Privacy Policy

1.1 Personal Information

We collect information that you provide directly to us when you:

• Create an account (name, email address, password)
• Make a booking (name, email, phone number, guest details)
• Contact us (name, email, phone number, message content)
• Update your profile (avatar, preferences, contact information)
• Leave reviews (review text, rating)
• Subscribe to our newsletter (email address)

1.2 Automatically Collected Information

When you access our Service, we automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages viewed, time spent, navigation paths)
• Location data (general location based on IP address)
• Cookies and similar tracking technologies

1.3 Information from Third Parties

We may receive information about you from third parties, such as:

• Social media platforms (if you sign up using Google or other OAuth providers)
• Partner hotels (booking confirmations, service issues)
• Payment processors (transaction status, payment verification)

We use the information we collect for the following purposes:

2.1 Providing Services

• Create and manage your account
• Process and fulfill bookings
• Send booking confirmations and updates
• Facilitate communication with partner hotels
• Provide customer support

2.2 Improving Our Services

• Analyze usage patterns and trends
• Conduct research and development
• Test new features and functionality
• Monitor and improve platform performance

2.3 Marketing and Communications

• Send promotional emails and newsletters (with your consent)
• Provide personalized recommendations
• Notify you about new features and special offers
• Conduct surveys and collect feedback

2.4 Legal and Security

• Comply with legal obligations
• Prevent fraud and abuse
• Protect user safety and security
• Enforce our Terms and Conditions
• Resolve disputes

We may share your information in the following circumstances:

3.1 With Partner Hotels

We share booking information with partner hotels to facilitate your day pass reservations. This includes your name, email, phone number, and booking details.

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

• Cloud hosting providers (Supabase, Vercel)
• Email service providers
• Payment processors (when applicable)
• Analytics services
• Customer support tools

3.3 For Legal Reasons

We may disclose your information if required by law or in response to:

• Legal processes (subpoenas, court orders)
• Government requests
• Protection of our rights, property, or safety
• Protection of users' rights, property, or safety
• Investigation of fraud or security issues

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include:

• Encryption of data in transit and at rest
• Secure authentication systems
• Regular security audits and updates
• Access controls and authentication
• Secure data centers with physical security
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

We use cookies and similar tracking technologies to track activity on our Service and store certain information.

Types of Cookies We Use:

• Essential Cookies: Necessary for the website to function properly (authentication, security)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how visitors use our site
• Marketing Cookies: Track your activity to provide relevant advertisements

Analytics - Privacy-Friendly Tracking:

Managing Cookies:

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

We use trusted third-party service providers to help us operate our platform:

Service Categories:

• Cloud Infrastructure: Secure hosting and database services
• Email Services: Transactional email delivery (booking confirmations, notifications)
• Analytics: Privacy-friendly website analytics (no cookies, GDPR compliant)
• Error Monitoring: Technical error tracking to improve service reliability
• Authentication: Secure user login and account management

These service providers only process your data on our behalf and are contractually obligated to protect your information and use it only for the purposes we specify.

External Links:

Our Service may contain links to third-party websites:

• Social media platforms
• Partner hotel websites
• Payment processors (when implemented)

We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of every website you visit.

Depending on your location, you may have the following rights regarding your personal information:

GDPR Rights (EU/EEA Residents):

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

How to Exercise Your Rights:

To exercise any of these rights, please contact us at privacy@cyprusdailypass.com. We will respond to your request within 30 days.

Marketing Communications:

You can opt out of marketing emails at any time by clicking the "unsubscribe" link at the bottom of our emails or by contacting us directly.

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 18, we will delete that information promptly.

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records

Retention Periods:

• Account Information: Until you delete your account, plus 30 days
• Booking Records: 7 years for legal and tax purposes
• Communication Records: 3 years
• Marketing Data: Until you unsubscribe, plus 1 year

After the retention period expires, we will securely delete or anonymize your personal information.

Your information may be transferred to and maintained on servers located outside of Cyprus, including in countries that may not have the same data protection laws as your country of residence.

We ensure appropriate safeguards are in place to protect your information, including:

• Standard contractual clauses approved by the European Commission
• Data processing agreements with service providers
• Privacy Shield certification (where applicable)
• Adequate data protection measures

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on our website

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority

If you are located in the EU/EEA and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority.