Privacy Policy
We respect your privacy and protect your personal data in line with GDPR and Cyprus law. This notice explains what we collect, why, how we use it, who we share it with, how long we keep it, and your rights.
Who we are & contacts
Controller: Charlie Airlines Ltd, operating as Cyprus Airways. A Data Protection Officer (DPO) oversees compliance.
| Email (DPO) | dpo@cyprusairways.com |
| Address | 28 Eleftherias Street, Aradippou, 7101, Cyprus |
| Telephone | +357 24 020 980 |
Policy changes & third-party links
- We review this policy regularly; keep your personal data up to date with us.
- Our website contains third-party links (e.g., Rentalcars.com, Booking.com, ParkCloud, Atlantic). Their policies apply on their sites.
Data we collect
View categories
- Identity: name, date of birth, ID number.
- Contact: email, phone.
- Transaction: payments for tickets and ancillaries.
- Marketing: newsletter/marketing preferences (opt-in based).
- Recruitment: qualifications/details in a CV when applying for jobs.
- Special assistance: only what’s necessary to provide PRM support at airports/onboard.
- Cookies: site preferences/usage per our Cookies Policy.
How your data is collected
| Source | Examples |
|---|---|
| Direct interactions | Buying tickets/ancillaries (web/Call Centre), newsletter signup, marketing opt-in, competition entries, job applications. |
| Automated tools | Cookies/analytics (per Cookies Policy) for preferences and improved experience. |
Purposes & lawful basis
View purposes
- Issue tickets and ancillaries; process payments; inform you of delays/cancellations.
- Send newsletter (if subscribed) and marketing (if you opt-in; you can unsubscribe anytime).
- Comply with legal/regulatory obligations (e.g., border control/API/PNR requirements).
- Recruitment: assess suitability for vacancies.
Disclosure & international transfers
- We share necessary booking data with associates providing services (e.g., car rental, accommodation, insurance) to complete your travel arrangements.
- All providers are contractually bound to GDPR-level standards and process data only on our instructions.
- Some associates are outside the EEA. Transfers use adequacy decisions or EU-approved Standard Contractual Clauses; where relevant, guidance from the Cyprus Commissioner is followed.
- Payment processing is via an EEA credit institution certified under PCI DSS.
- We share required data with border control/Passenger Information Units where mandated.
Data security
We apply appropriate technical/organizational measures to prevent loss, unauthorized access, alteration, or disclosure. Access is restricted to personnel and partners who need it to perform services, under confidentiality obligations.
Data retention
- We keep personal data only as long as necessary for the purposes collected.
- Where needed for legal obligations or potential disputes/claims, data may be retained longer.
- Call centre recordings are retained for 30 days.
- Where retention is set by law/regulation, those periods apply.
Your rights & complaints
View your rights
- Access/Rectification: request a copy and corrections of your data.
- Objection: object to certain processing (some processing remains mandatory under aviation/security law).
- Marketing: withdraw consent/unsubscribe at any time.
- Contact DPO: dpo@cyprusairways.com.
If unresolved, you can complain to the Cyprus supervisory authority (Office of the Commissioner for Personal Data Protection), Iasonos 1, 1082 Nicosia, Cyprus.
Human Resources (careers)
Recruitment data
- HR processes data of employees and candidates only for recruitment.
- General applications are retained for a limited period; contact hr@cyprusairways.com for updates or requests.
- Access is limited to HR and authorized staff involved in assessing applications.
This summary reflects our current practices. If any discrepancy exists, the full Privacy Policy text published by Cyprus Airways prevails.