Privacy Policy

This privacy policy applies to A. Tsokkos Hotels Public Ltd, to all the subsidiary and associated companies and to all the hotels operated by the above company. (hereinafter “Tsokkos Hotels & Resorts”, “we” or “us”).

At Tsokkos Hotels & Resorts we are dedicated to ensuring all of our guests from all over the world have the most enjoyable and memorable holidays with us. An important part of our commitment to you is also how we look after the personal data you share with us. We take all reasonable steps to ensure that your data is always safe and secure with us, and the following will explain how we use your data.

For the purpose of ensuring compliance with the provisions of the European General Data Protection Regulation 679/2016 and all applicable Cyprus Data Protection Laws, as may be repealed or amended from time to time, we are a data controller in respect of your personal data. This means that we determine the purposes and means of the process of personal data.

This Privacy Policy should be read in conjunction with our Terms and Conditions. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Information we may collect from you and why we collect it

When you make a reservation:

Your full name, home address, e-mail address, telephone numbers, date of birth, ID and Passport numbers, nationality, country of residence, gender, room preferences and other information necessary to fulfill special occasions and special requests (e.g. health conditions that require special room accommodations)

During your stay at a Hotel:

Your full name, home address, email address, telephone number, ID and Passport numbers, nationality, country of residence, date of birth, gender
Check in/Check out – Guest Registration Card.
Details of your stay, such as arrival and departure dates, type of room, room preference, full names, dates of birth and passport numbers of companions, purpose of visiting (e.g. vacation, business, conference etc.), special occasions, specific requests to the Hotel (e.g. health conditions that require special room accommodations, any special dietary, religious or disability requests).
Social preferences, interests and leisure and any other activities.
Food and beverage consumptions in-room and within the Hotel, bills details.
Information on your bookings and payments (guest's IBAN) from on-line system, payment ID, booking reference.
Details of complaints and other remarks you may have.
Details of illness/accident, past history records, name of doctors in case of illness or injury during your stay at the Hotel and other remarks you may have.
>Details of claims and other remarks you may have.
Reviews/feedback in relation to our services provided during your stay, post photos, quotes.
Furthermore, in the course of your reservation or your stay at a Hotel you may be asked to provide us with the aforementioned Personal Data about other individuals such as your companions. By providing such information, you represent and warrant to us that you have obtained such individuals’ permission to so do and that such individuals are aware of, understand and accept our Privacy Policy and this Notice.

We may also collect personal data about you in the following circumstances

If you report a problem with this Site.
Where you have provided your prior explicit consent, for future marketing use (which may be by email or social media) if you actively sign up to receive email newsletters from us, (although you will be given the option to opt-out of such use). If you do not wish to receive offers and/or newsletter from us please send us an email to: complaintdept@tsokkos.com
If we ask you for your contact details for future marketing use (which may be by email or social media) or if you actively sign up to receive email newsletters from us, (although you will be given the option to opt-out of such use).
If you contact us, we may keep a record of your email or other correspondence.
We may collect information about the way you access our digital services including your IP address, operating system and browser details, for system administration and safety purposes. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
We use personal data to manage and improve our services, websites, customer loyalty and other services.
We monitor how our services are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our services.
A Hotel when you make a reservation directly at the Hotel or a business partner, travel agent or tour operators when you make a reservation through them.
Your insurance company, their agents, doctors, your companions may disclose or share Personal Data or relevant medical/health data (special categories of Personal Data) with us in case of an accident/injury/an emergency situation on your behalf.

The purposes that we collect and process your personal data

Performing a contract or transaction such as making a reservation and handling your stay at a Hotel, by providing the products and services you requested, fulfilling your special requests;
Performing the management contract with the co - owner of the Hotel;
To comply with obligations imposed by law or regulations such as the tax authorities or the police;
Handling your remarks, complaints, incidents, illnesses, accidents and claims during your stay or after your departure;
Managing and improving our products, services, programs, various types of communications, advertising campaigns, and/or promotional activities, our day-to-day operations and your hotel experience;
For marketing reasons/communications with you in relation to the products and services offered by Tsokkos Hotels & Resorts, our strategic marketing partners, and other trusted third parties,
To make contact or interact with you, to conduct financial data evaluation/statistical analysis based on demographics, reservation, your stay or other data/market research and for your registration to our loyal membership program.
We may mail, e-mail, telephone, or contact you by other means to inform you about news, events, activities, new Tsokkos Hotels & Resorts products and services, or upcoming Tsokkos Hotels & Resorts special offers, events, enhancements, or other relevant information that may be of interest to you. We always offer you the option to decline any or all of these communications by following the directions included in our e-mails or other communications, or by contacting Tsokkos Hotels & Resorts directly.
If you are a Tsokkos Hotels & Resorts loyalty card club member, you may also change your communication choices by sending us an email to complaintdept@tsokkos.com. We would like to keep all of our Guests informed and equally able to take advantage of the benefits offered by Tsokkos Hotels & Resorts and its strategic marketing partners.

Lawful Basis of Processing

We are committed to your privacy. As part of the values we stand for, we will always consider your fundamental rights as a data subject. We process your personal data for the purposes mentioned above on the lawful basis that (i) the processing is necessary for compliance with a legal obligation to which we are subject; (ii) the processing is necessary for the performance of an agreement which you have entered into with us and in order to take steps at your request prior to entering into the said agreement(s); (iii) you have given consent (if and where applicable); and (iv) the processing is necessary for the purposes of the legitimate interests pursued by us.

Such legitimate interests include, inter-alia, our business and/or commercial interests and the management, operation and marketing of our business (including inter-alia, newsletters, promotional material and greeting cards), and/or our exercise or defence of legal claims and/or to disclose information to other data recipients such as our service providers, auditors, lawyers and technology providers and/or to comply with obligations or internal policy requirements of our business, and/or to monitor and improve our relationships with you and/or to keep our internal records and/or to monitor communication to/from you using our systems and/or to protect the integrity of our IT systems.

Where we decide to rely on explicit consent to process personal data, we will contact the relevant data subject to request this accordingly. In case consent is relied solely upon to achieve a lawful basis of processing of personal data, the relevant data subject will have the right to withdraw this consent at any time.

We may share your Personal Data with

We apply strict security rules regarding the processing of Personal Data and third parties’ access to our records and files. We only share your Personal Data when this is necessary to conduct our business or to fulfill an obligation imposed by law.

We may share your information with:

All the Hotels managed by Tsokkos Hotels & Resorts, for purposes connected with the provision of our services/products and the management of our business and for the Hotels to perform the accommodation contract with the Guest and in particular exercise their rights and fulfill their obligations deriving from the accommodation of the Guest and comply with obligations imposed by law or regulations such as the tax authorities or the police.
Our third-party partners, service providers, tour operators, suppliers, bankers and retail partners for the purposes of operating and providing you with the products and services that you have requested;
Professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities.
Tour operators, insurance companies, insurance brokers, doctors, lawyers for the purposes of handling accidents, illnesses and claims.
Any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities.

When we share Personal Data with other organizations/ third-parties, we safeguard that they keep them safe, that they are authorized to retain these data and that they must not use your Personal Data for other purposes. Such sharing or transfer of Personal Data will be protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of Personal Data, etc.) and in particular if the recipient operates outside the EEA, appropriate protections will be put in place to make sure your Personal Data remains adequately protected including appropriate contract clauses such as standard contract clauses approved by European Commission.

Sharing personal data within the Tsokkos Hotels & Resorts Group of Companies

Our Privacy Notice applies to all of the services offered by the Tsokkos Hotels & Resorts of companies. We may share the minimum personal data necessary with other companies in the Tsokkos Hotels & Resorts Group, such as, to provide the services you request, to manage and improve our services, to help to personalize your experience and where appropriate to make contact and interact with you.

We disclose your personal data to the following categories of recipients:

our auditors, administrators, lawyers, tax advisors, valuators, consultants, accountants, investment advisors and other professional advisors (as shall be engaged from time to time).
our IT service providers and other companies who assist us with the effective operation of our business by providing concierge services, technological expertise, file storage and record management, logistic services and solutions.
banks and/or other financial institutions, payment services providers, insurance companies.
public and regulatory authorities (where applicable), for the purposes described above (including inter-alia the Cyprus Tourism Organisation).

Your Rights

If you have any questions, or want more details about this privacy notice or on how we use your personal information, please contact us using the details set out below:

Tsokkos Hotels & Resorts
Personal Data Protection Department
Address: P.O Box 30221, 5341, Ayia Napa, Cyprus
Telephone: +357 23 848 100
Email: complaintdept@tsokkos.com

You have the right at any time to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by ticking/un-ticking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by sending an unsubscribe request to: Tsokkos Hotels & Resorts, HEAD OFFICES, P.O.BOX 30221, 5341 Ayia Napa, Cyprus or to complaintdept@tsokkos.com

What Data Protection Rights You Have

The following are the rights you have pursuant to the provisions of the GDPR and the applicable local legislation (as amended from time to time) in relation to the data protection:

Request access to your personal data (commonly known as a “data subject access request”).
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. In such a case, your data will be stored but not processed until expiration of the retention obligation.
Subject to the legal basis on which the processing activity is based, you may object to processing of your personal data. Please note that in some cases, we may have compelling legitimate grounds to process your information which we need to comply with.
Request restriction of processing of your personal data (a) if it is not accurate;(b) where processing may be unlawful but you do not want us to erase your data; (c) where you need us to hold the data even if we no longer require it; or (d) where you may have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party.
In case the processing of the data is performed subject to your consent, you may withdraw consent at any time where we are relying on consent to process your personal data. However, we note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. Kindly note however that if you withdraw your consent, we may not be able to provide certain products or services to you. We will of course advise you if this is the case at the time you withdraw your consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). Kindly note however that we may charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.

If you wish to know more and/or exercise any of the rights set out above, please contact us using the details provided above.

What we may need from you in relation to your personal data rights

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Data Security

We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. The security of your data also depends on you. All information you provide to us is stored on our secure servers.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will retain your personal data for only as long as it is necessary for the uses as set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical and other business purposes, we will take appropriate measures to anonymise this data.

Cookies

Our website may use technologies such as "cookies" to provide visitors with tailored information upon each visit. Cookies are a common part of commercial websites that allow small text files to be sent by a website, accepted by a web browser and then placed on your hard drive in order to recognise repeat visits to the website. Every time you visit our website, our servers, through cookies, pixels and/or GIF files, collect basic technical information such as your domain name, the address of the last URL visited prior to clicking through to the website, and your browser and operating system. If you like, you can set your browser to notify you before you receive a cookie so you have the chance to accept or reject it and you can also set your browser to turn off all cookies. The website www.allaboutcookies.org (run by the Interactive Marketing Bureau) contains step-by-step guidance on how cookies can be switched off by users. You do not need to enable cookies to visit our website - however, some parts of the website and some services may be more difficult or impossible to use if cookies are disabled.

Lodging a Complaint

Please let us know if you are unhappy with how we have used your personal information. As stated above you can always contact us.

You also have the right to make a complaint at any time to the Commissioner which is the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.

Changes to our privacy policy

We reserve the right to modify this privacy policy from time to time. Any such modifications will be posted on this website. Every time you wish to use the website, please check the privacy policy to ensure you understand the terms that apply at that particular time. For the avoidance of any doubt, you are responsible for staying informed of any changes. Each time you access the website you reaffirm your acceptance of the then-current terms of the privacy policy. If you do not agree with the modified terms, you should discontinue using the website and/or request removal and/or delete of your personal information.

Without prejudice to the generality of the preceding paragraph, any change to this privacy policy which materially affect your rights and/or the processing of your personal data will be actively communicated and/or otherwise disclosed to you and your acceptance will be required in order to continue using this website.

May 2018