Privacy Policy

Effective date: 14 Sep 2025

This Privacy Policy explains how we collect, use, and protect personal data when you use the website paphos.taxi (the “Site”) and our taxi / transfer services in Paphos, Cyprus.

1. What data we collect

• Booking details you provide voluntarily: name, contact phone, preferred messenger, pick-up/drop-off, date/time, special notes (e.g., child seat).
• Communications you send via phone, WhatsApp, Viber, Telegram or email.
• Technical data provided by your browser: IP address, user-agent, basic device info, and server logs necessary for security and fraud prevention.
• We do not collect payment card data on this Site.

2. Lawful bases (GDPR)

• Contract – to accept and manage your booking, provide the ride, and communicate with you.
• Legitimate interests – to ensure Site security, prevent abuse, and improve our service.
• Legal obligation – to comply with applicable transport/accounting regulations in Cyprus.
• Consent – where required (e.g., for optional marketing messages). You can withdraw consent at any time.

3. How we use data

• Process bookings and provide taxi / transfer services.
• Confirm details, send updates or support messages.
• Protect our services (rate-limiting, security logs, incident diagnostics).

4. Sharing and disclosures

We do not sell your data. We disclose data only as needed to provide the service or as required by law:

• Drivers / dispatch: pick-up details and contact phone to deliver the ride you requested.
• Hosting & infrastructure: the Site is hosted on Google Cloud. Standard security, encryption in transit (HTTPS) and access controls are applied.
• Messaging platforms: if you contact us via WhatsApp, Viber or Telegram, your data is processed by those platforms under their own policies.
• Email provider: for incoming/outgoing messages (e.g., Google Workspace or equivalent).
• Authorities: where required by applicable law.

5. International transfers

When our processors store data outside the EEA, we rely on appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms).

6. Retention

• Booking records: up to 12 months after the ride (or longer if required by law), then securely deleted or anonymised.
• Server logs: typically up to 30 days for security and troubleshooting.
• If a dispute or legal claim arises, we may retain relevant data until it is resolved.

7. Security

We apply technical and organisational measures appropriate to the risk, including HTTPS encryption, minimal data collection, access controls and regular updates. No online system can be 100% secure, but we work to protect your information.

8. Cookies & analytics

We currently do not use non-essential cookies or third-party analytics on this Site. If this changes, we will update this Policy and provide the necessary consent controls.

9. Your GDPR rights

You have the right to request: access, rectification, erasure, restriction, portability, and to object to processing. You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus). To exercise your rights, contact us at support@paphos.taxi.

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus): www.dataprotection.gov.cy.

10. Children

Our services are intended for adults. We do not knowingly collect personal data from children under 16 without verifiable consent of a parent or guardian.

11. Third-party links

The Site may include links to third-party services (e.g., WhatsApp, Viber, Telegram). Their privacy practices are governed by their own policies.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be indicated by updating the “Effective date” above. Continued use of the Site after changes means you accept the updated Policy.

13. Contact

Data controller: Paphos Taxi
Email: support@paphos.taxi
Tel: +357 95950950

Website: paphos.taxi