Privacy Policy
GDPR Compliant · Last Updated: June 2026
Eyja Travel Media LTD ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or book a tour with us, in full compliance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
For the purposes of the GDPR, the data controller is:
- Eyja Travel Media LTD
- Email: hello@eyjatravelmedia.com
- Country of Registration: Republic of Cyprus
2. Information We Collect
To process your bookings and provide our media services, we collect the following personal data:
- Identity Data: Full name, date of birth, gender, nationality, and passport number (required for booking local flights, permits, or hotels in destinations like Jordan or Turkey).
- Contact Data: Email address, phone number, and residential address.
- Financial Data: Payment card details (processed entirely by our secure, PCI-compliant payment gateway provider, Stripe; we do not store your raw card numbers).
- Technical Data: IP address, browser type, and cookies collected during your navigation on our website.
3. How We Use Your Data
We process your personal information based on lawful grounds:
- Performance of a Contract: To fulfill and book the travel experiences you purchase.
- Legal Compliance: To comply with tax, corporate, and immigration reporting laws in Cyprus and destination countries.
- Legitimate Interests: To improve our website performance, analyze user behavior, and send you marketing communications (only if you have consented to receive them).
4. Data Sharing and Third-Party Disclosures
We never sell your personal data. However, to execute your travel bookings, we must share specific details with:
- Local Tour Operators: The vetted local agencies executing your tour on the ground in the destination country.
- Service Providers: Infrastructure providers, such as email servers, CRM systems, and payment processors (Stripe).
- Legal Authorities: If required by law, border control, or tax audits in the Republic of Cyprus.
Note: When your data is transferred to local operators outside the European Economic Area (EEA), we ensure appropriate contractual safeguards are in place to protect your privacy.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements (typically 6–7 years under Cyprus corporate tax law).
6. Your Rights Under GDPR
As an EU resident or individual interacting with an EU company, you hold the following rights:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct inaccurate or incomplete information.
- Right to Erasure ("Right to be Forgotten"): You can request that we delete your data under certain conditions.
- Right to Object/Restrict Processing: You can object to us processing your data for direct marketing.
To exercise any of these rights, please email us directly at hello@eyjatravelmedia.com.
7. Security of Your Data
We implement appropriate technical and organizational security measures (including SSL encryption) to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.