Cookies & Privacy

Thanos Hotels and Resorts takes the issue of safeguarding your privacy very seriously. We have created this Privacy Policy in order to better familiarize you with the information we collect from hotel guests and visitors to the Thanos Hotels and Resorts website, and the way in which Thanos Hotels and Resorts uses this information to better serve the needs of our Guests.

How we use your personal information

This Privacy Policy aims to let you know how and for what purposes we use, process and look after your personal information. Below we provide information about the processing of your personal data and the data protection rights you are afforded. The content and scope of the data processing are largely based on each of the services that you have requested or that have been agreed with you.

Personal Information.

The term Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). It can include, among other things, your name, address, age, gender and personal financial history in the hotels.

Some types of information are classified as ‘sensitive’ for the purposes of European data protection law and there are additional restrictions on how we may use and hold this information.

Generally, it is necessary to obtain your consent before we can hold and use such information. However, we may hold and use such information without consent for limited statutory purposes such as monitoring compliance with our equal opportunities policies and health and safety rules, or if necessary to protect your vital interests, for legal claims, or in the public interest.

We will always communicate to you the purposes for which we wish to use your sensitive information when it is being collected, and, if necessary, obtain your consent at that time. In such cases, you will be able to withdraw your consent at any time.

What is the purpose of collecting Personal Information?

1. To Provide Superior Customer Service to our Guests
Personal Information is collected to allow us to make your reservation and provide the services you request at any of our properties, to ensure we meet your needs while you are staying with us and/or to allow us to contact you in relation to matters that may arise from your stay with us. By keeping certain Personal Information (strictly relating to your stay with us) on file, such as information regarding guest history and itemized spending, guests of Thanos Hotels and Resorts have the ability to confirm prior transactions and reconcile statements or invoices.

2. To Keep Our Guests Informed
We may use the Personal Information you provide to send you newsletters regarding our properties and to advise you of promotions or to inform you of offers or other information that may be of interest to you. If you do not wish to receive information from Thanos Hotels and Resorts you may indicate your wishes by log in in your profile account through our website or on your registration card when you stay with us or you may at any time advise one of our properties or send an e-mail to: [email protected].

3. To Improve Our Services
Finally, we may use the Personal Information you provide us to send you surveys strictly related to your stay with us and our services for customer satisfaction purposes and improving our services offered to our clients. Such information may be collected by a third party under contract with us. Occasionally we will combine information from a number of Guests to better understand trends and Guest expectations. When this occurs, all identifiers are removed, and the aggregate information cannot be linked to any specific Guest. If you do not wish to receive such surveys from Thanos Hotels and Resorts, you may indicate your wishes by sending an e-mail to [email protected].

How we collect Personal Information.

1. On Our Web Site
A. Cookies
When you visit our web site, you are initially given a "cookie", and your computer is assigned an ID number. A cookie is a commonly used piece of software that tracks an individual user's preferences, and is capable of enhancing your visit to the site. Cookies allow us to provide a customized experience without the visitor having to remind us of his or her preferences each time she or he visits our site. Our cookies do not contain any personally identifying information. Thanos Hotels and Resorts cookies are exclusive to and do not follow visitors to other Internet addresses. By not blocking the use of cookies, you will be deemed to have consented to the use of such a cookie by Thanos Hotels and Resorts.

We also use cookies to collect and maintain aggregate web site data (such as the number of visitors to a particular site), which helps us see which areas are popular with our users and which are not. Among other things, this helps us improve and update the site, based on such data as total number of visitors and pages viewed.

If you do not want to accept cookies, you can block them by adjusting the settings on your Internet browser. Visitors should understand, however, that rejecting cookies will affect your ability to benefit from the conveniences afforded by the use of cookies, and you will not be able to use certain customization features associated with creating a user profile. Please note that because this is a setting on your browser, this adjustment may also block cookies for any website you visit.

Once you have visited our web site and accepted our cookie, an ID number is automatically assigned to your computer or mobile device whenever you visit our web site. Despite the fact that you remain anonymous until you enter Personal Information on the web site, the ID number allows us to log your session, so that we may better assist you should you need some individualized service or support. Once you enter Personal Information on the web site, we associate your ID number with your contact information so we can recognize you on a future visit. We also use it to keep track of information that appears to be of particular interest to you.

These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

B. While Browsing Our Web Site
While in the process of browsing our web site, you may also provide us with information that does not reveal your personal identity. We use this aggregated, anonymous data mainly for editorial purposes, but we do not connect it to any Personal Information, such as your name or address.

While browsing our web site, you may also wish to put in a specific "Information Request" about one of our hotels, resorts or residential properties, or you may wish to participate in one of our on-line surveys or promotions. To respond to this request or to participate in our various programs, we may ask you for Personal Information, such as your name, postal code, e-mail address, and phone number. In the event you choose to provide us with this information, we will only use it for the purpose we have specified to you. We will only e-mail you if you want us to, and you can choose a number of alternate methods by which to receive a reply to a request. Your transmittal of your Personal Information shall constitute your acknowledgment and agreement to the terms and conditions contained in this Privacy Policy. If you are uncomfortable providing this information over the Internet, you can always call our Reservations Office for more details.

If you wish, you may also submit your e-mail address in order to be placed on a subscription list or to receive other information about our products and services. You will be placed on a subscription list unless you indicate your desire not to be included. In deciding whether or not to join such lists, please note that they are only used for internal purposes and we do not sell or rent our subscription lists to anyone. In the event you choose to join one of our subscription lists, you may ask to be removed from the list at any time. You will always have the ability to accept or decline any form of communication from Thanos Hotels and Resorts.

C. Making a Purchase on Our Web Site
When making a purchase, you will be asked to complete a form that includes your contact information. Then you will be redirected to a secure payment gateway provided by JCC Payment Systems Ltd where you will enter your payment details and confirm the payment. Upon payment, you will be automatically redirected back to our website to view your reservation overview. Additionally an email confirmation of your reservation details is also automatically sent to you. We retain a log file of transactions on our web site, excluding your credit card information. We will then use that information to assist in any inquiries about your transaction. We also occasionally combine information from a number of web visitors in a way that does not identify any user, in order to identify user patterns.

2. When Making a Reservation
A. On Our Web Site
You can search for rates and availability at our hotels and resorts without providing any Personal Information.

Visitors to our websites who choose to make reservations online will be required to complete a reservation profile the first time they make a reservation. When you create a reservation profile you will be asked to provide specific Personal Information, including your name, address and contact information, as well as certain guarantee and deposit information to secure your reservation, such as your credit card number. Your transmittal of your Personal Information shall constitute your acknowledgment and agreement to the terms and conditions contained in this Privacy Policy.

We also retain a copy of the reservation profile on our web site, excluding your credit card number. We will then use that information to create a log in our web site database.

We also may combine information from a number of web visitors in a way that does not identify any user, in order to identify user patterns.

B. Through our Reservations Office or Hotels
Reservations can also be made by calling our Reservation Office or by contacting a particular hotel or resort directly. When you make a reservation we may ask you for Personal Information such as your name, address, telephone number and method of payment. We may also obtain from you any room preferences or special requests. Personal Information obtained by our Reservation Office or hotels will be sent in a secured communication to the relevant hotel. Confirmation of your reservation will be provided directly to you, generally by e-mail.

3. During your stay at Thanos Hotels and Resorts
During your stay, we record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We also record this information to comply with financial reporting requirements, including those imposed by auditors and government regulators. We may also collect certain Personal Information as required by local laws (e.g. passport number). Information particular to your stay may also be stored (i.e. health issues, payment difficulties, special requests, service issues). This specific information is stored in the property management system at the particular hotel where you stayed and is combined with information from previous visits that you have made to that hotel. Certain information regarding your service preferences is also stored centrally by us and may be made available to other Thanos Hotels and Resorts properties through the Thanos Hotels and Resorts guest history database. You may advise the hotel if you do not want personal preferences shared.

In addition, we may retain the content of any document (including letters, comment cards, electronic documents such as e-mails and other similar forms of communication) that you send us before, during or following your stay. This information may be shared with employees of the hotel.

Storage of personal information

1. At the Hotel or Resort
Each Thanos Hotels and Resort managed property goes to great measures to ensure that all Personal Information is kept in a secure location, be it a database or filing cabinet. Furthermore, we take steps to ensure that only designated individuals have access to this information.

2. In Our Guest Property Management System
In order to serve you better we also store certain guest information in our Property Management System (“PMS"), a platform located in a data centre in Cyprus.

The stored information includes guest name, address and phone numbers. We may also store certain information regarding your service preferences. When you make a reservation at another Thanos Hotels and Resorts property, this information is sent to that hotel or resort.

We also store other transaction information in our PMS, including the number of stays you have had at properties managed by Thanos Hotels and Resorts and the number of nights of each stay.

This information may be transferred and/or made available to other Thanos Hotels and Resorts property when you make a reservation at that property, in order to serve you better.

3. In Our Customer Relationship Management System
In order to serve you better we also store certain guest information in our Customer Relationship Management (“CRM"), on a Microsoft Azure Cloud platform. The stored information includes guest name, address and phone numbers. We may also store certain information regarding your service preferences. When you make a reservation at another Thanos Hotels and Resorts property, this information is sent to that hotel or resort.

We also store other transaction information in our CRM, including the number of stays you have had at properties managed by Thanos Hotels and Resorts and the number of nights of each stay.

This information may be transferred and/or made available to other Thanos Hotels and Resorts property when you make a reservation at that property, in order to serve you better.

4. In Our Marketing Database
Thanos Hotels and Resorts maintains a database of Guest information which is used for marketing, promotion and research purposes. Any information sent to guests provides a clear notice of how to discontinue receiving promotional materials.

Information that is not secure

It is important to note that any e-mail communication is not secure. This is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the Contact Us section of our web site). We recommend that you do not include any confidential information (i.e. credit card information) when using e-mail. For your protection, our e-mail responses to you will not include any confidential information.

Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion.

Guest Profiles and Personal Information

If you are invited and elect to create a Guest Profile, on our web site, you will be asked to furnish specific Personal Information. You will also be asked to provide a password for use each time you log-in. Once you have created a Guest Profile, we may add online session data to your Guest Profile on subsequent visits to our website. When you provide information, including revised information to your Guest Profile, we may use the information you provide to update other databases maintained by us.

By completing your Guest Profile you are considered to have provided consent to share your Personal Information within Thanos Hotels and Resorts in accordance with this Privacy Policy.

Exchange of Personal Information between properties

Information is shared between certified data privacy personnel at individual Thanos Hotels and Resorts and resorts in certain limited circumstances, particularly where health or safety concerns have arisen in the past. Preference information may also be shared to enhance your guest experience.

Furthermore, if a guest does not pay an outstanding account on time, or acts in an unlawful manner in regard to payment obligations, this information may be shared among accounting personnel at other Thanos Hotels and Resorts managed properties.

Provision of Personal Information to third parties

Agents, contractors or third party service providers of Thanos Hotels and Resorts may receive your Personal Information in the course of providing services to Thanos Hotels and Resorts to better serve your needs as a Guest.

Using contractual or other arrangements, Thanos Hotels and Resorts ensures these parties protect your Personal Information in a manner consistent with the principles articulated in this Privacy Policy. Where the party to whom we share your personal information is a legal entity, we hereby affirm that we will take all reasonable steps and/or actions to confirm that the employees and/or representatives of such a third party will execute their duties in accordance with the highest industry standards and will comply with all provisions and requirements of the provisions of this Privacy Policy and the local laws and regulations on the protection of personal data (as amended from time to time) and GDPR and any legislation to success it or complement it.

We will only share Personal Information about you outside Thanos Hotels and Resorts without your consent, where: (a) it is required or authorized by law (for example, in response to a legal subpoena); (b) it is required to provide you with services you have requested in which case you will be considered to have implied your consent (e.g. car rental); (c) if your stay has been paid for by a third party we will provide billing information to the paying party;(d) if you have failed to pay amounts owed to a property; or with your consent and/or upon your instructions.

With regard to the transfer of data to recipients outside Thanos Hotels and Resorts, we note that we always maintain discretion with respect to your Personal Information.

We may disclose your personal data to third parties in order to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements and/or based on your consent/instructions.

If Thanos Hotels and Resorts suspects any unlawful activity is taking place, it may investigate and/or report its findings or suspicions to the police or other relevant law enforcement agency.

Why do we process your data (purpose of the processing) and on what legal basis

We process the aforementioned personal data in compliance with the provisions of GDPR and the applicable local legislation as amended from time to time.
• For compliance with a legal obligation
• For the performance of contractual obligations
• For the purposes of safeguarding legitimate interests - where necessary, we process your data above and beyond the actual performance of our obligations as a hotel in order to safeguard the legitimate interests pursued by us or by a third party.
• On the basis of your consent - Insofar as you have granted us consent to the processing of personal data for marketing purposes, the lawfulness of such processing is based on your consent. Any such consent granted, may be revoked at any time by contacting us.

Access to Personal Information

We understand that you may like to know what Personal Information we hold about you. We are happy to assist you with your request. To protect your Personal Information, however, we require that you prove your identity to us at the time your request is made. You may make a request at the property where you stayed as set out below.

When you make a request in person, we will require you to produce some form of photo identification such as a passport or a driver's licence.

Where you make a request by other means, we require the request be made in writing via fax or letter including a copy of a government issued identification and signature. We also require home and business addresses and phone numbers so we can check them with our files and satisfy ourselves as to your identity.

The above information is required in order to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Personal Information.

Thanos Hotels and Resorts reserves the right to decline access to your Personal Information under certain circumstances. If your Personal Information will not be disclosed, you will be provided with the reasons for this non-disclosure.

Updating your Personal Information

If at any time you wish to update or access your Personal Information, you can do so by:

Log in to your Personal Profile account on any of our Thanos Hotels and Resorts websites, or by contacting our Data Protection Officer:
- via e-mail at [email protected]
- via fax at +357 26 931656
- via letter

Attention: Data Protection Officer
Thanos Hotels and Resorts
PO Box 60136
8125 Pafos
Cyprus

How long is Personal Information retained?

We will keep your personal information for as long as you are guest and/or otherwise a person enjoying our services.

After you stop being a guest and/or a person enjoying our services, we may keep your personal information for a period of up to 6 years. We may keep your data for longer than 6 years if we cannot delete it for legal and / or regulatory and/or technical reasons. If we do so, we will ensure that your privacy is protected and the data are used only for the above-mentioned purposes.

Please note that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

What data protection rights you have

The following are the rights you have pursuant to the provisions of the GDPR and the applicable local legislation (as amended from time to time) in relation to the data protection:-
• Request access to your personal data (commonly known as a “data subject access request”).
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. In such a case, your data will be stored but not processed until expiration of the retention obligation.
• Subject to the legal basis on which the processing activity is based, you may object to processing of your personal data. Please note that in some cases, we may have compelling legitimate grounds to process your information which we need to comply with.
• Request restriction of processing of your personal data (a) if it is not accurate;(b) where processing may be unlawful but you do not want us to erase your data; (c) where you need us to hold the data even if we no longer require it; or (d) where you may have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party.
• In case the processing of the data is performed subject to your consent, you may withdraw consent at any time where we are relying on consent to process your personal data. However, we note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will of course advise you if this is the case at the time you withdraw your consent.

Please note that we may charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.

If you choose not to give your personal information

In the context of our relationship we may need to collect personal information by law, or under the terms of a contract we have with you. Without this data, we may, in principle, not be in a position to provide our services to you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to efficiently provide you with our services.

Any data collection that is optional would be made clear at the point of collection.

To what extent we carry automated decision-making and profiling

In establishing and carrying out a business relationship, we generally do not use automated decision-making. If we use this procedure in individual cases, we will inform you of this separately.

Who is responsible for the data processing and who you can contact

Questions or concerns regarding this privacy policy should be directed to the Data Protection Officer by writing to the following address:

- via e-mail at [email protected]
- via fax at +357 26 931656
- via letter

Attention: Data Protection Officer
Thanos Hotels and Resorts
PO Box 60136
8125 Pafos
Cyprus

If you have any questions, or want more details about how we use your personal information, you may contact us at the above contact details and we will be happy to provide you with further details.

Lodging a complain

Please let us know if you are unhappy with how we have used your personal information. You can contact us as noted above.

Changes to our Privacy Policy

Our Privacy Policy may change from time to time and we will post the revised policy on our web site, so you are always aware of how we treat Personal Information. Without your express consent we will not reduce your rights under this Privacy Policy with respect to Personal Information already collected about you.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Applicable Laws

Cyprus law applies to our company. We apply the requirements of this law (and any other applicable laws) to how we handle all Personal Information wherever received