CTC Data Privacy Policy

This Privacy Policy explains how and why, CTC-ARI AIRPORTS LTD (“we”) collect information about you and what we do with it. This Policy also explains your rights under the General Data Protection Regulation (GDPR) and how you can exercise those.

In legal terms, we are the data controller, as we determine the means and/or purposes of the processing of the personal data held by us. We might be the data processors in the case that we are performing a process on behalf of another legal entity that is defining the means and/or purpose of the processing.

The General Data Protection Regulation (GDPR) governs how we take care of the information we hold about you. The first principle of the Regulation is that your personal information must be processed fairly and transparently. We have an obligation to let you know how we will securely maintain the information about you and what we will use it for.

What personal data do we collect about you?

  • basic details about you, such as name, address, date of birth, ID/ Passport number, email, home address, telephone number
  • travel information
  • payment details
  • records and copies of our correspondence if you contact us
  • Any information that is collected through cookies on our website (more information can be found on the cookie policy published at https://www.cydutyfree.com/cookie-policy)
  • Security footage at our stores and premises through CCTV system
  • any other information collected through promotional activities either through social media or at our stores

Why do we need your personal data?

  • We collect basic information about you such as name, address, dae of birth, ID/Passport number, email address, telephone number and travel information and the records and copies of our correspondence to contact you and deliver the services you have engaged us with
  • We collect payment details to execute your payments
  • We keep information as per the cookies policy to remember information such as language preference or login information and for advertising and marketing efforts (*only if have given us your consent to do so)
  • We use CCTV system at our stores and premises and collect surveillance footage to protect our legitimate interests
  • We also collect information to contact you with promotional material (*only if you have given us your consent to do so)

We collect and use your information under the following lawful bases:

  • where we have your consent (by the data subject or legal guardian),
  • where it is necessary for the execution of a contract between us
  • where it is necessary for compliance with a legal obligation,
  • where processing is necessary to protect your or another person’s vital interests
  • where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • where it is justified by our legitimate interests, of your legitimate interests or the legitimate interests of another person,

Who will we share your information with:

If it is necessary to share your information with other parties, it will be subject to strict controls and data processing agreements describing to what extent and how it may be used. We may share your information with:

  • Public Authorities
  • Auditors
  • Banks
  • Department of Civil Aviation
  • Other Service providers and/or collaborators

Security of personal data

We take appropriate operational and technology security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access, disclosure, loss, corruption and/or destruction.

How long do we retain your data?

  • For delivery of services: We maintain your data for 3 months and then delete it
  • For payments: We are responsible for the retention of data regarding financial transactions for 7 years under the Cyprus Taxation Laws and then delete it (*we may have to maintain the data for another 7 years if a legal processing is in place or we are asked by the Cyprus Tax Department)
  • CCTV: We keep CCTV footage for 21 days and then delete it (*we may maintain the data for a longer period if there if legal processing or legal proceedings are taking place for as long as it is required by the processing and/or proceedings)
  • For promotional services: We only maintain your data for promotional purposes when you have granted your consent. We will delete your data when you choose to withdraw your consent.

Your rights

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 Law 125(I)/2018, you are granted several rights regarding your personal data. You have the right to request from us access to and rectification of your personal data. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. 

Individual Rights:

1. Right to be informed
2. Right to access
3. Right to correction
4. Right to erasure
5. Right to restriction of processing
6. Right to data portability
7. Right to object to processing
8. Right not to be subject to automated decision making

For further information on how we process your personal data or how to exercise your rights you can contact our Data Protection Officer. If you would like to exercise one of the rights please complete and send to our Data Protection Officer the “Data Subject Request Form” that can be found here.

The contact information of our Data Protection Officer is as below:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone Number: +357 24 841568

For further information on the GDPR, your rights or to lodge a complaint, you can contact the office of the Commissioner for the Protection of Private Data at the following address:

Office of the Commissioner for the Protection of Private Data

1 Iasonos st.
1082 Nicosia
Cyprus
Website: http://www.dataprotection.gov.cy
Telephone number: 22818456
Fax number: 22304565

Changes to Our Privacy Policy

We may modify or revise our privacy policy from time to time. Although we may attempt to notify you when major changes are made to this privacy policy, you are expected to periodically review the most up-to-date version found at our website www.cyprusdutyfree.com so you are aware of any changes.