WE TAKE THE ISSUE OF SAFEGUARDING YOUR PRIVACY VERY SERIOUSLY
Antasia Beach Club belongs to the group of companies of Thanos Hotels and Resorts - https://www.thanoshotels.com/
How we use your personal information
The term Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). It can include, among other things, your name, address, age, gender and personal financial history.
Some types of information are classified as ‘sensitive’ for the purposes of European data protection law and there are additional restrictions on how we may use and hold this information.
Generally, it is necessary to obtain your consent before we can hold and use such information. However, we may hold and use such information without consent for limited statutory purposes such as monitoring compliance with our equal opportunities policies and health and safety rules, or if necessary to protect your vital interests, for legal claims, or in the public interest.
We will always communicate to you the purposes for which we wish to use your sensitive information when it is being collected, and, if necessary, obtain your consent at that time. In such cases, you will be able to withdraw your consent at any time.
What is the purpose of collecting Personal Information?
1. To Provide Superior Customer Service to our Guests
Personal Information is collected to allow us to make your reservation and provide the services you request, to ensure we meet your needs while you are with us and/or to allow us to contact you in relation to matters that may arise.
2. To Keep Our Guests Informed
We may use the Personal Information you provide to send you newsletters regarding our properties that belongs in our group Thanos Hotels and Resorts and to advise you of promotions or to inform you of offers or other information that may be of interest to you. If you do not wish to receive information from Thanos Hotels and Resorts you may indicate your wishes by log in in your profile account through our website or on your registration card when you stay with us or you may at any time advise one of our properties or send an e-mail to: email@example.com.
3. To Improve Our Services
Finally, we may use the Personal Information you provide us to send you surveys strictly related to your stay with us and our services for customer satisfaction purposes and improving our services offered to our clients. Such information may be collected by a third party under contract with us. Occasionally we will combine information from a number of Guests to better understand trends and Guest expectations. When this occurs, all identifiers are removed, and the aggregate information cannot be linked to any specific Guest. If you do not wish to receive such surveys from Antasia Beach Club, you may indicate your wishes by sending an e-mail to firstname.lastname@example.org.
How we collect Personal Information
1. On Our Website
Once you have visited our website and accepted our cookie, an ID number is automatically assigned to your computer or mobile device whenever you visit our website. Despite the fact that you remain anonymous until you enter Personal Information on the website, the ID number allows us to log your session, so that we may better assist you should you need some individualized service or support. Once you enter Personal Information on the website, we associate your ID number with your contact information so we can recognize you on a future visit. We also use it to keep track of information that appears to be of particular interest to you.
These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
B. While Browsing Our Website
While in the process of browsing our website, you may also provide us with information that does not reveal your personal identity. We use this aggregated, anonymous data mainly for editorial purposes, but we do not connect it to any Personal Information, such as your name or address.
If you wish, you may also submit your e-mail address in order to be placed on a subscription list or to receive other information about our products and services. You will be placed on a subscription list unless you indicate your desire not to be included. In deciding whether or not to join such lists, please note that they are only used for internal purposes and we do not sell or rent our subscription lists to anyone. In the event you choose to join one of our subscription lists, you may ask to be removed from the list at any time. You will always have the ability to accept or decline any form of communication from Antasia Beach Club.
2. When Making a Reservation
A. On Our Website
We also retain a copy of the reservation profile on our website, excluding your credit card number. We will then use that information to create a log in our website database.
We also may combine information from a number of web visitors in a way that does not identify any user, in order to identify user patterns.
B. Through our Reservations Office
Reservations can also be made by calling directly at Antasia Beach Club. When you make a reservation we may ask you for Personal Information such as your name, address, telephone number and/or method of payment. We may also obtain from you any room preferences or special requests. Confirmation of your reservation will be provided directly to you, over the phone or by text or by e-mail.
Storage of personal information
1. At the Antasia Beach Club
Antasia Beach Club goes to great measures to ensure that all Personal Information is kept in a secure location, be it a database or filing cabinet. Furthermore, we take steps to ensure that only designated individuals have access to this information.
2. In Our Guest Property Management System
In order to serve you better we also store certain guest information in our Property Management System (“PMS"), a platform located in a data centre in Cyprus.
The stored information includes guest name, address and phone numbers. We may also store certain information regarding your service preferences. When you make a reservation at another Thanos Hotels and Resorts property, this information is sent to that hotel or resort.
3. In Our Customer Relationship Management System
In order to serve you better we also store certain guest information in our Customer Relationship Management (“CRM"), on a Microsoft Azure Cloud platform. The stored information includes guest name, address and phone numbers. We may also store certain information regarding your service preferences. When you make a reservation at another Thanos Hotels and Resorts property, this information is sent to that hotel or resort.
4. In Our Marketing Database
Antasia Beach Club maintains a database of Guest information which is used for marketing, promotion and research purposes. Any information sent to guests provides a clear notice of how to discontinue receiving promotional materials.
Information that is not secure
It is important to note that any e-mail communication is not secure. This is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the Contact Us section of our website). We recommend that you do not include any confidential information (i.e. credit card information) when using e-mail. For your protection, our e-mail responses to you will not include any confidential information.
Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion.
Guest Profiles and Personal Information
If you are invited and elect to create a Guest Profile, on our website, you will be asked to furnish specific Personal Information. You will also be asked to provide a password for use each time you log-in. Once you have created a Guest Profile, we may add online session data to your Guest Profile on subsequent visits to our website. When you provide information, including revised information to your Guest Profile, we may use the information you provide to update other databases maintained by us.
Exchange of Personal Information between properties
Information is shared between certified data privacy personnel at individual Thanos Hotels and Resorts and Antasia Beach Club in certain limited circumstances, particularly where health or safety concerns have arisen in the past. Preference information may also be shared to enhance your guest experience.
Furthermore, if a guest does not pay an outstanding account on time, or acts in an unlawful manner in regard to payment obligations, this information may be shared among accounting personnel at other Thanos Hotels and Resorts managed properties.
Provision of Personal Information to third parties
Agents, contractors or third party service providers of Antasia Beach Club and Thanos Hotels and Resorts may receive your Personal Information in the course of providing services to Antasia Beach Club to better serve your needs as a Guest.
We will only share Personal Information about you outside Antasia Beach Club without your consent, where: (a) it is required or authorized by law (for example, in response to a legal subpoena); (b) it is required to provide you with services you have requested in which case you will be considered to have implied your consent (e.g. car rental); (c) if your stay has been paid for by a third party we will provide billing information to the paying party;(d) if you have failed to pay amounts owed to a property; or with your consent and/or upon your instructions.
With regard to the transfer of data to recipients outside Antasia Beach Club, we note that we always maintain discretion with respect to your Personal Information.
We may disclose your personal data to third parties in order to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements and/or based on your consent/instructions.
If Antasia Beach Club suspects any unlawful activity is taking place, it may investigate and/or report its findings or suspicions to the police or other relevant law enforcement agency.
Why do we process your data (purpose of the processing) and on what legal basis
We process the aforementioned personal data in compliance with the provisions of GDPR and the applicable local legislation as amended from time to time.
• For compliance with a legal obligation
• For the performance of contractual obligations
• For the purposes of safeguarding legitimate interests - where necessary, we process your data above and beyond the actual performance of our obligations as a hotel in order to safeguard the legitimate interests pursued by us or by a third party.
• On the basis of your consent - Insofar as you have granted us consent to the processing of personal data for marketing purposes, the lawfulness of such processing is based on your consent. Any such consent granted, may be revoked at any time by contacting us.
Access to Personal Information
We understand that you may like to know what Personal Information we hold about you. We are happy to assist you with your request. To protect your Personal Information, however, we require that you prove your identity to us at the time your request is made. You may make a request at the property where you stayed as set out below.
When you make a request in person, we will require you to produce some form of photo identification such as a passport or a driver's licence.
Where you make a request by other means, we require the request be made in writing via fax or letter including a copy of a government issued identification and signature. We also require home and business addresses and phone numbers so we can check them with our files and satisfy ourselves as to your identity.
The above information is required in order to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Personal Information.
Antasia Beach Club reserves the right to decline access to your Personal Information under certain circumstances. If your Personal Information will not be disclosed, you will be provided with the reasons for this non-disclosure.
Updating your Personal Information
If at any time you wish to update or access your Personal Information, you can do so by:
Log in to your Personal Profile account on any of our Thanos Hotels and Resorts websites, or by contacting our Data Protection Officer:
- via e-mail at email@example.com
- via fax at +357 26 931656
- via letter
Attention: Data Protection Officer
Antasia Beach Club
c/o Thanos Hotels and Resorts
PO Box 60136
How long is Personal Information retained?
We will keep your personal information for as long as you are guest and/or otherwise a person enjoying our services.
After you stop being a guest and/or a person enjoying our services, we may keep your personal information for a period of up to 6 years. We may keep your data for longer than 6 years if we cannot delete it for legal and / or regulatory and/or technical reasons. If we do so, we will ensure that your privacy is protected and the data are used only for the above-mentioned purposes.
Please note that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
What data protection rights you have
The following are the rights you have pursuant to the provisions of the GDPR and the applicable local legislation (as amended from time to time) in relation to the data protection:-
• Request access to your personal data (commonly known as a “data subject access request”).
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. In such a case, your data will be stored but not processed until expiration of the retention obligation.
• Subject to the legal basis on which the processing activity is based, you may object to processing of your personal data. Please note that in some cases, we may have compelling legitimate grounds to process your information which we need to comply with.
• Request restriction of processing of your personal data (a) if it is not accurate;(b) where processing may be unlawful but you do not want us to erase your data; (c) where you need us to hold the data even if we no longer require it; or (d) where you may have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party.
• In case the processing of the data is performed subject to your consent, you may withdraw consent at any time where we are relying on consent to process your personal data. However, we note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will of course advise you if this is the case at the time you withdraw your consent.
Please note that we may charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.
If you choose not to give your personal information:
In the context of our relationship we may need to collect personal information by law, or under the terms of a contract we have with you. Without this data, we may, in principle, not be in a position to provide our services to you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to efficiently provide you with our services.
Any data collection that is optional would be made clear at the point of collection.
To what extent we carry automated decision-making and profiling
In establishing and carrying out a business relationship, we generally do not use automated decision-making. If we use this procedure in individual cases, we will inform you of this separately.
Who is responsible for the data processing and who you can contact
- via e-mail at firstname.lastname@example.org
- via fax at +357 26 931656
- via letter
Attention: Data Protection Officer
Antasia Beach Club
c/o Thanos Hotels and Resorts
PO Box 60136
If you have any questions, or want more details about how we use your personal information, you may contact us at the above contact details and we will be happy to provide you with further details.
Lodging a complaint
Please let us know if you are unhappy with how we have used your personal information. You can contact us as noted above.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Cyprus law applies to our company. We apply the requirements of this law (and any other applicable laws) to how we handle all Personal Information wherever received.