RODO / GDPR Privacy Policy

Last updated: June 1, 2026

1. Data Controller

The data controller for personal data collected through BookingsCyprus.com is the property owner, contactable via:

2. What Data We Collect

We collect personal data only when you voluntarily submit it through our booking form:

Full name — to identify the guest
Email address — to send booking confirmation or rejection
Phone number (optional) — for direct communication regarding your stay
Check-in / check-out dates — to process the booking request
Apartment preference — to match you with the right property
Message (optional) — any additional requests or notes

3. Legal Basis for Processing

We process your personal data based on:

Article 6(1)(b) GDPR — processing is necessary for the performance of a contract (your booking request) or to take steps prior to entering into a contract.
Article 6(1)(f) GDPR — legitimate interest in responding to inquiries and preventing fraudulent bookings.

4. How We Use Your Data

Processing and responding to your booking request
Sending confirmation or rejection emails
Communicating with you about your stay (check-in details, special requests)
Fraud prevention (rate limiting, bot detection)

We do not use your data for marketing purposes unless you explicitly opt in.

5. Data Storage & Retention

Your data is stored in the website’s WordPress database hosted on a secure server.
Booking request data is retained for a maximum of 12 months after your check-out date, or 6 months after rejection, whichever applies.
You may request earlier deletion at any time (see Section 7).

6. Data Sharing

Your personal data is not sold, rented, or shared with third parties, except:

Hosting provider — for technical infrastructure (data processing agreement in place)
Email delivery service — to send booking-related emails
Legal obligations — if required by law or court order

7. Your Rights (GDPR Articles 15–22)

As a data subject, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — correct inaccurate or incomplete data
Erasure (“right to be forgotten”) — request deletion of your data
Restriction — limit how we process your data
Data portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interest

To exercise any of these rights, contact us at bookings@bookingscyprus.com. We will respond within 30 days.

8. Cookies & Local Storage

This website does not use traditional tracking cookies. We use browser localStorage for:

Language preference (bcy_lang) — remembers your selected language
Theme preference — remembers dark/light mode choice
Cookie consent (bcy_cookies_accepted) — remembers that you accepted this notice

No third-party analytics or advertising cookies are used.

9. AI Voice Assistant

The AI voice assistant is powered by a third-party service (Retell AI).
Voice interactions are processed by Retell AI to generate responses. We do not store voice recordings.
The AI assistant does not collect or store personal data beyond the scope of the conversation.
See the AI Act disclosure for more information.

10. Data Security

The website uses HTTPS encryption for all data transmission.
The booking form includes bot protection (honeypot fields, timing checks) and rate limiting.
Access to personal data is restricted to the property owner.

11. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For guests in Poland, this is the UODO (Urząd Ochrony Danych Osobowych) at uodo.gov.pl.

12. Changes to This Policy

We may update this policy from time to time. The “last updated” date at the top reflects the most recent revision. Continued use of the website after changes constitutes acceptance.

← Back to homepage