Website Privacy Policy and Cookie Notice

Version: 1.0
Last updated: May 24, 2026
Effective date: May 24, 2026

 

This Website Privacy Policy and Cookie Notice (“Policy”) explains how Extensionsforce Limited, trading as Extensions Lab, located at Gkoura 6, 4040 Germasogeia, Limassol, Cyprus (“Extensions Lab”, “we”, “us”, or “our”), collects, uses, discloses, stores, protects, and otherwise processes personal data of visitors to our website and people who contact us through our website.

 

This Policy applies to our website:

https://www.extensions-lab.com

and to website-related activities such as Contact Us forms, demo requests, partner inquiries, newsletter sign-ups, support links, website analytics, cookies, and similar online interactions.

This Policy does not govern the processing of customer data inside our Microsoft Dynamics 365 Business Central applications. Product-related privacy and data processing are covered by our separate Privacy Policy and Data Processing Addendum for Extensions Lab Business Central Apps.

 

1. Who We Are

 

The controller responsible for this website is:

Extensionsforce Limited
Trading as Extensions Lab
Gkoura 6, 4040 Germasogeia
Limassol, Cyprus

Website: https://www.extensions-lab.com
General contact: info@extensionsforce.com
Support contact: support@extensionsforce.com
Privacy contact: info@extensionsforce.com

If we publish a dedicated privacy email address on our website, you may also use that address for privacy-related requests.

We have not appointed a statutory Data Protection Officer unless expressly stated on our website. We have designated an internal privacy contact to handle privacy and data protection requests.

 

2. Scope of This Policy

​

This Policy applies when you:

1. visit our website;

2. submit a Contact Us form;

3. request a demo;

4. request information about our products;

5. contact us about partnership, CSP resale, implementation, or reseller opportunities;

6. subscribe to marketing or newsletter communications;

7. communicate with us through email, chat, website forms, or meeting links;

8. interact with our website cookies, analytics, or tracking technologies;

9. access website pages about our products, documentation, pricing, support, or partner programs.

 

This Policy does not apply to:

1. Microsoft Dynamics 365 Business Central;

2. Microsoft AppSource or Microsoft Marketplace;

3. Microsoft 365, Microsoft Azure, Microsoft Entra ID, Microsoft Partner Center, or CSP services;

4. third-party websites linked from our website;

5. third-party services not owned or controlled by us;

6. customer data processed inside our Business Central applications.

 

Those services are governed by their own privacy policies and terms.

​

3. Difference Between Website Privacy and Product Privacy

​

This website Policy covers data collected through the public website and website communications.

Our separate product privacy documentation covers data processed in connection with our Business Central applications, including product telemetry, Microsoft Marketplace licensing, CSP/reseller data, customer support access, integrations, AI/Copilot features, maps, telematics, APIs, and Customer Data.

If you are a customer or user of one of our Business Central applications, please also review our product privacy documentation and End User License Agreement.

​

4. Personal Data We Collect

​

We may collect and process the following categories of personal data.

​

4.1 Data you provide directly

​

When you submit a form, request a demo, contact us, or communicate with us, we may collect:

1. first and last name;

2. business email address;

3. phone number;

4. company name;

5. job title or role;

6. country or region;

7. website URL or company domain;

8. message content;

9. product interest;

10. preferred meeting time or demo details;

11. information about your Microsoft Dynamics 365 Business Central environment, if you choose to provide it;

12. partner, reseller, CSP, or implementation-related information;

13. any other information you choose to include in your message.

​

Please do not submit sensitive personal data, confidential business data, passwords, API keys, payment card information, or unnecessary personal data through website forms.

​

4.2 Demo request and sales inquiry data

​

If you request a demo or product information, we may process:

1. contact details;

2. company details;

3. product interest;

4. business requirements;

5. preferred language, country, or region;

6. meeting scheduling details;

7. communication history;

8. sales notes;

9. information needed to prepare, conduct, and follow up on the demo.

4.3 Partner and reseller inquiry data

 

If you contact us about a partner, reseller, CSP, or implementation relationship, we may process:

1. company name;

2. partner contact details;

3. Microsoft partner identifiers, if provided;

4. country or region;

5. partner type;

6. target markets;

7. product interest;

8. business discussion notes;

9. information needed to evaluate and manage the partner relationship.

​

4.4 Website and technical data

​

When you visit our website, we may automatically process:

1. IP address;

2. approximate location based on IP address;

3. browser type and version;

4. device type;

5. operating system;

6. referring website;

7. pages visited;

8. date and time of visit;

9. time spent on pages;

10. links clicked;

11. form interactions;

12. cookie identifiers;

13. analytics events;

14. error logs;

15. security logs.

4.5 Cookie and analytics data

We may use cookies and similar technologies to operate the website, remember preferences, measure usage, improve performance, and, where enabled, support marketing analytics.

Cookie and analytics data may include:

1. cookie identifiers;

2. consent preferences;

3. session identifiers;

4. page views;

5. referral source;

6. website events;

7. device and browser information;

8. approximate location;

9. user interactions with website content.

5. How We Use Personal Data

​

We use personal data for the following purposes:

1. to operate, maintain, and secure our website;

2. to respond to Contact Us requests;

3. to schedule and provide demos;

4. to respond to product, sales, partner, reseller, or support inquiries;

5. to communicate with you about your request;

6. to provide information about our products and services;

7. to manage prospect, customer, and partner relationships;

8. to improve website content, usability, and performance;

9. to analyze website traffic and user behavior;

10. to manage cookies and consent preferences;

11. to send marketing communications where permitted;

12. to prevent spam, fraud, misuse, and security threats;

13. to comply with legal, tax, accounting, and regulatory obligations;

14. to enforce our rights and agreements;

15. to establish, exercise, or defend legal claims.

6. Legal Bases for Processing

​

Where GDPR, UK GDPR, or similar laws apply, we rely on one or more of the following legal bases.

​

1. Performance of a contract or steps before entering into a contract — when you request a demo, ask for product information, discuss purchasing, request support, or contact us about a business relationship.

2. Legitimate interests — to operate and secure our website, respond to business inquiries, manage customer and partner relationships, improve our website, prevent fraud, and communicate with business contacts.

3. Consent — where required for non-essential cookies, analytics, marketing cookies, newsletter subscriptions, or optional marketing communications.

4. Legal obligation — where processing is necessary for tax, accounting, legal, compliance, security, or regulatory requirements.

5. Establishment, exercise, or defense of legal claims — where processing is necessary to protect our rights, resolve disputes, or respond to legal matters.

 

You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect processing that occurred before withdrawal.

 

7. Cookies and Similar Technologies

​

Our website may use cookies and similar technologies.

 

7.1 Types of cookies

 

We may use:

1. Strictly necessary cookies — required for website operation, security, form submission, session management, cookie consent storage, and basic functionality.

2. Preference cookies — used to remember user choices such as language, region, or cookie preferences.

3. Analytics cookies — used to understand website traffic, page performance, user interactions, and website improvement opportunities.

4. Marketing cookies — used, where enabled and permitted, to measure marketing campaigns, understand referral sources, and support relevant business communications.

​

7.2 Non-essential cookies

 

Where required by law, we will request your consent before placing non-essential analytics or marketing cookies on your device.

You can accept, reject, or manage non-essential cookies through the cookie banner or cookie preference tool, where available.

You can also manage cookies through your browser settings.

Disabling cookies may affect website functionality.

 

7.3 Wix cookies

 

Our website is hosted on the Wix platform. Wix may use cookies and similar technologies that are necessary to provide website hosting, security, functionality, performance, and visitor management features.

Some Wix cookies may be strictly necessary for the website to function correctly.

 

7.4 Analytics and third-party tools

 

We may use analytics or similar tools, such as Wix Analytics, Google Analytics, Google Tag Manager, Usercentrics, or other website measurement and consent-management tools, depending on our website configuration.

These tools may process technical data such as IP address, device information, browser information, page views, referral source, events, cookie identifiers, and consent preferences.

If we add or remove analytics, marketing, or consent-management tools, we may update this Policy or the cookie banner accordingly.

 

8. Website Hosting and Wix

 

Our website is hosted on the Wix platform.

Wix may process personal data on our behalf to provide website hosting, storage, forms, security, analytics, content delivery, visitor management, and related website services.

Wix may process data in accordance with its own privacy documentation, data processing agreement, security practices, and infrastructure arrangements.

Wix may also process certain data as an independent controller where it determines the purposes and means of processing under its own policies.

We are not responsible for Wix services outside our control, but we use Wix as a website platform and service provider for the operation of our website.

 

9. Sharing Personal Data

​

We may share personal data with the following categories of recipients.

 

9.1 Website platform and hosting providers

 

We use Wix and related website services to host and operate our website.

 

9.2 Consent, cookie, and analytics providers

 

We may use cookie consent, analytics, measurement, and website performance tools to manage cookies, record consent choices, and understand website usage.

 

9.3 Communication and business tools

 

We may use email, calendar, video meeting, CRM, support, and business communication tools to respond to inquiries, schedule demos, and manage business relationships.

These may include services such as Microsoft 365, Outlook, Teams, CRM tools, support tools, or similar business systems.

 

9.4 Authorized Resellers and partners

 

If your inquiry relates to a partner, reseller, CSP, implementation, regional sales, or customer support scenario, we may share relevant contact or inquiry details with an appropriate Authorized Reseller, implementation partner, CSP partner, or business partner where necessary to respond to your request or support the relationship.

 

9.5 Professional advisers

 

We may share data with lawyers, accountants, auditors, insurers, consultants, and other professional advisers where necessary for legal, accounting, compliance, audit, insurance, or business purposes.

 

9.6 Authorities and legal recipients

 

We may disclose data where required by law, court order, government request, regulatory obligation, or where necessary to protect our rights, safety, security, business, users, customers, partners, or the public.

 

9.7 Corporate transactions

 

If we are involved in a merger, acquisition, restructuring, sale of assets, financing, or similar corporate transaction, personal data may be disclosed to relevant parties as part of that transaction, subject to appropriate safeguards.

 

9.8 No sale of personal data

​

We do not sell website visitor personal data.

We do not use Contact Us or demo request data for third-party advertising.

Where US state privacy laws apply, we do not sell personal data or share personal data for cross-context behavioral advertising as those terms are defined under applicable law, unless expressly disclosed and permitted.

 

10. International Transfers

 

We are located in Cyprus, within the European Union.

Our website providers, hosting providers, analytics tools, communication tools, CRM tools, and other service providers may process data in the European Economic Area, the United Kingdom, the United States, Israel, and other countries where they or their subprocessors operate.

Where personal data is transferred outside the EEA, UK, or Switzerland, we use appropriate safeguards where required, such as:

1. adequacy decisions;

2. Standard Contractual Clauses;

3. UK transfer mechanisms where applicable;

4. data processing agreements;

5. contractual commitments;

6. technical and organizational safeguards;

7. other lawful transfer mechanisms.

 

11. Retention

​

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law, contract, tax, accounting, security, dispute, or compliance obligations.

Indicative retention periods are:

1. Contact Us inquiries — up to 3 years after the last interaction, unless a longer period is needed for legal, business, or support reasons.

2. Demo requests and sales inquiries — up to 3 years after the last interaction, or longer if the inquiry becomes a customer, partner, or commercial relationship.

3. Partner and reseller inquiries — relationship term plus up to 7 years, or up to 3 years if no relationship is formed.

4. Customer and commercial records — relationship term plus up to 7 years for accounting, tax, contract, and legal purposes.

5. Marketing records — until opt-out or inactivity, plus suppression records as needed to honor opt-outs.

6. Cookie consent records — for the period required to demonstrate consent or as configured in the consent-management tool.

7. Website analytics data — according to the retention settings of the analytics tool, typically up to 26 months unless configured differently.

8. Security logs — typically up to 24 months, or longer where needed for security investigation, fraud prevention, legal claims, or compliance.

​

We may retain anonymized, aggregated, or de-identified data for longer periods where it no longer identifies an individual.