
What are your rights? You have several rights over your data:
•You can ask for a copy of your data.
•You can ask us to correct or delete your data.
•You can object to us using your data.
•You can withdraw your consent at any time.
To use these rights, just email us at [email protected].
Cookies: We use cookies on our website. For any cookies that are not strictly necessary, we will always ask for your permission first.
Complaints: If you are unhappy with how we handle your data, you have the right to complain to a data protection authority.
This is just a summary. For full details, please read our complete Privacy Policy:
This Privacy Policy outlines how J.H. MOLA Business Support Ltd. ("MOLA," "we," "us," or "our") collects, uses, processes, and protects the personal data of our users, clients, and website visitors. This policy is designed to be compliant with the European Union's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
This policy applies to all personal data processed by us through our website, services, and in the context of our business relationship with clients, including the collaboration between SSI GmbH and MOLA Business Solutions.
The controller responsible for the processing of your personal data is:
J.H. MOLA Business Support Ltd.
Christou Kefaloniti 15a
8025 Paphos, Cyprus
Email: [email protected]
We have appointed a Data Protection Officer to oversee our data protection strategy and implementation to ensure compliance with GDPR requirements. You can contact our DPO at:
Email: [email protected]
(Note: Under German law (BDSG § 38), a DPO is mandatory if, as a rule, at least 20 persons are permanently involved in the automated processing of personal data.)
We process your personal data for specific purposes and only when we have a valid legal basis to do so under Article 6 of the GDPR. Below is a table detailing our processing activities:
Purpose of Processing
Types of Personal Data Processed
Legal Basis (GDPR Art. 6)
Providing and Managing Our Services
Name, email, phone number, company details, billing information, usage data
Art. 6(1)(b) - Performance of a contract
Website Operation & Security
IP address, browser type, operating system, access times
Art. 6(1)(f) - Legitimate interest (ensuring website stability and security)
Marketing & Communication
Name, email address, communication preferences
Art. 6(1)(a) - Consent (for newsletters) or Art. 6(1)(f) - Legitimate interest (for existing customer relationships)
Analytics & Improvement
Anonymized usage data, cookies, device information
Art. 6(1)(a) - Consent (for non-essential cookies)
Compliance with Legal Obligations
Transaction data, identity verification data
Art. 6(1)(c) - Compliance with a legal obligation
To provide our services, we rely on third-party service providers who act as data processors on our behalf. Our primary data processing infrastructure, provided by GoHighLevel, is hosted on leading cloud platforms, specifically Google Cloud Platform (GCP) and Amazon Web Services (AWS). The entire infrastructure resides in the United States. A full list of sub-processors engaged by GoHighLevel is maintained and available on their website. All sub-processors, with the exception of a support affiliate in India, are located in the United States, meaning all personal data is processed within these regions.
•GoHighLevel, Inc. / LeadConnector LLC: A US-based company providing the core CRM and marketing automation platform.
We have entered into a Data Processing Agreement (DPA) with GoHighLevel that complies with Article 28 of the GDPR. This DPA ensures that your data is processed only on our instructions and is subject to strict confidentiality and security obligations.
Your personal data will be processed on servers located in the United States. This constitutes a transfer of data outside the European Economic Area (EEA).
To ensure that your personal data is protected to a standard equivalent to that in the EU, we rely on the following safeguards:
1.EU-U.S. Data Privacy Framework: Our processor, GoHighLevel/LeadConnector, is certified under the EU-U.S. Data Privacy Framework (including the UK and Swiss extensions), which has been recognized by the European Commission as providing an adequate level of protection for personal data.
2.Standard Contractual Clauses (SCCs): In addition to the DPF, our DPA with GoHighLevel incorporates the latest Standard Contractual Clauses approved by the European Commission.
3.Transfer Impact Assessment (TIA): We have conducted a Transfer Impact Assessment (TIA) to evaluate the legal framework and surveillance practices in the United States. We have concluded that, with the combination of the DPF, the SCCs, and the additional technical and organizational measures implemented by our processor (such as ISO 27001 certification and robust encryption), an adequate level of protection for personal data is ensured.
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The criteria used to determine our retention periods include:
•Contractual Obligations: Data related to client accounts is retained for as long as you remain an active customer. Please note that our underlying platform provider, GoHighLevel, does not currently provide the ability to define custom data retention policies. Upon termination of your account, we will delete your data in accordance with our standard procedures, typically within 6-12 months, unless longer retention is required by law.
•Legal Requirements: Invoicing and financial data is retained for up to 10 years as required by Cypriot and German commercial and tax law.
•User Consent: Data processed based on your consent (e.g., newsletter subscriptions) is retained until you withdraw your consent.
•Server Logs: IP addresses in server logs are retained for a short period (typically 7-14 days) for security analysis and then deleted or anonymized.
Under the GDPR, you have the following rights regarding your personal data:
•Right of Access (Art. 15): You have the right to obtain a copy of your personal data and information about how we process it.
•Right to Rectification (Art. 16): You have the right to have inaccurate personal data corrected without undue delay.
•Right to Erasure ('Right to be Forgotten') (Art. 17): You have the right to have your personal data erased under certain conditions.
•Right to Restriction of Processing (Art. 18): You have the right to request the restriction of processing of your personal data.
•Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
•Right to Object (Art. 21): You have the right to object to the processing of your personal data, particularly for direct marketing purposes.
•Right to Withdraw Consent (Art. 7): Where processing is based on consent, you have the right to withdraw your consent at any time.
•Rights related to Automated Decision-Making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
To exercise any of these rights, please contact us at [email protected] or our DPO at [email protected].
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. The lead supervisory authority for MOLA is:
The Office of the Commissioner for Personal Data Protection1 Iasonos Street, 1082 Nicosia, Cyprus
For clients and data subjects residing in Germany, you also have the right to lodge a complaint with your local German data protection authority.
We use cookies on our website. Cookies are small text files stored on your device. We distinguish between:
•Essential Cookies: Necessary for the website to function properly. These are processed based on our legitimate interest (Art. 6(1)(f) GDPR).
•Non-Essential Cookies (Analytics, Marketing): These are only used with your explicit and informed consent (Art. 6(1)(a) GDPR), which we obtain via a cookie consent banner. You can manage or withdraw your consent at any time through our cookie settings.
We and our data processor, GoHighLevel, have implemented comprehensive technical and organizational security measures to protect your personal data. These measures are detailed in GoHighLevel's Security and Compliance Overview and include:
•Encryption: All data is encrypted in transit using TLS 1.2 or higher with 2,048-bit keys. Data at rest is encrypted using AES-256 encryption.
•Key Management: Encryption keys are securely managed in a hardened Key Management System (KMS) with regular rotation.
•Access Controls: Granular, role-based access controls are enforced to ensure that access to personal data is strictly limited to authorized personnel on a need-to-know basis.
•Certifications: Our processor, GoHighLevel, maintains an ISO 27001 certification, demonstrating a commitment to internationally recognized security standards.
•Physical Security: The physical security of the data centers (operated by AWS and GCP) is managed by our cloud providers, who maintain extensive security and compliance programs (e.g., SOC 2 Type 2, ISO 27001).
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date.