Privacy Policy

Last updated: February 2026

1. Data Controller

HoPono Massage Studio, located in Nicosia, Cyprus, is the data controller responsible for your personal data. If you have any questions about how we handle your data, you can reach us at +357 96 537 959 or via WhatsApp.

2. Data We Collect

When you book an appointment, we collect the following personal information:

  • Full name
  • Email address
  • Phone number (including country code)
  • Appointment details (service, date, time)
  • Reminder preference (email or SMS)
  • Marketing consent preference
  • Coupon usage (if applicable)

We do not collect payment card details through our website. Payments are processed in person at our studio.

3. Purpose of Processing

We use your personal data for the following purposes:

  • Booking management: To schedule, confirm, and manage your appointments
  • Appointment reminders: To send you reminders via your chosen method (email or SMS) before your appointment
  • Client records: To maintain a history of your visits for quality of service
  • Marketing (only with consent): To send you promotions, offers, and wellness tips via email or SMS

4. Legal Basis (GDPR Article 6)

We process your data based on:

  • Contract performance: Processing your booking and providing the requested service
  • Legitimate interest: Sending appointment reminders related to your booking
  • Consent: Sending marketing communications (only when you opt in)

5. Marketing Communications

We will only send you marketing messages (promotions, offers, wellness tips) if you have explicitly opted in by checking the marketing consent box during booking. You can withdraw your marketing consent at any time by contacting us directly. Withdrawing marketing consent does not affect your appointment reminders or booking confirmations.

6. Data Retention

We retain your personal data for as long as you are an active client and for up to 24 months after your last appointment. After this period, your data will be anonymised or deleted unless we are required by law to retain it longer. You may request earlier deletion at any time.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw marketing consent at any time

To exercise any of these rights, contact us at +357 96 537 959 or via WhatsApp. We will respond to your request within 30 days.

8. Third-Party Services

We use the following third-party services to deliver our booking system:

  • Brevo (Sendinblue): For sending appointment confirmation and reminder emails. Your email address is shared with Brevo for this purpose. Brevo Privacy Policy
  • Send.to: For sending SMS reminders. Your phone number is shared with Send.to for this purpose. Send.to Privacy Policy

These services are used solely for appointment-related communications (and marketing, if you have consented). Your data is not sold to or shared with any other third parties.

9. Cookies

Our website uses only essential session cookies required for the booking system and admin panel to function. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required as we only use strictly necessary cookies.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted connections (HTTPS) for all data transmission
  • Secure password hashing for admin access
  • Rate limiting and brute force protection
  • CSRF protection on all forms
  • Regular security reviews

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "last updated" date. We encourage you to review this policy periodically.

12. Contact & Complaints

If you have questions about this privacy policy or wish to exercise your data rights, contact us:

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus.