In legal terms, we are the data controller, as we determine the means and/or purposes of the processing of the personal data held by us. We might be the data processors in the case that we are performing a process on behalf of another legal entity that is defining the means and/or purpose of the processing.
The General Data Protection Regulation (GDPR) governs how we take care of the information we hold about you. The first principle of the Regulation is that your personal information must be processed fairly and transparently. We have an obligation to let you know how we will securely maintain the information about you and what we will use it for.
• Individuals who visit our website and/or shop online through the Online Shop
• Individuals who travel and shop at the Airports of Larnaca or Paphos
• Individuals who participate in a competition or promotion
• Individuals who participate in any events at the Larnaca or Paphos Airports
• Individuals who contact us through the “Contact Us” website functionality, email or phone
• Individuals who create a user account on our website.
What personal data do we collect about you?
• basic details about you, such as name, address, date of birth, ID/ Passport number, email, home address, telephone number,
• flight details and travel information
• information collected on creation of user account on website
• payment details
• records and copies of our correspondence if you contact us
• Security footage at our stores and premises through CCTV system
• any other information collected through competitions or other promotional activities either through social media or at our stores
Why do we need your personal data?
• We collect basic information about you such as name, address, date of birth, ID/Passport number, email address, telephone number, flight details and travel information such as (date and time of flight, flight number, destination country) and the records and copies of our correspondence to contact you and deliver the services you have engaged us with such as the fulfilment of an Online order placed through the online shop, or the shop & collect service offered at the airports of Larnaca and Paphos
• We collect payment details to execute your payments
• We keep information as per the cookies policy section below to remember information such as language preference or login information and for advertising and marketing efforts (*only if have given us your consent to do so)
• We use CCTV system at our stores and premises and collect surveillance footage to protect our legitimate interests
• We also collect information to contact you with promotional material (*only if you have given us your consent to do so)
We collect and use your information under the following lawful bases:
• where we have your consent (by the data subject or legal guardian),
• where it is necessary for the execution of a contract between us
• where it is necessary for compliance with a legal obligation,
• where processing is necessary to protect your or another person’s vital interests
• where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
• where it is justified by our legitimate interests, of your legitimate interests or the legitimate interests of another person,
Who will we share your information with
If it is necessary to share your information with other parties, it will be subject to strict controls and data processing agreements describing to what extent and how it may be used. We may share your information with:
• Public Authorities
• Department of Civil Aviation
• Other Service providers and/or collaborators
Security of personal data
We take appropriate operational and technology security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access, disclosure, loss, corruption and/or destruction.
How long do we retain your data?
• For delivery of services: We maintain your data for 3 months and then delete it
• For online user accounts: We maintain your data until the deletion of your account
• When you contact us: We will keep the information for as long as it is required for us to resolve the issue you have contacted us for, either this is feedback, complain or the request for a refund or return of an item you have purchased through us.
• For payments: We are responsible for the retention of data regarding financial transactions for 7 years under the Cyprus Taxation Laws and then delete it (*we may have to maintain the data for another 7 years if a legal processing is in place or we are asked by the Cyprus Tax Department)
• CCTV: We keep CCTV footage for 21 days and then delete it (*we may maintain the data for a longer period if there if legal processing or legal proceedings are taking place for as long as it is required by the processing and/or proceedings)
• Selfie Station Service: We will host any pictures you take through the Selfie Station for 24 hours. Pictures will be deleted 24 hours after the time you initially took the picture.
• For competitions and promotional activities: We only maintain your data for promotional purposes when you have granted your consent. We will delete your data when you choose to withdraw your consent.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 Law 125(I)/2018, you are granted several rights regarding your personal data. You have the right to request from us access to and rectification of your personal data. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
1. Right to be informed
2. Right to access
3. Right to correction
4. Right to erasure
5. Right to restriction of processing
6. Right to data portability
7. Right to object to processing
8. Right not to be subject to automated decision making
For further information on how we process your personal data or how to exercise your rights you can contact our Data Protection Officer. If you would like to exercise one of the rights please complete and send to our Data Protection Officer the “Data Subject Request Form” that can be found here
The contact information of our Data Protection Officer is as below:
Email: [email protected]
Phone Number: +357 24 841568
For further information on the GDPR, your rights or to lodge a complaint, you can contact the office of the Commissioner for the Protection of Private Data at the following address:
Office of the Commissioner for the Protection of Private Data
1 Iasonos st.
Telephone number: +357 22818456
Fax number: +357 22304565
What is a Cookie?
A cookie is a small piece of data (text file) that a website asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies. We also use third party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts.
Cookies do a lot of different jobs, such as letting you navigate between pages efficiently, remembering your preferences and generally improving the user experience. They can also help to ensure that the advertisements you see online are more relevant to you and your interests.
• Assisting you in navigation.
• Assisting in registration to our events, login, and your ability to provide feedback.
• Analyzing your use of our products, services, or applications.
• Assisting with our promotional and marketing efforts. (Including behavioral advertising)
You can opt-out of each cookie category (except mandatory cookies) by clicking on the “cookie settings” button.
Our website will set several types of cookies, which are listed below: