EN
EN

MEMBERS CLUB

 FESTIVE EVENTS
BOOK NOW

MEMBERS CLUB
FESTIVE EVENTS

PRIVACY POLICY

PURPOSE OF THIS PRIVACY POLICY 

This privacy policy aims to give information on how Cap St Georges Hotel & Resort collects and processes the personal data of its data subjects. Furthermore, to protect individuals’ fundamental rights and freedoms, particularly their right to protect their personal data. Based on that principle, Cap St Georges Hotel & Resort is committed to implement all appropriate technical and organizational measures to protect them and abide by all the requirements of the General Data Protection Regulation (GDPR).

SOME USEFUL DEFINITIONS

Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data” are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

’Data subject’’ means the person whose personal data is being processed.

GDPR” means the General Data Protection Regulation (European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).

CONTROLLER DETAILS

  • Name: Cap St Georges Hotel & Resort (referred to as the “COMPANY”, “company”, “us” or “our”).
  • Address: 3, Maniki Street, 8570 Agios Georgios, Pegeia,
  • Telephone: +35726000000
  • Website: https://www.capstgeorges.com

Representative contact details: Marinos Karaolis / [email protected]

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

COLLECTION AND PROCESSING OF PERSONAL DATA

We collect personal information when our data subjects provide us directly with this information taking into account GDPR’s basic principles:

  • Lawfulness, fairness, and transparency: We commit to comply with the law; only process personal data in a way that people would reasonably expect; always be open about our data protection practices.
  • Purpose limitation: We will only process personal data for the specific reason we collect it and nothing else.
  • Data minimization: We will not process any more data than we need.
  • Accuracy: We will make sure that any personal data we hold is correct and accurate.
  • Storage limitation: We will not store personal data for longer period than we need to.
  • Integrity and confidentiality: We will always process personal data securely.

The categories of the data subjects, the purpose of the processing, the legal basis of the processing, the types of personal data processed and the recipients of the personal data are briefly explained in the table below.

Failure to provide us personal data required by a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will be unable to proceed with cooperation.

Data subjects Purpose of the processing Legal basis Type of personal data Recipients
Spa and gym users Provision of spa services, use of gym, security, invoicing
  • Performance of a contract
  •    Legal obligation
  •  Legitimate interest
  • Provision of treatment
 Name, contact information, photograph, health information Spa & gym personnel, Accounting, access by external service provider in case of support.
Guests Hotel reservations / accommodation, guest services, reservation at restaurants and events, experiences outside the hotel, invoicing, security and health and safety (CCTV), IT support
  • Performance of a contract
  • Legal obligation
  • Legitimate interest
  • Carrying out the obligations and exercising specific rights of the controller or of the data subject
 Personal details, payment information, other (mobility issues, diet issues etc.), CCTV images and videos Front office personnel, Accounting, other departments need to be aware of the hotel guests, third party providers, Security personnel (CCTV images and videos only), access by IT in case of support
Employment candidates Employment, competency of personnel
  • Performance of a contract
  • Legal obligation
  • Legitimate interest
 Academic and professional qualifications, identification and contact details HR Department, CEO, Business Development Director, involved departmental managers
Hotel personnel Human resource management, execution of works (competency of personnel), employment, union subscriptions, payroll, allowances and funds, insurance coverage, medical condition, security and health and safety (CCTV), IT support
  • Consent
  • Employment
  • Contracting
  • Legal obligation
  • Legitimate interest
 Identification (e.g. i.d.), competency (e.g. trainings, licenses), medical condition, contact details, bank account details, social insurance details, CCTV images and videos HR Department, Accounting, social insurance services and other governmental departments, insurance companies, access by IT in case of support, Security personnel (CCTV images and videos only )
Suppliers of products and services (natural persons) Purchasing of goods and services, security and health and safety (CCTV), IT support, invoicing
  • Contracting
  • Legitimate interest
 Name, contact details, bank account details Hotel management, external service providers (auditing)

PROCESSING OF DATA BASED ON CONSENT

Generally we do not rely on consent as a legal basis for processing your personal data other than specific circumstances according to Cap St Georges Hotel & Resort policies and procedures. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by contacting Cap St Georges Hotel & Resort representative, Marinos Karaolis on [email protected].

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

TRANSFERRING OF PERSONAL DATA TO A THIRD COUNTRY

In the instances where you have consented to the use of your personal data for the purposes of advertising and/or marketing we may share your personal data with third party online service providers who may be located outside the European Union (EU). Whenever we transfer your personal data outside the EU, we ensure a similar degree of protection is afforded to it and that all third parties respect the security of your personal data and treat it in accordance with the law.

STORAGE PERIOD OF PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

COOKIES

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

What are the cookies: A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer’s hard drive. This section describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the site’s functionality. For more general information on cookies see the Wikipedia article on HTTP Cookies.

How we use the cookies: We use cookies for a variety of reasons detailed below. Unfortunately, in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

What cookies do we use:

  •  Strictly necessary cookies – These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and making transactions
  • Analytical/performance cookies – They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies – These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies – These cookies record your visit to our website, the pages you have visited and the links you have We will use this.
  • Information cookies – To make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Disabling cookies: You can prevent the setting of cookies by adjusting the settings on your browser (see your browser ‘Help’ for guidelines on how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.

RIGHTS OF DATA SUBJECTS

According to the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, data subjects can exercise the rights presented below:

  • The right of access: to request free access to your personal data (GDPR Article 15).
  • The right to rectification: to request correction of inaccurate personal data (GDPR Article 16).
  • The right to erasure or right to be forgotten: to request the erasure of your personal data, under certain circumstances, when, among others, personal data are no longer needed, you recall the consent, personal data are illegally processed etc. (GDPR Article 17).
  • The right to restriction of processing: to request the limitation of the processing of your personal data, among others, when their accuracy is disputed, there is an illegal processing, are no longer needed by the controller etc. (GDPR Article 18).
  • The right to be informed: to know, through clear information in laypersons language, who processes your personal data, the types of personal data being processed and the purpose of processing (GDPR Article 19).
  • The right to data portability: To transfer your personal data to another controller (GDPR Article 20).
  • The right to object: To object the processing of your personal data within specific conditions (GDPR Article 21).
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (GDPR Article 22).

If you wish to exercise any of the rights set out above, please contact Cap St Georges Hotel & Resort representative Marinos Karaolis on [email protected].

RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

You have the right to make a complaint at any time to the Commissioner for the Protection of Personal Data in Cyprus. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact Cap St Georges Hotel & Resort representative Marinos Karaolis on [email protected] in the first instance.