JoyOfCulture

Privacy Policy

Privacy Policy

Last updated: 13/05/2026

1. Data Controller

1.1 This Privacy Policy explains how Joy of Culture ("we", "us", "our", or the "Platform") collects, uses, stores, shares, and protects personal data when Users and Hosts access or use the Platform.

1.2 Joy of Culture is the data controller responsible for the processing of personal data under this Privacy Policy.

1.3 Controller details: Joy of Culture, Antonaki Manoli 22, Agios Theodoros, Larnaca, Cyprus. Email: info@joyofculture.com.

1.4 Joy of Culture has not appointed a Data Protection Officer, as this is not currently required. For privacy-related questions or data protection requests, Users may contact us at info@joyofculture.com.

2. Personal Data We Collect

2.1 We may collect and process the following categories of personal data, depending on how the Platform is used.

2.1.1 Account information

2.1.1.1 Name, surname, username, email address, password or authentication details, contact details, profile information, and account settings.

2.1.2 Third-party sign-in information

2.1.2.1 Where Users register or log in using supported services such as Google or Apple, we may receive information such as name, email address, unique account identifier, and authentication-related information, depending on the User's settings and the provider's policies.

2.1.3 Booking and transaction data

2.1.3.1 Booking details, booking history, payment status, transaction references, refunds, cancellations, and related communications.

2.1.4 Host information

2.1.4.1 Business details, tax or compliance-related information, payout-related information, listing details, experience descriptions, availability, prices, photos, exact experience location, and other content submitted by Hosts.

2.1.5 Host identity, compliance, payout, tax, or fraud-prevention information

2.1.5.1 Information necessary to verify accounts, process payouts, comply with legal obligations, prevent fraud, and maintain trust and safety.

2.1.6 User-generated content

2.1.6.1 Reviews, ratings, messages, profile information, photos, and other content submitted through the Platform where available.

2.1.7 Communications

2.1.7.1 Messages exchanged through the Platform, customer support emails, contact form submissions, complaints, feedback, and related correspondence.

2.1.8 Location-related data

2.1.8.1 Experience locations and, where the User has granted permission, device or app location data used for location-based features.

2.1.9 Technical and usage data

2.1.9.1 IP address, device identifiers, browser and device information, operating system, app version, log data, cookie identifiers, usage events, preferences, analytics data, crash reports, error logs, and security-related information.

2.1.10 Mobile app permission data

2.1.10.1 Camera, photo library, location services, and push notification permissions, where the User enables the relevant feature.

2.1.11 Push notification data

2.1.11.1 Device identifiers, push notification tokens, and notification preferences.

2.1.12 Marketing and preference data

2.1.12.1 Communication preferences, consent records, cookie preferences, and marketing subscription status.

3. Accuracy of Information

3.1 Users and Hosts are responsible for ensuring that the personal data they provide to us is accurate, complete, and up to date. They should update their account or listing information where necessary.

4. Publicly Visible Content

4.1 Certain information may be publicly visible on the Platform. This may include Host or business name, profile information, experience title, description, photos, availability, prices, reviews, ratings, and the exact location of the experience.

4.2 Hosts should not include private residential addresses or other sensitive personal information in public listings unless they are comfortable making that information publicly available.

4.3 Reviews and ratings may be publicly visible on the Platform. We may process reviews, ratings, and related content to operate the Platform, display feedback, maintain trust and safety, handle disputes, and enforce our Terms and Conditions. Users may request correction or removal of personal data contained in their own reviews or ratings, subject to applicable law.

5. Platform Messages and Communications

5.1 Users and Hosts may communicate with each other through the Platform. They should avoid sharing sensitive personal information, payment card details, private identification documents, health information, or other unnecessary confidential information through Platform messages unless strictly necessary.

5.2 We may access, review, or use messages and content exchanged through the Platform where necessary to provide customer support, resolve disputes, investigate suspected fraud, misuse, abuse, safety concerns, or violations of our Terms and Conditions, and maintain the security and integrity of the Platform.

6. Purposes and Legal Bases for Processing

6.1 We process personal data for the following purposes and legal bases under the GDPR.

6.1.1 Performance of a contract (Article 6(1)(b) GDPR)

6.1.1.1 To create and manage accounts, provide the Platform, manage listings, process bookings, facilitate payments and payouts, enable communication between Users and Hosts, provide customer support, and send service-related communications.

6.1.2 Legal obligations (Article 6(1)(c) GDPR)

6.1.2.1 To comply with tax, accounting, regulatory, consumer protection, fraud prevention, payment, and lawful authority requirements.

6.1.3 Legitimate interests (Article 6(1)(f) GDPR)

6.1.3.1 To operate, maintain, secure, and improve the Platform; prevent fraud, misuse, spam, abuse, and security incidents; handle disputes; enforce our Terms and Conditions; analyze usage; improve search results and recommendations; and protect our rights, Users, Hosts, and the Platform.

6.1.4 Consent (Article 6(1)(a) GDPR)

6.1.4.1 For non-essential cookies or similar technologies, marketing communications where consent is required, location permissions, push notifications where consent is required, and other processing where we ask for consent.

6.1.5 Legal claims and protection of rights

6.1.5.1 Where necessary to establish, exercise, or defend legal claims, resolve disputes, or protect the rights and safety of Joy of Culture, Users, Hosts, or third parties.

7. Payments and Payouts

7.1 Payment card details are processed directly by third-party payment service providers and are not stored by the Platform.

7.2 We may process payment status, transaction references, refund information, payout information, booking value, and related payment records in order to process bookings, facilitate payouts, prevent fraud, resolve disputes, comply with legal obligations, and maintain accounting records.

8. Location Data and App Permissions

8.1 We may process location-related data to display experience locations, support location-based search and filtering, help Users find relevant experiences, and assist with navigation to experiences.

8.2 Where the Platform uses the User's device location, this will only happen where the User has granted the relevant permission through their device, browser, or app settings. Users can disable location permissions at any time through their device, browser, or app settings, although some location-based features may not work properly.

8.3 Where available, the Platform may request access to device features such as camera, photo library, location services, and push notifications. These permissions are used only where necessary to provide the relevant feature, such as uploading photos, displaying or finding experiences by location, or sending notifications. Users can manage or disable app permissions through their device settings.

9. Cookies and Similar Technologies

9.1 We use cookies and similar technologies to provide essential Platform functionality, remember preferences, improve user experience, analyze usage, measure performance, and support security.

9.2 Where required by law, non-essential cookies or similar technologies, including analytics cookies, will only be used with the User's consent. Users may withdraw consent or manage cookie preferences through the cookie settings available on the Platform.

9.3 For detailed information about the cookies and similar technologies we use, and how Users can manage their preferences, please refer to our Cookie Policy.

10. Marketing and Service Communications

10.1 We may send marketing communications, newsletters, or promotional offers where permitted by law and, where required, with the User's consent. Users may unsubscribe from marketing communications at any time by using the unsubscribe link in the communication or by contacting us at info@joyofculture.com.

10.2 Transactional or service-related communications, such as booking confirmations, account notices, password reset emails, security notices, important platform updates, and customer support replies, are not marketing communications and may be sent where necessary to provide and secure the Platform.

11. Personalization, Analytics, and Aggregated Data

11.1 We may process usage, preference, booking, location-related, and category-related data to personalize the User experience, improve search results, recommend relevant experiences, display relevant content, and improve the Platform.

11.2 We may use aggregated, anonymized, or de-identified data for analytics, reporting, business insights, platform improvement, research, and service development. Such data does not identify individual Users or Hosts.

12. Automated Tools

12.1 We may use automated tools to help detect, prevent, and respond to fraud, misuse, security incidents, spam, abuse, or suspicious activity on the Platform.

12.2 However, we do not use personal data for solely automated decision-making, including profiling, that produces legal or similarly significant effects for Users, unless permitted by applicable law and subject to appropriate safeguards.

13. Data Sharing and Third Parties

13.1 We may share personal data with selected third parties where necessary for the purposes described in this Privacy Policy. These may include the categories below.

13.1.1 Payment service providers

13.1.1.1 For payment processing, refunds, transaction verification, fraud prevention, and related payment services.

13.1.2 Hosting, cloud infrastructure, storage, and IT providers

13.1.2.1 For hosting, operating, securing, and maintaining the Platform.

13.1.3 Email and notification providers

13.1.3.1 For account-related, booking-related, transactional, support, push notification, and, where applicable, marketing communications.

13.1.4 Analytics and product analytics providers

13.1.4.1 To understand usage, improve functionality, measure performance, and identify trends.

13.1.5 Maps and location service providers

13.1.5.1 To display experience locations, support location-based search and filtering, and assist with navigation.

13.1.6 Crash reporting, error monitoring, security, and fraud prevention providers

13.1.6.1 To diagnose issues, improve reliability, and protect the Platform.

13.1.7 Professional advisers

13.1.7.1 Such as lawyers, accountants, auditors, insurers, and other advisers, where necessary for legal, accounting, tax, insurance, compliance, or business purposes.

13.1.8 Public authorities and legal bodies

13.1.8.1 Public authorities, courts, regulators, law enforcement, or other third parties where required by law or where necessary to protect our legal rights, Users, Hosts, or the Platform.

13.1.9 Business transaction parties

13.1.9.1 Potential buyers, investors, or other parties in connection with a merger, acquisition, investment, financing, restructuring, sale of assets, or transfer of all or part of our business, subject to appropriate confidentiality and data protection safeguards.

13.2 Some third-party service providers process personal data on our behalf and only in accordance with our instructions. Other third-party providers may act as independent controllers where they determine their own purposes and means of processing, for example for payment processing, fraud prevention, regulatory compliance, or maps/location services.

13.3 We do not sell personal data to third parties.

14. International Data Transfers

14.1 Where personal data is transferred outside the European Economic Area (EEA), we take steps to ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

14.2 These safeguards may include Standard Contractual Clauses approved by the European Commission, adequacy decisions, and, where necessary, supplementary safeguards.

15. Data Retention

15.1 We retain personal data for as long as necessary to provide the Platform, maintain User and Host accounts, process bookings and payments, comply with legal, accounting, tax, and regulatory obligations, resolve disputes, enforce our Terms and Conditions, prevent fraud and abuse, and maintain the security of the Platform.

15.2 Where possible, we delete or anonymize personal data when it is no longer required for the purposes for which it was collected.

15.3 We may retain certain records for longer where required by law or where necessary for legal claims, dispute resolution, fraud prevention, abuse prevention, platform safety, or enforcement of our Terms and Conditions.

16. Data Subject Rights

16.1 Under the GDPR, individuals may have the following rights in relation to their personal data.

16.1.1 Right of access.

16.1.2 Right to rectification.

16.1.3 Right to erasure.

16.1.4 Right to restriction of processing.

16.1.5 Right to data portability.

16.1.6 Right to object to processing.

16.1.7 Right to withdraw consent at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

16.1.8 Right not to be subject to solely automated decision-making where applicable under GDPR.

16.2 Requests to exercise data protection rights may be submitted to info@joyofculture.com. To protect personal data, we may request information necessary to verify the identity of the person making the request before responding to or fulfilling a data protection request.

16.3 We aim to respond to data protection requests within one month of receiving the request. Where permitted by law, this period may be extended if the request is complex or if we receive multiple requests. In such cases, we will inform the requester of the extension and the reasons for it.

16.4 Users may request deletion of their personal data. We will assess and respond to such requests in accordance with applicable data protection laws. In some cases, we may need to retain certain information where required by law, for tax, accounting, legal claims, dispute resolution, fraud prevention, platform security, or enforcement of our Terms and Conditions.

17. Data Security and Incidents

17.1 We implement appropriate technical and organisational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include, where appropriate, encryption, access controls, secure hosting infrastructure, logging and monitoring, backup and recovery procedures, internal access restrictions, and incident response processes.

17.2 In the event of a personal data breach, we will assess the incident and take appropriate steps in accordance with applicable data protection laws. Where required by law, we will notify the competent supervisory authority and/or affected individuals.

18. Children

18.1 The Platform is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from minors.

19. Third-Party Links and Services

19.1 The Platform may contain links to or integrations with third-party websites, apps, services, payment providers, maps providers, or other external services. Those third parties may process personal data in accordance with their own privacy policies and terms. We encourage Users and Hosts to review the privacy information of any third-party services they use.

20. Changes to This Privacy Policy

20.1 We may update this Privacy Policy from time to time. Where changes are material, we may notify Users through the Platform, by email, or by other appropriate means where required by law. The latest version will be made available through the Platform.

21. Complaints

21.1 Users have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus or with another competent supervisory authority in the EU Member State where they live, work, or where the alleged infringement occurred.

22. Language

22.1 This Privacy Policy may be made available in English and Greek. In case of any inconsistency between the English and Greek versions of this Privacy Policy, the English version shall prevail.