PRIVACY POLICY AND POLICY OF PERSONAL DATA


CPT CYPRUS PUBLIC TRANSPORT SERVICES AND OPERATIONS LIMITED (“We” or “Us” or “Our” or “CPT” or the “Company”) respects the privacy of our PAME mobility application users (“User” or “You”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our PAME mobile application (the “Application”). Please read this Privacy Policy carefully. if you do not agree with the terms of this privacy policy, please do not access the application.

 

This Privacy Notice includes all the information that we, as controller under the law and the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”), has an obligation to provide you with, as data subject of the data it collects and processes.

 

This Privacy Policy does not apply to the third-party online/mobile store from which you install the Application or make payments, which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.

 

1.   Information Collection and Use

We may collect information about you in a variety of ways. The information we may collect via the Application depends on the content and materials you use, and includes:

 

A.   Personal Information You Give to Us

 

Registration Information: When you sign up for a PAME account, you give us your name, email, gender, date of birth and phone number.

 

Financial Data: Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Application. We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, JCC PAYMENT SYSTEMS LTD, and you are encouraged to review their privacy policy and contact them directly for responses to your questions.

 

 

B.    Personal Information We Collect When You Use the PAME application

 

Location Information: PAME is all about improving your mobility. To do this, we need to know where you are. When you open the Application on your mobile device, we receive your location. We may also collect the precise location of your device when the app is running in the foreground or background. If you record certain frequent locations, such as “home” and “work,” we receive that information, too.

 

Your location information is necessary for providing the best transportation options, determining drop off and pick up locations, and suggesting best route options based on previous journeys. Also, if the need ever arises, our team may use and share location information to help protect the safety of PAME Users or a member of the public. If you give us permission through your device settings or PAME app, we may collect your location while the app is off for service updates in your area.

 

Device Information: PAME receives information from Users’ devices, including IP address, mobile operating system version, phone carrier and manufacturer and push notification tokens.

 

Usage Information: To help us understand how you use the PAME application and to help us improve it, we automatically receive information about your interactions with the Application, like the pages or other content you view, your actions within the PAME app, and the dates and times of your visits.

 

C.    Children Under 16

If you are aged 16 or under, please get your parent/guardian's permission before you provide any personal information to Us.

We will need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

2.   Purpose of the Collection

We collect your personal data so that we can provide you with our services and generally for the following purposes:

a)    You have consented to the use of your personal data for one or more specific purposes as explained herein;  

b)    Performance of our contractual obligations;

c)    Compliance with legal obligations to which we are subject;

d)    Protection of your vital interests;

e)    Pursuing a legitimate interest;

We do not collect and we do not use any personal data other than that specifically mentioned above without your explicit consent unless you ask us to do so.

 

We don’t use automated decision-making processes or profiling while processing your data.


3.   Use Of Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to: 

·         Create and manage your account;

·         To verify your identity whenever you use your MOTION Card;

·         To send you service messages;

·         To send you information by email, about our products and services;

·         Fraud prevention and detection;

·         Take payment, control your available credit, and give refunds;

·         To verify and record your usage of our public transport services as efficiently as possible, to deduct the applicable charges from your Motion Card credit and to cap the fees charged from your card in line with our T&Cs;

·         We will also use Usage Data including when you use the bus, from which bus stop you boarded the bus, and how much you paid on your trip to analyse your usage pattern. This will allow us to develop products and services which are beneficial to you, depending on your usage patterns.

·         Provide customer service and support;

·         Administer sweepstakes, promotions, and contests.

·         Request feedback and contact you about your use of the Application.

 

4.   Disclosure Of Your Information

Within CPT, your personal data is accessible only to those who need to, with a duty of confidentiality and only for the purposes mentioned in paragraph 2 above.

Outside our Company, recipients of your personal data may be any subcontractors or third parties who cooperate and/ or provide services to our Company in the context of its business, such as third-party service providers that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance, information technology services, provision and maintenance of software, insurance organizations, banks or other credit institutions, etc.

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us. We may share your information with our business partners to offer you certain products, services or promotions.

We choose our associates very carefully, after the necessary checks have been carried out and sufficient guarantees have been provided to implement appropriate technical and organizational measures in such manner that processing will meet the requirements of the GDPR and the relevant laws and ensure the protection of your rights. 

The external recipients of your personal data may also any other persons, entities or relevant authorities to whom your data may need to be disclosed for the purposes stated in paragraph 2 and especially for compliance with our legal and regulatory obligations.

5.   Third-Party Websites

The Application may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Application, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Application.

6.   Security Of Your Information

We process your personal data at our offices in Ireland, where they are also hosted and stored. We use administrative, technical, and physical security measures to help protect your personal information (such as physical and digital access controls, firewalls, antivirus, regular back-up, implementation of disaster recovery plans, encryption etc.).

7.   Retention Period

In accordance with Company policy, your data is kept only for as long as necessary to fulfil the purposes stated in paragraph 2 above, or – in the case of consent – until you withdraw your consent. In addition, we retain your personal data for as long as necessary to comply with tax laws, to exercise our legal rights and generally to pursue our legitimate interests. 

After this period, your personal data will be irreparably destroyed. Any data kept by us for marketing and information purposes will be retained until you inform us that you no longer wish to receive such information.

8.   Transfer to Third Countries

If your data will be transferred to entities or other third parties whose headquarters or place of data processing is not located in a member state of the European Union or the European Economic Area, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g., through an adequacy decision of the European Commission, through suitable guarantees such as a self-certification by the recipient for the EU-US Privacy Shield, or the agreement of EU standard contractual clauses between us and the recipient), or your sufficient consent exists.

9.   Changes to this privacy notice

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Application after the date such revised Privacy Policy is posted.

10.   Your Rights Options Regarding Your Information

a.    Account Information

You may at any time review or change the information in your account or terminate your account by: 

·      Logging into your account settings and updating your account; or

·      Contacting us using the contact information provided below info@publictransport.com.cy.

 

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

b.    Emails and Communications

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by: 

·      Unsubscribe from the service in your inbox; or;

·      Contacting us using the contact information provided below info@publictransport.com.cy;

If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

 

Should you believe that any personal information we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted by contacting us at the email address info@publictransport.com.cy

In the event that you wish to complain about how we have handled your personal data, you may contact us at the above email address and telephone number. We will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint with the Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd Floor, 1082 Nicosia, tel. +357 22 818456, email address commissioner@dataprotection.gov.cy.