Last Modified: May 1st, 2019
We have developed this Policy to explain our practices regarding the personal data we collect from you if you register online with us, access and/or use our website, through written or verbal communications with us, when you visit our property, or from other sources.
Personal Data We Collect
“Personal Data” are data that identify you as an individual or relate to an identifiable individual.Throughout your stay, we collect Personal Data in accordance with the law, such as:
• Home and/or work address
• Telephone number
• Email address
• Credit and debit card number or other payment data
• Language preference
• Date and place of birth
• Nationality, passport, visa or other government-issued identification data
• Important dates, such as birthdays, anniversaries and special occasions
• Membership or loyalty program data
• Employer details if you are an employ of a corporate account or a business partner
• Travel itinerary including arrival and departure days, tour group or activity data
• Prior guest stays or interactions, goods and services purchased, special service and amenity requests
• Telephone numbers dialled, faxes sent/received or receipt of telephone messages when connected to the
telephone services we provide to guests during their stay
• Information about vehicles you may bring to our property
• Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts / applications
• Your reviews and opinions about our services
• Data about family members and companions, such as names and ages of children
• Images and video data via security cameras located in public areas, such as entrances, hallways and lobbies, in our property
• Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit
• Any other type of information which you may choose to provide to us or we may obtain about you through third parties with whom we do business (e.g. tour operators, travel agents or similar providers)
How We Collect Personal Data
We and our service providers and/or agents and/or affiliates may collect Personal data, in a variety of ways, whether these are provided in writing or through verbal communication at every guest interaction and in providing any part of our services such as the following:
• Online Services
We collect Personal Data when you make a reservation, purchase goods and services from our Websites or Applications, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer.
• Property Visits
We collect Personal Data when you visit our property or use on-property services and outlets, such as restaurants, concierge service, health club, child care services, and spa. We also collect Personal Data when you attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.
• Customer Care Centers
We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service.
• Business Partners
We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your experiences at our property or that we believe will be of interest to you. Examples of Business Partners include travel and tour operator partners, travel booking platforms, on-property outlets and rental car providers.
• Physical & Mobile Location-Based Services
We collect Personal Data if you download one of our Apps or choose to participate in certain programs. For example, we may collect the precise physical location of your device by using satellite, cell phone tower, Wi-Fi signals, or other technologies. We will collect this data if you opt in through the App or other program (either during your initial login or later) to receive the special offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the App or other program will continue to collect location data when you are in or near a participating property until you log off or close the application (the App or other program will collect this data if it is running in the background) or if you use your phone’s or other device’s setting to disable location capabilities for the M.C.T. ENTERPRISES LTD Apps or other program.
• Other Sources
We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties. This may include information from your travel agent, airline, credit card, and other partners, and from social media platforms (including from people with whom you are friends or otherwise connected). For example, if you elect to login to, connect with or link to, the Online Services using your social media account, certain Personal data from your social media account will be shared with us, which may include Personal data that is part of your profile or your friends’ profiles.
In the event that we receive information from third parties, as opposed to directly from you, provided that they are lawfully entitled to share your data with us, we will use and share this information for the purposes described in this Policy. Also in the event that your Personal data is collected in this way, then we will bring to your attention the information included in this Policy along with the source from which the data originate, and if applicable, whether it came from publicly accessible sources. This information shall be provided to you within a reasonable period after obtaining the Personal data, but at the latest within 1 month, except where the Personal data are to be used for communication with you, in which case we will provide you with the above information at the latest at the time of the first communication with you. However, if the above information is envisaged to be disclosed to another recipient then the above information shall be disclosed the latest when the Personal data are first disclosed to the new recipient, despite the fact that none of the previous deadlines has passed. Of course, no such information would need to be provided:
• where you already have this information;
• where the provision of this information, for some reason, proves impossible or would involve disproportionate effort to obtain;
• obtaining or disclosure is expressly laid down by Member State to which we are subject, and which provide measures to protect your legitimate interest;, or
• in the event where the Personal data must remain confidential subject to an obligation of professional secrecy.
Collection of Other Data
“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent other Data reveal your specific identity or relate to an individual, we will treat other Data as Personal Data. Other Data include
• Browser and device data
• App usage data
• Data collected through cookies, pixel tags and other technologies
• Demographic data and other data provided by you
• Aggregated data
How We Collect Other Data
We and our third party service providers may collect Other Data in a variety of ways including:
Your browser or device
We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly.
Your use of the Apps
We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers and what data and files have been downloaded to the App based on your device number.
We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs. You can find good and simple instructions on how to manage Cookies on the different types of web browsers at www.allaboutcookies.org.
Pixel Tags and other similar technologies
We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.
Your IP Address
We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
We may aggregate data that we collected and this aggregated data will not personally identify you or any other user.
Use of Personal Data and other Data
We may use Personal dataand other data for our legitimate business interests in a variety of ways including:
• To provide the services you request from us, such as to facilitate reservations, send confirmations or pre-arrival messages, to assist you with meetings, events or celebrations, and provide you with other information about the area of the hotel and/or property at which you are scheduled to visit
• To complete and fulfil your reservation and stay i.e. to process your payment, ensure that your room is available, and provide you with related customer service
• To send you administrative information, direct marketing communications, newsletters, promotional and special offers, periodic customer satisfaction, market research or quality assurance surveys, and in order to respond to your requests and messages. This may be done in accordance to any communication preferences you have expressed. Such information may be provided through e-mail, postal mail, online advertising, social media, telephone, text messages, push notifications, in-app messaging, and other means including on –property messaging such as in-room television
• To personalize the services you request and your experience when you stay in one of our hotel and/or property
• To offer you the expected level of hospitality in-room and throughout our property
• To allow you to participate in contests and other promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal data. We suggest that you read any such rules carefully
• For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including through the use of closed circuit television, card keys, and other security systems), developing new products, enhancing, improving or modifying our Services to ensure that our site, products, and services are of interest to you, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities
• To generate visit statistics of our website
• To generate statistics in relation to the types and volumes of guests visiting our hotel and/or property during the year
• To improve and personalise of our services to you during future stays through the use of information that you provide in relation to your preferences and experiences. For this purpose understand that the creation of a profile is necessary.
In the event that we decide to further process your Personal data for a purpose other than that for which the personal data were obtained, we shall provide you prior to further processing with information on that other purpose and with any relevant further information which the General Data Protection Regulation requires.
Disclosure, Sharing and Transfer of Personal Data
To uphold a uniform level of hospitality and provide you with the best possible service in all our property and/or hotel, your Personal data may be shared with the below entities and/or people, which may involve cross-border transfer of information to third parties in countries outside the European Economic Area:
• To authorised personnel at the applicable hotel and/or property in order to meet your reservation request. Upon your express consent, we retain your Personal data including details of your stay, preferences, room/accommodation type and amenities used.
• To subsidiary and/or affiliate companies and/or business partners of M.C.T. ENTERPRISES LTD for the purpose of meeting your preferences and in order to offer personalised services in our property.
• To MailChimp which is a marketing platform of The Rocket Science Group LLC used for the purposes of direct marketing and email campaigns. MailChimp is part of the Privacy Shield framework and has thus been recognised by the European Commission as offering an adequate level of data protection. Despite the agreements which are in place between M.C.T. ENTERPRISES LTD and MailChimp ensure that the processing of your Personal data is in accordance with the General Data Protection Regulation.
• To our third party service providers, in order to offer products, services, or offers at our property and for our operation and improvement. For example, your Personal data may be transferred to service providers in the context of the provision of services such as rental of cars, spa and restaurants within our hotel, website hosting, data analysis, surveys, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. Generally, our service providers are contractually obligated to protect your personal data and may not otherwise use or share your personal data, except as may be required by law.
• To Authorized Licensees: We may disclose your Personal data to an Authorized Licensee in connection with the Services, including with respect to a reservation you book through us, in connection with offerings of Travel Related Services, or to enable an Authorized Licensee to market and operate the business that it licenses.
• To sponsors of Contests and other Promotions.
In addition, when you elect to post information on message boards, chat, profile pages and blogs and other services to which you are able to post information and materials (including, without limitation, our Social Media Pages) any such information you post or disclose through these services will become public and may be available to other users and the general public. We urge you to be very careful when deciding to disclose any information on the Online Services.
• In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may share your Personal data to a third party for the purposes of the aforementioned event.
• If you visit any of our property as part of a group event or meeting, then personal data collected for meeting and event planning may be shared with the organizers of those meetings and events, and, where appropriate, guests who organise or participate in the meeting or event.
• Other circumstances in which the sharing of your Personal data may take place are in order to:
– comply with applicable laws,
– respond to governmental inquiries or requests from public authorities,
– comply with valid legal process,
– protect the rights, privacy, safety or property of M.C.T. ENTERPRISES LTD, site visitors, guests, employees, those of any of our affiliates or the public,
– permit us to pursue available remedies or limit the damages that we may sustain,
– enforce our websites’ terms and conditions, and
– respond to an emergency
– to allow us to pursue available remedies or limit the damages that we may sustain.
Use and Disclosure of Other Data
We may use and disclose Other Data for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Data with Personal data (such as combining your name with your location). If we do, we will treat the combined information as Personal data as long as it is combined.
• Third Party Services:
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, LinkedIn or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal data you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
• Third Party Advertisers:
We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Online Services and other websites or online services, based on information relating to your access to and use of the Online Services and other websites or online services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags).
Special category of Personal data
“Special Category of Personal data” amount to such information the processing of which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not generally collect Special Category information unless it is volunteered by you. We may use health data provided by you to meet your particular needs (for example, the provision of disability access). Despite that, we ask that, unless there is a serious need for you or another guest, you do not send us, and you do not disclose, any Special Category Personal data to us.
We do not knowingly collect personal data from individuals who are under 18 years of age. As a parent or legal guardian, please do not allow your children to submit personal data without your permission.
How We Store Your Personal data
The information that we collect about you, including Personal data, will be stored and processed in Cyprus and/or in remote cases in the Countries in which we and the third parties mentioned above operate. If you are located in the European Union or other regions with laws governing data collection and use that may differ from European data protection laws, please note that in the course of providing you with the service you requested we may transfer Personal data to some of these countries and jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction, however we make every effort possible to verify and audit that the processor and sub processors provide the best level of protection of personal data.
Retention of Personal data
We keep your Personal data for as long as needed to provide you with our respective services and in compliance with relevant laws of Cyprus. The period for which we keep your Personal data that is necessary for compliance and legal enforcement purposes varies and depends on the nature of our legal obligations and claims in the individual case. Personal data shall be destroyed as early as practicable, from both our short-term system and our back-ups so that restoration and/or reconstruction of the data is no longer possible. This also involves the secure destruction of any printed paper through methods such as cross-shredding or incinerating the paper documents. For further information regarding specific retention period please contact us at email@example.com
Legal Bases for Collection, Use and Disclosure of Your Personal data
There are different legal bases that we rely on to collect, use and disclose your Personal data namely:
• Performance of contract: The use of your Personal data for purposes of providing the services, customer management and functionality and security as described above is necessary to perform the services provided to you under our term and conditions and any other contract that you have with us.
• Compliance with legal obligation: We are permitted to use your Personal data to the extent this is required to comply with a legal obligation to which we are subject.
• Protection of your interests: When use of your data is necessary in order to protect your vital interests or those of other individuals.
How We Protect the Security of Your Personal data
We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal data from unauthorized access, disclosure, alteration or destruction. We also carry out checks to ensure that our affiliates and service providers with whom we share personal data, have reasonable measures in place to provide an adequate level of data protection and to maintain the confidentiality of your Personal data.
Our property are certified with the International Standards ISO 22000 and have put in place controls in line with ISO 27001. Only authorized employees are permitted to access Personal data, and they may do so only for permitted business functions. In addition we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation.
For your protection, we may only implement requests with respect to the Personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Users should also take care with how they handle and disclose their Personal data and should avoid sending Personal data through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.
We will not contact you by mobile/text messaging or email to ask for your confidential personal data or payment card details. If you receive this type of request, you should not respond to it. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We also ask that you please notify us at firstname.lastname@example.org
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact Us”section below.
Choices about how we Collect, use and Disclose your Personal data
We strive to provide you with choices regarding the Personal data you provide to us.
• You can choose not to provide us with certain Personal data, but that may result in you being unable to use certain services.
• When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or advertising material about updates, improvements, special offers, or containing special distributions of content by us. If consented yet later on you decide you no longer want toreceive commercial or promotional emails or newsletters from us, you will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to seven days for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them as these will related directly to your relationship with us.
• If you provided Personal data, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal data will be deleted in accordance with our retention policy.
Your Rights Related to Your Personal data
Subject to the provisions of the General Data Protection Regulation, you have certain rights regarding the Personal data we collect, use or disclose and that is related to you, including the right
• to receive information on the Personal data concerning we hold about you and how such Personal data is used (right to access);
• to rectify inaccurate Personal data concerning you (right to data rectification);
• to delete/erase your Personal data (right to erasure/deletion, “right to be forgotten”);
• to receive the Personal data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal data to another data controller (right to data portability)
• to object to the use of your Personal data where such use is based on our legitimate interests or on public interests (right to object); and
• in some cases, to restrict our use of your Personal data (right to restriction of processing).
If we ask for your consent to use your Personal data, you can withdraw your consent at any time.
You may, at any time, send us an e-mail to email@example.com exercise your above rights in accordance with the applicable legal requirements and limitations. If you are located in the European Economic Area, you have a right to lodge a complaint with your local data protection authority.
Note that some requests to delete certain Personal data will require the deletion of your user account as the provision of user accounts are inextricable linked to the use of certain Personal data (e.g., your e-mail address). Also note that it is possible that we require additional information from you in order to verify your authorization to make the request and to honour your request.
No Rights of Third Parties
No Error Free Performance
You may also contact us at
M.C.T. ENTERPRISES LTD
PO Box 33127 Paralimni, –Cyprus
TEL 00357 23831333 , Fax: 00357 23 831777