PRIVACY NOTICE – GUESTS
Our company, The Cyprus Tourism Development (the “Company”, “we”), collects and processes personal data required for the provision of services to its guests and visitors who make a booking with our hotel (“you”, “your”), pursuant to the “Registration Form” which you have completed and signed.
This Privacy Notice includes all the information the Company, as controller under the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”) and the relevant applicable law, has an obligation to provide you with, as data subject of the data it collects and processes.
1. What Information we Collect
The personal data we collect from you during registration/ check in at our hotel are the following:
1. Full name
2. Residence Address
4. Date of birth
5. Passport Number
6. Frequent Flyer Number
7. Email address
8. Credit Card Number
We may also use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information relating to your location while on our properties (via keycards and other technologies).
2. Purpose of the Collection
We collect your personal data so that we can process your reservation and provide you with our services referred to in the Registration Form and generally for the following purposes:
a) Performance of our contractual obligations
b) Compliance with legal obligations to which we are subject
c) Protection of your vital interests
d) Pursuing a legitimate interest
Specific purposes for which we collect your personal information may include:-
• To investigate and follow up on any comments, inquiries and complaints you may have and to resolve any disputes and problems which may have arisen with respect to your reservation and our services.
• To obtain feedback from you that will help us to improve and/ or further the provision of our facilities, products and services.
• To communicate with you about our services that may be of interest to you, including meeting and event planning.
• To inform you about promotional events, special offers, etc.
• To send you your hotel bill via email. It is your responsibility to ensure that we have the correct (and preferred) email address for you.
• To enable us to perform our obligations towards you.
• To comply with a legal obligation to which we may be subject.
• Any other purpose specifically requested and/ or agreed by you
We will collect your consent prior to processing your data where required by the GDPR and applicable law.
Closed-circuit television and other technologies that record sound or video are used where permitted by law for the protection of property, staff, guests and visitors.
We do not collect and we do not use any personal data other than that specifically mentioned above without your explicit consent unless you ask us to do so.
You do not have an obligation to provide us with your personal data, but if you don’t we will not be able to provide you with our services.
We don’t use automated decision-making processes or profiling while processing your personal data.
3. How we Keep your Data
We process your personal data at our offices, in Nicosia, where they are kept and stored.
For the storage and security of your personal data the Company takes all the necessary technical and organizational measures to ensure that the processing is carried out in accordance with the law and the GDPR (access control, firewalls, antivirus, cryptography, etc).
4. Access to your Data
Within our Company, your personal data is accessible only to those who need to, with a duty of confidentiality and only for the purposes mentioned in paragraph 2 above.
Outside our Company, recipients of your personal data may include:
• Business partners, who provide you with products, services, or offers based upon your experiences at our properties, such as rental cars or other services,
• Subcontractors or third parties who cooperate and/ or provide services to our Company in the context of its business, such as companies who provide technical services, payment services, information technology services, electrical services, engineering services, architectural services, mechanical services, construction material suppliers, provision and maintenance of software (i.e. SAP, etc), insurance organizations, banks or other credit institutions, etc.
We choose our business partners and associates very carefully, after the necessary checks have been carried out and sufficient guarantees have been provided to implement appropriate technical and organizational measures in such manner that processing will meet the requirements of the GDPR and the relevant laws and ensure the protection of your rights.
5. Retention Period
In accordance with Company policy, your data is kept only for as long as necessary to fulfil the purposes stated in paragraph 2 above, or – in the case of consent – until you withdraw your consent. In addition, we retain your personal data for as long as necessary to comply with tax laws, to exercise our legal rights and generally to pursue our legitimate interests.
After this period, your personal data will be irreparably destroyed. Any data kept by us for marketing and information purposes will be retained until you inform us that you no longer wish to receive such information.
6. Transfer to Third Countries
If your data will be transferred to entities or other third parties whose headquarters or place of data processing is not located in a member state of the European Union or the European Economic Area, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g., through an adequacy decision of the European Commission, through suitable guarantees such as a self-certification by the recipient for the EU-US Privacy Shield, or the agreement of EU standard contractual clauses between us and the recipient), or your sufficient consent exists.
We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain these, please contact us at email@example.com.
7. Your Rights
Should you believe that any personal information we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted by contacting us at the email address firstname.lastname@example.org, or by calling us at +35722653010
In the event that you wish to complain about how we have handled your personal data, you may contact us at the above email address and telephone number. We will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint with the Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd Floor, 1082 Nicosia, tel. +357 22 818456, email address email@example.com.