This Privacy Policy explains how TheraMap collects, uses and protects personal data when you use our website at theramap.cy and the services we provide through it. We are committed to protecting your privacy and to handling your information in line with the EU General Data Protection Regulation (GDPR) and applicable Cyprus data protection law.

Who we are

TheraMap (“we”, “us”, “our”) is operated by [registered operator name and legal form, for example “TheraMap Ltd” or the sole trader’s full name], of [registered address], Cyprus. For the purposes of data protection law, we are the data controller for the personal data described in this policy. If you have any questions, contact us at info@theramap.cy.

The information we collect

We collect only the information we need to run the service. Depending on how you use the site, this may include the following.

  • Contact and account details. When you contact us, subscribe to our newsletter, claim or create a listing, or set up a provider account, we collect details such as your name, email address, telephone number, business information and login details.
  • Provider listing information. For provider profiles we hold business and professional details such as name, category, address, contact details, languages, GESY status and similar service information. Some of this is compiled from publicly available sources, as explained below.
  • Reviews and content you submit. If you post a review, comment or other content, we collect that content and the name or display name you choose to publish it under.
  • Payment information. When a provider pays for a subscription, payment is handled by our payment processor. We receive confirmation and billing details, but we do not store full card numbers on our own systems.
  • Technical and usage data. Like most websites, we automatically collect information such as your IP address, device and browser type, pages viewed and how you arrived at the site. This is collected through cookies and similar technologies.

We do not seek to collect special category health data about members of the public through the directory. Please do not include personal health information, or details that identify a patient, when you write a review or contact us.

Information compiled from public sources

Some provider listings are compiled from information that providers or official bodies make publicly available, such as public registers and business directories. This is a common practice for directories of this kind and generally concerns professional rather than private information. Any provider can claim their listing to confirm or correct it, and any provider can ask us to amend or remove their details, as described below and in our Terms and Conditions.

How we use your information and our legal bases

We use personal data only where the law allows. The main ways we use it, and our legal bases under the GDPR, are as follows.

  • To provide and operate the service, including displaying listings, running searches and enabling accounts. Legal basis: performance of a contract, or our legitimate interest in operating the directory.
  • To manage provider subscriptions and payments. Legal basis: performance of a contract and compliance with our legal obligations, such as tax and accounting.
  • To respond to your enquiries and provide support. Legal basis: our legitimate interest in helping users, or performance of a contract.
  • To send our newsletter and service messages. Marketing emails are sent on the basis of your consent, and you can unsubscribe at any time. Essential service messages rely on our legitimate interest or contract.
  • To display and moderate reviews and user content. Legal basis: our legitimate interest in offering a useful, trustworthy directory, and consent where you choose to publish content.
  • To understand and improve the site, and to keep it secure. Legal basis: our legitimate interest, and your consent for non-essential cookies.
  • To comply with the law and to protect our rights, users and the public. Legal basis: legal obligation and legitimate interest.

Cookies and similar technologies

We use cookies and similar technologies to make the site work, to remember your preferences, to measure how the site is used and, where you agree, to support marketing. You can control non-essential cookies through our cookie banner and through your browser settings. Where the law requires consent for non-essential cookies, we will ask for it before they are set.

Who we share information with

We do not sell your personal data. We share it only where necessary, with the following types of recipient.

  • Service providers who help us run the site, such as hosting, email delivery, payment processing, analytics and security providers. They act on our instructions and are bound to protect your data.
  • Payment processors, who handle subscription payments securely under their own terms.
  • Authorities and advisers, where we are required to disclose information by law, or where we need to establish, exercise or defend legal claims.
  • A successor, if the business is reorganised, sold or transferred, in which case data may pass to the new owner under this policy.

International transfers

Some of the providers we use may process data outside Cyprus, including outside the European Economic Area. Where that happens, we take steps to ensure your data is protected by an appropriate safeguard recognised under the GDPR, such as an adequacy decision or standard contractual clauses.

How long we keep information

We keep personal data only for as long as we need it for the purposes described here, or for as long as the law requires. Account and listing data is kept while the account or listing is active and for a reasonable period afterwards. Billing records are kept for the period required by tax and accounting law. When we no longer need data, we delete it or anonymise it.

Your rights

Under the GDPR you have rights over your personal data. Subject to the conditions in the law, you can ask us to:

  • confirm what personal data we hold about you and receive a copy of it;
  • correct data that is inaccurate or incomplete;
  • delete your data, or restrict how we use it, in certain circumstances;
  • object to processing that is based on our legitimate interests, including direct marketing;
  • receive certain data in a portable format; and
  • withdraw consent at any time, where we rely on consent.

To exercise any of these rights, email us at info@theramap.cy. We will respond within the time the law allows. You also have the right to complain to the supervisory authority in Cyprus, the Office of the Commissioner for Personal Data Protection, if you believe we have not handled your data properly.

Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse and unauthorised access. No website or internet transmission is ever completely secure, so while we work hard to protect your information we cannot guarantee absolute security.

Children

The site is intended for adults. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will remove it.

Links to other websites

Our site contains links to provider websites and other third party sites. We are not responsible for the privacy practices or content of those sites, and we encourage you to read their privacy policies.

Changes to this policy

We may update this policy from time to time. When we do, we will change the date at the top of the page, and where changes are significant we will take reasonable steps to bring them to your attention. Please check this page from time to time.

Contact us

For any question about this policy or your personal data, contact info@theramap.cy