Skip to main content
JetSet Travel Cyprus - Home

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller responsible for your personal data is:

JetSet K&K Travel Ltd
26A Agapinoros Street, 8049 Paphos, Cyprus
Company Registration: HE 181550
Email: info@jetset.com.cy
Phone: +357 99 478 073

JetSet K&K Travel Ltd is an IATA-accredited travel agency (IATA code: 14200130), licensed by the Cyprus Tourism Organisation (Licence No. 7775).

2. What Data We Collect

Depending on the services you use, we may collect the following categories of personal data:

  • Identity data: full name, date of birth, nationality
  • Contact data: email address, phone number, postal address
  • Travel preferences: destination preferences, travel dates, seating and accommodation preferences
  • Identity documents: passport or ID details (required for visa services and certain bookings)
  • Payment information: payment card details, billing address (processed securely through third-party payment providers)
  • Technical data: IP address, browser type and version, device information, pages visited on our website
  • Cookies and tracking data: session cookies, analytics data, and preference cookies (see Section 10 below)
  • Communication data: records of correspondence via email, phone, WhatsApp, or contact forms

3. Why We Collect Your Data

We process your personal data for the following purposes:

  • Booking fulfilment: to arrange flights, hotels, transfers, and other travel services you request
  • Visa processing: to prepare and submit visa applications on your behalf, where instructed
  • Customer communication: to respond to enquiries, send booking confirmations, and provide travel updates
  • Marketing: to send promotional offers and travel deals, only with your prior consent
  • Legal obligations: to comply with tax, accounting, and regulatory requirements applicable to travel agencies in Cyprus
  • Service improvement: to analyse website usage and improve our services

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

  • Contract performance: processing necessary to fulfil your travel booking or respond to your pre-contractual requests (Article 6(1)(b))
  • Legitimate interests: processing necessary for our legitimate business interests, such as fraud prevention, service improvement, and internal administration (Article 6(1)(f))
  • Consent: where you have given explicit consent, such as for marketing communications (Article 6(1)(a)). You may withdraw consent at any time
  • Legal obligation: where processing is required to comply with applicable law (Article 6(1)(c))

5. Who We Share Your Data With

We share your personal data only as necessary to provide the services you have requested. Recipients may include:

  • Airlines and transport providers: to issue tickets and manage bookings
  • Hotels and accommodation providers: to confirm reservations
  • Visa authorities and consulates: to process visa applications on your behalf
  • Payment processors: to securely process transactions
  • IATA systems (e.g., GDS platforms): to access fare information and issue travel documents
  • Insurance providers: where travel insurance is arranged

We do not sell your personal data to third parties. All data sharing is limited to what is strictly necessary for service delivery.

6. International Data Transfers

As a travel agency, we may need to transfer your personal data to travel providers, airlines, hotels, and authorities located outside the European Union / European Economic Area (EU/EEA). Such transfers may occur when:

  • Booking flights or accommodation with providers based outside the EU/EEA
  • Submitting visa applications to non-EU consulates or embassies
  • Using global distribution systems (GDS) for fare searches and ticketing

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, which may include:

  • European Commission adequacy decisions for the recipient country
  • Standard Contractual Clauses (SCCs) approved by the EU
  • The transfer being necessary for the performance of a contract between you and us (Article 49(1)(b) GDPR)

7. Data Retention

We retain your personal data as follows:

  • Booking records and invoices: retained for 7 years from the date of the transaction, as required by Cyprus tax and commercial law
  • Visa application data: retained for 7 years or as required by applicable regulations
  • Marketing consent records: retained until you withdraw your consent
  • Website analytics data: retained for up to 26 months
  • Contact form enquiries: retained for up to 2 years unless a booking results

After the applicable retention period, your data is securely deleted or anonymised.

8. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data, subject to legal retention requirements
  • Right to restriction: request that we limit the processing of your data in certain circumstances
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format
  • Right to object: object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

9. How to Exercise Your Rights

To exercise any of the rights described above, please contact us:

Email: info@jetset.com.cy
Phone: +357 99 478 073
Post: JetSet K&K Travel Ltd, 26A Agapinoros Street, 8049 Paphos, Cyprus

We will respond to your request within 30 days. If we need additional time (up to 60 further days for complex requests), we will inform you within the initial 30-day period.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (www.dataprotection.gov.cy).

10. Cookies

Our website uses cookies and similar technologies to enhance your browsing experience. The types of cookies we use include:

  • Essential cookies: required for the website to function correctly (e.g., session management, language preferences)
  • Analytics cookies: help us understand how visitors interact with our website, so we can improve its performance and content
  • Preference cookies: remember your settings and choices for a better user experience

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our website.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legislation. Any updates will be published on this page with a revised "Last updated" date. We encourage you to review this page periodically.

For material changes that significantly affect how we process your data, we will make reasonable efforts to notify you via our website or by email.

Call
WhatsApp