Information given by Hawaii Hotels Limited to the subject of personal data, in accordance with the provisions of Processing of Personal Data (Protection of the Individual) Law 2001 and the General Data Protection Regulation 2016.
In accordance to the provisions of the Cyprus Processing of Personal Data (Protection of the Individual) Law 2001, (the “Law”), and the General Data Protection Regulation 2016 (“GDPR”) ,Hawaii Hotels Limited, as the Controller of Processing, hereby informs you that it has the obligation to secure that your personal data, (that is information which refers to you), which has come or may come into its custody, which also contains sensitive data (as this term is defined by the Law), is processed in accordance with the Law and the GDPR.
The records, either electronic or not, which will contain your personal data, will be under the control of the Controller of Processing. The Controller of Processing is Hawaii Hotels Limited with address and telephone number Amathus Area 127 4533 Limassol, Cyprus, Telephone No 25634333
What information we process?
Personal information is any information about you as an identifiable individual. The personal information that we process includes:
- • Basic information – such as name, surname, date of birth, gender, passport and/or ID information and publicly available photograph;
- • Contact information – such as your home address, zip/postal code, email address and phone number;
- • Financial information – such as your credit card details, itemized spending and transaction history;
- • Health information where disclosed and relevant to the provision of services;
- • Preferences – such as special requests, service issues and other preferences for your stay;
- • Technical information – such as information about the device you use to interact with us (including the unique device identifier, hardware model, operating system and version, and mobile network information, in the case of our website); and
- • Correspondence – when you contact us, such as to send an enquiry or make a request, any correspondence or application may be kept and added to your personal information.
How do we use your personal information?
We use your personal information for the following purposes:
- • to enable you to use our website;
- • to help us identify you and any accounts you hold with us;
- • to provide superior customer service to you;
- • to assist us in making your reservation and providing the services you request for our hotel;
- • to process transactions through our website (including taking payment for purchases you may make through our website) and to assist in any inquiries about your transaction;
- • for billing purposes in relation to your stay with us;
- • to confirm prior transactions and reconcile statements or invoices;
- • to contact you in relation to matters that arise from your stay with us;
- • to send you newsletters regarding our properties and to advise you of promotions or to inform you of offers or other information that may be of interest to you (if, where required, you separately provide your consent for us to do so);
- • to conduct surveys (if, where required, you separately provide your consent to this);
- • to respond to a specific "Information Request" from you and deal with any other enquiries, correspondence, concerns or complaints you have raised;
- • for you to participate in one of our on-line promotions;
- • if you become a Private Member, to create a member profile that is stored in our property management systems;
- • to analyse customer trends and insights; and
- • to operate our business, including for internal purposes such as auditing, data analysis, statistical and research purposes and troubleshooting to help us improve our services.
On what basis do we use your personal information?
We use your personal information on the following basis:
- • to comply with legal and regulatory obligations, including financial reporting requirements imposed by government regulators and our auditors;
- • to enter into agreements with you, and to perform our agreement to provide services to you when you stay with us;
- • for legitimate business purposes – using your personal information helps us to operate and improve our business and minimize any disruption to the services that we may offer to you. It also allows us to make our communications with you more relevant and personalized to you, and to make your experience of our services more efficient and effective;
- • because you have given your consent – at times we may ask for your consent to allow us to use your personal information for one or more purposes.
- • for the establishment, exercise or defense of legal claims or proceedings
How is personal information collected?
We collect your personal information while monitoring our technology tools and services, including comment cards and email communications sent to and from GrandResort.
Otherwise, we gather information when you provide it to us, or interact with us directly, for example:
- • when you create a profile or sign in to access an existing profile on our website;
- • when you make a purchase through our website;
- • when you make a reservation online, by calling our Reservation Office or hotel directly; and
- • during your stay at the hotel, including information provided during check-in.
We also receive information about you from other sources, such as our business partners, tour operators, travel agents and publicly available sources. We combine information that we have about you from various sources, including the information that you have provided to us.
What personal information may be provided to third parties?
We may share certain of your personal information with:
- • agents, contractors or third party service providers of GrandResort who provide services to us for better serve your needs as a Guest;
- • Analytics and search engine providers that assist GrandResort in the improvement and optimization of our website;
- • our professional advisors and auditors; and
- • local or foreign regulators, governments, courts, law enforcement and national security authorities.
You may advise the hotel if you do not want personal preferences shared.
Where a third party is engaged by GrandResort to provide services on our behalf, we ensure these parties protect your Personal Information in a manner consistent with the principles articulated in this Privacy Notice.
If you have chosen to join a subscription list, please note that they are only used for internal purposes and we do not sell or rent our subscription lists to anyone.
If GrandResort Hotel suspects any unlawful activity is taking place, it may investigate and/or report its findings or suspicions to the police or other relevant law enforcement agency.
How do we protect personal information?
We use a variety of security measures and technologies to help protect your personal information from unauthorized access, use, disclosure, alteration or destruction, consistent with applicable data protection and privacy laws. For example, we allow only encrypted communications from all of our web forms, including when you provide your credit card information through our website.
GrandResort stores personal information in a secure location and we take steps to ensure that only designated individuals have access to this information.
Accessing your personal information
We understand that you may like to know what personal information we hold about you. We are happy to assist you with your request. To protect your personal information, however, we require that you prove your identity to us at the time your request is made.
When you make a request in person, we will require you to produce some form of photo identification such as a passport or your ID card and you will be asked to sign a request form.
Where you make a request by other means, we request you contact us in writing via email, fax or letter including a copy of a government issued identification and signature. We require home and business addresses and phone numbers so we can check them with our files and verify your identity.
The above information is required to create an audit trail of how the request has been handled.
GrandResort reserves the right to decline access to your personal information under certain circumstances as permitted by law. If your personal information is not disclosed to you, you will be provided with the reasons for this non-disclosure.
You may also be entitled to:
- • request the correction and/or deletion of your personal information;
- • request the restriction of the processing of your personal information, or object to that processing;
- • opt out from processing of your personal information for direct marketing purposes;
- • withdraw your consent to the processing of your personal information (where GrandResort is processing your personal information based on your consent)
If you do not wish to receive marketing information from GrandResort, you may indicate your wishes on your registration card when you stay with us or send an e-mail to: firstname.lastname@example.org
You will always have the ability to accept or decline any form of communication from GrandResort.
You may unsubscribe from electronic marketing communications at any time by selecting the “unsubscribe” link included in such communications.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
After you have chosen to withdraw your consent GrandResort may be able to continue to process your personal information to the extent required or otherwise permitted by law.
If you have any questions or concerns regarding this Privacy Notice, please contact our Chief Data Protection Officer by writing to the following address:
Chief Data Protection Officer
GrandResort Hotel Limassol
Amathus Area 127, 4533
P.O. Box 54500 3724
Last Updated: [25.05.2018]