Wi-Fi Use Privacy Notice



Wi-Fi Use Privacy Notice

This Privacy Notice explains how CPT Cyprus Public Transport Services and Operations Limited collects and processes anonymous personal information when passengers use the free Wi-Fi network.

The company, CPT Cyprus Public Transport Services and Operations Limited, with registration number HE 404634, hereinafter referred to as the “Company”, “CPT”, “we” or “us”, collects and processes personal data on an anonymous basis while providing free wireless high-speed Internet access to passengers of CPT buses.

The Wi-Fi service is provided through wireless networking technology that uses radio waves to provide high-speed wireless internet connectivity, hereinafter referred to as the “Wi-Fi Network”.

This Privacy Notice includes the information that the Company, as controller under applicable law and the General Data Protection Regulation, Regulation (EU) 2016/679, hereinafter referred to as the “GDPR”, is required to provide to you as the data subject of the data it collects and processes.

1. What Information We Collect

When attempting to access and use the Wi-Fi Network, you will be directed to a captive portal. This portal prompts you to accept our Terms and Conditions of Wi-Fi Use, provide certain anonymous personal information, and participate in an anonymous one-question survey.

You may be asked to provide your sex, for example male, female or other, and to rate from 1 to 5 the question presented on your screen through the CPT Portal. You will be requested to sign in in this way each time before being granted access to use the Wi-Fi Network.

Anonymous Personal Information Collected

The information collected cannot identify you, as it is provided on an anonymous basis. It includes:

  • Age
  • Sex, such as male, female, other, etc.
  • Occupation or status, such as employed, student, retired, etc.

2. Purpose of the Collection

We collect the above anonymous personal information for statistical and demographic purposes only. This assists us in evaluating passenger needs and improving our services, so that we can provide the best possible experience.

We do not collect or use any personal data other than that specifically mentioned above without your explicit consent, unless you ask us to do so.

Our Company does not use automated decision-making processes or profiling while processing your personal data.

3. Our Legal Basis for Processing Your Personal Information

When we use your personal information, we are required to have a legal basis for doing so. There are various legal bases on which we may rely, depending on what personal information we process and why.

Legal Basis

Our legal basis is Article 6(1)(f) — legitimate interests. In particular, we pursue our legitimate interest to understand the demographics of our customers in order to improve our services for their benefit. While doing so, we take all appropriate measures to ensure that the interests and fundamental rights and freedoms of our customers are not hindered.

4. How We Keep Your Data

We process your personal information at our head offices in Nicosia and use third-party cloud services where the information is safely kept and stored.

For the storage and security of your personal data, the Company takes all necessary technical and organizational measures to ensure that processing is carried out in accordance with applicable law and the GDPR. These measures may include access control, firewalls, antivirus protection, cryptography, and anonymous data processing.

5. Access to Your Data

Within our Company, your personal data is accessible only by strictly necessary personnel, who are bound by a duty of confidentiality and only for the purposes mentioned in section 2 above.

Outside our Company, recipients of your personal data may include third parties who provide services to our Company in the context of our business, such as technical services, information technology services, and software provision and maintenance.

We choose our associates carefully, after carrying out the necessary checks and receiving sufficient guarantees that they implement appropriate technical and organizational measures. This ensures that processing meets the requirements of the GDPR and relevant laws, and protects your rights.

6. Retention Period

In accordance with our Company’s policy, your data is kept only for as long as necessary to fulfil the purposes stated in section 2 above.

After this period, your personal data will be irreparably destroyed.

7. Transfer to Third Countries

We do not transfer personal data outside the EU/EEA.

In case your data is transferred to entities or other third parties whose headquarters or place of data processing is not located in a member state of the European Union or the European Economic Area, we ensure, before forwarding the data, that an appropriate level of data protection exists, outside legally permitted exceptional cases.

This may be ensured, for example, through an adequacy decision of the European Commission, the agreement of EU standard contractual clauses between us and the recipient, or your sufficient consent.

We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain these, please contact us at: dpo@publictransport.com.cy .

8. Your Rights

As a data subject, you can contact us at any time and exercise your rights. These include the right to:

  • Receive information about the data processing and a copy of the processed data.
  • Request rectification of inaccurate data or completion of incomplete data.
  • Request erasure of personal data.
  • Request restriction of data processing.
  • Receive your personal data in a structured, commonly used and machine-readable format and request transmission of this data to another controller in certain situations.
  • Object to data processing.
  • Withdraw consent at any time, where processing is based on consent.
  • Complain to a competent supervisory authority.

Should you wish to exercise any of your rights, complain about how we have handled your personal data, or receive further information about your rights, please contact us using the details in the “How to Contact Us” section below.

Supervisory Authority

If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint to the Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd Floor, 1082 Nicosia, telephone +357 22 818456, email address commissioner@dataprotection.gov.cy .

9. How to Contact Us

You can contact us by post, email or phone if you have any questions about this Privacy Notice, the information we hold about you, if you wish to exercise a right under data protection law, or if you wish to make a complaint.

Contact Details

CPT Cyprus Public Transport Services and Operations Limited
Postal address: Thali 4, 2200 Geri, Nicosia, Cyprus
Email: dpo@publictransport.com.cy
Telephone: +357 22 221416

10. Changes to This Privacy Notice

This Privacy Notice was last updated on 11 October 2023.

We may change this Privacy Notice from time to time. When we do so, we will inform you via a notification on our website or by other means of contact, when this is considered necessary.