This Privacy Policy together with the Privacy Notice annexed in our Registration Forms and our Cookies Policy provide information and explain the way our group of companies using the trade name “Truly Cyprus” (hereinafter “Truly Cyprus” or “we” or “us”) process the personal data of our customers (hereinafter “Customer/s”, “Guest/s” or “you”) and the visitors of our website (hereinafter “you”) and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully, in order to understand our views and practices regarding your personal data and how we will treat them.

Definitions included in this Privacy Policy shall have the meaning assigned to them in the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, which together with Cyprus Law and the regulatory framework applicable in Cyprus shall constitute the Data Protection Legislation.

We are committed in preserving the privacy of all visitors to https://www.trulycyprus.com (our “Website”) and in protecting any personal information that you may provide to us.

We provide this Privacy Policy to help you understand what we may do with any personal information that we obtain from you or for you. Personal information may include information about an identifiable individual, as defined by Data Protection Legislation, such as name, e-mail address and telephone number as well as other related information. By providing your personal information to us, you signify your acceptance of this Privacy Policy and agree that we may collect, use, and disclose your personal information and data as described in this Privacy Policy. If you do not agree with this notice and / or this Privacy Policy, please do not provide your personal details and data to us. However, you may need to do so, if you want to make use of our accommodation services.

1.    INFORMATION & PERSONAL DATA WE COLLECT 

1.1. We may collect personal information about you when you use our website or our accommodation services and in any other way you may otherwise interact with us. The information we collect falls into the following categories: (a) information you provide us either during the process of booking accommodation services and checking in our hotels or through our website or other promotion and marketing methods; (b) information we collect through automated methods; and (c) information we collect from other sources.

1.2. We may combine the information you provide us with information collected through automated methods or with information we receive from other sources.

1.3. We collect information you provide us. You may provide the following information to us:

1.3.1. Personal data and details you provide us in the Registration Form during your check in at one of our hotels or any other type of personal data, which you provide to us, when you choose to communicate with us or use our services, such as personal details, your name, postal and email addresses, phone number, date of birth and other contact information, identity card or passport number, check in and check out information, payment methods and any other relevant information;

1.3.2. Personal details, such as your name, postal and email addresses, phone number, date of birth and other contact information, when you register with our Website and/or our Mobile Application, log-in to Wi-Fi, enter one of our competitions or contact us by phone or through our online services;

1.3.3. Transaction, information, including information about the services you book, prices, method of payment and payment details;

1.3.4. Account information, such as your username or password (or anything else that identifies you) used to access our online services or to buy or use our products and services;

1.3.5. Email and other contact details following your consent;

1.3.6. Profile information and preferences, after your prior consent, including products and services you like, the time you prefer to visit us, property preferences, additional services and products preferences, or any other preferences accruing from your conduct, comments, choices and recommendations during your past stays in any property of Truly Cyprus as well as purchase histories and records, activities information, membership in loyalty or recognition programs and any other source of information legally collected by third parties or according to your approval and during your stay in any of our properties; and

1.3.7. Other personal information you choose to give us when you interact with us.

1.4. We collect information through automated methods. In this context, we may use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our online services or in-restaurant technology. Automated technology may include cookies, local shared objects, and web beacons. There is more information below about cookies and other technologies.

1.5. We may collect information about your:

(a) internet protocol (IP) address;

(b) computer or mobile-device operating system and browser type;

(c) type of mobile device and its settings;

(d) unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device;

(e) device and component serial numbers;

(f) advertising identifiers (for example, IDFAs and IFAs) or similar identifiers;

(g) referring website (a site that has led you to ours) or application;

(h) online activity on other websites, applications, or social media;

(i) communications to us or regarding us on social media; and

(j) activity related to how you use our online services, such as the pages you visit on our sites or in our mobile apps.

1.6. Our Website may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth or cell tower proximity. For most mobile devices and computer systems, you are able to withdraw your permission for us to collect this information by using the device or web-browser settings. If you have any questions about how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer or your web-browser provider. Our Website may not work properly without information about your location. If you would like us to delete information we have collected, which could identify your location, please contact us at the address, phone number or email address below.

1.7. We may collect information about you from other companies and organisations as well as partners or suppliers of services, such as information transmitted from third parties, like tour operators, travel agents, either online or operating in any other form, reservation systems, platforms, suppliers of services and any other way. We may also collect information that is publicly available. For example, we may collect information about you when you interact with us through social media.

2.    COOKIES

We may obtain information about your general internet usage by using a cookie file, which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential, in order to be able to operate our website. Please note that our advertisers may also use cookies, over which we have no control. For more information on the way we use cookies, please refer to our Cookies Policy.

3.    PURPOSE & USE OF THE INFORMATION & PERSONAL DATA

3.1. We use information collected, stored and processed about you in the following ways:

3.1.1. In order to provide our services to our Guests and for administration & business purposes.

In order to manage your reservation and accommodation request, Truly Cyprus will collect, use, share, transfer, process and store the personal data you provide to us. This processing is necessary for the performance of our obligations towards our Customers, to provide you with information or services and in order to communicate with you, either following your request or otherwise required to do so. In addition, we will use your personal data, in order to provide our services to you and receive payment for such services, for internal Customer administration as well as business purposes, in order to provide you with the information or services you have requested and to improve our services, products or procedures.

3.1.2. For Marketing Communications.

With your consent, we may collect, use, share, transfer, process and store your personal data in order to communicate with you with regard to newsletters, promotions and featured specials, as well as other marketing material, messages and dedicated offers. You can withdraw your consent at any time by following the opt-out instructions in the marketing communications we send you. You can also withdraw your consent by contacting us at the contact details of our DPO ([email protected]). If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions.

3.1.3. In order to operate our Website.

We will process your personal information in order to ensure that content from our website is presented in the most effective manner for you and for your computer as well as for marketing and promotion of our services and products or services of third parties. Additionally, we may process your personal information, so as to allow you to participate in interactive features of our Website, when you choose to do so or to notify you about changes to our Website.

3.1.4. Legislation Compliance and the protection of our interests.

We may use your information, in order to comply with our legal obligations, according to applicable legislation or to disclose your personal data as necessary to comply with the applicable laws and regulations, such as our obligation to collect personal data of our Guests according to Police Directives, to process and store accounting documents and files, to respond to requests from governmental, judicial or any other competent authority, to protect our business, to bring or defend legal claims, to protect the rights, interests, safety and security of our organisation, our employees, guests, visitors or any third party, in connection with investigating fraud or other crime or violations of applicable laws, as well as to respond to an emergency.

3.1.5. Handling consumer complaints.

We will use your personal data in order to reply to any customer complaint as well as to defend any of our properties or Truly Cyprus and present our case in any Court or administrative authority in relation to any such customer complaint.

3.1.6. Preferences & Profile.

With your consent, Truly Cyprus will collect, use, share, transfer, process and store your personal data, in order to provide you with unique experiences, improved and personalised services, when you visit our properties in the future, according to your preferences and your profile, to customise our commercial offers and promotional messages, inform you on special offers and new services created to satisfy your personal needs, promote brands, gain a better understanding of your requirements and wishes and adapt our products and services to better meet your needs and requirements. You can withdraw your consent at any time by contacting us at [email protected].

3.1.7. Bad Behaviour of Guests.

For our company management and for administration purposes we may collect and process personal information of Customers or Guests that behaved inappropriately during their stay in our properties or showed anti-social behaviour or non-compliance with safety regulations, were impeached for theft, damage of property or any other type or vandalism and any payment incidents. Such processing is necessary for the legitimate interests of our business and all members of our group, for the protection of our future Guests and our employees as well as in order to prevent fraud and the abuse of our property or staff.

3.1.8. Securing Payments.

We may adopt systems that would assess the risk of fraud. In this context, we may use risk prevention service providers or systems for analysis and depending on their results and investigations we may need to take security measures, such as recommending different booking channels or requiring alternative payment methods. Non compliance could lead to suspending the execution of a booking or cancelling an order. In case of fraudulent use of any means of payment or methods of payment, leading to payment default or fraud and despite any other actions in law that may be available, Truly Cyprus may retain such incident data in file, so as to block future fraud or avoidance of payments and carry out additional checks. Such processing is essential and necessary, in order to protect our legitimate interests, operate our business properly, prevent fraud and file appropriate legal actions.

3.1.9. Extreme circumstances & public health.

In case of extreme or unprecedented and unexpected circumstances, particularly due to public health incidents or issues and pandemics, we may need to collect, store, process and disclose to third parties and competent administrative authorities personal information, indicatively medical and other sensitive data, in order to comply with applicable legislation and regulations or protect individuals, such as other Guests and Customers of our properties or our employees from the spread of a pandemic or any other type of risk and threat to health of any person. In case such personal data are stored by competent public authorities, you may need to refer to their privacy policy for further information on the use and processing of your personal data by them.

3.2. We may, also, use your data or permit selected third parties to use your data, so as to provide you with information about goods and services, which may be of interest to you and we or they may contact you about these. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregated information about our users. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to targeted audience.

3.3. In order to meet your special requirements, we may have to collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health, medical information or sexual orientation. In this case, we will only process this data, if you provide your express prior consent.

4.    WHERE WE STORE YOUR PERSONAL DATA

4.1. As a principle, data collected from you shall not be transferred to and stored at a destination outside the European Economic Area (“EEA”).

4.2. In certain cases, your personal data may be shared with our service providers, vendors or partners, which may be based anywhere in the world, including countries that may not offer the same legal protection for personal data as your country of residence. Truly Cyprus complies with the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 as well as the Cyprus Data Protection Legislation and has concluded respective Data Protection Agreements with such service providers, vendors or partners, in order to protect and safeguard your personal data and ensure, as technically and practically feasible, adequate level of protection by such third parties for your personal data. In any case, Truly Cyprus will only share your Personal Data under a strict ”need to know” basis and under appropriate contractual restrictions (such as EU Standard Contract Clauses).

4.3. All information provided to us is stored on our secure servers. Any payment transactions will be encrypted.

4.4. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with any third party.

5.    INFORMATION SECURITY

Truly Cyprus have established a strict and very elaborate security system, adopt security procedures and measures and take appropriate technical and organisational measures, in accordance to legal provisions and market standards, so as to protect your personal data, avoid, as technically feasible, any security or personal data breach or security incident and prevent the illicit or accidental destruction, alteration or loss, misuse, unauthorised access, modification or disclosure of any personal data stored and processed in our systems. However, the transmission of information through the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and use, indicatively physical security, technical measures, firewalls, organisational measures, password systems and any other reasonably protective measure.

6.    RETENTION OF PERSONAL INFORMATION

We retain personal information for the period of time necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law or applicable regulations.

7.    DISCLOSURE OF YOUR INFORMATION

7.1. We will only share your information as described in this Privacy Policy.

7.2. We may share your information within the company, our affiliates and our subsidiaries. All members of Truly Cyprus that receive information are not authorised to use or share the information, except as set out in this Privacy Policy.

7.3. Furthermore, we rely on third parties to provide services and products to you and may share your personal information with them as appropriate and necessary for the provision of our services, such as transportation, IT, wifi and network services, bank details, credit card issuers, tour operators, travel agents,  and other partners or vendors. We will, also, share your personal data with such third party vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, contests, prize draws and sweepstakes, carrying out research and analysis and personalising individual customer experiences. All such third parties are contractually obligated to protect your personal data and information in accordance to the Data Protection Legislation and may not otherwise use or share your personal data and information, except as may be required by law or our contracts and data protection agreements. We do not allow those service providers to use this information or to share it for any purpose other than to provide services to us or on our behalf.

7.4. We may, for strategic or other business reasons, decide to sell or transfer all or part of our business. As part of that sale or transfer, we may disclose information we have collected and stored, including customer information, to anyone involved in that sale or transfer.

7.5. There may be times where we may share information when it does not directly identify you. For example, we may share anonymous, aggregated statistics about your use of our Website. We may, also, combine information about you with other customers and share or process in any other way this information in a way that does not identify you.

7.6. We have the right to use or share information as necessary to comply with any law, regulation or legal request, to protect our Website, to bring or defend legal claims, to protect the rights, interests, safety and security of our company, our Customers and Guests and our employees or users of the Website or in connection with investigating fraud or other crime, or violations of our policies.

8.    YOUR RIGHTS

8.1. Under the Data Protection Legislation you have the right to request access to the personal data we hold about you, such as to be informed, upon your request, whether your personal data are subject to processing and to receive further information on such processing, including information on eventual transfers of personal data outside the EU and the appropriate or suitable safeguards we have in place for such transfer. As long as the requirements under the Data Protection Legislation are met, you may also request the correction of any inaccurate information we hold about you or the deletion of the same or restriction of the processing concerning your personal data. If such a request places us or our affiliates in breach of our obligations under any applicable laws, regulations or codes of practice, then we may not be able to comply with your request but you may still be able to request that we block the use of your personal information for further processing. You may also have a right to data portability to another data controller under certain circumstances and as long as this would be technically and economically feasible. You may withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal. You may also launch a complaint with the competent Data Protection Supervisory Authority (www.dataprotection.gov.cy), if you feel that the processing contravenes the law.

8.2. If you would like to exercise your above mentioned rights or if you have any questions or concerns about our Privacy Policy please contact our Data Protection Officer in: [email protected]

9.    LINKS TO OTHER WEBSITES AND SOCIAL MEDIA

9.1. Our Website may, from time to time, contain links to and from the websites of our partner networks, and advertisers or any third party. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or any processing taking place by such third parties. Please check these policies, before you submit any personal data to these websites.

9.2. We may, also, have providers of other applications, tools, widgets and plug-ins on our online services, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organisations may use your information in line with their own policies, which we recommend that you read carefully.

10.    CHANGES TO OUR PRIVACY POLICY

10.1. This Privacy Policy is in effect as of the date noted at the bottom of this document. We may change this Privacy Policy from time to time. If we do, we will post the revised version here and change the “Last Updated Version” date (the date it applies from) at the end of this document. You should check this link regularly for the most up-to-date version of our Privacy Policy, particularly before making a reservation in any of our properties.

10.2. Any changes we may make to our Privacy Policy in the future will be posted on this page and where appropriate, notified to you by e-mail.

11.    HOW TO CONTACT US

In order to protect confidentiality and your personal data we may request that you provide us with identification credentials, before responding to your request. Particularly, if we have reasonable doubts about your true identity, we may ask to provide us with a copy of your police identification or passport or information relating to your stay in our properties, such as registration number, booking confirmation, check in and check out dates or other useful information. If such information is not provided, we may refuse to provide an answer to your request.

If you want to contact us about this Privacy Policy as well as for the exercise of your rights, you can reach us at [email protected] .

Last Updated Version: 01 October 2022