We collect personal data from you if you register online with us, access and/or use our website or carry out transactions for goods and services via our website or with St Raphael directly.
1. Information we collect and how we use and share it:
- Your name, email address, physical address, phone number, date of birth, country location and payment card information (to the extent this information is provided by you);
- Information relating to your membership in one of our services or programs;
- Information about how you use our website, products and services; and
- Information such as stay, and room preferences made during the course of your reservation such as your preferred room type and specific requests to the hotel.
2. We use the personal data collected for the purposes of:
- Registering you as a new user of our services and managing our relationship with you as a registered user;
- Providing our reservation and booking services for our hotel and facilities to you:
- to provide superior customer service to you;
- to assist us in making your reservation and providing the services you request at our property;
- to process transactions through our website (including taking payment for purchases you may make through our website) and to assist in any inquiries about your transaction;
- for billing purposes in relation to your stay with us;
- to confirm prior transactions and reconcile statements or invoices;
- to contact you in relation to matters that arise from your stay with us;
- to send you newsletters regarding St Raphael and to advise you of promotions or to inform you of offers or other information that may be of interest to you (if, where required, you separately provide your consent for us to do so);
- to conduct surveys or focus groups to receive your views and service delivery (if, where required, you separately provide your consent to this);
- to respond to a specific "Information Request" from you about St Raphael, and deal with any other enquiries, correspondence, concerns or complaints you have raised;
- for you to participate in one of our on-line promotions;
- if you become a private residence owner, to create an owner profile that is stored in our property management systems;
- to analyse customer trends and insights; and
- to operate our business, including for internal purposes such as auditing, data analysis, statistical and research purposes and troubleshooting to help us improve our services.
- Maintaining legal records and accounts for the time periods required by European/Cyprus law or where we need to comply with a legal or regulatory obligations;
- Where it is necessary to establish and/or exercise our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
On what basis do we use your personal information?
We use your personal information on the following basis:
- to comply with legal and regulatory obligations, including financial reporting requirements imposed by government regulators and our auditors;
- to enter into agreements with you, and to perform our agreement to provide services to you when you stay with us;
- for legitimate business purposes – using your personal information helps us to operate and improve our business and minimise any disruption to the services that we may offer to you. It also allows us to make our communications with you more relevant and personalised to you, and to make your experience of our services more efficient and effective;
- because you have given your consent – at times we may ask for your consent to allow us to use your personal information for one or more purposes. ; or
- for the establishment, exercise or defence of legal claims or proceedings.
3. Disclosures of your personal data
We may have to share your personal data within our group to the extent that is necessary for the purposes for which the personal data was collected for and with some third-party companies under specific contract terms in accordance with the applicable laws, whose services we employ to conduct our business or in relation to any supply of products and services by us. We may also share information with our professional advisors and auditors. Disclosure of your personal data may also be required in order to comply with any applicable laws, local or foreign regulators, governments, courts, law enforcement and national security authorities.
In the instances where you have consented to the use of your personal data for the purposes of advertising and/or marketing we may share your personal data with third party online service providers who may be located outside of the EEA.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it and that all third parties respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
List of Processors:
Online reservations system: WebHotelier
Hotel Management System: Theova UHS
Newsletter service: Moosend
Online Payment Gateway: Ecommpay
We will only send you marketing emails where you have agreed to this. You can opt out of our advertising and marketing communications at any time by any of the following methods:
a. Selecting the UNSUBSCRIBE link included in our emails.
b. Editing your St Raphael Resort and Marina website account profile to change your communication preferences; OR
Data Retention of your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Your legal rights
Your duty to inform us of changes
- It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes at any time.
- Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Object to processing of your personal data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you if we no longer require it to establish, exercise or defend legal claims.
- Request the transfer of your personal data to another party.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Officer in writing at [email protected]
Data Protection Officer (DPO)
. You have the right to make a complaint at any time to the Data Protection Commissioner’s Office, the Republic of Cyprus’ supervisory authority for data protection issues.