This privacy statement (“Statement”) has been drafted by and applies to Kanika Hotels Ltd, Kanika Olympic Ltd, K.A. Olympic Lagoon Resort Ltd, Somerstown Ltd their subsidiaries and all of the hotels within the Kanika Hotels & Resorts Group (collectively, "KANIKA," "we," or "us").
At KANIKA, we value and respect your privacy and prove this through this Statement which demonstrates KANIKA’s compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”) which is directly applicable in the European Economic Area from 25th May 2018, and has introduced new measures aiming to protect your personal data and thus your privacy.
In this Statement, we explain our practices regarding the collection and processing of your Personal Information.
Collection of Personal Information
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual i.e. through which you may be identified. It always has to do with living people. The Personal Information is the following:
a) Name, gender, home and work address, telephone number and email address, your business title, date and place of birth, nationality, passport, visa or other government-issued identification information;
b) Guest stay or visit information to a property, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, information and observations about your service preferences (including room type, facilities, holiday preferences, amenities requested, ages of children or any other aspects of the Services used), marketing and communication preferences;
c) Telephone numbers dialled, faxes sent/received or receipt of telephone messages when connected to the telephone services we may provide guests during their stay;
d) Credit and debit card number, other card information and generally payment, billing and account information;
e) participation in a membership/loyalty program or marketing program (even you have not stayed or do not stay at one of our hotels) and/or properties;
f) information provided on membership and account applications
g) Information related to the purchase and receipt of good or services
h) Employer or other relevant details if you are an employee of a corporate account, a vendor or other type of business partner (e.g., travel agent or meeting and event planner);
i) personal characteristics, nationality, income, passport number and date and place of issue, travel history
j) information about vehicles you may bring or order onto our properties
k) your reviews and opinions about our services and/or properties
l) hotel, airline and rental car packages booked;
m) groups with which you are associated for stays at hotels and/or properties
n) Profile picture;
o) Social media account ID or user ID;
p) any other type of information which you may choose to provide to us or we may obtain about you through third parties with whom we do business (e.g. travel agents or similar providers).
If you submit any Personal Information relating to other people to us or to our service providers, especially Personal Information of minors, in connection with the Services (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Statement and/or the Registration Card which is provided at reception desks of our hotels and/or properties.
We and our service providers and/or agents and/or affiliates may collect Personal Information, whether these are provided in writing or through verbal communication at every guest interaction and in providing any part of our services, ways such as the following:
a) Through Our Online Services:
We may collect Personal Information when you make a reservation or enrol to our membership/loyalty program or otherwise purchase goods and services from us through our websites and apps, when you communicate with us via online chat services or a social media service such as facebook, or when you sign up for a newsletter or participate in a survey, contest, promotional and/or special offers.
b) Through Our Offline Services:
We may collect Personal Information from you offline. This may take place when you visit the reception desk at our hotels and/or properties to make a reservation or enrol to our membership/loyalty program, when you communicate with any member of our staff over the phone or via e-mail or when you contact customer services.
c) From Other Sources:
We may receive your Personal Information from other sources, such as public databases, joint marketing partners, and other third parties. This may include information from your travel agent, airline, credit card, and other partners, and from social media platforms (including from people with whom you are friends or otherwise connected). For example, if you elect to login to, connect with or link to, the Online Services using your social media account, certain Personal Information from your social media account will be shared with us, which may include Personal Information that is part of your profile or your friends’ profiles.
In the event that we receive information from third parties, as opposed to directly from you, provided that they are lawfully entitled to share your data with us, we will use and share this information for the purposes described in this Statement. Also in the event that your Personal Information is collected in this way, then we will bring to your attention the information included in this Statement along with the source from which the data originate, and if applicable, whether it came from publicly accessible sources. This information shall be provided to you within a reasonable period after obtaining the Personal Information, but at the latest within 1 month, except where the Personal Information are to be used for communication with you, in which case we will provide you with the above information at the latest at the time of the first communication with you. However, if the above information is envisaged to be disclosed to another recipient then the above information shall be disclosed the latest when the Personal Information are first disclosed to the new recipient, despite the fact that none of the previous deadlines has passed. Of course, no such information would need to be provided:
a) where you already have this information;
b) where the provision of this information, for some reason, proves impossible or would involve disproportionate effort to obtain;
c) obtaining or disclosure is expressly laid down by Union or Member State to which we are subject, and which provide measures to protect your legitimate interest;, or
d) in the event where the Personal Information must remain confidential subject to an obligation of professional secrecy.
Use of Personal Information
We may use Personal Information in a variety of ways including:
a) To provide the services you request from us, such as to facilitate reservations, send confirmations or pre-arrival messages, to assist you with meetings, events or celebrations, and provide you with other information about the area and the hotel and/or properties at which you are scheduled to stay
b) To complete and fulfil your reservation and stay, for example, to process your payment, ensure that your room is available, and provide you with related customer service
c) To send you administrative information, direct marketing communications, newsletters, promotional and special offers, periodic customer satisfaction, market research or quality assurance surveys, and in order to respond to you requests and messages. This may be done in accordance to any communication preferences you have expressed. Such information may be provided through e-mail, postal mail, online advertising, social media, telephone, text messages, push notifications, in-app messaging, and other means including on –property messaging such as in-room television
d) To personalize the services you request and your experience when you stay in one of our hotels and/or properties;
e) to offer you the expected level of hospitality in-room and throughout our properties
f) To allow you to participate in contests and other promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Information. We suggest that you read any such rules carefully
g) For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including through the use of closed circuit television, card keys, and other security systems), developing new products, enhancing, improving or modifying our Services to ensure that our site, products, and services are of interest to you, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities
h) to generate usage statistics of our website
i) to generate statistics in relation to the types and volumes of guests visiting our hotels and/or properties during the year
j) to improve and personalise of our services to you during future stays through the use of information that you provide in relation to your preferences and experiences. For this purpose understand that the creation of a profile is necessary.
In the event that we decide to further process your Personal Information for a purpose other than that for which the personal data were obtained, we shall provide you prior to that further processing with information on that other purpose and with any relevant further information which the General Data Protection Regulation requires.
Disclosure, Sharing and Transfer of Personal Information
To uphold a uniform level of hospitality and provide you with the best possible service in all our properties and/or hotels, your Personal Information may be shared with the below entities and/or people, which may involve cross-border transfer of information to third parties in countries outside the European Economic Area:
a) to authorised personal at the applicable hotel and/or property in order to meet your reservation request. Upon your express consent, we retain your Personal Information including details of your stay, preferences, room/accommodation type and amenities used.
b) to subsidiary and/or affiliate companies and/or business partners of KANIKA for the purpose of meeting your preferences and in order to offer personalised services in all our properties.
c) to MailChimp which is a marketing platform of The Rocket Science Group LLC used for the purposes of direct marketing and email campaigns. MailChimp is part of the Privacy Shield framework and has thus been recognised by the European Commission as offering an adequate level of data protection. Despite the agreements which are in place between KANIKA and MailChimp ensure that the processing of your Personal Information is in accordance with the General Data Protection Regulation.
d) to our third party service providers, in order to offer products, services, or offers at our properties and for our operation and improvement. For example, your Personal information may be transferred to service providers in the context of the provision of services such as rental of cars, spa and restaurants within our hotels, website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. Generally, our service providers are contractually obligated to protect your personal information and may not otherwise use or share your personal information, except as may be required by law.
e) To Authorized Licensees: We may disclose your Personal Information to an Authorized Licensee in connection with the Services, including with respect to a reservation you book through us, in connection with offerings of Travel Related Services or to developers of Kanika branded real estate, or to enable an Authorized Licensee to market and operate the business that it licenses. Such Personal Information may also include, for example, Kanika information.
f) To Franchisees: We may disclose your Personal Information to franchisees in connection with the Services, including with respect to a reservation you book through us.
g) to sponsors of Contests and other Promotions.
In addition, when you elect to post information on message boards, chat, profile pages and blogs and other services to which you are able to post information and materials (including, without limitation, our Social Media Pages) any such information you post or disclose through these services will become public and may be available to other users and the general public. We urge you to be very careful when deciding to disclose any information on the Online Services.
i) In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may share your Personal Information to a third party for the purposes of the aforementioned event.
j) If you visit any of our properties as part of a group event or meeting, then personal information collected for meeting and event planning may be shared with the organizers of those meetings and events, and, where appropriate, guests who organise or participate in the meeting or event.
k) Other circumstances in which the sharing of your Personal Information may take place are in order to:
1) comply with applicable laws,
2) respond to governmental inquiries or requests from public authorities,
3) comply with valid legal process,
4) protect the rights, privacy, safety or property of KANIKA, site visitors, guests, employees, those of any of our affiliates or the public,
5) permit us to pursue available remedies or limit the damages that we may sustain,
6) enforce our websites' terms and conditions, and
7) respond to an emergency
8) to allow us to pursue available remedies or limit the damages that we may sustain.
Legal grounds for collection and processing of Personal Information
We would like to inform you that the legal grounds for receiving and handling your personal data is either:
a) that processing is necessary for the provision of hotel and accommodation services in the context of your stay with KANIKA (Regulation, Art. 1(b))
b) to the extent that the collection and processing is not covered by a) then the legal ground will be your explicit consent to the processing of your personal data for the above specific purposes (Regulation, Art. 1(a)). You may withdraw your consent at any time by sending us written notice of your wish to withdraw. This may be done in any written format including e-mail and fax
c) that processing is necessary for compliance with our legal obligations (Regulation, Art. 1(c))
d) that processing is necessary in order to protect your vital interests or those of another individual (Regulation, Art. 1(d))
e) that processing is necessary for the legitimate interests pursued by us except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Regulation, Art. 1(d)). Legitimate interests include processing for direct marketing purposes. In carrying out this balancing exercise between our legitimate interests to carry out direct marketing and your interests and rights, we believe that because, as you can see below, you are able to effortlessly object to the use of your Personal Information and thus terminate any direct marketing, since you might be better off knowing about our special and/or promotional offers, because all offers which are made through direct marketing are sent to all our guests and there is no discrimination in terms of the guests that receive them, and because the variety of services that we offer are all inherently connected to each other, we believe that your fundamental rights and interests do not prohibit us from carrying out direct marketing, even though we will always strive to first obtain your consent before carrying out such actions.
Under the Regulation, you have the following rights
a. to check whether and what kind of Personal Information we hold about you and to access or to request copies of such data
b. to be explained clearly and simply the information contained in this Statement;
c. to request correction, supplementation or deletion of Personal Information about you that is inaccurate or processed in non-compliance with applicable legal requirements;
d. to instruct the erasure of your Personal Information from our archives where:
1) it is no longer necessary for the purposes mentioned in this Statement;
2) where you withdraw your consent on which the processing is based and where there is no other legal ground for the processing
3) where you object at any time to the processing of your Personal Information in accordance to point (f) and (g) below
4) your Personal Information has been unlawfully processed
5) your Personal Information have to be erased in order to comply with our legal obligations.
e. to obtain a restriction to the collection, processing or use of Personal Information about you where the accuracy of your data is contested by you to allow us to verify the accuracy of your Personal Information, the processing is unlawful but you do not wish us to erase your Personal Information from our archives, we no longer need your data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you object to the processing of your information which is based on your consent, subject to limited exceptions such as the establishment, exercise or defence of legal claims;
f. to object to processing of your data on ground relating to your personal situation which have been obtained based on the necessity for the legitimate interests pursued by us, and to have us no longer process your personal data unless either we demonstrate to you compelling legitimate grounds for the processing which override your interest, right and freedoms, or the Personal Information is needed for the establishment, exercise or defence of legal claims
g. to object at any time to processing or your data for direct marketing
h. to the extent that your data is processed on the legal ground of your consent, to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from our part;
i. to know the identities of third parties to which your personal data are transferred;
j. to provide instructions on how your data must be handled after your death when relevant;
k. to lodge a complaint with the competent data protection authority
l. to withdraw your consent at any time. If, following the provision of your consent, you then no longer wish to receive marketing-related communications from us on a going-forward basis, you may opt-out by email us to email@example.com or following the instructions in any such email you receive from us or by sending us a fax at +357 25 582039.
How you can access, change, suppress or delete your Personal Information:
If you would like to review, correct, update, suppress or delete Personal Information that you have previously provided to us, you may contact us at firstname.lastname@example.org, or:
Kanika Hotels & Resorts
28th October 329A &Makarios III Avenue
KanikaEnaerios Complex, Block A, Apollo House
Data Protection Officer: Aristos Pentaliotis, Direct Private Line: +357 25 274570
For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Reasonable organisational, technical and administrative measures are in place to protect your Personal Information from unauthorized access, disclosure, alteration or destruction, while the Personal Information is stored in our archives.
We also carry out check to ensure that our affiliates and service providers with whom we share personal information, have reasonable measures in place to provide an adequate level of data protection and to maintain the confidentiality of your Personal Information.
We will not contact you by mobile/text messaging or email to ask for your confidential personal information or payment card details. If you receive this type of request, you should not respond to it. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We also ask that you please notify us at email@example.com
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below.
Special category of Personal Information
“Special Category of Personal information” amount to such information the processing of which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
We do not generally collect Special Category information unless it is volunteered by you. We may use health data provided by you to meet your particular needs (for example, the provision of disability access). Despite that, we ask that, unless there is a serious need for you or another guest, you do not to send us, and you do not disclose, any Special Category Personal Information to us.
We do not knowingly collect personal information from individuals who are under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit personal information without your permission.
Unless we hear otherwise from you or a longer retention period is required or permitted by the applicable law, your Personal Information will be subject to our 3-year retention policy. This retention period is in our opinion necessary to fulfil the purposes outlined in this Statement.
You Personal Information shall be destroyed as early as practicable, from both our short-term system and our back-ups so that restoration and/or reconstruction of the data is no longer possible. This also involves the secure destruction of any printed paper through methods such as cross-shredding or incinerating the paper documents.
Updates to this Privacy Statement
Where the need arises for the further protection of your Personal Information and for the purposes of your information, we may change and/or modify this Privacy Statement from time to time. Where we make material changes to this Statement we wil post a link to the revised Statement of the homepage of the website of … and where you have consented to the processing of your Personal Information based on a previous version of this Statement you may also be informed through a communication channel that you have provided. It is possible to recognise when this Statement has been last updated by looking at the date at the top of the Statement Any changes become effective from the date on which they were posted on the website of … Use of the website, any of our products and services, and/or providing consent to the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.
In the event that you have any questions about this Privacy Statement or you want to exercise any of your rights regarding your Personal Information please contact us at firstname.lastname@example.org, or:
Kanika Hotels & RESORTS
28TH October 329A& Makarios III Avenues
Kanika Enaerios Coamples, Block A, Apollo House
P.O. Box 53029
Because email communication are not always secure, please do not include credit card or other sensitive information in your emails to us.
Collection of Other Information
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
- • Information collected through cookies, pixel tags and other technologies
- • Demographic information and other information provided by you
- • Aggregated information
If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Statement.
We and our third party service providers may collect Other Information in a variety of ways, including:
- • Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this information to ensure that the Online Services function properly.
- • Through your use of the Apps: When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number. (
- • IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Online Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Online Services. We may also derive your approximate location from your IP address.
Use and Disclosure of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information (such as combining your name with your location). If we do, we will treat the combined information as Personal Information as long as it is combined.
- • Third Party Services: This Privacy Statement does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services link, third party payment services, or any third-party website that is the landing page of the high-speed Internet providers at our hotels. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us or by our affiliates. We have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal Information.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
- • Third Party Advertisers: We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Online Services and other websites or online services, based on information relating to your access to and use of the Online Services and other websites or online services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags).