Privacy Policy

Chris Alexandrou Academy runs a children's sports academy in Cyprus and looks after your information as the “data controller” under the EU GDPR and Cyprus data-protection law. For anything about your data, contact cyso.solutions.ltd@gmail.com.

About you (the parent or guardian): your name, phone and email, and your billing details — so we can run enrolment, schedule classes, and send invoices.

About your child: their name, date of birth (to work out age groups), optional gender, the classes they're in, and coaching notes and statistics that help us support them. Photos are stored only if you give consent.

To keep accounts safe, we also keep a record of who does what in the system. If we ever add health/emergency information, it will be visible only to specifically authorised staff and every access will be logged — and we'll ask your consent first.

Because this is about children, we're extra careful. We collect children's data only with a parent or guardian's consent, and we ask separately before storing any photos. Your child's details are visible only to their coaches and our office team — never shared for marketing, never sold.

You can ask to see everything we hold, correct anything that's wrong, delete your information, or withdraw a consent (like photos) at any time — and it won't affect anything else. Just contact cyso.solutions.ltd@gmail.com and we'll help within one month, free of charge.

If you're ever unhappy with how we handle your data, you can contact the Office of the Commissioner for Personal Data Protection (Cyprus).

We only use a child's photo with your consent, and sessions work exactly the same whether you say yes or no. Video features are planned; if we add them, we'll ask for your consent first. You can change your mind whenever you like.

When online card payments are available they're handled by our payment provider — we never see or store your full card details. We keep the invoice, the amount, and whether it's been paid.

We don't sell your data. A few trusted providers help us run the service under data-processing agreements, with data kept in the EU where possible: Google (secure login and our database, in an EU region), Cloudflare (hosting), and our error-monitoring tool. Some features we may add later — photo/video hosting, messaging, card payments — will be added to this list before we use them.

When a family leaves, we delete or anonymise your personal information. The one exception is financial records (invoices and payments), which we must keep for the period required by Cyprus tax law, after which they're deleted too. Photos are kept until you withdraw consent or leave.

Children's information sits behind staff-only access, sensitive records are access-logged, and data is stored with reputable EU providers and encrypted in transit. No system is perfectly secure, so we limit who can access records and review that access — and if a serious issue ever affected you, we'd tell you and the Commissioner, as the law requires.