Privacy Policy

1. Introduction

SafeGuard Cyprus ("we," "our," or "us") operates a comprehensive emergency response system serving the Cyprus community. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-emergency platform covering fire incidents, medical emergencies, traffic accidents, and general emergency situations.

By using our service, you agree to the collection and use of information in accordance with this policy. Your safety and privacy are treated seriously, and technical and organisational measures are applied to protect data used for emergency coordination.

SafeGuard Cyprus is created and maintained by MOMINPERT. It is an independent platform and is not currently used by the Government of Cyprus as an official national system. The project is currently under discussions for potential national implementation to support the security of citizens and visitors in Cyprus.

Official authority context. Personal data you submit in connection with incidents is processed for the purposes of authorized official bodies (including national or regional coordination centres and emergency services) carrying out their statutory tasks. Access to identifiable operational data (including incident content and reporter contact details where collected) is limited to authorized personnel acting in an official capacity, subject to role-based access and auditability. Depending on legal arrangements, the platform operator may act as controller for certain technical or account data and as processor for other processing carried out on documented instructions of a competent authority—your organisation’s privacy notices and data processing agreements take precedence where they apply.

Digital records and legacy practice. Where equivalent information was previously recorded manually (for example incident logs, paper registers, or spreadsheets), use of SafeGuard Cyprus does not change the underlying official purpose: it supports the same coordination, verification, and record-keeping functions in a more structured, consistent, and auditable form.

2. Information We Collect

2.1 Personal Information

When you register for an account or report an incident, we may collect:

• Name and surname
• Email address
• Phone number
• Physical address
• Cyprus ID number (for verification purposes)

2.2 Emergency Incident Data

When reporting emergencies or incidents, we collect:

• Emergency type (fire, medical, traffic accident, general emergency)
• Precise GPS location coordinates and address information
• Incident description and severity level classification
• Photos, videos, and multimedia evidence of the emergency situation
• Timestamp, date, and real-time incident tracking data
• Environmental conditions and situational context
• Reporter contact information for emergency response coordination
• Response and resolution details from emergency services personnel

2.3 Technical Data

We automatically collect:

• IP address and device information
• Browser type and version
• Usage data and interaction patterns
• System logs and error reports

3. How We Use Your Information

3.1 Emergency Response

Your information is primarily used for:

• Coordinating emergency response services
• Dispatching fire departments, police, and medical services
• Tracking incident status and resolution
• Providing real-time emergency assistance

3.2 Service Improvement

We use aggregated and anonymized data to:

• Analyze emergency response patterns
• Improve system performance and reliability
• Enhance user experience
• Generate statistical reports for emergency planning

3.3 Communication

We may contact you for:

• Emergency follow-up and status updates
• System notifications and alerts
• Important safety announcements
• Account security matters

4. Information Sharing and Disclosure

Incident-related personal data is shared and used only within the scope of official emergency and coordination activities and with parties that have a lawful need to know. It is not sold and is not used for unrelated commercial profiling.

4.1 Emergency Services

We share your information with authorized emergency services including:

• Cyprus Fire Service
• Cyprus Police Force
• Emergency Medical Services
• Civil Defense Department
• Municipal authorities

4.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal obligations
• Protect public safety
• Investigate potential crimes
• Respond to government requests

4.3 Third-Party Services

We use trusted third-party services for:

• Map and GPS services (OpenStreetMap, Leaflet)
• Cloud hosting and data storage
• Email and SMS notifications
• System analytics and monitoring

5. Data Security

We implement robust security measures to protect your information:

• End-to-end encryption for sensitive data
• Secure SSL/TLS connections
• Regular security audits and updates
• Access controls and authentication
• Data backup and recovery systems
• Compliance with EU GDPR standards

6. Your Rights

Under the General Data Protection Regulation (GDPR) and Cyprus Law 125(I)/2018 (which implements the GDPR in Cyprus), you have rights including:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (often called the “right to be forgotten”)
• Portability: Receive your data in a structured, commonly used format (where applicable)
• Restriction: Limit how we process your data in defined circumstances
• Objection: Object to certain types of processing (where applicable)

6.1 Erasure and competent authority rules

The right to erasure is not absolute. We, or the competent official authority, may refuse or limit erasure where processing remains necessary—for example to comply with a legal obligation, to perform a task carried out in the public interest or in the exercise of official authority, for archiving in the public interest, for scientific or historical research or statistical purposes (subject to conditions in law), or for the establishment, exercise, or defence of legal claims. For incident reports and related operational records, retention, redaction, anonymisation, and destruction are determined by applicable law and the guidelines, retention schedules, and procedures of the competent authority, which may require keeping certain data even after you stop using the application.

6.2 Closing your application account

Where the service allows you to close your account (including from the mobile app), that action ends your ability to sign in and may remove or replace credentials used for authentication (such as your login email) while preserving information where still required for official incident handling—for example so authorities can verify reports, investigate misuse, or complete operational follow-up. Account closure is not the same thing as complete erasure of every personal data item held in official records; any request for full erasure of operational data will be assessed against GDPR/Cyprus law and authority retention and disclosure rules.

To exercise your rights, use the contact details below. Requests that relate solely to processing by a particular authority may be redirected to that authority’s data protection contact where appropriate.

7. Data Retention

Retention is driven primarily by legal obligations, the public interest in emergency management, and competent authority record-keeping and audit requirements. The periods below are indicative and may be shortened or extended where law or authority guidelines require.

• Account and authentication data: For as long as the account is active; after voluntary closure, credential-related fields may be invalidated or removed while other fields necessary for official purposes are retained as described in this policy.
• Incident reports and operational history: For as long as required by applicable Cyprus and EU law, internal security policy, and the retention schedules and procedures of the competent authority (including for verification, investigation, quality assurance, and legal defence).
• Technical and security logs: Typically for a limited period sufficient for security monitoring, troubleshooting, and accountability, unless a longer period is required by law or authority direction.
• Anonymised or aggregated statistics: May be retained where data no longer identifies individuals.

Where processing replaces or mirrors legacy manual records, retention should be understood in the same spirit as those legacy practices—with improved consistency, access control, and audit trails—not as a reduction of official accountability.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Improve system performance
• Analyze usage patterns

You can control cookie preferences through your browser settings.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

10. International Data Transfers

Your data may be processed in countries outside Cyprus. When we transfer data internationally, we ensure adequate protection through:

• EU adequacy decisions
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Email notification
• Prominent notice on our website
• In-app notifications

Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related questions, data protection requests, or to exercise your rights under applicable law, contact us at: