Skip to content
paidotopia

Privacy

This privacy notice explains how Paidotopia ("we", "us") handles personal data under the EU General Data Protection Regulation (GDPR). It applies to the paidotopia.cy website and related services. Have qualified counsel review this page before launch.

What we collect. (a) Technical data your browser sends automatically — IP address (truncated for analytics), device type, country/region, pages viewed. (b) Data you submit — your name, email, message text, language preference, optional venue ID when you contact a venue, and any details you provide on the birthday-party or venue-submission flows.

Why we process it. (i) To operate and secure the site (legitimate interest under Art. 6(1)(f)). (ii) To respond to enquiries you send via the contact form (Art. 6(1)(b) — pre-contractual / contractual). (iii) To send the newsletter you opted into (Art. 6(1)(a) — consent, with double opt-in). (iv) To measure aggregate traffic and improve content using cookieless analytics (legitimate interest, no profiling, no cross-site tracking).

Processors we use. We only share personal data with the third-party processors strictly needed to deliver the service: • Plausible Analytics — cookieless web analytics, hosted in the EU (Germany). No cookies, no cross-site tracking, IPs hashed and discarded. • Resend — transactional email delivery (contact replies, newsletter double-opt-in). Stores message metadata for delivery and abuse prevention. • Supabase — Postgres database and storage for venues, blog content, leads, and newsletter subscribers. Hosted in the EU. • Mailchimp — newsletter audience management and broadcast sends (when you opt into our list). Acts under a data-processing agreement and stores subscribers in EU/US data centres with SCCs in place.

Cookies. We do not set cookies for advertising or cross-site tracking. Plausible is cookieless. We may use a single localStorage key ("paidotopia.privacy-notice.dismissed") to remember that you closed the privacy banner; that's stored only in your browser and is not transmitted.

Your rights. You can ask us to access, correct, export, or delete your personal data, and you can object to or restrict processing. The fastest route is the form at /privacy/delete-my-data — we'll respond within 30 days as required by Art. 12. You also have the right to lodge a complaint with the Cyprus Office of the Commissioner for Personal Data Protection or your local supervisory authority.

Retention. Newsletter subscribers are retained until you unsubscribe (and 30 days after, for unsubscribe-evidence). Contact-form leads are retained for up to 24 months for support and audit. Server logs are retained for up to 30 days. Aggregate analytics are retained indefinitely because they contain no personal data.

Children's privacy. Paidotopia is a directory for parents and carers. We do not knowingly collect personal data directly from children. If you believe a minor has submitted personal information in error, notify us via /privacy/delete-my-data and we will remove it.

International transfers. Where personal data is transferred outside the EU/EEA (e.g. some Mailchimp subprocessors), the transfer is covered by Standard Contractual Clauses or an equivalent legal mechanism.

Changes. Material updates to this notice will carry a revised "last reviewed" date. Continued use of the site after a change constitutes acknowledgement where permitted by law.

Want to act on your rights? Submit a request at /privacy/delete-my-data.

Last reviewed: 2026-05-06.