This Privacy Policy explains how K.S. Kyprianou Moto Warehouse Ltd ("Motowarehouse", "we", "us", "our") collects, uses, and protects personal data submitted through the online service booking portal at bookings.motowarehouse.com.cy.
We are committed to protecting your personal data in full compliance with Regulation (EU) 2016/679 (GDPR) and applicable Cypriot law.
1. Who We Are — Data Controller
Company name: K.S. Kyprianou Moto Warehouse Ltd
Trading as: Motowarehouse Ltd
Address: 40 Athinon Street, Strovolos, Nicosia, Cyprus
Email: support@motowarehouse.com.cy
Phone: 22 328 788
2. What Data We Collect
When you submit a service booking request, we collect the following personal data:
| Data | Purpose | Required |
|---|---|---|
| Full name | To identify the customer and personalise communications | Yes |
| Mobile phone number | To verify identity via one-time code and send appointment reminders | Yes |
| Email address | To send booking confirmations and reminders | Yes |
| Vehicle licence plate | To identify the vehicle for servicing | Yes |
| Vehicle model and year | To prepare the correct service for your vehicle | Yes |
| Service type and requested date/time | To schedule and manage your appointment | Yes |
| Current mileage (km) | To record vehicle condition at time of service | Yes |
| Additional notes | To capture any specific concerns or instructions you wish to communicate to the workshop | No (optional) |
| IP address and server logs | Automatically collected by our hosting provider (Railway) for security, error monitoring, and abuse prevention. Not used to identify individual users under normal operation. | Automatic |
We do not collect payment information, government ID numbers, or any sensitive personal data through this portal.
3. Legal Basis for Processing
- Contract performance (Art. 6(1)(b)): Processing your details is necessary to arrange and manage the service you requested.
- Legal obligation (Art. 6(1)(c)): Cypriot tax and commercial law requires us to retain business records for six (6) years.
- Legitimate interests (Art. 6(1)(f)): Sending appointment reminders directly related to your booking, and operating security measures such as bot protection.
We do not rely on consent as a legal basis for processing your booking data. If we ever introduce consent-based processing, you will have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
4. How We Use Your Data
- To process and confirm your service booking
- To verify your phone number via a one-time SMS code
- To send appointment confirmation and reminders by email and/or SMS
- To maintain a service history for your vehicle
- To contact you if we need to reschedule or cancel your appointment
We do not use your data for marketing purposes without your separate consent. We do not sell your data to any third party.
5. Third-Party Service Providers
We share your data only with the following processors, each engaged under a data processing agreement (DPA) or equivalent contractual safeguards:
| Provider | Purpose | Data Transferred | Location |
|---|---|---|---|
| Brevo (Sendinblue SAS) | Sending transactional emails (confirmation, reminders, cancellations) and SMS messages | Name, email address, phone number, booking date/time, service type | EU (France) — adequacy applies |
| hCaptcha (Intuition Machines, Inc.) | Bot protection on the booking and verification forms | IP address, browser fingerprint data | USA — Standard Contractual Clauses apply |
| Railway (Railway Corp.) | Cloud application hosting, encrypted database, and server infrastructure | All booking data; server logs may include IP addresses. Railway may retain infrastructure logs and backups for operational purposes in accordance with their own retention policy. | USA — Standard Contractual Clauses apply |
No other third parties receive your personal data from this portal.
6. International Data Transfers
Two of our service providers — hCaptcha and Railway — are based in the United States, which does not benefit from an EU adequacy decision. Transfers to these providers are made subject to Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR, which provide appropriate safeguards for your personal data.
Brevo is based in France (EU) and no cross-border transfer safeguards are required for that provider.
7. Data Retention
We retain your personal data and booking records for six (6) years from the date of your appointment, in line with Cypriot tax and commercial record-keeping requirements. After this period, your data is deleted from our primary database. Please note that our hosting provider (Railway) may retain infrastructure-level logs and encrypted backups for a limited period beyond this in accordance with their own data retention policies.
8. Your Rights Under GDPR
Under GDPR, you have the following rights in relation to your personal data:
- Access (Art. 15): Request a copy of the personal data we hold about you
- Rectification (Art. 16): Request correction of inaccurate or incomplete data
- Erasure (Art. 17): Request deletion of your data (subject to our legal retention obligations)
- Restriction (Art. 18): Request that we limit how we use your data
- Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
- Objection (Art. 21): Object to processing based on our legitimate interests
- No automated decisions (Art. 22): Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. We do not carry out such processing.
- Lodge a complaint (Art. 77): Lodge a complaint with a supervisory authority — see Section 11
To exercise any right, contact support@motowarehouse.com.cy. We will respond within one month of receiving your request. This period may be extended by a further two months where requests are complex or numerous, in which case we will notify you.
9. Cookies
This portal uses a session cookie to maintain your booking session, and security cookies set by hCaptcha to protect against automated submissions. No advertising or analytics cookies are used. See our Cookie Policy for full details.
10. Data Security
- Encrypted database storage
- HTTPS encryption for all data in transit
- Phone number OTP verification before booking submission
- Rate limiting and bot protection via hCaptcha
- Access controls — only authorised Motowarehouse staff can view booking data
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Commissioner for Personal Data Protection within 72 hours of becoming aware of it (Art. 33 GDPR). If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (Art. 34 GDPR).
11. Supervisory Authority
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority. You may contact the Cypriot data protection authority directly:
1 Iasonos Street, 1082 Nicosia, Cyprus
Tel: +357 22 818 456 · commissioner@dataprotection.gov.cy
www.dataprotection.gov.cy
If you are located in another EU/EEA member state, you also have the right to lodge a complaint with the supervisory authority in the country where you live or work. A list of EU data protection authorities is available at edpb.europa.eu.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent update. For minor changes, we will update the date and the revised policy will take effect immediately. For material changes — such as a new purpose for processing or a new category of data — we will take reasonable steps to notify you, and where required by law, obtain your consent before the change takes effect.
13. Contact Us
40 Athinon Street, Strovolos, Nicosia, Cyprus
support@motowarehouse.com.cy · Tel: 22 328 788