We collect personal data from you if you register online with us, access and/or use our website or carry out transactions for goods and services via our website or our hotel directly.
1. Information we collect and how we use and share it
Personal data we collect when you access and use our website, when you make a booking through our reservation system and where you register online with us (hereinafter referred to as “personal data”):
• Your name, email address, physical address, phone number, date of birth, country location and payment card information (to the extent this information is provided by you);
• Information relating to your membership in one of our services or programs;
• Information about how you use our website, products and services; and
• Information such as stay and room preferences made during the course of your reservation such as your preferred room type and specific requests to the hotel.
2. We use the personal data collected for the purposes of:
a. Registering you as a new user of our services and managing our relationship with you as a registered user;
b. Providing our reservation and booking services for our hotels and facilities to you;
c. Internal analysis purposes;
d. To the extent that you have consented to being contacted for marketing purposes, we will use your personal data for the purposes of providing you with email newsletters, surveys, any other communication for the purposes of advertising and marketing of our services as well as providing you with targeted advertisements on our or third party websites;
e. Maintaining legal records and accounts for the time periods required by European/Cyprus law or where we need to comply with a legal or regulatory obligation;
f. Where it is necessary to establish and/or exercise our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
3. Disclosures of your personal data
We may have to share your personal data within our group to the extent that is necessary for the purposes for which the personal data was collected for and with some third party companies under specific contract terms in accordance with the applicable laws, whose services we employ to conduct our business or in relation to any supply of products and services by us. Disclosure of your personal data may also be required in order to comply with any applicable laws.
In the instances where you have consented to the use of your personal data for the purposes of advertising and/or marketing we may share your personal data with third party online service providers who may be located outside of the EEA.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it and that all third parties respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
List of Processors:
Online reservations system: UIBS
Hotel Management System: Oracle
We will only send you marketing emails where you have agreed to this. You can opt out of our advertising and marketing communications at any time by contacting our Marketing Team at email@example.com
Data Retention of your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Your legal rights
Your duty to inform us of changes
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes at any time.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to processing it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Object to processing of your personal data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you if we no longer require it to establish, exercise or defend legal claims.
• Request the transfer of your personal data to another party.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Officer in writing at firstname.lastname@example.org.
DATA PROTECTION OFFICER