Bee Mate Privacy Notice - Cyprus Public Transport

Privacy Notice – BEEMATE APP

This Privacy Notice sets out how CPT CYPRUS PUBLIC TRANSPORT SERVICES AND OPERATIONS LIMITED (“We” or the “Company” or “Us”) collects and processes personal data for the students and their Parents/ Legal Representatives/Guardians of the students (“You” or “Yours”).
This Privacy Notice contains all the information that is required by the Company, as a Data Controller and in accordance with the provisions of the EU General Data Protection Regulation 2016/679 (“GDPR”), to provide you, and in relation to the purposes of collection and processing of personal data.

What data do we collect?
The personal data that we collect from you, is the following:
    1. Name and Surname of the Students.
    2. Name and Surname of the Parents/Legal Representatives/Guardians.
    3. Email address (for logging in the Parent APP)
    4. Geolocation of the Pickup & Drop off point of the student.
    5. Route & School
    6. Motion Card Number.
    7. Mobile Number of the Students.

1. Purpose of the Collection
Your data is processed in a legal, equitable and transparent manner, pursuant to the given parental consent of the parents/legal representatives/guardians with respect to personal data collected for the students and the legitimate interest of the company. We collect your personal data for the purpose of the Beta Launch of the BEEMATE APP in the course of the transportation services via bus to students of secondary and technical education:
a. To assess the efficiency of the routes.
b. Statistical data of the route such as number of passengers / stops etc..
c. To ensure the safety of the students and the immediate notification to the parents/legal representatives/guardians of the location where the minors are.
We do not use any form of automated processing of personal data or profiling during the processing of your personal data.

2. Data Storage
Pursuant to the written agreement we have conducted with the Service Providers (as mentioned in paragraph 4 below), your personal data are stored electronically in the servers situated in the Oracle Cloud, based in Frankfurt, Germany and accessed by a limited number of personnel, while the personal data are kept secured and protected with enhanced security measures. For the secure storage of your personal data the company takes all the necessary technical and organizational measures and ensures that the Service Providers have in place equivalent technical and organizational measures so as to ensure
that the processing is carried out in accordance with the provisions of the GDPR (controlled access,
firewalls, antivirus, encrypting data etc).

3. Disclosure Of Your Information
Within CPT, your personal data is accessible only to those who need to, with a duty of confidentiality and
only for the purposes mentioned in paragraph 2 above.
Outside our Company, recipients of your personal data may be any subcontractors or third parties who
cooperate and/or provide services to our Company in the context of its business, such as third-party
service providers that perform services for us or on our behalf, including the Service Providers, Translock
IT S.L. of Calle Francisco Silvela 42, 28028, Madrid, Spain, that have developed and provide us with the
BEEMATE Application.
We choose our associates very carefully, after the necessary checks have been carried out and sufficient
guarantees have been provided to implement appropriate technical and organizational measures in such
manner that processing will meet the requirements of the GDPR and the relevant laws and ensure the
protection of your rights.
The external recipients of your personal data may also be any other persons, entities, or relevant
authorities to whom your data may need to be disclosed for the purposes stated in paragraph 2 and
especially for compliance with our legal and regulatory obligations.

4. Retention of Data
In accordance with Company’s Retention policy, your data is kept only for as long as necessary to fulfil the
purposes specified in paragraph 2. In addition, we retain your personal data for as long as necessary to
comply with local laws, to exercise our legal rights and generally to pursue our legitimate interests. After
this period, your personal data will be irreparably destroyed.

5. Effect of the Privacy Notice
This Private notice applies in combination with any other notification, internal policies, contractual clauses
and consents that may be relevant to collection, use and disclosure of your personal data by our company.

6. Your rights
As a data subject, you can contact us at any time and exercise your rights. These rights are as follows:
• The right to receive information about the processing of data and a copy of the processed data.
• The right to request the correction of inaccurate data or the completion of incomplete data.
• The right to request the deletion of personal data.
• The right to request a restriction on data processing.
• The right to receive the personal data concerning the data subject in a structured, commonly used
and machine-readable format and to request the transfer of this data to another controller in
certain cases.
• The right to object to the processing of data.
• The right to withdraw a given consent at any time to stop a data-based consent processing.
• The right to complain to a competent supervisory authority.

Should you require to exercise any of your rights please do so by contacting us at by email at dpo@publictransport.com.cy, or by post at CPT Cyprus Public Transport Services and Operations Ltd, Griva Digeni 81-83, 6th floor, 1090 Nicosia, Cyprus.
In the event that you wish to complain about how we have handled your personal data, you may contact us at the above email address and corresponding address. We will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint with the Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd Floor, 1082 Nicosia, tel. +357 22 818456, email address: commissioner@dataprotection.gov.cy.

7. Changes to this Privacy Statement

This privacy statement was published on 01/11/2021. Changes to this Privacy Statement may be made from time to time and we will notify you when we do so through our website.