Privacy Policy

1. Introduction

This Privacy Policy explains how Massage4Everyone collects, uses, stores, shares, and protects personal data when you use our website, create an account, submit a provider verification form, purchase a Provider Plan, upload services, contact us, or interact with listed Providers.

For the purposes of data protection law, the controller of your personal data is:

Ivan Iakovides
Tseriou 9, Strovolos
Email: massage4everyone.info@yahoo.com
 

2. Personal data we collect

We may collect the following categories of personal data.
 

2.1 Website visitor and customer data

This may include:

1. Name.

2. Email address.

3. Phone number.

4. Message content.

5. Search preferences, such as category and region.

6. Technical data, such as IP address, browser type, device type, pages visited, and approximate location.

7. Cookie and analytics data.

8. Any information you voluntarily send to us or to Providers.
    

2.2 Provider account data

This may include:

1. Name.

2. Business name.

3. Email address.

4. Phone number.

5. Account login details.

6. Business address or service area.

7. Profile details.

8. Service categories.

9. Photos, logos, descriptions, pricing, and availability information.

10. Communication history with us.
     

2.3 Provider verification data

To assess whether a Provider may be listed on the platform, we may collect:

1. Identity information.

2. Business registration details.

3. Professional qualifications.

4. Certificates.

5. Insurance documents.

6. Experience information.

7. Website or social media links.

8. Work address or service location.

9. Any other information reasonably required for verification.

Please do not upload unnecessary sensitive information or documents that we have not requested.
 

2.4 Payment data

Payments may be processed by third-party payment providers. We may receive limited payment information, such as:

1. Payment status.

2. Subscription plan.

3. Billing period.

4. Transaction reference.

5. Invoice details.

6. Last four digits of a card, if made available by the payment processor.

We do not intentionally store full card details on our own systems.
 

3. How we use personal data

We use personal data to:

1. Operate and maintain the website.

2. Create and manage accounts.

3. Review provider verification applications.

4. Approve, reject, suspend, or remove Providers.

5. Display Provider profiles and services.

6. Provide search and directory functionality.

7. Process Provider Plan purchases and renewals.

8. Send account, billing, verification, and service messages.

9. Respond to enquiries and support requests.

10. Monitor website security and prevent fraud or misuse.

11. Improve the website and user experience.

12. Comply with legal, tax, accounting, consumer protection, and regulatory obligations.

13. Enforce our Terms and protect users, Providers, and the platform.
     

4. Legal bases for processing

Where applicable, we rely on one or more of the following legal bases:

1. Contract: to provide accounts, Provider Plans, listings, and platform services.

2. Legal obligation: to comply with tax, accounting, consumer protection, data protection, or other legal requirements.

3. Legitimate interests: to operate, secure, improve, and protect the platform; verify Providers; prevent fraud; handle disputes; and manage business communications.

4. Consent: where we ask for consent, such as for certain cookies, marketing messages, or optional processing.

5. Establishment, exercise, or defence of legal claims: where necessary to handle disputes, complaints, or enforcement.
    

5. Provider listings and public information

Provider profiles and service listings may be visible publicly on the website. This may include the Provider’s name, business name, service area, service descriptions, photos, pricing, qualifications, and contact details.

Providers should only upload information they are comfortable making public and that they have the right to publish.
 

6. Customer contact with Providers

If a Customer contacts a Provider directly using contact information shown on the website, the Provider is responsible for how they handle that communication and any personal data shared by the Customer.

Where messages are sent through website forms or platform tools, we may process the message to deliver it, keep records, prevent abuse, and provide support.
 

7. Cookies and similar technologies

Our website may use cookies and similar technologies to operate the site, remember preferences, analyse traffic, improve functionality, secure accounts, and support marketing or analytics features.

Some cookies are essential. Others may require consent depending on your location and the type of cookie.

You can manage cookies through your browser settings and, where available, through our cookie banner or cookie preferences tool.
 

8. Who we share personal data with

We may share personal data with:

1. Website hosting and technology providers.

2. Payment processors.

3. Email, form, CRM, analytics, and security service providers.

4. Professional advisers, such as accountants, lawyers, and consultants.

5. Authorities, regulators, courts, or law enforcement where required or permitted by law.

6. Providers, where a Customer contacts them through the website.

7. Customers, where Provider information is published as part of a public listing.

We do not sell personal data.
 

9. International transfers

Some service providers may process data outside Cyprus or the European Economic Area. Where required, we use appropriate safeguards, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
 

10. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy.

Typical retention periods include:

1. Account data: for as long as the account remains active and for a reasonable period afterwards.

2. Provider verification data: for as long as needed to assess, monitor, and evidence verification status, and then for a reasonable legal or dispute period.

3. Payment and invoice data: for the period required by tax and accounting laws.

4. Enquiry and support messages: for as long as needed to respond and maintain business records.

5. Technical and analytics data: for the period set by our analytics, cookie, or security tools.

6. Legal records: for as long as needed to establish, exercise, or defend legal claims.
    

11. Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

However, no website or online system is completely secure. Users are responsible for keeping account login details confidential.
 

12. Your data protection rights

Depending on your location and applicable law, you may have the right to:

1. Access your personal data.

2. Correct inaccurate or incomplete personal data.

3. Request deletion of personal data.

4. Restrict processing.

5. Object to processing.

6. Request data portability.

7. Withdraw consent where processing is based on consent.

8. Object to direct marketing.

9. Lodge a complaint with a data protection authority.

To exercise your rights, contact us at [Insert email].

We may need to verify your identity before responding. Some rights may be limited where we have legal obligations, contractual obligations, fraud prevention reasons, or legal claims.
 

13. Marketing communications

We may send marketing emails only where permitted by law. You can unsubscribe from marketing emails using the unsubscribe link or by contacting us.

We may still send non-marketing messages about your account, verification, payments, listings, security, or legal updates.
 

14. Children

The website is not intended for children. Users must be at least 18 years old to create an account, become a Provider, or purchase a Provider Plan.

We do not knowingly collect personal data from children.
 

15. Third-party links

The website may contain links to third-party websites, social media pages, payment pages, or Provider websites. We are not responsible for the privacy practices of third parties.

You should review their privacy policies before sharing personal data with them.
 

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the website with a new “Last updated” date.
 

17. Contact and complaints

For questions about this Privacy Policy or your personal data, contact:

Ivan Iakovides
Tseriou 9, Strovolos
Email: massage4everyone.info@yahoo.com
 

If you are in Cyprus and believe your personal data rights have been infringed, you may also contact the Office of the Commissioner for Personal Data Protection.