PRIVACY NOTICE ON THE PROTECTION OF CLIENTS’ PERSONAL DATA
Για Ελληνικά πατήστε εδώ.
1. What Is The Purpose Of This Document?
The company Loucoullos Hotels Limited and the company CHI Management Limited (the “Companies”, “Cleopatra Hotel”, “we”) process your personal data in compliance with the principles of the General Data Protection Regulation (EU 2019/679) (the “GDPR”) and the Cypriot legislation.
The following text explains the way and methods of processing the personal data we collect in the context of providing our services, to ensure the protection of this data, as well as your rights that you can exercise in relation to this data.
It is important that you read this statement together with any other informative statement we may provide in specific circumstances when we collect or process personal data about you, so that you are aware of how and why we use such data.
2. Controller
When processing your data, we act as Controller. This means that we decide how and for what purpose your personal data will be used. We set out our contact details in paragraph 8 below.
3. What Data We Collect And How We Use It
We may collect, store and use the following categories of your personal data for the purposes explained below:
| Purpose | Examples of personal data that may be processed | Legal basis for processing |
| Data collected when creating a reservation | Your full name, address, city, country, telephone number, email address, as well as your credit card details (card number, CVC, expiry date, cardholder details), arrival and departure date as well as flight details in case of a special request for your transfer to and from the airport, any other specific requests (e.g. transfer request, declaration of special preferences and/or allergies). | Contract performance
Legitimate interest |
| Data provided during the arrival procedure
|
Your first and last name, your language of communication, your address (street, postcode, city, country), your nationality, your telephone number, your email address, the names of any accompanying family members and their date of birth, your date of birth, your passport/ID number, your credit card details, your arrival date and departure date, room number and signature and car registration number
Allergies/special preferences declaration (allergies and preferences may, in some cases, constitute sensitive personal data). We may collect such data only if you voluntarily provide it to us or if we ask you to do so and we have obtained your prior explicit consent. We may collect health-related information, in accordance with applicable government protocols (e.g. Covid 19). |
Legal Obligation
Legitimate interest Consent Public Interest |
| Data collected for the purposes of events and reservations at the restaurant and pool
|
Your full name, address, city, country, telephone number, email address, as well as any other specific requests (e.g. declaration of special preferences and/or allergies).
Advance payment form and signature and guest list, company name.
Room number and any other special request you may communicate to us. |
Contract performance
Legitimate interest
|
| Data collected when you visit the gym and beauty salon
|
During your registration, we collect your full name, email address, signature and room number (if there is a reservation), age and car registration number
Necessary health information by completing the treatment questionnaire (such as medications, allergies, possible pregnancies, health issues, etc.) as included in our consultation form and health card. |
Legitimate Interest
Contract performance Consent |
| Data collected for Security/CCTV purposes | We collect, process and store images and videos through the video surveillance system (closed-circuit television, CCTV), where installed, for security purposes. | Legitimate Interest
|
4. Change Of Purpose
We will use your personal data only for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and this purpose is compatible with the initial purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
5. Transmission Of Your Personal Data
The personal data you provide to us, is kept and stored securely. We may share your information with our affiliated companies and public authorities for the reasons set out above.
In addition, we may transmit your personal data to third parties (legal or natural persons) who will process your personal data in accordance with our written instructions (Data Processors). We guarantee that these third parties always apply the same measures for the protection of your personal data and only act in accordance with our written instructions and with respect to your personal data.
More specifically, to achieve the processing purposes, personal data may be transmitted to:
- Companies that provide us with relevant services (e.g. legal or technical support, etc.). In any case, all these companies undertake contractual commitments to us to guarantee confidentiality, as well as a commitment to comply with the legislation for the protection of personal data.
- Public authorities (police etc.) on the basis of compliance with the legislation or upon a relevant request.
Where information is transmitted in accordance with the above, we limit the scope of the information disclosed to that which is strictly necessary to achieve the specific purpose.
We require third parties to ensure the security of the data and to treat it in accordance with the legislation. All third-party service providers are required to take appropriate security measures to protect your personal data in accordance with our Companies’ policies.
Data transmission outside the EU
We do not transmit data outside the European Union.
Where it is necessary to transmit personal data outside the EU, we will comply with our legal and regulatory obligations in relation to the personal data. This includes having a lawful basis for transmitting the data and putting in place appropriate safeguards to ensure an adequate level of data protection in any way.
6. Retention Period And Security Of Data
Your personal data is kept and stored at the Companies’ offices only for as long as necessary to fulfil the purposes mentioned above. Different processing purposes have different retention periods. After the predetermined retention periods and when there is therefore no other reason for us to retain your personal data, this will be destroyed.
For the security of your personal data, the Companies take all necessary technical and organizational measures to prevent any data from being accidentally or unlawfully destroyed, lost, altered, disclosed or accessed without authorization. In addition, your personal data is accessed only by those who need to have it for the purposes set out above, process the data under our instructions and are subject to a duty of confidentiality. For more information regarding the measures we take, you can contact the person in charge of personal data issues at the email address [email protected].
7. Your Rights
Under the GDPR, you have the following rights in relation to your personal data:
- You may request to know which of your personal data we process and request a copy of your data.
- You may request the correction of your data if it is incorrect, inaccurate or incomplete. It is important that you inform us if your personal data has changed.
- You may request the erasure of your personal data if the processing is based on consent and the consent has been withdrawn, if the personal data is no longer necessary or if the processing is unlawful.
- You may exercise the right to object to or restrict the processing of your personal data, if the data processing is based on grounds of legitimate interest or public interest.
- You may request that your personal data not be subject to decisions based solely on automated processing where such processing may have legal or other significant consequences for you. In such cases, you may request the intervention of an individual and you have the right to challenge the decision.
- In the limited circumstances where you may have given your consent to the collection, processing and transmission of your personal information for a specific purpose, you have the right to withdraw your consent for that processing at any time. Once we receive notice that you have withdrawn your consent, we will no longer process your information for the purpose or purposes for which you initially agreed, unless we have another lawful basis for doing so.
If you wish to exercise any of these rights, you can contact the person in charge of personal data issues at the email address [email protected].
What we may need from you
We may need to ask you for certain information to help us confirm your identity and to ensure your right to access your information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who is not entitled to receive it.
8. Contact Details
You may contact us as follows:
8 Florinis Street,
1065, Nicosia
Tel. +357 22844000
Fax: +357 22844222
Email: [email protected]
If you wish to submit a complaint about the way we process your personal data you can contact us, we will investigate your complaint and work with you to resolve it.
In addition, you have the right to submit a complaint with the Commissioner for Personal Data Protection of Cyprus at the email address [email protected] or by phone +357 22818456 or at the office at 1 Iasonos Street, 2nd floor, 1082 Nicosia.
