Privacy Policy

1. Scope

This Privacy Policy describes how the AJAX HOTEL and its Affiliates (“we” or “us”) collects, uses, consults or otherwise processes an individual’s Personal Data.

For the purposes of GDPR, depending on the type of Personal Data processing described in this Privacy Policy, AJAX HOTEL may be operating as a sole or joint Controller. If operating as joint Controllers, both entities jointly determine the means and purposes of the processing of your Personal Data. What this means for you is that you can exercise your rights against either of the joint Controllers by contacting either company as set out below.

In some of the situations described in this Privacy Policy, the AJAX HOTEL in which you made a booking and/or stay will also process your data as a (joint or sole) Controller. The hotel will be solely responsible for the processing activities for which it is the sole Controller.

NICOLAOU BROS TOURIST ENTERPRISES LTD is a company incorporated under the laws of Cyprus, having its registered office at Ayias Zonis & Thessalonikis 1, NICOLAOU PENTADROMOS CENTER, floor 9, office 902, 3305 Limassol, Cyprus and is the owner of AJAX HOTEL.
We are committed to protecting the privacy of our customers and as well as the privacy of any other subjects we collaborate with.

This Privacy Policy is intended to inform you how we gather, define, and use Personal Data that you provide to us when using our website, when relying on our hospitality services, when you work or collaborate with us.

2. Guests

2.1 Hotel Booking Process

In the context of the hotel booking process we process your Personal Data for:

  • (i) enabling you to reserve a room of your choice in the hotel;
  • (ii) verifying the availability of the hotel and to administer the booking;
  • (iii) sending you a booking confirmation

The tables below provide details of the personal processed for the purposes stated above:

Processed data categories Source of data Ground for processing Recipients of data Retention period
Mandatory: First name / Last name, First name / Last name of adult co-guest(s), Email Address, Date of arrival and departure, Bed preference, Payment card type, number and expiration date, Telephone number Optional: Purpose of stay, Special requirements
  • From a direct booking with our hotel
  • Directly from you through our web site
  • Through the online booking channel, you used to make the booking Expedia, Booking, Hotelbeds, Bookcyprus, HRS, GTA, hotels.com and other third-party online systems (affiliates of the above)
  • From your travel agent
  • From our call center
Processing is necessary to take actions to enter into and perform a contract
  • Service providers involved in the (online) booking process/li>
  • IT service providers/li>
  • Email communications service provider
  • 4 years from the booking date
  • Card details are deleted after the completion of thepayment

 

2.2 Guest satisfaction surveys

We may send you guest satisfaction surveys by email during or after your stay to enable us to measure the performance of our hotels

Processed data categories Source of data Ground for processing Recipients of data Retention period
Country of residence, Date of arrival and departure, Email address, First name / Last name, Room Number, stay details and any other comments the client will make Directly from you through the online platform iFeedback Subject has consented to hotel for processing their data in order to follow up on the good performance of the contract you have with us. Other hotel entities involved 2 years from the date of the conduction of the survey

 

2.3 Hotel check-in and check-out

When staying at the hotel, we will collect and process your Personal Data for the purposes of:

  • (i) registering your arrival and departure at the hotel;
  • (ii) assigning you a key card to your room
  • (iii) obtaining a credit card guarantee or hotel deposit to ensure payment of your stay;
  • (iv) managing (and archiving) your hotel registration card;
  • (v) creating or updating your profile in our hotel management system;
  • (vi) assessing your eligibility for a room upgrade and managing this if applicable;
  • (vii) managing payment of your stay;
  • (viii) establishing, printing or sending an invoice for your stay;

In the event you have booked a room in our hotel but do not show up – without cancelling – on the date of arrival communicated, we will process your Personal Data for the purposes of (i) cancelling your stay and any other reservation you may have made; and (ii) managing, processing and settling any outstanding payment that may be due.

Processed data categories Source of data Ground for processing Recipients of data Retention period
First name / Last name, First name / Last name of adult co-guest(s), Payment card type, cardholders name, number and expiration date, Telephone number, Address, Country, Email address, Date of arrival and departure, Occupation, Nationality
  • Directly from you through the booking form
  • Directly from you through the hotel registration form
Processing is necessary to perform the contract you have with us.
  • IT service providers
  • Your travel agent (if applicable)
2 years from the date of the conduction of the survey

 

2.4 Hotel stay of Function services

When you stay in our hotel or we provide you with any function or events services in our hotel, we endeavor to make it as pleasant as possible for you. This requires processing your Personal Data for the purposes of providing specific services during your hotel stay. These services include (i) housekeeping and maintenance; (ii) returning lost or forgotten items to you; and/or (iii) managing your and your co-guests’ preferences, such as dietary requirements and pillow preferences, in order to provide you with a better service during your stay with us.

Processed data categories Source of data Ground for processing Recipients of data Retention period
First name / Last name, Address, Consumption habits, Date of arrival and departure, Dietary requirements, Email address, First name / Last name, First name / Last name of adult coguest(s), Other preferences, Telephone number
  • Directly from you through the booking form
  • Through the online booking channel, you used to make the booking
  • From your travel agent
  • From our call center
  • Directly from you during your stay at the hotel
Processing is necessary to take steps with a view to entering into a contract and/or to perform the contract
  • Hotel personnel, including housekeeping, maintenance, front desk, and/or other hotel personnel concerned
  • Other hotel entities involved
  • 4 years from the booking date or the function date

 

2.5 Hotel guest additional services and facilities

In our hotel you can benefit from additional services and facilities, such as breakfast, room service, minibar, pool, restaurants and bars, spa treatments, laundry services, parking, taxi requests, free WiFi, gym, hair salon etc. In the event you make use of additional services or facilities at one of our hotels, your Personal Data may be processed to (i) manage the booking and use of such additional hotel services and/or facilities; (ii) administer any advance bookings of additional services and/or facilities to your file; (iii) personalize returning guests’ arrival to the hotel and the choice of room amenities and room features; and (iv) manage the expenses incurred for such additional services and/or facilities.

Processed data categories Source of data Ground for processing Recipients of data Retention period
Consumption habits, Date of arrival and departure, Dietary requirements, Email address, First name / Last name, First name / Last name of adult coguest(s), Payment card type, number and expiration date, any other special requirements
  • Directly from you through the online booking form
  • Through the online booking channel, you used to make the booking
  • From your travel agent
  • From our call cente
  • Directly from you through the hotel registration card
  • Directly from you when making your additional service/facility request with the hotel front desk or the F&B
Processing is necessary to take steps with a view to entering into a contract and/or to perform the contract.
  • Hotel personnel, including front desk, room service, and/or other hotel personnel concerned
  • Other hotel entities involved
  • IT service providers
  • 4 years from the booking date or the function date
  • Card details are deleted after the completion of the payment

 

3 Social Media

3.1 Social Media and Online Reviews

We may process your Personal Data obtained through social media platforms (including Facebook, Instagram, LinkedIn and Twitter) or online reviews including TripAdvisor, Expedia, Booking,
Hotelbeds, Bookcyprus, HRS,GTA, hotels.com and other third party online systems (affiliates of the above) concerning our hotel for the purposes of (i) addressing your questions or complaints; (ii) monitoring our online reputation; and (iii) improving our services and identifying opportunities on which we can focus.
Some of our social media pages allow users to submit their own content. Please remember that any content submitted to one of our social media pages can be viewed by the public, and you should be cautious about providing certain personal information (e.g., financial information or address details) via these platforms. We are not responsible for any actions taken by other individuals if you post personal information on one of our social media platforms (e.g., Facebook or Instagram). Please also refer to the respective privacy and cookie policies of the social media platforms you are using.

Processed data categories Source of data Ground for processing Recipients of data Retention period
Any Personal Data you may decide to share with us or publish on social media or in other online reviews about us
  • Directly from you through publicly accessible social media pages, online booking channels or other (review) websites
  • From our online reputation monitoring service provider
Subject has consented to Third Parties for processing their data
  • Other hotel entities involved
  • Online reputation monitoring service provider
  • Until subject opts out from the social media platform

 

3.2 Social media contests

From time to time, we may organize a contest on one of our social media pages. If you choose to participate in such contest, we will process your Personal Data for organizing and managing the social media contest and picking the winner(s).

Processed data categories Source of data Ground for processing Recipients of data Retention period
This depends on the data fields in the contest concerned, but almost always includes the following categories of data:
Address, Email address, First name / Last name,Telephone number
  • Directly from you through publicly accessible social media pages, online booking channels or other (review) websites
  • From our online reputation monitoring service provider
Processing is necessary to take steps to enter into and perform a contract (ie participate in contest) as you accept the terms and conditions of the contest.
  • Other hotel entities involved
  • IT service provider
  • Digital marketing agency
  • Until subject opts out from the contest

 

4 Subscription to Our Newsletters

4.1 Newsletters and marketing communications

If you have explicitly consented to receive our newsletters or marketing communications, we may, from time to time, contact you with information about our services and latest offers and process your Personal Data for this purpose.
If you no longer want to receive our newsletters or marketing communications, please let us know by sending us an email at administration@ajaxhotel.com. You can also unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails sent to you.

Processed data categories Source of data Ground for processing Recipients of data Retention period
Name, Surname, Email Address, Ip Address, City Of Location, Age, Gender Directly from you when subscribing to our newsletter or later when completing your account Consent obtained during the subscription to our newsletter
  • IT service providers
  • Email communications service provider
  • Digital marketing agency
  • Until subject opts out from the subscription

 

5 Contractors

If you are a contractor or you provide us with any product or services, we will actively review the information we hold for you and delete it securely when are no longer need and after the termination of our engagement contract.

Processed data categories Source of data Ground for processing Recipients of data Retention period
Address, Email address, First name / Last name, Telephone number, Email address Directly from you when starting our collaboration Processing is necessary to take steps to enter into and perform a contract agreement
  • Other hotel entities involved
  • 7 years after the termination of engagement contract

 

6 Employees

As your employer, AJAX HOTEL needs to keep and process information about you for normal employment purposes. The information we hold, and process will be used for management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst
you are working for us, at the time when your employment is terminated ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of AJAX HOTEL and protect our legal position in the event of legal proceedings.

More information about the practices we use can be found on our Employee Privacy policy

7 Closed Circuit Security System

AJAX HOTEL uses surveillance systems (both internally and externally) to protect the AJAX HOTEL property and to provide a safe and secure environment for clients, staff and visitors.
CCTV systems are installed (both internally and externally) in premises for the purpose of Company enhancing security of the building and its associated equipment as well as creating a mindfulness among the occupants, at any one time, that a surveillance security system is in operation within and/or in the external environments of the premises during both the daylight and night hours each day.
The processing of personal data occurs where living individuals are identifiable from recordings and the AJAX HOTEL ensures that this processing is compliant with the GDPR. The AJAX HOTEL takes intoaccount the effect of surveillance systems on individuals and their privacy, with regular reviews to ensure their use remains justified. Our CCTV and live surveillance monitors collect images of individuals who are within their range. Signs are placed at the entrance to the system’s zone and within each surveillance area. The signs designate that:
“Images are being recorded for the purpose of premises and property security, public safety, crime
prevention, detection and prosecution of offenders.’’

Processed data categories Source of data Ground for processing Recipients of data Retention period
Images of employees and visitors Directly from you when you are entering our facilities or staying at our hotel To prevent and deter crime Assist in the prevention and detection of crime Assist with the identification, apprehension and prosecution of criminal offenders Monitor the security of the Company buildings and property
  • Access to the footage is restricted and will only be used to fulfil the purposes as stated below.
  • 30 days

Installation of Cameras

Signs will be erected to inform individuals that they are in an area within which CCTV is in operation.

Cameras will not be sited in areas where individual have a heightened expectation of privacy, such aschanging rooms or toilets.

Access to the footage is restricted and will only be used to fulfil the purposes as stated below.

The cameras are installed in the following areas:

  1. Hotel main entrance
  2. Lobby area in front of reception3. Back of house internal staff corridor (underground)
  3. Lobby area by elevators (ground level)
  4. Outside bar terrace area by the pool
  5. Bar and lobby area
  6. Bar terrace entrance to the lobby
  7. South parking area
  8. Inside pool bar / pool bar cashier
  9. Ballroom side entrance by tennis court
  10. Receiving area ramp
  11. Back door kitchen
  12. North side entrance to hotel from parking
  13. North parking area
  14. Timekeeper area and engineering office
  15. Luggage room and corridor to director’s office
  16. Reception focused on cashier
  17. Priamos ballroom
  18. Corridor from lobby to ballroom and entrance/exit doors to staircases
  19. Staircase from ground level to Achilles conference hall
  20. Tennis court side fence to the public green park
  21. Pool bar focused on cashier
  22. Agamemnon lobby lift area entrance/next to staircase
  23. Spa corridor to staff areas / cantine
  24. Spa south entrance from outside pool and corridor to spa reception
  25. Spa reception area
  26. Entrance exit to underground level lobby lifts
  27. Gym and fitness area
  28. Indoor pool area
  29. Corridor to Sauna / Steam bath area

The cameras record images 24 hours a day, 7 days a week.

Privacy Impact Assessment

Prior to the installation of any CCTV camera, or system, a privacy impact assessment has been conducted by the AJAX HOTEL to ensure that the proposed installation is compliant with legislation
and Cyprus Data Protection Commissioner guidance.

The AJAX HOTEL will adopt a privacy by design approach when installing new cameras and systems, taking into account the purpose of each camera so as to.

Disclosures of images to data subjects and to third parties

Disclosures of recordings are consistent with the purposes for which they were originally collected. Judgements about disclosures are made by the AJAX HOTEL and we have discretion to refuse any request without an overriding legal obligation, such as a court order or Data Subject Access Request. Disclosures include viewing recording or obtaining a copy of a recording. All viewings take place in a secure, restricted area to ensure that they are confidential.

An internal disclosure is a disclosure made to a member of staff who is not authorized to operate the equipment. In these instances, staff operating the systems are required to keep an internal disclosures log which will be reviewed by the Data Protection Officer.

An external disclosure is a disclosure made to a third party not employed by the Company. Third party requesters must complete a third-party request form and provide identification at the time of viewing or collection. The disclosure must be approved by the Data Protection Officer or another appointed staff member in their absence. These disclosures will only be made in instances where there is a legitimate emergency relating to a natural or man-made disaster or a violent crime. Third parties to whom we may disclose data include:

  • Police and other law enforcement agencies where the recordings will assist in a criminal investigation and or the prevention of terrorism and disorder after a written request.
  • Prosecution agencies after a written request.
  • Data Subject Request after filling in the appropriate Data Subject Request Form. The Company will respond to such a Request within 30 days after the request has been submitted and after the Data Subject has been identified. Reasonable efforts will be made not to disclose the identity of other persons within the same capture.

8 Your Rights – Under EU Privacy Law

GDPR grants specific rights, summarized below, which you can in principle exercise free of charge, subject to statutory exceptions. These rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. To exercise any of your rights, you can file a request via email at administration@ajaxhotel.com .

▪ Right to withdraw consent
Wherever we rely on your consent, you will be able to withdraw that consent at any time you choose and at your own initiative by logging in to your account on our website (if you have one) or by contacting us at administration@ajaxhotel.com. The withdrawal of your consent will not affect the lawfulness of the collection and processing of your data based on your consent up until the momentwhere you withdraw your consent. Please note that we may have other legal grounds for processing your data for other purposes, such as those set out in this Privacy Policy.

▪ Right to access and rectify your data
You have the right to access, review, and rectify your Personal Data. You may be entitled to ask us for a copy of your information, to review or correct it if you wish to rectify any information like your name, email address, passwords and/or any other preferences, you can easily do so by logging in to your account on our website (if you have one) or by contacting us at administration@ajaxhotel.com. You may also request a copy of the Personal Data processed as described in this Privacy Policy.

▪ Right to erasure
In accordance with EU Privacy Law, you have the right to erasure of your Personal Data processed by us as described in this Privacy Policy in case it is no longer needed for the purposes for which the Personal Data was initially collected or processed or in the event you have withdrawn your consent or objected to processing as described in this Privacy Policy and no other legal ground for processing applies. Should you wish to have your Personal Data erased, please file a request via email at administration@ajaxhotel.com.

▪ Right to restriction of processing
Under certain circumstances described in EU Privacy Law, you may ask us to restrict the processing of your Personal Data. This is for example the case when you contest the accuracy of your Personal Data. In such event, we will restrict the processing until we can verify the accuracy of your data.

▪ Right to object to processing
Under certain circumstances described in EU Privacy Law, you may object to the processing of your Personal Data, including where your Personal Data is processed for direct marketing purposes.

▪ Right to data portability
Where you have provided your data directly to us and where the processing is carried out by automated means and based on your consent or the performance of a contract between you and us, you have the right to receive the Personal Data processed about you in a structured, commonly used and machine-readable format, and to transmit this data to another service provider

9 Security Measures

Appropriate technical and organizational measures are implemented in order to ensure an appropriate level of security of your Personal Data, including but not limited to encryption techniques,
physical and IT system access controls, obligations of confidentiality, etc.

In the event Personal Data is compromised as a result of a Personal Data Breach we will make the necessary notifications, as required under applicable laws.

10 What Rules Apply to Children?

Where physible, we do not knowingly collect or solicit Personal Data from anyone under the age of 18 or knowingly allow such persons to book a room in one of our hotels. Ajax hotel does not gather or process personal data of minors without prior consent from his or her parents or legal guardian.

11 How Is Your Personal Data Shared with Third Parties?

We only share or disclose information as described in this policy, including with Third Parties. Your Personal Data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the Controller(s) legitimate interests in compliance with applicable laws. In addition, we may share your Personal Data and other information with a successor to all or part of our business, where this is in our legitimate interests in facilitating a business sale and in this context our business interests prevail over yours. For example, if parts of our business or assets are sold, we may disclose user information as part of that transaction, subject to applicable law.

12 How Long Will We Keep Your Personal Data?

We retain your Personal Data for as long as is required to fulfil the activities set out in this Privacy Policy, for as long as otherwise communicated to you or for as long as is permitted by applicable law. For example, we may retain your Personal Data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation, or as otherwise needed to enforce this Privacy Policy and prevent fraud and abuse.

To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

13 Does This Privacy Policy Apply to Third Party Websites?

If you click on a link to a Third-Party website, you will be taken to a website we do not control, and our Privacy Policy will no longer be in effect. Your browsing and interaction on any other website is subject to the terms of use and privacy and other policies of such Third Party website. Read the privacy policies of other websites carefully. We are not responsible or liable for the information or content on such Third-Party websites.

14 What Happens If We Make Modifications to This Policy?

We reserve the right to modify and update this Privacy Policy from time to time. We will bring these changes to your attention should they be indicative of a fundamental change to the processing or be relevant to the nature of the processing or be relevant to you and impact your data protection rights.

15 Feedback/Complains/Contact Us

Questions, comments, remarks, requests or complaints regarding AJAX HOTEL and this Privacy Policy, are welcome and should be addressed to:

AJAX HOTEL
Tel: 25 201 809
Email: marketing@ajaxhotel.com

In most cases, we will ask that you put a complaint in writing. We will investigate your complaint and will generally respond to you in writing within 30 days of receipt. If we fail to respond or if you are otherwise dissatisfied with the response that you receive from us, you may have the right to make a complaint to the Supervisory Authority at:

Office address: Iasonos 1, 1082 Nicosia
Postal address: P.O.Box 23378, 1682 Nicosia
Telephone: +357 22818456
Fax: +357 22304565
Email: commissionerdataprotection.gov.cy
Website: http://www.dataprotection.gov.cy