1. INTRODUCTION

This is the Privacy Notice to Guests (hereinafter the “Notice”) by “Atlantica Hotel Management Limited”, of Stymfalidon Str., Atlantica Hotel, Germasogeia River, 4046, Limassol, Cyprus (hereinafter “Atlantica” or “we” or “us”). Atlantica is dedicated to protecting your privacy and safeguarding your personally identifiable information (hereinafter “Personal Data”) whether you are making a reservation or you are staying in one of the hotels we manage (hereinafter “Guest” or “you”). Atlantica's mission is to consistently exceed our Guests' expectations in terms of the products and services we provide to our business and leisure travelers. We strive to create an experience that is responsive to our Guests' needs by using the Personal Data you entrust us with responsibly. Atlantica is committed to respecting your privacy and adhering to the principles of applicable data protection and privacy laws. This Notice contains information in accordance with Article 13 of the General Data Protection Regulation (Regulation EU 2016/679 – GDPR), regarding the processing of your Personal Data as a Guest by Atlantica as Data Controller.

For further information on how we process Personal Data, we refer you to our Privacy Policy published on our website: www.atlanticahotels.com and kindly invite you to read through it.

2. WHAT PERSONAL DATA WE COLLECT IN RELATION TO YOU

We collect and use your Personal Data when you make a reservation or if you stay at a hotel we manage (hereinafter a “Hotel”). We generally collect your Personal Data directly from you, but in some cases we may collect your Personal Data from other sources. We do not generally collect Special Categories of personal data, unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs and special requests or those of your companions.

Types of Personal Data which we collect include among others the following:

If you make a reservation:

  • Your full name, home, professional and e-mail addresses, telephone and fax numbers, date of birth, gender, lifestyle information such as room preferences, leisure activities, and other information necessary to fulfill special occasions and special requests (e.g. health conditions that require special room accommodations, religious and dietary requests) home, professional and email addresses, telephone and fax numbers, ID and Passport numbers, Tax Identification Number, nationality, country of residence, date of birth, gender, marital status and occupation.

During your stay at a Hotel:

  • Your full name, home, professional and email addresses, telephone number, ID and Passport numbers, Tax Identification Number, nationality, country of residence, date of birth, gender, marital status and occupation.
  • Details of your stay, such as arrival and departure dates, type of room, room preference, full names, dates of birth and passport numbers of companions, purpose of visiting (e.g. vacation, business, conference etc.), special occasions, specific requests to the Hotel (e.g. health conditions that require special room accommodations, any special dietary, religious or disability requests).
  • Information relating to your membership in, participation at or receipt of one of our services or programs, such as Customer ID, honorific, points history etc.
  • Social preferences, interests and leisure and any other activities, frequent guest’s itinerary/program.
  • Food and beverage consumptions in-room and within the Hotel, bills details.
  • Information on your bookings and payments (guest's IBAN) from on-line system, payment ID, booking reference.
  • Details of complaints and other remarks you may have.
  • Details of illness/accident, past history records, name of doctors in case of illness or injury during your stay at the Hotel and other remarks you may have.
  • Details of claims, name of lawyer and other remarks you may have.
  • Reviews/feedback in relation to our services provided during your stay, post photos, quotes.

  • Additionally, in the course of your reservation or your stay at a Hotel you may be asked to provide us with the aforementioned Personal Data about other individuals such as your companions. By providing such information, you represent and warrant to us that you have obtained such individuals’ permission to so do and that such individuals are aware of, understand and accept our Privacy Policy and this Notice.
     

Other sources of Personal Data

In some cases we will receive your Personal Data from other sources such as:

  • A Hotel when you make a reservation directly at the Hotel or a business partner, travel agent or tour operators when you make a reservation through them.  
  • Your insurance company, their agents, doctors, your companions may disclose or share Personal Data or relevant medical/health data (special categories of Personal Data) with us in case of an accident/injury/an emergency situation on your behalf.

3. PURPOSES FOR COLLECTION AND PROCESSING

Atlantica collects and process your Personal Data for the following purposes:

  • Performing a contract or transaction such as making a reservation and handling your stay at a Hotel, by providing the products and services you requested, fulfilling your special requests;
  • Performing the management contract with the owner of the Hotel;
  • Better understanding your interests and preferences and offering you a unique experience during your stay;
  • To comply with obligations imposed by law or regulations such as the tax authorities or the police;
  • Handling your remarks, complaints, incidents, illnesses, accidents and claims during your stay or after your departure;
  • Managing and improving our products, services, programs, various types of communications, advertising campaigns, and/or promotional activities, our day-to-day operations and your hotel experience;
  • For marketing reasons/communications with you in relation to the products and services offered by Atlantica, our strategic marketing partners, and other trusted third parties,
  • To make contact or interact with you, to conduct financial data evaluation/statistical analysis based on demographics, reservation, your stay or other data/market research and for your registration to our loyal membership program.

4. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

We are committed to collecting and processing your Personal Data in accordance with applicable data protection laws. We will only process your Personal Data if at least one of the following conditions applies:

  • You have given your consent to the processing of your Personal Data for one or more specific purposes e.g. for marketing purposes and subscribing to receive newsletters;
  • Processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract e.g. to make a reservation and provide the products and services you request;
  • Processing is necessary for compliance with a legal obligation to which Atlantica is subject e.g. sharing your Personal Data with regulatory authorities;
  • Processing is necessary in order to protect your vital interests or those of another natural person e.g. in an emergency, an incident, illness or accident;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Atlantica;
  • Processing is necessary for the purposes of the legitimate interests pursued by Atlantica or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data, e.g. when it is necessary to protect our property or establish, exercise or defend legal claims.

Consent

As part of our commitment to keep you informed, we may mail, e-mail, telephone, or contact you by other means to inform you about news, events, activities, new Atlantica products and services, or upcoming Atlantica special offers, events, enhancements, or other relevant information that may be of interest to you. You may also receive mailings or other communications from carefully selected third parties. We always offer you the option to decline any or all of these communications by following the directions included in our e-mails or other communications, or by contacting Atlantica directly.

If you are an Atlantica loyalty card club member, you may also change your communication choices by updating your e-mail preferences in your individual membership profile. We would like to keep all of our Guests informed and equally able to take advantage of the benefits offered by Atlantica and its strategic marketing partners.

Atlantica includes, in any case, provisions for:

  • Determining what disclosures are made in order to obtain valid consent.
  • Ensuring the request for consent is presented in a manner which is clearly distinguishable from any other matters, is made in an intelligible and easily accessible form, and uses clear and plain language.
  • Ensuring the consent is freely given (i.e. is not based on a contract that is conditional on the processing of Personal Data that is unnecessary for the performance of that contract).
  • Documenting the date, method and content of the disclosures made, as well as the validity, scope, and volition of the consents given.
  • Providing a simple method for a data subject to withdraw their consent at any time.

5. WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?

We apply strict security rules regarding the processing of Personal Data and third parties’ access to our records and files. We only share your Personal Data when this is necessary to conduct our business or to fulfill an obligation imposed by law.

We may share your information with:

  • All the Hotels managed by Atlantica, for purposes connected with the provision of our services/products and the management of our business and for the Hotels to perform the accommodation contract with the Guest and in particular exercise their rights and fulfill their obligations deriving from the accommodation of the Guest and comply with obligations imposed by law or regulations such as the tax authorities or the police;
  • Our third-party partners, service providers, tour operators, suppliers, bankers and retail partners for the purposes of operating and providing you with the products and services that you have requested;
  • Professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
  • Tour operators, insurance companies, insurance brokers, doctors, lawyers for the purposes of handling accidents, illnesses and claims.
  • Any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities.

When we share Personal Data with other organizations/ third-parties, we safeguard that they keep them safe, that they are authorized to retain these data and that they must not use your Personal Data for other purposes. Such sharing or transfer of Personal Data will be protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of Personal Data, etc.) and in particular if the recipient operates outside the EEA, appropriate protections will be put in place to make sure your Personal Data remains adequately protected including appropriate contract clauses such as standard contract clauses approved by European Commission.

6. SECURITY SAFEGUARDS

Atlantica recognizes the importance of information security and is constantly reviewing and enhancing our technical, physical, and logical security rules and procedures. All Atlantica owned websites and servers have security measures in place to help protect your personally identifiable information against loss, misuse, and alteration while under our control.

Although "guaranteed security" does not exist either on or off the Internet, we safeguard your information using both procedural and technical safeguards, including password controls, "firewalls" and the use of up to 128-bit encryption based on a Class 3 Digital Certificate issued by VeriSign, Inc. This allows for the use of Secure Sockets Layer (SSL), an encryption method used to help protect your data from interception and hacking while in transit.

7. DATA RETENTION PERIOD

Atlantica is committed not to retain Personal Data for a period longer than necessary for the reasons that the Personal Data was obtained and/or to meet legal and regulatory requirements. After this period, we will erase Personal Data. However, if Personal Data is needed after this period for statistical/analytical/historical/legitimate business purposes, we will take appropriate measures to anonymise this data.

8. YOUR RIGHTS UNDER EU DATA PROTECTION LAWS

In this section Atlantica addresses the rights deriving from Regulation (EU) 2016/679 and how these rights can be exercised by you.

     8.1 Your Right of Access or Rectification
Atlantica assumes that Personal Data collected directly from you will be accurate and complete. You have the right to ask for a copy of your Personal Data we hold about you. If you want to exercise your right of access or rectification, you may use the Data Subject Request Form.
     8.2 Your Right to Erasure
You may request that any Personal Data held about you be deleted or removed, and, in such case, any third parties who process or use that data must also comply with such request. An erasure request can only be refused if an exemption applies. If you want to exercise your right of access or rectification, you may use the Data Subject Request Form.
Atlantica is obligated to erase Personal Data where one of the following applies:
•    Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
•    You withdraw consent and no other legal basis for processing exists;
•    You object to the processing carried out on the grounds of Atlantica’s legitimate interests and there are no other overriding legitimate grounds for the processing;
•    the Personal Data has been unlawfully processed.
If Atlantica cannot actually delete Personal Data, Atlantica will ensure that it:
•    is not able, or will not attempt, to use the Personal Data to inform any decision in respect of any individual or in a manner that affects the individual in any way;
•    does not give any other organization access to the Personal Data;
•    protects the Personal Data with appropriate technical and organizational security; and
•    commits to permanent deletion of the information if, or when, this becomes possible.
     8.3 Your Right to Restrict Processing
You have the right to restrict Atlantica from processing Personal Data by using the Data Subject Request Form.
     8.4 Your Right to Object
You have the right to object at any time to processing of your Personal Data by using the Data Subject Request Form.
     8.5 Your Right to Data Portability
Upon request and provided that the relevant requirements stipulated in Article 20 of GDPR are met, you have the right to receive a copy of your Personal Data in a structured format using the Data Subject Request Form.
How to make a complaint
If you are not satisfied with the way in which your Personal Data has been processed, please submit your complaint or request/objection in one of the manners set out below in the Contact us section.
Please note that we may ask you to verify your identify before we can act on your request or complaint. We may ask you for more information to ensure that you are authorized to make such a request or complaint when you contact us on behalf of another data subject.
If you are dissatisfied with our response to your complaint or request, you may lodge a complaint with the competent data protection authority.


9. CONTACT US

IIf you would like to update your information, modify your communication preferences and submit any request or objection or if you do not want to receive marketing communications from Atlantica in the future, you can contact us:

  • by e-mail:
    gdpr@atlanticahotels.com
  • by telephone:
    +357 25 883 500
  • by fax:
    +357 25 883 555
  • by writing to us at:
    Atlantica Hotels & Resorts
    P.O. Box 52001, Potamos Yermasoyias, 4060 Limassol
    Cyprus

Updates to the Privacy Notice
Atlantica may amend this Privacy Notice from time to time in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our guests, properties, strategic marketing partners, and service providers. Updated versions will be posted to our web site and date stamped so that you are always aware of when the Privacy Notice was last updated.

Last update: May 2018
 

10. KEY TERMS

Personal Data" means any information relating to an identified or identifiable natural person (“Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data” means the Personal Data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure, alignment, restriction, erasure.

Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Data Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.

European Economic Area (“EEA”)”: EU Member States plus Norway, Iceland and Lichtenstein.

Discover Our Hotels
© COPYRIGHT 2015 ATLANTICA HOTELS AND RESORTS. ALL RIGHTS RESERVED.
We are using cookies to give you the best experience on our site. This includes personalizing content and advertising. To learn more, click here. By continuing to use our website without changing the settings, you accept our use of cookies, revised Privacy Policy and Term & Conditions
I ACCEPT