Privacy Statement

The privacy and security of your information is very important to us. Whether you are booking a room or are a member of one of our loyalty programs we want you to trust that the information that you have provided to us is being properly managed and protected.

We have prepared this Privacy Statement to explain more about who we are and how we collect and manage your information.

Who we are

This Privacy Statement is issued by the Churchill Hotel Management Limited a member company of the Karantokis Group of Companies (referred to as “KGC”) and operator of the Crowne Plaza Limassol (collectively referred to as “the Hotel”, “we”, “us” or “our” in this Privacy Statement) under license from InterContinental Hotels Group of Companies (referred to as “IHG”) and covers information collected and used by us during our business.

Information we collect

We collect and use personal information if you make a booking directly with us, stay or host an event at our Hotel, become a health club member at our Hotel, or participate in one of our loyalty programs. We generally collect this information directly from you, but we may also collect your information from other sources such as the IHG® Rewards Club system, agents or corporate account representatives which may make reservations on your behalf.

You do not have to provide us with your information although in some cases, if you do not, it may mean that you are unable to use our services. For example, we may be unable to check you in to the Hotel or complete any booking you may wish to make.

We also collect information from you when you browse our website, use our mobile applications or participate in certain services at our Hotel. In these instances, information such as your country information, internet protocol (“IP”) address, media access control address and other characteristics about your system or device may be automatically collected. This information is collected for functional purposes as well as to improve your experience when using these services. This information may also be used for aggregated trend and statistical analysis, and for showing you more relevant advertisements and messages.

As an IHG franchised hotel we may collect information on behalf of IHG such as for your optional enrolment in the IHG Rewards Club scheme or share relevant personal information and preferences if you make a reservation through the IHG branded reservation system or if you provide us with your IHG Rewards Club Number.

Where required we may share limited amounts of information for a limited amount of time with our auditors, tax advisors, and legal advisors acting on behalf of the Hotel to protect our legitimate interests. We also do share limited information with our holding company a KGC member which is covered by an agreement entered into by members of KGC (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within the group.

If you make a reservation or stay at our Hotel

We collect information from you when you make a booking with the Hotel whether it is directly or through a third party including the IHG guest reservation system or stay at our Hotel and may include:

Your name, email address, home and business address, phone number, nationality, country of residence and payment card information;

Information relating to your membership in one of our services or programmes or those of our programme partners such as your IHG® Rewards Club number; and

Information such as stay, and room preferences made during the course of your reservation such as your preferred room type and specific requests to the hotel.

If you join IHG® Rewards Club

We collect information from you on behalf of IHG if you register with the IHG® Rewards Club at our Hotel. Information collected may include your name, email address, home and business address, phone number, nationality, birthday, gender, hotel stay preferences, marketing preferences, payment card information, reservation details, dates of stays, loyalty programme membership number and details.

We forward this Information to IHG in order to fulfil your enrolment in the loyalty programme.

How we Use the Information Collected

Your personal information is only used for the purposes described in this policy unless this is otherwise this close to you at that time the data is collected except for instances where specific laws or regulations otherwise demand. We use the personal information collected to better operate, maintain, improve and provide the service information you request, and in some instances this information is analysed in order to derive general trends and customer preferences. We use the information collected from you primarily to fulfil your hotel reservation. Following your stay we may send you post-stay communications and satisfaction surveys to get feedback on your experience either directly or if you are an IHG® Rewards Club member via an IHG run survey.

In some instances where we have your consent we may send you marketing communications for products and services that we believe would be relevant for you.

Additionally, we use this information for purposes of aggregated trend and statistical analysis to evaluate and improve our products and services, plan new hotel locations and services and other market research.

Using Personal Information to create profiles

We create guest profile containing your personal information when you make a reservation or check in to our hotel. This information is used to manage your stay and provide all expected hospitality services and preferences as indicated in your reservation or from previous communication with the Hotel.

The legal basis for processing your personal data

We are committed to collecting and using your information in accordance with applicable data protection laws and will only collect, use and share your information where we are satisfied that we have an appropriate legal
basis to do this.

This may be because:

  • you have provided your consent to us using the personal information;
  • our use of your information is necessary to perform our contract with you for example making and managing your reservation;
  • our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities;
  • our use of your information is in our legitimate interest as a commercial organization for example to operate and improve our services and to keep people informed about our products and services (including
    for profiling).

Data Transfer and Sharing

As a member hotel of IHG it may be necessary to transfer your information to a country outside of the country where it was originally collected or outside of your country of residence or nationality. This information may relate to your participation in IHG operated incentive schemes such as the IHG Reward Club or amendments to reservations you have made through the IHG reservations system. It may also be necessary to transfer this information to third parties, including, without limitation, our partners and third-party service providers.

We do not generally transfer information to countries outside of the EU but if are required to do so we will take steps to make sure such transfer is carefully managed to protect your privacy rights:

  • transfers to IHG will be compliant with the IHG privacy statement [found here] which is similar to this one;
  • where we transfer your data to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information; and
  • where we transfer your data to entities in the US we will ensure such entities adhere to the EU – US Privacy Shield for the protection of personal information transferred from within the EU to the United States of
    America; and
  • we will only transfer personal information to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your
    privacy rights; and
  • any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed. We also share your stay information with other third parties in circumstances such as:
  • when we believe in good faith that the disclosure is required by law or to protect the safety of hotel guests, employees, the public or IHG property;
  • when disclosure is required to comply with a judicial proceeding, court order, subpoena, warrant or legal process; or
  • in the event of a merger, asset sale, or other related transaction.

How we secure your information

We are committed to protecting the confidentiality and security of the information that you provide to us and utilise technical, organisational, and physical security measures to minimise the risk of unauthorised access, disclosure, oil arts or loss of any stored information.

Managing your information

It is important for you to contact us to update the information or to inform us of any changes were discrepancies by contacting us. We will respond to your request within a reasonable timeframe.

If you are an IHG® Rewards Club or InterContinental Ambassador member you can update certain aspects of your personal information online using the “Personal Information” section found within the loyalty program website or application. In this case we will be the notified of these changes through the automatic creation of a new guest profile when you make a subsequent reservation at our Hotel. We make best effort to merge
duplicate profiles and delete out of date Information on a quarterly basis.

Please note that in some instances it may not be possible to delete certain pieces of your information and a portion of the information may be needed for suppression purposes. In other instances, we may not have the
ability to delete certain pieces of information that are stored on our systems or that have been provided to third parties in connection with the services discussed in this Privacy Statement.

Children

We do not generally collect any information on children under the age of 18, except for the number all children occupying a room and the age bracket of those children. This information is used for emergency evacuation
purposes and to apply any appropriate discounts.

In some cases, your reservation agent may forward or make available to us information on children which are part of your reservation in which case we adapt the reservation such that any identifiable information on your
children is redacted and not recorded or maintained in our systems.

Retaining your information in our systems

Information is retained for as long as is reasonably required by the purpose it was collected for as explained in this policy statement. In some cases, such as transactional records (which may include your personal
information) the retention periods are significantly longer (years) and are defined by the relevant legal and regulatory requirements. A data retention policy is maintained for this purpose.

Online Channels

We may use information from online sources, such as websites, social media and information sharing platforms. This information may be used to help tailor and improve our services and communicate with you effectively, as we know many of our customers use a range of media channels to communicate and share information.

We may use various social media features such as the Facebook “Like” button on our websites and mobile applications. Certain information may be shared or otherwise provided to us through your use of these features in conjunction with our services and programmes. Subject to your account and privacy settings, we may also be able to see information that you post when using these social media platforms whether or not you are using one of our services. In some instances we may contact you on these social media platforms. The information you post on social media sites as well as the controls surrounding these disclosures are governed by the respective policies of these third parties.

We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms.

Through the provision of the services described above, we and in some instances IHG, third-party partners and service providers, may communicate with you in relation to a reservation, as a member of any of our loyalty programs, through online digital services (e.g. online advertising, social media communications), or to support any other services that we provide.

Please be aware that unsubscribing from one type of communication may not unsubscribe you from another type.

How to contact us

By email:                  dataprotection@cplimassol.com
By post:                    2 Promachon Eleftherias, 4103 Lemesos, CYPRUS
By phone:                 +357 25 851515

 

Under EU data protection laws you have a right to lodge a complaint with your local data protection supervisory authority at any time. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.

Changes to this Privacy Statement

We may have to change or modify this Privacy Statement in order to comply with changes in the regulatory framework, legislation or our own business needs. Any changes to this statement will be published or communicated to you through our website and email addresses held on record.

Disclaimer

This Privacy Statement has been drawn up for the purpose of providing transparency in the way we collect and use Information and is not intended as a binding agreement between parties or in any way derive and / or diminish and / or alter any rights and / or obligations outlined in the General Data Protection Regulation or local Law. This Privacy Statement is based on the privacy statement issued by IHG with an effective date of 12 May 2018 and is amended to reflect the business needs and operating procedures of the Hotel and is not intended to replace or in any way amend any privacy statements issued by IHG.

Your rights under EU data protection laws

You have legal rights under EU data protection laws in relation to your personal information. To exercise any of your rights please contact our Data Protection Officer by emailing dataprotection@cplimassol.com

Right of access

You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.

Right to correct or erase

You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.

You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your  consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.

We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.

Right to restrict how we use personal information

You can ask us to restrict our use of your information in certain circumstances, for example:

where you think the information is inaccurate and we need to verify it;

where our use of your information is not lawful, but you do not want us to erase it;

where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or

where you have objected to our use of your personal information, but we still need to verify if we have overriding grounds to use it.

We can continue to use your information following a request for restriction where we have your consent to use it or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

Right to object to how we use your information

You can object to any use of your information which we have justified on the basis of our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.

You can also require us to stop using your data for direct marketing purposes.

Right to ask us to transfer your information to another organisation

You can ask us to provide your personal information to you in a structured, commonly used, machine- readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).

You may only exercise this right where we use your information in order to perform a contract with you or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data transfer agreements to protect commercial terms.

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual.

We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.

Using our websites, mobile applications and other technology

We and our third-party service providers use cookies, pixels, web beacons, tracking tools and other similar technologies on our websites, mobile applications and in other areas of our business to collect information and provide you with the services that you have requested or participate in and to provide targeted advertising. Subject to local consent requirements and individual terms of use for these services, we may use this and other information we collect, such as a hashed email address, to help us and our third-party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We, and our third-party service providers, also may use the cross-device tracking and other information we learn about you to serve targeted advertising on your devices. We also use the information that we collect to improve our products and services as well as your experience when visiting our websites and using our mobile applications. For more information on these subjects, please click the relevant section below.

Cookies and other tracking technologies

What is a cookie: A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember as well as obtain information about that party. You might be assigned a cookie when visiting our websites or when using our mobile applications. In some instances, where permitted under the applicable law, cookies may also be used for the purposes of certain email campaigns.

What types of cookies we use and how we use them: We use three primary types of cookies, which include:

Functional Cookies – these cookies support the use of the website and applications and enable certain features to enhance your experience. For example, we use functional cookies to facilitate your reservation and to remember your selections as you move from page to page. We also use functional cookies for remembering things like your sign-in information and hotel preferences to avoid you having to re-enter it.

Performance Cookies – these cookies collect information needed to support the website and our applications and allow us to improve our website and identify any problems that you faced while visiting us. For example, performance cookies may provide us with information about how you came to our website and how you navigated around our website during your visit. We also use these cookies to provide us with certain statistical and analytics information, such as how many visitors came to our website or how effective our advertising is.

Targeting Cookies – these cookies are used to collect information from you to help us to improve our products and services as well as serve you with targeted advertisements that we believe will be relevant for you. We use targeting cookies across our websites and applications for various marketing initiatives and campaigns. For more information, please see the “Targeted advertising” section below.

To learn more about cookies and how they are used, please visit: http://www.allaboutcookies.org/

Third-party cookies: As described above, we use a number of third-party service providers to help us manage, carry out and improve our advertising. These parties set cookies at our direction to help us collect information and provide you with advertisements that we believe would be relevant for you. In some instances, these third parties may also assist us by providing certain statistical and analytics information in relation to our marketing practices. We also may share information collected through cookies (and other tracking technologies) with third parties to use for their own analytics and marketing purposes.

Managing cookies and opting out: You can choose to visit our web sites without cookies, but in some cases certain services, features and functionality may not be available. To visit without cookies, you can configure your browser to reject all cookies or notify you when a cookie is set. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.

To manage Flash cookies, please click here.

Other technologies: Other technologies such as pixels and web beacons may also be used on our websites, mobile applications, in email messages and in other areas of our business. These technologies are used to improve our products and services as well as our marketing efforts.

Targeted advertising: We and our third-party service providers may serve targeted advertisements through the use of first-party or third-party cookies, pixels and web beacons when you visit our website, use our mobile applications, or visit third party websites. In some instances, these cookies may be persistent cookies. We do this to provide you with advertising that we believe may be relevant for you as well as improve our own products and services, including the functionality and performance of our websites and mobile applications.

Do-Not-Track: Currently, our systems do not recognize browser “do-not-track” signals. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions at the DAA and the Network Advertising Initiative websites.

Use of WI-FI & Internet access services

When you use the Hotel WI-FI or wired internet access service (from now on “HSIA”) we may collect and process certain additional information.

What information we collect

Registration and User-Provided Information: When you use our HSIA service your personal information including your room number and surname are used to authenticate and grant you access to the service. You may also provide us or IHG with personal information about you in various ways when you use WI-FI service, for example, when you send us customer service-related requests.

Device Identifiers. In the course of providing the HSIA service we may automatically collect a device identifier (such as your IP address, MAC Address or other unique identifier) for the computer, mobile device, technology or other device used to access the service. A device identifier is a number that is automatically assigned to your device when you access the service and may be used to identify your device.

Other device information: We may also automatically record certain information from your device including, device type, the web pages, apps or sites that you visit, and the dates and times that you visit, access, or use the HSIA service.

Links to Other Sites

Websites and applications operated by the hotel or IHG may contain links to other websites or services operated by third parties which may not comply with this privacy statement. It is important for you to be aware of cross site navigation.

International Transfer and sub-processors

IHG may transfer the Hotel Employee Data to a sub-processor (including to affiliates) located outside of the European Economic Area (International Transfer).

As part of the Hotel’s licensing agreement with IHG it is necessary to consent to this transfer under the following provisions:

(i) the data recipient or the country in which it operates has been determined by the European Commission to ensure an adequate level of protection for the rights and freedoms of Data Subjects in relation to Personal Data; or

(ii) IHG has entered into Standard Contractual Clauses (Processors) (as laid down in the Commission Decision 2010/87 EU of 5 February 2010 (or any subsequent version which replaces these) (Standard Contractual Clauses), under which the Licensee (as exporter) will have direct contractual rights of enforcement against the sub-processor (as importer); or

(iii) IHG has provided such other appropriate safeguards as permitted by applicable data privacy laws such as “Binding Corporate Rules”.

The Hotel has appointed IHG to act as attorney on its behalf to enter into Standard Contractual Clauses as necessary to facilitate these arrangements.

The Hotel authorises IHG to appoint sub-contractors to process the Hotel Employee Data (sub- processors) subject always to IHG making available to the Hotel, and the Hotel to its Employees, a list of sub-processors which it uses during the term of the Franchise Licence. If at any time IHG wishes to make any changes to the list of sub-processors IHG shall notify the Hotel and the Hotel shall notify its Employees so as to give the Hotel and / or its Employees the opportunity to object to the proposed change. In cases of no objection, the new or alternate sub-processor shall be deemed approved by the Hotel and / or its Employees.

English