Compare Car Classes

Cheapest option in each category

Loading prices...
Home Discover Ayia Napa Travel Hub Fleet Explore Ayia Napa

Data Privacy Policy

How Ayia Napa Cars collects, uses and protects your personal information

1. Introduction and Scope

Ayia Napa Cars operates a vehicle rental service based in Ayia Napa, Famagusta, Cyprus. This Privacy Policy explains how we collect, use, store, share and protect personal data when you interact with our website at ayianapacars.com, make a booking, contact our team, or use any of our services.

This policy applies to all customers, website visitors and enquirers regardless of nationality or country of residence. It covers data collected online, by telephone, by email, and at our vehicle pickup points including Larnaca International Airport (LCA) and locations across Ayia Napa and the wider Famagusta district.

We process personal data in accordance with the General Data Protection Regulation (GDPR) as retained and applied under Cyprus law, the Processing of Personal Data (Protection of Individuals) Law of Cyprus (Law 125(I)/2018), and any applicable regulations issued by the Commissioner for Personal Data Protection of the Republic of Cyprus.

By using our website or services, you acknowledge that you have read and understood this policy. If you do not agree, please refrain from submitting personal data through our platform.

2. Data Controller

The data controller responsible for your personal information is:

Ayia Napa Cars
Ayia Napa, Famagusta, Cyprus
Email: [email protected]
Phone: +1 (474) 347-0271

For all privacy-related enquiries, corrections, or deletion requests, please contact us at the email address above. We aim to respond within 30 calendar days.

3. Information We Collect

We collect only the information necessary to provide our vehicle rental services and to meet our legal obligations. The categories of personal data we may collect include:

3.1 Identity and Contact Details

Full name, date of birth, nationality, email address, postal address, and telephone number. These are collected when you create a booking, send an enquiry, or contact our support team.

3.2 Driving Licence and Travel Documents

Driving licence number, issuing country, expiry date, and passport or national identity card details. These are required by Cyprus road traffic law and our insurance providers to validate your eligibility to drive a rental vehicle.

3.3 Booking and Rental Data

Pickup and return dates, selected vehicle category, pickup location (for example, Larnaca Airport arrivals, Nissi Avenue, or your hotel in Protaras), optional extras such as child seats or GPS, and rental duration. We also retain records of any damage assessments, incident reports, or traffic infringements during your rental period.

3.4 Payment Information

We do not store full card numbers or CVV codes on our servers. Payment transactions are processed by PCI-DSS compliant third-party payment processors. We retain only transaction reference numbers, payment method type (credit or debit card), and confirmation of successful payment. Our no-deposit booking model means we collect payment only for the rental fee - no pre-authorisation hold is placed on your card beyond the agreed rental amount.

3.5 Browsing and Technical Data

IP address, browser type and version, operating system, referring URL, pages visited, session duration, and device identifiers. This data is collected automatically via server logs and cookies when you access ayianapacars.com. Please see our Cookies Policy for full details.

3.6 Location Data

If you use our website on a mobile device and grant location permission, we may collect approximate geographic coordinates to pre-fill your nearest pickup location. You can withdraw this permission at any time through your device settings.

3.7 Communications Data

Records of emails, web form submissions, telephone call notes, and live chat transcripts when you contact us for support, cancellations, or general enquiries.

4. How We Use Your Data

We use personal data only for purposes that are lawful and proportionate. Our legal bases for processing are set out alongside each purpose below.

4.1 Processing and Managing Bookings

Legal basis: Performance of a contract. We use your identity, licence, booking and payment data to confirm your reservation, arrange vehicle pickup at locations such as Larnaca Airport or your Ayia Napa hotel, issue rental agreements, and manage returns and extensions.

4.2 Customer Support

Legal basis: Performance of a contract / Legitimate interests. We use contact and booking data to respond to queries, process cancellations under our free-cancellation policy, and handle complaints or post-rental feedback.

4.3 Legal and Regulatory Compliance

Legal basis: Legal obligation. Cyprus road traffic regulations and our insurance policies require us to verify driver identity and licence validity before releasing any vehicle. We may also be required to disclose personal data to Cyprus police, courts, or other authorities if lawfully requested.

4.4 Service Improvement and Analytics

Legal basis: Legitimate interests. Aggregated and anonymised browsing data helps us understand how visitors use our website, which vehicle categories are most popular, and how to improve the booking flow. We do not use this data to individually profile customers.

4.5 Marketing Communications

Legal basis: Consent. If you have opted in during the booking process or via a separate subscription, we may send you promotional emails about seasonal deals on vehicle rental in Ayia Napa, new fleet additions, or travel tips for the Cape Greco and Protaras area. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

5. Data Sharing and Third Parties

We do not sell personal data to third parties. We may share your data with the following categories of trusted partners, solely for the purposes described in this policy:

5.1 Payment Processors

Authorised payment gateways that process card transactions on our behalf. These processors operate under strict PCI-DSS compliance standards and are contractually prohibited from using your payment data for any purpose other than completing the transaction.

5.2 Insurance Providers

Our vehicle insurance underwriters may require driver identity and licence details to validate coverage for each rental period. Data shared is limited to what is strictly necessary for insurance purposes.

5.3 Booking System Integrators

Third-party reservation platforms or booking engine providers that power our online availability and confirmation system. These providers act as data processors under contractual data processing agreements with us.

5.4 Regulatory and Legal Authorities

Cyprus police, the Cyprus Department of Road Transport, courts, or other government bodies where we are legally required to disclose information, for example in relation to a road traffic incident or a statutory audit.

5.5 International Transfers

Where any third-party service provider is located outside the European Economic Area, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or an adequacy decision covering the destination country.

6. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.

  • Booking and rental records: 7 years from the end of the rental period, to comply with Cyprus tax and accounting obligations.
  • Driving licence and passport copies: 12 months from the rental end date, unless a longer period is required for an open insurance claim or legal dispute.
  • Payment transaction records: 7 years from the date of payment, as required by financial regulations.
  • Marketing consent records: Until you withdraw consent, plus 3 years thereafter as evidence of the consent.
  • Website analytics data: 26 months in aggregated or anonymised form.
  • Support communications: 3 years from the date of the last communication, unless related to an ongoing dispute.

After the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with you.

7. Your Rights Under GDPR

As a data subject under the GDPR and Cyprus data protection law, you have the following rights in relation to your personal data:

7.1 Right of Access

You may request a copy of the personal data we hold about you, along with information about how it is used, where it is stored, and with whom it is shared.

7.2 Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.

7.3 Right to Erasure

You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful. This right is subject to our legal retention obligations described in Section 6.

7.4 Right to Data Portability

Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

7.5 Right to Object

You have the right to object at any time to processing based on our legitimate interests, including profiling for direct marketing. Where you object to direct marketing, we will cease processing your data for that purpose immediately.

7.6 Right to Restrict Processing

In certain circumstances you may request that we restrict the processing of your personal data, for example while the accuracy of the data is being contested.

7.7 How to Exercise Your Rights

To exercise any of the above rights, please contact us at [email protected]. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request. If you are not satisfied with our response, you have the right to lodge a complaint with the Commissioner for Personal Data Protection of the Republic of Cyprus at www.dataprotection.gov.cy.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction or disclosure. These measures include:

  • HTTPS encryption across all pages of ayianapacars.com using TLS 1.2 or higher.
  • Access controls limiting data access to authorised personnel only, on a need-to-know basis.
  • Secure, encrypted storage for booking and customer records.
  • Regular security assessments and software updates to protect against known vulnerabilities.
  • Contractual data processing agreements with all third-party processors requiring equivalent security standards.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Commissioner for Personal Data Protection within 72 hours and inform affected individuals without undue delay where required by law.

9. Cookies

Our website uses cookies and similar tracking technologies to operate correctly, remember your preferences, and analyse usage patterns. For full details of the cookies we use, their purpose, and how to manage or disable them, please read our Cookies Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the effective date shown below and, where appropriate, notify customers by email or by a prominent notice on our website.

We encourage you to review this policy periodically. Continued use of our website or services after changes have been posted constitutes your acceptance of the updated policy.

Last reviewed: June 2025

11. Contact for Privacy Enquiries

If you have any questions, concerns or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Ayia Napa Cars - Privacy Enquiries
Ayia Napa, Famagusta, Cyprus
Email: [email protected]
Phone: +1 (474) 347-0271

You also have the right to contact the supervisory authority directly:

Commissioner for Personal Data Protection
Republic of Cyprus
Website: www.dataprotection.gov.cy