Privacy Policy

The Troodos Observatory is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website, troodosobservatory.com (the “Website”), or engage with our services, such as booking visits or registering for events. By using the Website, you consent to the practices described in this Policy.
This Policy complies with the EU General Data Protection Regulation (GDPR), the Cyprus Data Protection Law (Law 125(I)/2018), and other applicable regulations. If you have questions about this Policy, please contact us using the details in Section 10.

1. Information We Collect
We may collect the following types of information when you use the Website:

1.1 Personal Information You Provide
• Contact and Booking Information: When you book a visit, register for an event, or submit an inquiry, we may collect your name, email address, phone number, postal address, payment details (e.g., credit card information), and any other details you provide (e.g., preferences for stargazing events).
• Correspondence: Information you share when contacting us via email, forms, or other channels.
• Event Preferences: Details about your interests (e.g., educational programs or astrotourism activities) to tailor your experience.

1.2 Automatically Collected Information
• Usage Data: Information about your interaction with the Website, such as pages visited, time spent, and links clicked.
• Device and Technical Data: IP address, browser type, operating system, device type, and other technical details collected via cookies or similar technologies.
• Location Data: Approximate location based on your IP address or, if enabled, precise location data for location-based services (e.g., finding nearby events).

1.3 Information from Third Parties
• We may receive information from third-party platforms (e.g., booking or payment processors) when you use their services to interact with us.
• If you engage with our social media pages (e.g., on X), we may collect publicly available information you share, subject to the platform’s privacy policies.

1.4 Children’s Data The Website is not intended for children under 16 without parental or guardian consent. If we learn that we have collected personal information from a child under 16 without consent, we will delete it promptly. If you believe we have such data, please contact us.

2. How We Use Your Information
We use your information for the following purposes, based on lawful grounds under GDPR (e.g., consent, contract necessity, legitimate interests, or legal obligations):
• To Provide Services:
• Process and confirm bookings or event registrations.
• Communicate with you about your visit, including confirmations, reminders, or updates.
• Respond to your inquiries or requests.
• To Improve and Personalize the Website:
• Analyze usage trends to enhance Website functionality and user experience.
• Tailor content or recommendations based on your interests (e.g., suggesting relevant events).
• To Ensure Security and Compliance:
• Protect the Website from fraud, unauthorized access, or abuse.
• Comply with legal obligations, such as tax or reporting requirements.
• For Marketing and Communication (with your consent):
• Send newsletters, promotional offers, or updates about the Troodos Observatory’s activities.
• Invite you to participate in surveys or educational programs.
• For Environmental and Research Purposes:
• Use anonymized data to support environmental initiatives or astronomical research, in collaboration with partners.

3. Legal Basis for Processing
Under GDPR, we process your personal information based on:
• Consent: For marketing emails, certain cookies, or location data (you can withdraw consent at any time; see Section 8).
• Contract Necessity: To fulfill bookings, event registrations, or respond to your requests.
• Legitimate Interests: For Website analytics, security, or improving services, provided your rights are not overridden.
• Legal Obligations: To comply with Cypriot or EU laws, such as tax or data protection regulations.

4. How We Share Your Information
We may share your information with:
• Service Providers: Third parties that assist with Website operations, such as payment processors, booking platforms, or IT services, under strict data protection agreements.
• Partners: Collaborators like the Forestry Department or University of Nicosia for event coordination or research, only with your consent or as anonymized data.
• Legal Authorities: If required by law, court order, or to protect our rights, property, or safety.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred, with notice to you where required.
We do not sell your personal information to third parties.

5. Cookies and Tracking Technologies
We use cookies and similar technologies (e.g., pixels, web beacons) to enhance your experience, analyze usage, and deliver personalized content. Cookies may include:
• Essential Cookies: Necessary for Website functionality (e.g., session management).
• Analytics Cookies: To track usage patterns (e.g., via Google Analytics).
• Marketing Cookies: For personalized ads or content, if applicable.
You can manage cookie preferences through our cookie consent tool or your browser settings. For details, see our Cookie Policy [link to a separate page, if applicable]. Note that disabling cookies may affect Website functionality.

6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer period is required by law.

• Booking and contact data: Typically retained for 3 years after your last interaction, unless required for tax or legal purposes.
• Analytics data: Anonymized or retained for up to 2 years.
• Marketing data: Until you unsubscribe or withdraw consent.
When data is no longer needed, we securely delete or anonymize it.

7. International Data Transfers
If we transfer your data outside the European Economic Area (EEA), such as to service providers in other countries, we ensure appropriate safeguards, such as:
• EU Standard Contractual Clauses.
• Transfers to countries with adequacy decisions by the European Commission.
• Binding corporate rules, where applicable.

8. Your Data Protection Rights
Under GDPR and Cypriot law, you have the following rights regarding your personal information:
• Access: Request a copy of the data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data, subject to legal exceptions.
• Restriction: Limit how we process your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests, including marketing.
• Withdraw Consent: Stop processing where we rely on your consent (e.g., for newsletters).
• Lodge a Complaint: Contact the Cyprus Data Protection Commissioner (www.dataprotection.gov.cy) or another EU supervisory authority.
To exercise these rights, contact us at [email protected]. We will respond within one month, extendable by two months for complex requests. You may need to verify your identity.

9. Data Security
We implement technical and organizational measures to protect your data, including encryption, access controls, and secure servers. However, no system is completely secure, and we cannot guarantee absolute protection against unauthorized access or breaches. You are responsible for keeping your account credentials (if applicable) confidential.

10. Contact Information
For questions, concerns, or to exercise your rights, please contact our Data Protection Officer:
• Email: [email protected]
• Address: Troodos Observatory, Agridia, Limassol District, Cyprus
• Phone: 25314556

11. Third-Party Links
The Website may link to third-party sites (e.g., booking platforms or social media). These sites have their own privacy policies, and we are not responsible for their practices. Please review their policies before sharing information.

12. Changes to This Privacy Policy
We may update this Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email, Website notice, or other means, as required by law. Please check this page regularly for updates.

13. Accessibility
We strive to make this Policy accessible to all users, including those with disabilities, in line with the EU Web Accessibility Directive.