Your personal details and information is very important to ALLTIME TOURIST COMPLEX/ST RAPHAEL RESORT (hereinafter referred to as “ST. RAPHAEL RESORT” ,or “St Raphael” ,or “we” ,or “us”). This Data Protection and Privacy Policy outlines how we, ST. RAPHAEL RESORT, collect, use, store, and share your personal data in compliance with Regulation 2016/679 (General Data Protection Regulation - GDPR) and the local legislation N.125(I)/2018.
1. Personal Data We Collect
Some of the information we require is considered personal information and is mandatory to be given to us to provide our services. Other information which may be considered as sensitive information, you can choose not to give. However, this may have an impact in our services towards you.
When you use our services, we may collect the following types of personal data:
2. Purpose of Data Collection
Your personal data is collected and processed for the following purposes:
3. Data Controller
A data controller is someone who is responsible for your data and who must make sure that your data is processed according to the law. For example, they are responsible to make sure that data held about you is accurate and that is kept secure.
Note that you have the right as provided by the current legislation, to keep a copy of your personal information as kept by ST. RAPHAEL RESORT. You can get this by contacting us, at [email protected] . However, there may be an administration charge, which is up to ST. RAPHAEL RESORT’s discretion.
For the purposes of GDPR, ST. RAPHAEL RESORT is the Data Controller for the personal data collected. For any queries or to exercise your data rights, please contact our Data Protection Officer (“DPO”) at [email protected].
4. Collection of Personal Data
Based on the interactions we have with you either directly or indirectly (automatically) through the use of cookies to our websites.
Direct ways we collect your personal data are the following
• In person
• Over the phone
• Via email
• Via our websites by leaving a message, completing a form, registering to our newsletters etc.
• Through the online booking channel, you used to make the booking Expedia, Booking, Hotelbeds, Bookcyprus, HRS, GTA, hotels.com and other third-party online systems (affiliates of the above)
• When you making your additional service/facility request with the hotel front desk or the F&B.
Indirect (automatic) ways we collect your personal data are the following:
• When you use our websites by using cookies or other marketing analytics technologies. Please check out our cookies policy for more details .
• Payment and delivery services such as PayPal
• Online and offline publicly available sources such as Companies registration authority
• Fraud detection agencies that might be located outside the European Union
• Aggregators (website or program that collects related items of content and displays them or links to them) that might be located outside the European Union
5. Data Sharing and Third-Party Access
All your personal data will be treated with full confidentiality. By giving your consent below you are agreeing that ST. RAPHAEL RESORT may:
Review any bookings made with ST. RAPHAEL RESORT, including any services provided by any affiliates and/or affiliated companies, for the purpose of ensuring that you obtain the best possible Service and/or for the best of your interests. Additionally, your consent shall enable us and/or our Affiliates to gather facts and figures to help plan and improve our services. However, ST RAPHAL RESORT may share your personal data without your consent if required by Cyprus law or under a valid court order.
6. Data Storage and Security
We store your personal data both electronically and in hard copies. We take reasonable measures to ensure that your data is kept secure and is only accessed by authorized personnel. St. Raphael Resort is required by law to ask for your permission to record your details. By giving your consent below, you agree and give your consent to St. Raphael Resort to record your consent. These details may contain your personal and sensitive data.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please contact our Data Protection Officer at [email protected].
8. Consent and Withdrawal
You have the right to withhold or withdraw your consent at any time. However, please note that this may affect the quality and availability of our services.
9. Data Retention
Your data will be retained for as long as necessary to fulfill the purposes outlined in this policy, but no longer than 7 years unless required by law or with your consent.
10. Amendments
We reserve the right to amend this policy at any time. Any changes will be posted on our website and, where appropriate, notified to you by email.
11. Contact Information
For any queries or concerns regarding your data, please contact our Data Protection Officer at [email protected].
By using our services, you agree to this Data Protection and Privacy Policy as part of our Terms and Conditions.