Wi-Fi Use Privacy Notice

The company, CPT Cyprus Public Transport Services and Operations Limited (the “Company”, “CPT” “We”, “Us”), collects and processes personal data for the purpose of providing wireless high-speed Internet access to the passengers (“you”, “your”) of the buses of CPT, through wireless networking technology that uses radio waves to provide wireless high-speed internet connectivity (the “Wi-Fi Network”), pursuant to the Wi-Fi Terms and Conditions of Use.

This Privacy Notice includes all the information the Company, as controller under the law and the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”), has an obligation to provide you with, as data subject of the data it collects and processes.

1. What Information we Collect
When attempting to access and use the Wi-Fi Network you will be directed to a captive portal which prompts you to sign in for the Wi-Fi Network via any Social Media Platform on which you are connected with, (the “CPT Portal”) or, if you are not connected to any Social Media, to sign in by filling-in your required details, before granting you access to use the Wi-Fi System, provided by the Provider. You will be requested to sign in, as described above, on every occasion thereafter, before granting you access to use the Wi-Fi Network.

The personal information We collect from you, via your Social Media through which you will choose to connect with (all the data that We will collect will be the same from any Social Media you choose to use), are the following:
     1) Age;
     2) Sex (male, female, other etc.);
     3) Occupation/Status (employed, student, retired etc.);
     4) E-mail address.
(the “Personal Information”)

2. Purpose of the Collection
We collect your personal information so that we can provide you with the Wi-Fi Network services and generally for pursuing our legitimate interests.

In particular, your personal information will be collected and may be used for:
     i) verifying you identity;
     ii) transmitting and receiving necessary correspondence to you in relation to the Wi-Fi Network;
     iii) facilitating the rendering of the Wi-Fi Network provided to you by our Company;
     iv) generally rendering and improving the Wi-Fi Network provided to you by our Company;
     v) to monitor and analyse your conduct in respect of the Wi Fi Network;
     vi) for compliance and risk purposes;
     vii) to analyze the personal information collected for research and statistical purposes;
     viii) to conduct research/demographical analysis in respect of your personal information to analyse the passengers behaviour/habits/statistics and to improve the nature of the Wi-Fi Network services being provided to you by our Company and at the same time to improve the transport services offered by our Company;
     ix) to measure the number of visits, average time spend on the CPT Portal and the usage of the WIFI service.

The Company uses this information to determine use of the Wi-Fi Network, and to improve content thereon, as well as the services associated therewith.

We do not collect and we do not use any personal data other than that specifically mentioned above without your explicit consent, unless you ask us to do so.

You do not have an obligation to provide us with your personal data, but if you don’t we will not be able to provide you with the Wi-Fi Network service.

Our Company does not use automated decision-making processes or profiling while processing your personal data.

3. How we Keep your Data
We process your personal information at our head offices, in Nicosia, and then we are using third party cloud services where the information is safely kept and stored.
For the storage and security of your personal data the Company takes all the necessary technical and organizational measures to ensure that the processing is carried out in accordance with the law and the GDPR (access control, firewalls, antivirus, cryptography, etc.).

4. Access to your Data
Within our Company, your personal data is only accessible by the strictly necessary personnel, who is burdened with a duty of confidentiality and only for the purposes mentioned in paragraph 2 above.
Outside our Company, recipients of your personal data may be third parties who provide services to our Company in the context of our business, such as companies who provide technical services information technology services, provision and maintenance of software. We choose our associates very carefully, after the necessary checks have been carried out and sufficient guarantees have been provided to implement appropriate technical and organizational measures in such manner that processing will meet the requirements of the GDPR and the relevant laws and ensure the protection of your rights.

5. Retention Period
In accordance with our Company’s policy, your data is kept only for as long as necessary to fulfil the purposes stated in paragraph 2 above, or – in the case of consent – until you withdraw your consent. In addition, we retain your personal data for as long as necessary to exercise our legal rights and generally to pursue our legitimate interests.
After this period, your personal data will be irreparably destroyed.

6. Transfer to Third Countries
In case your data will be transferred to entities or other third parties whose headquarters or place of data processing is not located in a member state of the European Union or the European Economic Area, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g. through an adequacy decision of the
European Commission or the agreement of EU standard contractual clauses between us and the recipient), or your sufficient consent exists.
We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain these, please contact us at dpo@publictransport.com.cy.

7. Your Rights
Should you believe that any personal information we hold for you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted by contacting us at the email address dpo@publictransport.com.cy.
In the event that you wish to complain about how we have handled your personal data, you may contact us at the above email address. We will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint with the Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd Floor, 1082 Nicosia, tel. +357 22 818456, email address commissioner@dataprotection.gov.cy.