Last Modified: June 2nd, 2019
We have developed this Policy to explain our practices regarding the personal data we collect from you if you register online with us, access and/or use our website, through written or verbal communications with us, when you visit our property, or from other sources.
Personal Data We Collect
“Personal Data” are data that identify you as an individual or relate to an identifiable individual. Throughout your stay, we collect Personal Data in accordance with the law, such as:
• Home and/or work address
• Telephone number
• Email address
• Credit and debit card number or other payment data
• Language preference
• Date and place of birth
• Nationality, passport, visa or other government-issued identification data
• Important dates, such as birthdays, anniversaries and special occasions
• Membership or loyalty program data
• Employer details if you are an employ of a corporate account or a business partner
• Travel itinerary including arrival and departure days, tour group or activity data
• Prior guest stays or interactions, goods and services purchased, special service and amenity requests
• Telephone numbers dialled, faxes sent/received or receipt of telephone messages when connected to the telephone services we provide to guests during their stay
• Information about vehicles you may bring to our property
• Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts / applications
• Your reviews and opinions about our services
• Data about family members and companions, such as names and ages of children
• Images and video data via security cameras located in public areas, such as entrances, hallways and lobbies, in our property
• Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit
• Any other type of information which you may choose to provide to us or we may obtain about you through third parties with whom we do business (e.g. tour operators, travel agents or similar providers)
In case you will not provide your consent to our Hotel, to maintain your personal data, on the registration form upon arrival procedure, your personal data will be kept with the Hotel’s registry and/or electronic filing system for lawful use for a period of 90 (ninety) days after your checkout date.
How We Collect Personal Data
We and our service providers and/or agents and/or affiliates may collect Personal data, in a variety of ways, whether these are provided in writing or through verbal communication at every guest interaction and in providing any part of our services such as the following:
• Online Services
We collect Personal Data when you make a reservation, purchase goods and services from our Websites or Applications, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer.
• Property Visits
We collect Personal Data when you visit our property or use on-property services and outlets, such as restaurants, concierge service, health club, child care services, and spa. We also collect Personal Data when you attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.
• Customer Care Centers
We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service.
• Business Partners
We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your experiences at our property or that we believe will be of interest to you. Examples of Business Partners include travel and tour operator partners, travel booking platforms, on-property outlets and rental car providers.
• Physical & Mobile Location-Based Services
We collect Personal Data if you download one of our Apps or choose to participate in certain programs. For example, we may collect the precise physical location of your device by using satellite, cell phone tower, WiFi signals, or other technologies. We will collect this data if you opt in through the App or other program (either during your initial login or later) to receive the special offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the App or other program will continue to collect location data when you are in or near a participating property until you log off or close the application (the App or other program will collect this data if it is running in the background) or if you use your phone’s or other device’s setting to disable location capabilities for the NESTOR HOTEL Apps or other program.
• Other Sources
We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties. This may include information from your travel agent, airline, credit card, and other partners, and from social media platforms (including from people with whom you are friends or otherwise connected). For example, if you elect to login to, connect with or link to, the Online Services using your social media account, certain Personal data from your social media account will be shared with us, which may include Personal data that is part of your profile or your friends’ profiles.
In the event that we receive information from third parties, as opposed to directly from you, provided that they are lawfully entitled to share your data with us, we will use and share this information for the purposes described in this Policy. Also in the event that your Personal data is collected in this way, then we will bring to your attention the information included in this Policy along with the source from which the data originate, and if applicable, whether it came from publicly accessible sources. This information shall be provided to you within a reasonable period after obtaining the Personal data, but at the latest within 1 month, except where the Personal data are to be used for communication with you, in which case we will provide you with the above information at the latest at the time of the first communication with you. However, if the above information is envisaged to be disclosed to another recipient then the above information shall be disclosed the latest when the Personal data are first disclosed to the new recipient, despite the fact that none of the previous deadlines has passed. Of course, no such information would need to be provided: • where you already have this information; • where the provision of this information, for some reason, proves impossible or would involve disproportionate effort to obtain; • obtaining or disclosure is expressly laid down by Member State to which we are subject, and which provide measures to protect your legitimate interest;, or • in the event where the Personal data must remain confidential subject to an obligation of professional secrecy.
Collection of Other Data
“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent other Data reveal your specific identity or relate to an individual, we will treat other Data as Personal Data. Other Data include:
• Browser and device data
• App usage data
• Data collected through cookies, pixel tags and other technologies
• Demographic data and other data provided by you
• Aggregated data
How We Collect Other Data
We and our third party service providers may collect Other Data in a variety of ways including:
Your browser or device
We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly.
Your use of the Apps
We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers and what data and files have been downloaded to the App based on your device number.
You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs. You can find good and simple instructions on how to manage Cookies on the different types of web browsers at www.allaboutcookies.org. Pixel Tags and other similar technologies
We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.
Your IP Address
We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
We may aggregate data that we collected and this aggregated data will not personally identify you or any other user. Use of Personal Data and other Data
We may use Personal data and other data for our legitimate business interests in a variety of ways including: • To provide the services you request from us, such as to facilitate reservations, send confirmations or pre-arrival messages, to assist you with meetings, events or celebrations, and provide you with other information about the area of the hotel and/or property at which you are scheduled to visit • To complete and fulfill your reservation and stay i.e. to process your payment, ensure that your room is available, and provide you with related customer service • To send you administrative information, direct marketing communications, newsletters, promotional and special offers, periodic customer satisfaction, market research or quality assurance surveys, and in order to respond to your requests and messages. This may be done in accordance to any communication preferences you have expressed. Such information may be provided through e-mail, postal mail, online advertising, social media, telephone, text messages, push notifications, in-app messaging, and other means including on –property messaging such as in-room television • To personalize the services you request and your experience when you stay in one of our hotel and/or property • To offer you the expected level of hospitality in-room and throughout our property • To allow you to participate in contests and other promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal data. We suggest that you read any such rules carefully • For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including through the use of closed circuit television, card keys, and other security systems), developing new products, enhancing, improving or modifying our Services to ensure that our site, products, and services are of interest to you, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities • To generate visit statistics of our website • To generate statistics in relation to the types and volumes of guests visiting our hotel and/or property during the year • To improve and personalize of our services to you during future stays through the use of information that you provide in relation to your preferences and experiences. For this purpose understand that the creation of a profile is necessary.
In the event that we decide to further process your Personal data for a purpose other than that for which the personal data were obtained, we shall provide you prior to further
processing with information on that other purpose and with any relevant further information which the General Data Protection Regulation requires.
Disclosure, Sharing and Transfer of Personal Data
Use and Disclosure of Other Data
We may use and disclose Other Data for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Data with Personal data (such as combining your name with your location). If we do, we will treat the combined information as Personal data as long as it is combined.
Special category of Personal data “Special Category of Personal data” amount to such information the processing of which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not generally collect Special Category information unless it is volunteered by you. We may use health data provided by you to meet your particular needs (for example, the provision of disability access). Despite that, we ask that, unless there is a serious need for you or another guest, you do not send us, and you do not disclose, any Special Category Personal data to us.
Minors We do not knowingly collect personal data from individuals who are under 18 years of age. As a parent or legal guardian, please do not allow your children to submit personal data without your permission.
How We Store Your Personal data
The information that we collect about you, including Personal data, will be stored and processed in Cyprus and/or in remote cases in the Countries in which we and the third parties mentioned above operate. If you are located in the European Union or other regions with laws governing data collection and use that may differ from European data protection laws, please note that in the course of providing you with the service you requested we may transfer Personal data to some of these countries and jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction, however we make every effort possible to verify and audit that the processor and sub processors provide the best level of protection of personal data.
Retention of Personal data
We keep your Personal data for as long as needed to provide you with our respective services and in compliance with relevant laws of Cyprus. The period for which we keep your Personal data that is necessary for compliance and legal enforcement purposes varies and depends on the nature of our legal obligations and claims in the individual case. Personal data shall be destroyed as early as practicable, from both our short-term system and our back-ups so that restoration and/or reconstruction of the data is no longer possible. This also involves the secure destruction of any printed paper through methods such as cross shredding or incinerating the paper documents. For further information regarding specific retention period please contact us at email@example.com.
Legal Bases for Collection, Use and Disclosure of Your Personal data
There are different legal bases that we rely on to collect, use and disclose your Personal data namely: • Performance of contract: The use of your Personal data for purposes of providing the services, customer management and functionality and security as described above is necessary to perform the services provided to you under our term and conditions and any other contract that you have with us.
• Compliance with legal obligation: We are permitted to use your Personal data to the extent this is required to comply with a legal obligation to which we are subject.
• Protection of your interests: When use of your data is necessary in order to protect your vital interests or those of other individuals.
How We Protect the Security of Your Personal data
We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal data from unauthorized access, disclosure, alteration or destruction. We also carry out checks to ensure that our affiliates and service providers with whom we share personal data, have reasonable measures in place to provide an adequate level of data protection and to maintain the confidentiality of your Personal data.
Our property has put in place controls in line with ISO 27001. Only authorized employees are permitted to access Personal data, and they may do so only for permitted business functions. In addition we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation.
For your protection, we may only implement requests with respect to the Personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Users should also take care with how they handle and disclose their Personal data and should avoid sending Personal data through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.
We will not contact you by mobile/text messaging or email to ask for your confidential personal data or payment card details. If you receive this type of request, you should not respond to it. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We also ask that you please notify us at firstname.lastname@example.org. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact Us” section below.
Choices about how we Collect, use and Disclose your Personal data
We strive to provide you with choices regarding the Personal data you provide to us.
• You can choose not to provide us with certain Personal data, but that may result in you being unable to use certain services.
• When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or advertising material about updates, improvements, special offers, or containing special distributions of content by us. If consented yet later on you decide you no longer want to receive commercial or promotional emails or newsletters from us, you will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to seven days for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them as these will relate directly to your relationship with us.
• If you provided Personal data, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal data will be deleted in accordance with our retention policy. Your Rights Related to Your Personal data
Subject to the provisions of the General Data Protection Regulation, you have certain rights regarding the Personal data we collect, use or disclose and that is related to you, including the right
• to receive information on the Personal data concerning we hold about you and how such Personal data is used (right to access);
• to rectify inaccurate Personal data concerning you (right to data rectification);
• to delete/erase your Personal data (right to erasure/deletion, “right to be forgotten”);
• to receive the Personal data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal data to another data controller (right to data portability)
• to object to the use of your Personal data where such use is based on our legitimate interests or on public interests (right to object); and
• in some cases, to restrict our use of your Personal data (right to restriction of processing).
If we ask for your consent to use your Personal data, you can withdraw your consent at any time.
You may, at any time, send us an e-mail to email@example.com to exercise your above rights in accordance with the applicable legal requirements and limitations. If you are located in the European Economic Area, you have a right to lodge a complaint with your local data protection authority.
Note that some requests to delete certain Personal data will require the deletion of your user account as the provision of user accounts are inextricable linked to the use of certain Personal data (e.g., your e-mail address). Also note that it is possible that we require additional information from you in order to verify your authorization to make the request and to honor your request.
No Rights of Third Parties
No Error Free Performance
You may also contact us at:
OKEANOS BEACH HOTEL, PO Box 30624, Ayia Napa– Cyprus
Tel.: 00357 23 724440, Fax: 00357 23 724441
Last Modified: June 2nd, 2019
Under the UN Convention of the Rights of the Child (CRC) which outlines the fundamental human right of children (defined as a person under the age of 18), we here at the Okeanos Beach Hotel are aware and responsible for actively safeguarding children from any form of abuse which may include neglect, physical, sexual or emotional abuse, hunger, mistreatment or exploitation in any form. It is duly our responsibility to protect children from all of the above as they have the same rights as adults.
Our management and staff employee’s, are aware that the issue of child protection is of impeccable importance. They are alert, responsive & trained to handle any situation that may arise on premises for the protection of children as such. Furthermore, as a family orientated establishment, Okeanos Beach Hotel fosters close links and collaboration with the national authority for children’s protection in Cyprus where by employees are spoken to and trained on how to be alert and how to act in instances which they identify as abuse or are suspicious of it.
If such a case were to arise, procedures are in place to manage any situation whereby a child’s wellbeing may be at risk. By appointment of responsibility Public Relations Officer will be the final point of contact who in collaboration with our team will manage such a case, notifying local law enforcement, authority’s, and child protection organizations to act accordingly and prohibiting their enforcement on premises. Children and minors are vulnerable members of our society.
They are unfortunately still all too often victims of sexual exploitation. Protecting them is our collective responsibility.Be a responsible traveler. If you are witness to any behavior on premises or externally, that infringes on the human right of any minor, please act responsibly and notify the reception desk where our trained staff will handle the matter accordingly. Your and our actions count collectively to stop child abuse and protect our younger members of society.
Code Of Conduct:
The Code of Conduct criteria that Okeanos Beach Hotel undertakes to implement the protection of children:1. To establish a clear procedures to stop the sexual exploitation of children.2. To train personnel in children’s rights, preventing sexual exploitation and reporting suspected cases.3. To enforce the rejection and zero-tolerance policy with regard to the exploitation ofchildren.4. To provide tourists with information concerning children’s rights, and how to report suspected cases of exploitation of children.5. To support, cooperate with and assist organizations in fighting the sexual exploitation of children.