Cyprus Flight Pass Logo

Privacy Policy

Data Privacy Declaration

This electronic platform “”, hereinafter “the eService” collects personal data within the meaning of and according to the provisions of the Data General Protection Regulation (EU) 2016/679 (“the Regulation”) and the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of such Data Law 2018, L. 125(I)/2018 (national Legislation), both forming the Legislative framework for the protection of personal data.”

Data Controller

Data Controllers of the data collected through the platform are jointly the Ministry of Transport, Communications and Works and the Ministry of Health. For questions regarding the processing of personal data and the exercise of the Regulation rights you may contact the Data Protection Officer of the Ministry of Transport, Communications and Works at the email address

Object and legal basis of processing

The joint data Controllers collect and process your personal data according to the basic Principles governing the Legislative framework for the protection of personal data, i.e. the principles of legality, limitation of purpose, transparency, minimization, precision, limitation of storage time, confidentiality, integrity and accountability, for the following objects:

The purpose of the functioning of the platform is the fight against the spread of COVID-19 in Cyprus, as a measure of addressing and controlling the dissemination of the virus in regard with the travellers destined for Cyprus within the wider context of serving the public interest and protecting public health.

More specifically, in the case where any traveller arouses suspicion of being infected by the virus or is tested positive to COVID-19, the data will be used by the Ministry of Health for the purpose of tracing contacts. The data will also form part of the medical history of each traveller for the information of the medical personnel at local health care institutions, where confirmed cases will receive treatment.

The planning and implementation of the said eService is carried out in the context of the Infectious Diseases (Determination of Measures for the Prevention of the Spread of the COVID-19 Coronavirus Decree of 2020) Decrees, issued by the Minister of Health, and the emergency procedure.

Categories of data subjects

Travellers with destination Cyprus

Categories of personal data under processing

  • Contact details: full name, I.D. No/passport No, address, telephone
  • Category of visitor: e.g. Cyprus citizen/permanent resident, tourist from a country listed in categories of countries from which entry into Cyprus is permitted/other special categories
  • Flight details: e.g. date, time, country, provisional address, persons travelling together
  • Health Certificate by an approved laboratory (time, examination date & scanned copy)
  • Consent for possible COVID-19 examination, if requested upon arrival
  • Various declarations: e.g. declaration as to whether the visitor has travelled to another country 14 days prior to his flight to Cyprus, declaration that the visitor does not have any of the symptoms for COVID-19 in the last 14 days,

Confidentiality and Safety of Personal Data

Your personal data shall remain confidential and safe. Technical and organizational measures are being taken for the protection of your personal data against accidental of unlawful destruction, loss, alteration, unauthorized communication or access. The personal data are kept in server computers in a controlled secure and protected environment. When the personal information is being uploaded on the platform, it is protected through the use of encryption, such as the SecureSocketLayer (SSL) Protocol.

More specifically, access and management of the above personal data will be given only to specially authorized personnel of the joint controllers and to isolated users depending on their jurisdiction, role and needfulness:

  • Statistical Services
  • Passport Control Centre of the Aliens and Immigration Service
  • Authorised Clinical Laboratories

Data Recipients

The joint data controllers shall ensure that your personal data are communicated to recipients only if this is provided for by the Legislative framework for the protection of personal data and in accordance with national and European Union legislations.

The company that has developed the platform may have access to the data for purposes of support/maintenance of the platform, which is bound by a contract for the assignment of processing as the data processor in accordance with article 28 of the Regulation.

Retention of Data

The personal data will be retained for a maximum period of three(3) months, after the expiry of which they will be completely erased.

Exercise of rights by data subjects

In accordance with the Legislative framework for the protection of personal data, you have the following rights, which you may exercise any time during the time frame of three (3) months, on the basis of which the data concerning you are stored.

Right of access (article 15 of Regulation): You may have access to your data and obtain complementary information concerning their processing as well as a copy of such data.

Right to Erasure (article 17 of Regulation): You have the right to ask for your personal data to be erased subject to the requirements of Article 17 of the Regulation.

Right to restriction of processing (article 18 of Regulation): You have the right to ask for the processing of your data to be restricted in the cases provided for by Article 18 of the Regulation.

Right to object (article 21(1) of the Regulation): You have the right to object at any time to the processing of your personal data for reasons related to your special circumstances, in accordance with the stipulations of article 21(1) of the Regulation.

You may exercise any of the above rights as well as make any request by communicating with the Data Protection Officer of the Ministry of Transport, Communications and Works at the email address

You also reserve the right to file a complaint to the competent supervising Authority, The Commissioner for the Protection of Personal Data, if you discover that an unlawful processing of your personal data is taking place or your rights in respect of your personal data have been breached.