Data CollectionThe types of personal data that we collect may include:
- Your first name, last name, email address, phone number and home address.
- Guest stay data, such as date of arrival and departure, special requests made, observations about your service preferences (including room preferences, facilities or any other services used).
- Credit card details, such as type of card, credit card number, name on card, expiration date and security code.
- Data you provide regarding your marketing preferences or in the course of participating in surveys, contests or promotional offers.
Processing PurposesWe use your personal data for the following purposes: A. Reservations: We use your personal data to complete and administer your reservation. B. Customer service: We use your personal data to provide customer service. C. Marketing activities: With your permission, we may use your data for marketing activities, as permitted by law. Where we use your personal data for direct marketing purposes, such as commercial newsletters and marketing communications on new products and services or other offers which we think may be of interest to you, we include an unsubscribe link that you can use if you do not want us to send messages in the future. D. Other communications: There may be other times when we get in touch by email, by post, by phone or by texting you, depending on the contact data you share with us. There could be a number of reasons for this, such as to respond to and handle requests you have made. E. Analytics, improvements and research: We use personal data to conduct research and analysis. We may involve a third party to do this on our behalf. F. Security, fraud detection and prevention: We use the information, which may include personal data, in order to prevent fraud and other illegal or infringing activities. We also use this information to investigate and detect fraud. We can use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law. G. Legal and compliance: In certain cases, we may need to use the information provided, which may include personal data, for legitimate reasons for conventional and / or legal authorities concerning in particular the conduct of bookkeeping and accounts clearance, to handle and resolve legal disputes or complaints, for regulatory investigations and compliance, or to enforce agreement(s) or to comply with lawful requests from law enforcement insofar as it is required by law.
- In view of purpose A we rely on the performance of a contract: The use of your data may be necessary to perform the contract that you have with us. For example, if you use our services to make a reservation, we will use your data to carry out our obligation to complete and administer that reservation under the contract that we have with you.
- In view of purposes B-F, we use your data for our legitimate interests, such as providing you with the best appropriate content for the website, emails and newsletters, to improve and promote our products and services and the content on our website, and for administrative, fraud detection and legal purposes.
- In respect of purpose G, we also rely, where applicable, on our obligation to comply with applicable law.
- Where needed under applicable law, we will obtain your consent prior to processing your personal data for direct marketing purposes.
- WebHotelier: Your personal data may be shared with WebHotelier Technologies Limited, located at Mnasiadou 9, 1065, Nicosia, Cyprus, the company which operates WebHotelier Booking Engine.
- Competent authorities: We may disclose personal data to law enforcement and other governmental authorities insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.
International Data TransfersWe avoid transfers of personal data to countries outside the European Union, whose data protection laws are not as comprehensive as those of the countries within the European Union. . If, however, such a transfer has to take place, and as is required by European law, we shall only transfer personal data to recipients offering an adequate level of data protection. In these situations, we make contractual arrangements to ensure that your personal data is still protected in line with European standards.
SecurityWe observe reasonable procedures to prevent unauthorised access to, and the misuse of, information including personal data. We use appropriate business systems and procedures to protect and safeguard information including personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorised personnel are permitted to access personal data in the course of their work. For maximum security, the information you send us online, including personal data, is transferred through a Secured Sockets Layer (SSL) line which confirms the encryption of the data when transferred over the internet, so that they cannot be read. Please note that, despite the strict data protection measures we take, no data transfer method over the internet or data storage method is 100% secure.
Your choices and rightsWe want you to be in control of how your personal data is used by us. You can do this in the following ways:
- You can ask us for a copy of the personal data we hold about you.
- You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you.
- In certain situations, you can ask us to erase or block or restrict the processing of the personal data we hold about you, or object to particular ways in which we are using your personal data. Please note that we cannot delete the data that are necessary to conventional and / or legal authorities concerning in particular the conduct of bookkeeping and accounts clearance.
- In certain situations, you can also ask us to send the personal data you have given us to a third party.