Website Privacy Notice

Please read this website privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

1.    General Information

This website is operated by CPT Cyprus Public Transport Services and Operations Limited (hereinafter “CPT”, “we”, “ours”).
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

2.    Our Website

This privacy policy relates to your use of our website, only.
Throughout our website we may link to other websites owned and operated by certain trusted third parties and partners. These other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.

3.    Our collection and use of your personal information

We collect personal information about you when you access our website.
We collect this personal information from you either directly, such as when you contact us or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on the particular activities carried out through our website. This information is limited to cookies only.
We use this personal information to:
• enable the smooth operation of our website in general and provide you with constant, uninterruptible and error-free access to our website;
• monitor how effective and popular our website is, how to improve it, tailoring it to our visitors and their interests and needs.
This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.

4.    Our legal basis for processing your personal information

When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
•    consent: where you have given us clear consent for us to process your personal information for a specific purpose such as when you enable analytics cookies on our website;
•    legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information, which overrides our legitimate interests) such as ensuring website and user security, improving user experience, user interface design (strictly necessary cookies), and overall performance of the website.
We collect and use this personal data to provide our services to you. If you do not provide personal data we ask for, it may prevent us from providing our services to you.

5.    Cookies and other tracking technologies

A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us, amongst others to recognize you and your device and store some information about your preferences or past actions.
For further information on cookies, our use of ‘cookies’ and/or to relevant similar technologies, when we will request your consent before placing them and how to disable them, please see our Cookies Policy.

6.    Data Recipients

Within our Company, your personal data is accessible only to need those who to and only for the purposes mentioned above.
We may disclose Your information to our affiliates, in which case We will require these affiliates to comply with this Privacy Notice. Outside our Company, recipients of your personal data may be any subcontractors or third parties who cooperate and/ or provide services to our Company in the context of its business, such as companies that provide email services, web hosting services, information technology services, legal representatives, etc.
We choose our associates very carefully, after the necessary checks have been carried out and sufficient guarantees have been provided to implement appropriate technical and organizational measures in such manner that processing will meet the requirements of the GDPR and the relevant laws and ensure the protection of your rights.  
We may also need to:
●    share personal data with external auditors, e.g. in relation to the audit of our accounts;
●    disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
●    share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

7.    Retention Period

Personal data provided to us via our Site will only be stored until the purpose for which they were processed has been fulfilled or – in the case of consent – until you withdraw your consent.

8.    Transfers of data outside the EU / EEA

If your data will be transferred to entities or other third parties whose headquarters or place of data processing is not located in a member state of the European Union or the European Economic Area, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g., through an adequacy decision of the European Commission, through suitable guarantees, or the agreement of EU standard contractual clauses between us and the recipient), or your sufficient consent exists.

9.    Security

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. These measures include, but are not limited to, access control, internal audit etc. Furthermore, we limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

10.    Your Rights

As a data subject, you may contact us at any time to make use of your rights. These rights are the following:
●    The right to receive information about the data processing and a copy of the processed data.
●    The right to demand the rectification of inaccurate data or the completion of incomplete data.
●    The right to demand the erasure of personal data.
●    The right to demand the restriction of the data processing.
●    The right to receive the personal data concerning the data subject in a structured, commonly used and machine-readable format and to request the transmittance of these data to another controller in certain situations;
●    The right to object to the data processing;
●    The right to withdraw a given consent at any time to stop a data processing that is based on your consent;
●    The right to complain to a competent supervisory authority.
For further information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below)
If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint with the Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd Floor, 1082 Nicosia, tel. +357 22 818456, email address

11.    How to contact us

You can contact us by post or email if you have any questions about this privacy policy or the information, we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are shown below:
CPT Cyprus Public Transport Services and Operations Limited
Postal address: 81-83 Griva Digeni, 6th Floor, 1090 Nicosia, Cyprus.
Email address:

12.    Changes to this privacy Notice

This privacy notice was published in July 2020 and last updated on 7th June 2021.
We may change this privacy notice from time to time and when we do, we will inform you via our Site or other means of contact.