Privacy policy

Privacy Policy

INTRODUCTION

Our company respects your privacy and is committed to protecting your personal data. The information you give us is processed in accordance with our privacy policy which is compliant with the EU General Data Protection Regulation (Regulation (EU) 2016/679) known as GDPR, other EU legislation and pertinent laws of the Republic of Cyprus.

1. PURPOSE OF THIS PRIVACY NOTICE AND WHO WE ARE

This Privacy Policy aims to give you information on how we collect and processes your personal data through the website or the call centre for the purpose of issuing your air ticket, offering ancillaries, to sign up to our newsletter, to participate in our online competitions or to apply for a job posting.

CONTROLLER

We, Charlie Airlines Limited, operating as Cyprus Airways are the Controller and responsible for your personal data.

We have appointed a data protection officer (DPO) who is responsible for overseeing our compliance with data protection applicable legislation.

You may contact our DPO using the details set out below.

CONTACT DETAILS

Cyprus Airways
Data Protection Officer
Email address: dpo@cyprusairways.com
Postal address: 28, Eleftherias Street, Aradippou, 7101, Cyprus
Telephone number: 24020980

 

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

Our Privacy Policy is regularly reviewed in line with our activities and the services we offer to our passengers.  It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

THIRD-PARTY LINKS

Our website may include links to third-party websites and applications. Our main partners are: Rentalcars.comBooking.comparkcloud.comatlantic.com.cy Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

 

2. THE DATA WE COLLECT ABOUT YOU

Personal data is any information that relates to an identified or identifiable living individual.

The information we collect varies depending on whether you would like to purchase an air ticket, subscribe to our newsletter, participate in any online competition we organize or simply browse our website having accepted our cookies policy.

We do not collect or process any sensitive personal data about you.  In the case of passengers requiring personalized assistance prior to or during a flight, the information is limited to what is needed to provide assistance during air transport and at the airports of departure and destination.

The information we collect, use, store and transfer includes:

Identity Data: name, date of birth, I.D. number,

Contact Data: telephone number, email address

Transaction Data: payments made from/to you for the purchase of air tickets and ancillaries.

Marketing Data: your preferences in receiving marketing material if you opt-in.

Professional qualifications: information you include in your CV when applying for a vacancy.

 

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

  • Direct interactions. You give us data concerning your identity, contact details and payment method when you purchase an air ticket and ancillaries. Tickets and ancillaries can be bought online through our website, or by contacting the Call Centre.
    • You give us your email address when you subscribe to our newsletter.
    • You give us your preferences when you opt-in to receive customized marketing material to have a better website experience.
    • You give us personal data regarding your professional qualifications when you submit an online application for a vacancy to the Human Resources department.
    • You give us your email, your name, and surname when you enter a competition, or promotion
  • Through the use of cookies. we might collect data about your preferences if you accept the use of cookies. Please see our cookie policy for further details.

You have the right to withdraw consent to receiving marketing material and to unsubscribe from our newsletter at any time. This option is available at every communication we have with you.

 

4. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA

We will use your personal data in the following circumstances:

  • To carry out our obligations under the air carriage contract we enter into with you and to offer you any ancillaries you have purchased including travel insurance products. 
  • To process payment of your ticket and ancillaries.
  • To inform you of any flight delays or cancellations.
  • To send you our newsletter if you are a subscriber.
  • To send you marketing material if you have indicated your wish to receive it.
  • To assess your suitability as a potential job candidate.
  • Where we need to comply with a legal or regulatory obligation.
  • To comply with the requirements of border control authorities to receive certain passenger information and to respond to the requests of the Passenger Information Units set up in the EU Member States.

 5. DISCLOSURE AND INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

We may forward your booking data to our associate companies involved in the provision of products and services to our passengers. Such disclosure aims at facilitating the completion of the air carriage contract with you as our passenger or to offer you any additional services such as car rentals, accommodation booking, or travel insurance products.

  • All our associates are bound by the contractual obligation to comply with the standards set by the GDPR and other EU and Cyprus legislation on data protection and e-privacy.
  • We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
  • Some of our associates are located outside the European Economic Area. Their processing of your personal data will involve a transfer of data outside the EEA, mainly to the USA, and the Russian Federation. All such transfers are carried out in compliance with the standards set by the GDPR and in accordance with the instructions we receive from the Commissioner for Personal Data Protection in Cyprus.
  • Certain transfers are made to our associates located in countries that are covered by an adequacy decision issued by the European Commission.
  • For other providers located outside the EEA, we use specific contracts approved by the European Commission which ensure that the same level of protection applies as for transfers within the EU.
  • For the purpose of processing payment of your ticket and ancillaries, we use the payment services of a credit institution operating out of the EEA. The bank holds a certification awarded by the PCI Security Standards Council for meeting the PCI Data Security Standard (PCI DSS) version 3.2. The technical details of the Standard can be found here.
  • In order to facilitate your travel arrangements and your access to the country of destination or transit, we may share your data with the border control authorities of the country of your destination including any stopover in your itinerary. In accordance with international standards and laws applicable to aviation, Cyprus Airways has the obligation to comply with the requirements of border control authorities and to respond to the requests of the Passenger Information Units which are being set up as a result of the transposition of EU Directive 2016/681.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

 

6. INTERLINE AGREEMENTS

Your personal data collected for the purpose of issuance of your air ticket and performance of the air carriage contract may be transferred to our partner airlines if the ticket is issued under an interline agreement.

Interlining allows us to offer you services on additional air routes covered by our partners. The Operating Carrier will process your data for the purpose of transferring you to your destination following the standards set out in GDPR. Our interline partners at the moment are:

Siberian Airlines or “S7”: www.s7.ru

Qatar Airways: www.qatarairways.com

Blue Air: www.blueairweb.com

Bulgaria Air: https://www.air.bg/bg

7. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who are involved in our performance of the air carriage contract or in the provision of other services to you. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

8. DATA RETENTION

We will retain your personal data for as long as necessary to fulfill the purposes for which we collected it. In the event of a complaint or if there is a possibility of a dispute procedure, we will retain your data for a longer period.  

Telephone conversations with our call center are retained for 30 days.

Where the data is collected to comply with a legal obligation, the retention period is determined by the applicable regulatory instrument.

9. YOUR LEGAL RIGHTS

RIGHT OF ACCESS

Under certain circumstances, you have the right to request a copy of any personal data that you have provided us and you may make corrections to such data.

If you wish to exercise your right of access please contact us.

RIGHT TO OBJECT TO PROCESSING

You have the right to object to processing in regard to certain purposes. However certain information may have to be processed due to compelling legal obligations and rules on safety which govern the aviation industry.

RIGHT TO RAISE YOUR CONCERNS

Should you have any questions or concerns about this policy or your legal rights under the data protection laws, please contact our DPO at

dpo@cyprusairways.com

We are ready to address your concerns and we will gladly provide any explanations on issues such as, the use of your personal data, access to your data, granting or withdrawal of consent you have previously given us to receive any of our services.

We work hard to protect your rights and will make every effort to resolve efficiently any problems that you are facing.

If you are not satisfied with our response you may complain to the supervisory authority for personal data protection in Cyprus:Office of the Commissioner for Personal Data Protection – Cyprus: Iasonos 1, 1082 Nicosia, Cyprus

10. INFORMATION SUBMITTED TO THE HUMAN RESOURCES DEPARTMENT

Our Human Resources Department processes data of employees and of potential candidates for job openings.

If you have submitted an application online for a vacancy announced on our website or if you have filled out a general application, your data will be used only for the purpose of recruitment.

General applications are retained for a limited period following profile activation. If you wish to be considered for future vacancies and you are not sure that your application is still in the Human Resources database or if you have any other requests you may contact the Human Resources department at hr@cyprusairways.com

Access to your personal information is limited to the Human Resources department of the Company and those authorized officers, employees, and agents of our company who are responsible for the processing and assessment of your application.

 

We use cookies and user ID for personalization and improving website usability. Read more.