Kanika is part of Kanika Hotels & Resorts Group which includes Kanika Hotels Ltd, Kanika Olympic Ltd, K.A. Olympic Lagoon Resort Ltd, Somerstown Ltd their subsidiaries and all the hotels of Kanika Hotels & Resorts Group.
At KANIKA, we value and respect your privacy and prove this through this Statement which demonstrates KANIKA’s compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”) which is directly applicable in the European Union from 25th May 2018, and has introduced new measures aiming to protect your personal data and thus your privacy.
In this Privacy Statement, we explain our practices regarding the collection and processing of your Personal Information.
1. Collection of Personal Information
1.1. “Personal Information” is information that identifies you as an individual or relates to an identifiable individual i.e. through which you may be identified. It always has to do with living people. The following are considered as Personal Information:
a) Name, gender, home and work address, telephone number and email address, your business title, date and place of birth, nationality, passport, travel history, visa or other government-issued identification information;
b) Guest stay or visit information to a property, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, information and observations about your service preferences (including room type, facilities, holiday preferences, amenities requested, ages of children or any other aspects of the services used), marketing and communication preferences;
c) Telephone numbers dialled, faxes sent/received or receipt of telephone messages when connected to the telephone services we may provide guests during their stay;
d) Credit and debit card number, other card information and generally payment, billing and account information;
e) Participation in a membership/loyalty program or marketing program (even you have not stayed or do not stay at one of our hotels) and/or properties;
f) Information provided on membership and account applications;
g) Information related to the purchase and receipt of good or services;
h) Employer or other relevant details if you are an employee of a corporate account, a vendor or other type of business partner (e.g., travel agent or meeting and event planner);
j) Information about vehicles you may bring or order onto our properties;
k) Your reviews and opinions about our services and/or properties;
l) Hotel, airline and rental car packages booked;
m) Groups with which you are associated for stays at hotels and/or properties;
n) Profile picture;
o) Social media account ID or user ID;
p) any other type of information which you may choose to provide to us or we may obtain about you through third parties with whom we do business (e.g. travel agents or similar providers);
q) Images and video and audio data via: (a) security cameras located in public areas, such as hallways and lobbies, in our properties; and (b) body-worn cameras carried by our loss prevention officers and other security personnel;
r) Information about your preferences that we use to make your current and future stays and experience with us more enjoyable, including information about your interests and other relevant information about you that we learn about during your stay. This may also include any likes and dislikes about our services that you tell us about so that we can improve our services, and specific dietary or health restrictions to ensure your wellbeing. We may also collect your “Personal Preferences” that may include details of your special anniversaries (such as your birthday or wedding anniversary), what type of activities you prefer to take part in when staying with us, and your hobbies. Personal Preferences may also include details about who you usually travel with, their relationship to you, and your marital status.
1.2. If you submit any Personal Information relating to other people to us or to our service providers, especially Personal Information of minors, in connection with the Services (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Statement and/or the registration card which is provided at reception desks of our hotels and/or properties.
1.3. We and our service providers and/or agents and/or affiliates may collect Personal Information, whether these are provided in writing or through verbal communication at every guest interaction and in providing any part of our services, ways such as the following:
a) Through Our Online Services
We may collect Personal Information when you make a reservation or enrol to our membership/loyalty program or otherwise purchase goods and services from us through our websites and apps when you communicate with us via online chat services or a social media service such as Facebook, or when you sign up for a newsletter or participate in a survey, contest, promotional and/or special offers (hereinafter referred to as the “Online Services”).
b) Through Our Offline Services
We may collect Personal Information from you offline (hereinafter referred to as the “Services”). This may take place when you visit the reception desk at our hotels and/or properties to make a reservation or enrol to our membership/loyalty program, when you communicate with any member of our staff over the phone or via e-mail or by fax when you contact customer services. These communications may be recorded for purposes of quality assurance and training.
c) From Other Sources
We may receive your Personal Information from other sources, such as public databases, joint marketing partners, and other third parties. This may include information from your travel agent, airline, credit card, and other partners, and from social media platforms (including from people with whom you are friends or otherwise connected). For example, if you elect to login to, connect with or link to, the Online Services using your social media account, certain Personal Information from your social media account will be shared with us, which may include Personal Information that is part of your profile or your friends’ profiles.
1.4. In the event that we receive information from third parties, as opposed to directly from you, provided that they are lawfully entitled to share your data with us, we will use and share this information for the purposes described in this Privacy Statement. Also in the event that your Personal Information is collected in this way, then we will bring to your attention the information included in this Privacy Statement along with the source from which the data originate, and if applicable, whether it came from publicly accessible sources. This information shall be provided to you within a reasonable period after obtaining the Personal Information, but at the latest within 1 month, except where the Personal Information are to be used for communication with you, in which case we will provide you with the above information at the latest at the time of the first communication with you. However, if the above information is envisaged to be disclosed to another recipient then the above information shall be disclosed the latest when the Personal Information are first disclosed to the new recipient, despite the fact that none of the previous deadlines has passed. Of course, no such information would need to be provided:
a) where you already have this information;
b)where the provision of this information, for some reason, proves impossible or would involve disproportionate effort to obtain;
c) obtaining or disclosure is expressly laid down by Union or Member State to which we are subject, and which provide measures to protect your legitimate interest; or
d) in the event where the Personal Information must remain confidential subject to an obligation of professional secrecy.
2. Use of Personal Information
2.1. We may gather Personal Information to allow us:
a) To provide the services you request from us, such as to facilitate reservations, send confirmations or pre-arrival messages, to assist you with meetings, events or celebrations, and provide you with other information about the area and the hotel and/or properties at which you are scheduled to stay. In such cases the provision of your Personal Information is necessary to enable us to provide you our services. Failure to provide us such Personal Information will commit the performance of our Services impossible;
b) To complete and fulfil your reservation and stay, for example, to process your payment, ensure that your room is available, and provide you with related customer service. In such cases the provision of your Personal Information is necessary to enable us to provide you our services. Failure to provide us such Personal Information will commit the performance of our Services impossible;
c) To send you administrative information, direct marketing communications, newsletters, promotional and special offers, periodic customer satisfaction, market research or quality assurance surveys, and in order to respond to you requests and messages. This may be done in accordance to any communication preferences you have expressed. Such information may be provided through e-mail, postal mail, online advertising, social media, telephone, text messages, push notifications, in-app messaging, and other means including on –property messaging such as in-room television;
d) To personalize the services you request and your experience when you stay in one of our hotels and/or properties;
e) To offer you the expected level of hospitality in-room and throughout our properties;
f) To allow you to participate in contests and other promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Information. We suggest that you read any such rules carefully;
g) For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including through the use of closed circuit television, card keys, and other security systems), developing new products, enhancing, improving or modifying our Services to ensure that our site, products, and services are of interest to you, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
h) To generate usage statistics of our website;
i) To generate statistics in relation to the types and volumes of guests visiting our hotels and/or properties during the year;
j) To improve and personalise of our services to you during future stays through the use of information that you provide in relation to your preferences and experiences. For this purpose, understand that the creation of a profile is necessary.
2.2. In the event that we decide to further process your Personal Information for a purpose other than that for which they have been obtained, we shall notify you prior to that further processing about that other purpose and with any relevant further information which the Regulation requires.
3. Disclosure, Sharing and Transfer of Personal Information
3.1. To uphold a uniform level of hospitality and provide you with the best possible service in all our properties and/or hotels, your Personal Information may be shared with the below entities and/or people, which may involve cross-border transfer of information to third parties in countries outside the European Union:
a) to authorised personnel at the applicable hotel and/or property in order to meet your reservation request. Upon your express consent, we retain your Personal Information including details of your stay, preferences, room/accommodation type and amenities used.
b) to subsidiary and/or affiliate companies and/or business partners of KANIKA for the purpose of meeting your preferences and in order to offer personalised services in all our properties.
c) to MailChimp which is a marketing platform of The Rocket Science Group LLC used for the purposes of direct marketing and email campaigns. MailChimp is part of the Privacy Shield framework and has thus been recognised by the European Commission as offering an adequate level of data protection. Despite the agreements which are in place between KANIKA and MailChimp ensure that the processing of your Personal Information is in accordance with the Regulation.
d) to our third-party service providers, in order to offer products, services, or offers at our properties and for our operation and improvement. For example, your Personal information may be transferred to service providers in the context of the provision of services such as rental of cars, spa and restaurants within our hotels, golf bookings, website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. Generally, our service providers are contractually obligated to protect your personal information and may not otherwise use or share your personal information, except as may be required by law.
e) To Authorized Licensees: We may disclose your Personal Information to an authorized licensee in connection with the Services, including with respect to a reservation you book through us, in connection with offerings of Travel Related Services or to developers of Kanika branded real estate, or to enable an authorized licensee to market and operate the business that it licenses.
f) To Franchisees: We may disclose your Personal Information to franchisees in connection with the services, including with respect to a reservation you book through us.
g) To sponsors of contests and other promotions.
In addition, when you elect to post information on message boards, chat, profile pages and blogs and other services to which you are able to post information and materials (including, without limitation, our Social Media Pages) any such information you post or disclose through these services will become public and may be available to other users and the general public. We urge you to be very careful when deciding to disclose any information on the Online Services.
i) In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may share your Personal Information to a third party for the purposes of the aforementioned event.
j) If you visit any of our properties as part of a group event or meeting, then personal information collected for meeting and event planning may be shared with the organizers of those meetings and events, and, where appropriate, guests who organise or participate in the meeting or event.
Other circumstances in which the sharing of your Personal Information may take place are in order to:
- comply with applicable laws,
- respond to governmental inquiries or requests from public authorities,
- comply with valid legal process,
- protect the rights, privacy, safety or property of KANIKA, site visitors, guests, employees, those of any of our affiliates or the public,
- permit us to pursue available remedies or limit the damages that we may sustain,
- enforce our websites’ terms and conditions,
- respond to an emergency, and
- to allow us to pursue available remedies or limit the damages that we may sustain.
4. Legal grounds for collection and processing of Personal Information
We would like to inform you that the legal grounds for receiving and handling your Personal Information are the following:
a) processing is necessary for the performance of a contract in which Kanika is a contracting party, i.e. provision of booking services requested by you, collecting information regarding an event to be hosted in the premises of Kanika, processing payments, ensuring that online services are functioning so that individuals can make reservations or manage loyalty accounts, ensuring the safety of guests and personnel through interactions with on-site security personnel, comply with legal processes.
b) you gave your explicit consent to the processing of your Personal Information for specific purposes, i.e. for marketing purposes, collecting information about any health problems when providing massage or other services, collecting information about your dietary preferences or health restrictions when ordering food, accommodating needs of children, information regarding the mode of communication preferences (e.g., email, SMS). You may withdraw your consent at any time by sending us written notice of your wish to withdraw. This may be done in any written format including e-mail and fax.
c) processing is necessary for compliance with our legal obligations, i.e. our obligation to maintain books and records, to protect our trademarks, collecting national ID or passport numbers where legally required.
d) that processing is necessary in order to protect your vital interests or those of another individual, i.e. contacting medical or emergency services for an ill guest or disturbances and incidents involving guests, when a child becomes ill while participating in kids’ club or when a guest becomes ill in one of Kanika restaurants or when an individual becomes ill while using the fitness equipment in the premises of Kanika hotels.
e) processing is necessary for the legitimate interests pursued by us except where such interests are overridden by your interests or fundamental rights and freedoms which require protection , in particular where the data subject is a child, i.e. honouring the guests’ preferences, provision of personalised services, responding to customer complaints or concerns relating to an event, monitoring properties through CCTV to ensure the safety of guests and personnel, enforcing terms and conditions to protect trademarks, providing a crib or child-sized bathrobes and other amenities for children, advertising offers and/or similar products and services.
5. Your rights
5.1. Under the Regulation, you have the following rights:
a) to check whether and what kind of Personal Information we hold about you and to request access to or request copies of such Personal Information;
b)to be explained clearly and simply the information contained in this Privacy Statement;
c)to request rectification or deletion of Personal Information about you that is inaccurate or processed in non-compliance with the applicable legal requirements;
d)to instruct the erasure of your Personal Information from our archives where:
- it is no longer necessary for the purposes collected, as mentioned in this Privacy Statement;
- where you withdraw your consent on which the processing is based and where there is no other legal ground for the processing. For the avoidance of any doubt, in such case, the lawfulness of processing based on consent before its withdrawal is not affected at all;
- where you object at any time to the processing of your Personal Information in accordance to point (f) and (g) below;
- your Personal Information has been unlawfully processed;
- your Personal Information have to be erased in order to comply with our legal obligations.
e) to obtain from us a restriction to the collection, processing or use of Personal Information about you, where:
- the accuracy of your data is contested by you to allow us to verify the accuracy of your Personal Information,
- the processing is unlawful, but you do not wish us to erase your Personal Information from our archives and you request the restriction of their use instead,
- we no longer need your Personal Information for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims; or
- you object to the processing of your Personal Information pending the verification whether our legitimate grounds override yours;
f) to object to processing of your Personal Information on ground relating to your personal situation which have been obtained based on the necessity for the legitimate interests pursued by us, and to have us no longer process your personal data unless either we demonstrate to you compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the Personal Information is needed for the establishment, exercise or defence of legal claims;
g) to object at any time to processing or your Personal Information for direct marketing, including profiling to the extent that it is related to such direct marketing;
h) to the extent that your Personal Information is processed on the legal ground of your consent, to receive the Personal Information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those Personal Information to another controller without hindrance from our part;
i) to know the identities of third parties to which your Personal Information are transferred;
j) to provide instructions on how your Personal Information must be handled after your death when relevant;
k) to lodge a complaint with the competent data protection authority, being the Commissioner for Personal Data Protection;
l) to withdraw your consent at any time. If, following the provision of your consent, you then no longer wish to receive marketing-related communications from us on a going-forward basis, you may opt-out by email us to [email protected] or following the instructions in any such email you receive from us or by sending us a fax at +357 25 582039.
5.2. How you can access, change, suppress or delete your Personal Information
If you would like to review, correct, update, suppress or delete Personal Information that you have previously provided to us, you may contact us at [email protected], or:
Kanika Hotels & Resorts
28th October 329A &Makarios III Avenue
KanikaEnaerios Complex, Block A, Apollo House
Data Protection Officer: Yiannis Mavrokordatos, Direct Private Line:
+357 25 274524
Reasonable organisational, technical and administrative measures are in place to protect your Personal Information from unauthorized access, disclosure, alteration or destruction, while the Personal Information is stored in our archives.
We also carry out check to ensure that our affiliates and service providers with whom we share personal information, have reasonable measures in place to provide an adequate level of data protection and to maintain the confidentiality of your Personal Information.
We will not contact you by mobile/text messaging or email to ask for your confidential personal information or payment card details. If you receive this type of request, you should not respond to it. We also ask that you please notify us at [email protected]
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact Us” section below.
7. Special category of Personal Information
“Special Category of Personal information” amount to such information the processing of which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We do not generally collect Special Category information unless it is volunteered by you. We may use health data provided by you to meet your particular needs (for example, the provision of disability access). Despite that, we ask that, unless there is a serious need for you or another guest, you do not to send us, and you do not disclose, any Special Category Personal Information to us.
We do not knowingly collect Personal Information from individuals who are under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit Personal Information without your permission.
9. Retention Period
Unless we hear otherwise from you or a longer retention period is required or permitted by the applicable law, your Personal Information will be subject to our 3-year retention policy. This retention period is in our opinion necessary to fulfil the purposes outlined in this Privacy Statement.
Your Personal Information shall be destroyed as early as practicable, from both our short-term system and our back-ups so that restoration and/or reconstruction of the data is no longer possible. This also involves the secure destruction of any printed paper through methods such as cross-shredding or incinerating the paper documents.
10. Updates to this Privacy Statement
Where the need arises for the further protection of your Personal Information and for the purposes of your information, we may change and/or modify this Privacy Statement from time to time.
11. Contact Us
In the event that you have any questions about this Privacy Statement or you want to exercise any of your rights regarding your Personal Information please contact us at [email protected], or:
Kanika Hotels & RESORTS
28th October 329A& Makarios III Avenues
Kanika Enaerios Coamples, Block A, Apollo House
P.O. Box 53029
Because email communication is not always secure, please do not include credit card or other sensitive information in your emails to us.
12. Collection of Other Information
12.1. “Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
- Information collected through cookies, pixel tags and other technologies,
- Demographic information and other information provided by you,
- Aggregated information
If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Privacy Statement.
12.2. We and our third-party service providers may collect Other Information in a variety of ways, including:
a. Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this information to ensure that the Online Services function properly.
b. Through your use of the Apps: When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
c. IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Online Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Online Services. We may also derive your approximate location from your IP address.
12.3. Use and Disclosure of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information (such as combining your name with your location). If we do, we will treat the combined information as Personal Information as long as it is combined.
13. Third Party Services:
This Privacy Statement does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services link, third party payment services, or any third-party website that is the landing page of the high-speed Internet providers at our hotels. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us or by our affiliates. We have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal Information.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
Third Party Advertisers & Privacy:
We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Online Services and other websites or online services, based on information relating to your access to and use of the Online Services and other websites or online services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags).