Our Privacy Policy

Our Privacy Policy

 Welcome to our privacy policy!  Our privacy policy outlines the type of personal information we collect and how we keep it safe.  It also tells you about how the law protects you and lists your privacy rights.  You can contact us at any time for further information or any clarification you may need.

How to contact us

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this policy, please contact our DPO at:

[PLACEHOLDER] 

Your rights regarding your information we keep

You can make changes to your account information yourself by editing them from within your account settings. If you wish to unsubscribe from e.g. newsletters or information emails you will be able to do so via the link provided in those emails. If you wish to delete cookies placed, our cookie policy will help show you how to do that (more on that later in the Policy under Cookies).

At any point while we are in possession of or processing your personal data, you have the following rights:

  1. Right of access – you have the right to know what information we have about you and request a copy.

  2. Right of rectification – If data we hold about you is not correct or is incomplete, you have the right to ask us to correct it.

  3. Right to be forgotten – You can ask us to delete any information we have about you from our records and we have do to so, provided that we are not legally obliged to keep it, e.g. for accounting or tax reporting purposes. In this case we will keep it for that period of time we are obliged by law to keep and then erase it from our records.

  4. Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

  5. Right of portability – you have the right to ask us to provide the data to you or to another organization in a manner that is portable.

  6. Right to object – you have the right to object to the way your data is processed for example you may object to us directly contacting you for marketing purposes.

  7. Right to object to automated processing, including profiling – you also have the right not to have a computer make decisions about you directly.

  8. Right to judicial review – if we refuse any of your requests we will explain why, if you deem our explanation unsatisfactory, you have the right to complain. 

One thing to bear in mind before contacting us. Our site and applications may contain links to other sites not owned or controlled by us. It could, as an example, be social media platforms/services or links to articles written by third parties which we may be citing. We are not responsible for the privacy practices of those sites, so if you have questions regarding such sites, you need to contact the site directly. We also really encourage you to be aware and read the privacy policies of other sites because they may very easily be collecting, storing, using and sharing your personal information.

Complaints about our behavior 

You have the right to complain feel that we have not lived up to our responsibilities when it comes to your data.

You can complain about:

  1. how your personal data has been processed;

  2. how your request for access to data has been handled;

  3. how your complaint has been handled;

  4. any decision we made following your complaint and launch an appeal.

Where you may complain

As mentioned above, if we refuse any of your requests we will explain why, if you deem our explanation unsatisfactory, you have the right to complain. The GDPR Regulator in Cyprus can be reached at:

Irene Loizidou Nicolaidou

Commissioner for Personal Data Protection

Office address:
Iasonos 1, 1082 Nicosia, Cyprus

Postal address
P.O.Box 23378, 1682 Nicosia, Cyprus

Tel: +357 22818456
Fax: +357 22304565

Email: commissionerdataprotection.gov.cy

For more info on how and when to lodge a complaint see:

http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_en/page1i_en?opendocument (as accessed 2/04/2019)

Our rules for collecting data

We take your privacy really seriously, so we’ll only ask for the information we need to have so we can provide you with the appropriate service.  Whenever we collect customer data, we make sure:

  • We ask for permission to collect the data

  • We only use the data for the agreed reason and for the time it’s needed

  • We will meet the Cyprus data protection laws

  • We keep data that we’re legally required to have on record

  • We explain why we need the data and how we’ll use it (unless we have legitimate reason not to)

  • We don’t share data with anyone unless we have a legal or legitimate reason, or we have permission from you or if you are a child under 16 from your parents.

Cookies our way of collecting data on our website

We collect data when you visit our website via Cookies.  What are cookies?

Cookies are small data files that we create when you visit our website.  We store these files on your computer and we access them every time you visit our websites.  They contain information regarding your visit and activity.  For instance we keep information regarding your bookings as you explore our website, without cookies every time you left the page to visit a new link your previous choices would be lost.

While you are browsing our website some cookies may have been set by third parties which we have chosen to use as suppliers.  We control their use of your data through contracts and they are only allowed to use your data strictly for the purpose we have stated.

Want to get rid of cookies?

You can manage your cookies if you so wish.  They are kept on your web browser.  Popular web browsers include Internet Explorer, Firefox, Chrome and Safari.  Each web browser stores cookies in a slightly different file but they usually store them under Tools, Options, Privacy.  You can choose your settings and how often you want cookies to be deleted.  Do note that banning all cookies will make some websites difficult or impossible to navigate.

Why we need to and how we process personal data 

In legal terms, the way we ‘process data’ describes how we collect, store, use, share and delete the data we receive from customers. When you share your personal information with us we’ll process your data as described in this Privacy Policy.  We use your personal data: 

  • To respond to questions you may have asked us;

  • To send you information we may think is of interest to you provided you gave us permission to do so (you may unsubscribe any time);

·      To work on a matter you have assigned to us;

  • Get in touch with you about your account or transactions;

  • Identify, review and stop any activities that could breach our policies or break the law;

  • When we need to enforce the terms of use or the policies that we ask customers to agree to;

  • When we need to protect the safety, security, rights and property of our customers or third-party partners;

  • When we need to meet legal processes or if disclosure of the data is required by law;

  • When we’re asking other companies like e.g. couriers, shipping and warehouse service provides, payment providers, IT platform providers, cloud storage service facilities, fraud detection and prevention providers, and customer service suppliers to deliver services on our behalf; We have contracts with the companies to make sure they only use your personal information for agreed services and meet legal requirements;

  • When you’ve given us permission to share your information with third parties; 

We share your personal data with the following

  • IT Service providers we use a series of trusted partners to provide us with IT services and system administration services - in regards to both our customer and partner facing activities as well as our internal IT and administration systems.

  • In order for us to send you our mailings we use Mailchimp which is an independent company that needs access to your personal information in order to send you the information.  By subscribing to our mailings you accept for your personal information to be shared with Mailchimp for the sole purpose of sending the mailings to you.  You can review their Cookies and Privacy policies. By subscribing to receive mailings from us you declare that you have read and accept these policies.

  • Global payment provider and processing partnersto secure a safe and efficient payment process both online, in our stores or through invoicing or money transfers.

  • Cloud storage partnerswe store our and your data at secure data centers around the world. 

  • Tax and customs authorities, regulators and other authoritieswho require reporting of processing activities in certain circumstances. 

  • Professional advisersincluding lawyers, bankers, auditors and insurers globally, who provide consultancy, banking, legal, insurance and accounting services to us. 

How long do we keep your personal information

We’ll keep your personal information as long as your account is active or as long as it is needed to provide a service. We have retention polices for each of the categories of personal information that we process.

If you’d like for us to delete your data, we’ll only keep information that we need for legal reasons, to resolve disputes or to enforce our agreements.

Our employees

Whether you’re an existing employee or applying for a job with us, we’ll process specific information relevant for your employment and application. The principles in this Privacy Policy will also apply to your employment and application.

Data security and integrity

The security, integrity and confidentiality of customer information is extremely important to us. We use technical, administrative and physical security measures to protect personal information from unauthorized access, disclosure, use and modification. All external transfers that contain personal information are done using encrypted technology. Credit card information is handled by approved service providers that meet PCI (Payment Card Industry) standards and have appropriate safeguards in place.

Although we regularly review our security procedures and evaluate new technology and methods to make our online channels safer, no security measures are perfect or impenetrable.

Our customers, employees and partners also play an important role in protecting information. We encourage customers to choose passwords that are difficult for others to guess and to keep their personal passwords secret.

Should you notice any flaws or concerns in our security, please contact us as soon as possible.

If we ever experience a data breach in which customer information is at risk of being misused, we’ll contact customers according to legal requirements. If necessary, we’ll also contact data protection authorities.

Changes to this Privacy Policy

We may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide prior notice to users by email and post the information on our online channels if these changes are material and request your consent if legally required.

As appropriate if an account exists otherwise go to ‘unsubscribe’ option or 3 contact us.