At Tsokkos Hotels & Resorts we are dedicated to ensuring all of our guests from all over the world have the most enjoyable and memorable holidays with us. An important part of our commitment to you is also how we look after the personal data you share with us. We take all reasonable steps to ensure that your data is always safe and secure with us, and the following will explain how we use your data.
For the purpose of ensuring compliance with the provisions of the European General Data Protection Regulation 679/2016 and all applicable Cyprus Data Protection Laws, as may be repealed or amended from time to time, we are a data controller in respect of your personal data. This means that we determine the purposes and means of the process of personal data.
We are committed to your privacy. As part of the values we stand for, we will always consider your fundamental rights as a data subject. We process your personal data for the purposes mentioned above on the lawful basis that (i) the processing is necessary for compliance with a legal obligation to which we are subject; (ii) the processing is necessary for the performance of an agreement which you have entered into with us and in order to take steps at your request prior to entering into the said agreement(s); (iii) you have given consent (if and where applicable); and (iv) the processing is necessary for the purposes of the legitimate interests pursued by us.
Such legitimate interests include, inter-alia, our business and/or commercial interests and the management, operation and marketing of our business (including inter-alia, newsletters, promotional material and greeting cards), and/or our exercise or defence of legal claims and/or to disclose information to other data recipients such as our service providers, auditors, lawyers and technology providers and/or to comply with obligations or internal policy requirements of our business, and/or to monitor and improve our relationships with you and/or to keep our internal records and/or to monitor communication to/from you using our systems and/or to protect the integrity of our IT systems.
Where we decide to rely on explicit consent to process personal data, we will contact the relevant data subject to request this accordingly. In case consent is relied solely upon to achieve a lawful basis of processing of personal data, the relevant data subject will have the right to withdraw this consent at any time.
We apply strict security rules regarding the processing of Personal Data and third parties’ access to our records and files. We only share your Personal Data when this is necessary to conduct our business or to fulfill an obligation imposed by law.
We may share your information with:
When we share Personal Data with other organizations/ third-parties, we safeguard that they keep them safe, that they are authorized to retain these data and that they must not use your Personal Data for other purposes. Such sharing or transfer of Personal Data will be protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of Personal Data, etc.) and in particular if the recipient operates outside the EEA, appropriate protections will be put in place to make sure your Personal Data remains adequately protected including appropriate contract clauses such as standard contract clauses approved by European Commission.
Our Privacy Notice applies to all of the services offered by the Tsokkos Hotels & Resorts of companies. We may share the minimum personal data necessary with other companies in the Tsokkos Hotels & Resorts Group, such as, to provide the services you request, to manage and improve our services, to help to personalize your experience and where appropriate to make contact and interact with you.
We disclose your personal data to the following categories of recipients:
If you have any questions, or want more details about this privacy notice or on how we use your personal information, please contact us using the details set out below:
Tsokkos Hotels & Resorts
Personal Data Protection Department
Address: P.O Box 30221, 5341, Ayia Napa, Cyprus
Telephone: +357 23 848 100
You have the right at any time to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by ticking/un-ticking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by sending an unsubscribe request to: Tsokkos Hotels & Resorts, HEAD OFFICES, P.O.BOX 30221, 5341 Ayia Napa, Cyprus or to firstname.lastname@example.org
The following are the rights you have pursuant to the provisions of the GDPR and the applicable local legislation (as amended from time to time) in relation to the data protection:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). Kindly note however that we may charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.
If you wish to know more and/or exercise any of the rights set out above, please contact us using the details provided above.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. The security of your data also depends on you. All information you provide to us is stored on our secure servers.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will retain your personal data for only as long as it is necessary for the uses as set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical and other business purposes, we will take appropriate measures to anonymise this data.
Our website may use technologies such as "cookies" to provide visitors with tailored information upon each visit. Cookies are a common part of commercial websites that allow small text files to be sent by a website, accepted by a web browser and then placed on your hard drive in order to recognise repeat visits to the website. Every time you visit our website, our servers, through cookies, pixels and/or GIF files, collect basic technical information such as your domain name, the address of the last URL visited prior to clicking through to the website, and your browser and operating system. If you like, you can set your browser to notify you before you receive a cookie so you have the chance to accept or reject it and you can also set your browser to turn off all cookies. The website www.allaboutcookies.org (run by the Interactive Marketing Bureau) contains step-by-step guidance on how cookies can be switched off by users. You do not need to enable cookies to visit our website - however, some parts of the website and some services may be more difficult or impossible to use if cookies are disabled.
Please let us know if you are unhappy with how we have used your personal information. As stated above you can always contact us.
You also have the right to make a complaint at any time to the Commissioner which is the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.