top of page

Privacy Policy (GDPR)

Last updated: 23 January 2026

This Privacy Policy explains how Cyprus Dragon Boat Federation (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use our website [your domain], our booking services, our members area, and our online shop.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Cyprus law.

1) Data Controller (who is responsible for your data)

Data Controller: Cyprus Dragon Boat Federation
Address: Germasogeia Dam, Limassol, Cyprus 
Email: cyprusdba@gmail.com
Phone: [+357 99675731]

If you have any questions or want to exercise your GDPR rights, contact us using the details above.

2) Personal data we collect

A. Data you provide directly

Depending on what you do on our website, we may collect:

  • Identity & contact details: name, email address, phone number

  • Booking information: selected activity, date/time, number of participants, location, notes you submit

  • Member account data: login credentials (handled securely), membership status, profile details you choose to provide

  • E-shop order data: items purchased, delivery method (BoxNow or pickup), delivery details where required, order notes

  • Communication data: messages you send via forms, email, or chat features

  • Uploads: if you upload documents/photos to forms (where enabled)

B. Data collected automatically

When you visit our website, we may collect:

  • Device/technical data: IP address, browser type/version, operating system, device identifiers

  • Usage data: pages visited, time spent, clicks, referral source

  • Cookies and similar technologies: see our Cookie Policy for details

C. Payment data

  • Stripe: payments made by card are processed securely by Stripe. We do not store full card details.

  • Offline wire transfer: if you pay by bank transfer, we process the payer details and payment reference needed to reconcile the payment (e.g., name, amount, date, bank reference).

3) Why we use your data (purposes)

We use personal data to:

  • Provide and manage bookings (confirmations, scheduling, changes, cancellations, participation management)

  • Operate the members area (account access, membership verification, member communications)

  • Process e-shop orders (order confirmation, preparation, BoxNow delivery or pickup arrangements, returns/support)

  • Respond to enquiries and provide customer support

  • Send operational messages (e.g., booking updates, service notices, transaction emails)

  • Maintain website security, prevent fraud/abuse, and improve website functionality

  • Comply with legal and accounting obligations

Where you have opted in, we may also use your data to send newsletter/marketing communications.

4) Legal bases for processing (GDPR)

We process personal data under one or more of the following legal bases:

  • Contract necessity: to provide bookings, memberships, and purchases you request

  • Legal obligation: for accounting/tax requirements and compliance duties

  • Legitimate interests: to operate and secure our services, improve user experience, prevent fraud, and manage our activities (balanced against your rights)

  • Consent: for marketing communications and optional cookies/trackers where required

You can withdraw consent at any time (this does not affect processing already carried out).

5) Who we share your data with

We share data only when necessary to deliver the services you request, including with:

  • Website platform/hosting: Wix.com and its related service providers (website hosting, forms, members, automations)

  • Payments: Stripe (card processing) and banking institutions for wire transfers (as applicable)

  • Delivery/collection: BoxNow (for Cyprus local deliveries) and/or collection coordination for pickup

  • Email/SMS and communications providers used for service notifications (where enabled)

  • Analytics tools (where enabled) to understand website performance and improve content

  • Professional advisers: accountants, auditors, and legal advisers where required

  • Authorities/regulators where required by law

We do not sell your personal data.

6) International transfers

Some service providers (including website and infrastructure providers) may process data outside the EEA. Where this happens, we apply appropriate safeguards in line with GDPR (such as adequacy decisions and/or Standard Contractual Clauses).

7) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described above, applying sensible EU/Cyprus defaults:

  • Bookings and participation records: typically up to 5 years (to manage operational history, safety/insurance considerations, and dispute handling)

  • Member account data: kept for the duration of membership and up to 2 years after inactivity/closure, unless legal obligations require longer

  • Orders, invoices, and payment records: typically 7 years (accounting/tax compliance)

  • Customer service communications: typically up to 2 years after last contact

  • Marketing subscriptions: until you unsubscribe or withdraw consent

  • Website analytics/cookie data: per tool settings and the Cookie Policy (often up to 14 months for analytics, where enabled)

We may retain certain data longer if required by law or to establish, exercise, or defend legal claims.

8) Your rights under GDPR

You have the right to:

  • Request access to your personal data

  • Request correction of inaccurate or incomplete data

  • Request erasure (where applicable)

  • Request restriction of processing (in certain circumstances)

  • Object to processing based on legitimate interests

  • Request data portability (for data processed by consent or contract, where applicable)

  • Withdraw consent at any time (where processing is based on consent)

  • Lodge a complaint with the supervisory authority

Supervisory authority (Cyprus): Office of the Commissioner for Personal Data Protection (Cyprus).
You may also contact us first; we will respond promptly and in line with GDPR timeframes.

9) Security

We implement appropriate technical and organisational safeguards to protect personal data. No online system is fully risk-free, but we take reasonable measures to prevent unauthorised access, loss, misuse, or disclosure.

10) Children’s privacy

Our services may involve activities where minors can participate only with parent/guardian authorisation and under appropriate supervision. If you believe a child’s data has been submitted without appropriate authorisation, contact us and we will address the request in accordance with GDPR.

11) Marketing communications

If you opt in to receive marketing communications, you can unsubscribe at any time using the unsubscribe link in emails or by contacting us at cyprusdba@gmail.com.

12) Cookies

We use cookies and similar technologies. For details and choices, please read our Cookie Policy.

13) Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date will show the latest revision. If changes are material, we may notify users via the website or email where appropriate.

14) Contact

For privacy questions or GDPR requests:
Email: cyprusdba@gmail.com
Address: Germasogeia Dam, Limassol, Cyprus 

bottom of page