Privacy Policy

Introduction

This privacy policy (“Policy”) applies to NESTOR HOTEL, and its subsidiaries (hereinafter “we”, “us”, or “our”).

We respect your privacy and are committed to protecting it through our compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”) and relevant local data protection laws and regulations.

Please read this privacy policy carefully to understand our policies and practices regarding your personal data and how we will treat it. If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

We have developed this Policy to explain our practices regarding the personal data we collect from you if you register online with us, access and/or use our website, through written or verbal communications with us, when you visit our property, or from other sources.

Personal Data We Collect

“Personal Data” are data that identify you as an individual or relate to an identifiable individual. Throughout your stay, we collect Personal Data in accordance with the law, such as:

  • Name
  • Gender
  • Home and/or work address
  • Telephone number
  • Email address
  • Credit and debit card number or other payment data
  • Language preference
  • Date and place of birth
  • Nationality, passport, visa or other government-issued identification data
  • Important dates (e.g., birthdays, anniversaries, special occasions)
  • Membership or loyalty program data
  • Employer details if you are an employee of a corporate account or business partner
  • Travel itinerary including arrival and departure days, tour group or activity data
  • Prior guest stays or interactions, goods and services purchased, special service and amenity requests
  • Telephone numbers dialed, faxes sent/received or receipt of messages when connected to our telephone services during your stay
  • Information about vehicles you may bring to our property
  • Social media account ID, profile photo, and other data publicly available, or data made available by linking your social media and loyalty accounts/applications
  • Your reviews and opinions about our services
  • Data about family members and companions, such as names and ages of children
  • Images and video data via security cameras located in public areas, such as entrances, hallways, and lobbies
  • Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, and other services or amenities
  • Any other information you may choose to provide to us or we may obtain about you through third parties with whom we do business (e.g., tour operators, travel agents, or similar providers)

If you do not provide consent to maintain your personal data upon arrival, your personal data will be kept for lawful use for a period of 90 (ninety) days after your checkout date.

If you submit any Personal Data about other people to us or our Service Providers (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and permit us to use the data in accordance with this Privacy Policy.

How We Collect Personal Data

We and our service providers, agents, and affiliates may collect Personal Data in a variety of ways, provided in writing or through verbal communication during any guest interaction and when providing our services, including:

Online Services

We collect Personal Data when you make a reservation, purchase goods and services from our websites or applications, communicate with us, connect via social media, sign up for newsletters, or participate in surveys, contests, or promotional offers.

Property Visits

We collect Personal Data when you visit our property or use on-property services and outlets (restaurants, concierge, health club, child care, spa, etc.). We also collect Personal Data when you attend promotional events or provide Personal Data to facilitate an event.

Customer Care Centers

We collect Personal Data when you make reservations over the phone, communicate by email, fax, online chat, or contact customer service.

Business Partners

We collect Personal Data from partner companies that provide you with goods, services, or offers related to your experiences with us — e.g., travel agencies, booking platforms, on-property outlets, and car rental providers.

Physical & Mobile Location-Based Services

We collect Personal Data if you download one of our Apps or participate in location-based programs. For example, we may collect the precise physical location of your device via satellite, Wi-Fi, or cell tower data if you opt in.

Other Sources

We collect Personal Data from public databases, marketing partners, third parties, social media, airlines, and travel agents. If data is collected from third parties, we will notify you within one month or at the first communication, unless doing so proves impossible or requires disproportionate effort.

Collection of Other Data

“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent that such data does identify you, we treat it as Personal Data.

Examples include:

  • Browser and device data
  • App usage data
  • Data collected through cookies, pixel tags, and similar technologies
  • Demographic data
  • Aggregated data

How We Collect Other Data

We and our third-party service providers may collect Other Data in several ways:

Browser or Device

We collect certain data automatically, such as your MAC address, computer type, operating system, screen resolution, device manufacturer and model, browser type/version, and language.

App Usage

We collect usage data, including date and time of access, files downloaded, and device number.

Cookies

Cookies store data directly on your device. They allow us to collect information about browser type, pages visited, time spent, etc. You can manage or disable cookies in your browser settings.

Pixel Tags

We use pixel tags (web beacons/clear GIFs) to track user behavior, measure marketing effectiveness, and compile statistics.

IP Address

We collect your IP address automatically when accessing our Online Services. It helps us diagnose issues, administer systems, and estimate your location.

Aggregated Data

We may aggregate collected data in a way that does not identify you personally.

Use of Personal Data and Other Data

We may use Personal and Other Data for legitimate business interests, including:

  • Providing requested services (reservations, confirmations, event assistance, etc.)
  • Completing and fulfilling reservations and stays
  • Sending administrative, promotional, and marketing communications
  • Personalizing services and experiences
  • Enabling participation in contests or promotions
  • Conducting data analysis, audits, and fraud prevention
  • Improving our products and services
  • Generating visit and guest statistics
  • Creating guest profiles to enhance future stays

If we process your Personal Data for a purpose other than that for which it was collected, we will inform you in advance.

Disclosure, Sharing and Transfer of Personal Data

To uphold a uniform level of hospitality, we may share your Personal Data with:

  • Authorized hotel personnel to meet reservation requests
  • Subsidiaries, affiliates, or business partners
  • MailChimp (The Rocket Science Group LLC) for marketing campaigns
  • Third-party service providers (IT, payment processing, car rentals, etc.)
  • Authorized Licensees in connection with services or travel offerings
  • Contest and promotion sponsors
  • Social media platforms, when you connect or share information publicly
  • Meeting and event organizers (if applicable)
  • Legal authorities, when required for compliance or protection
  • Third parties in the event of mergers, sales, or reorganizations

Use and Disclosure of Other Data

We may use and disclose Other Data for any purpose, except where law requires otherwise.
If combined with Personal Data, it will be treated as such.

Special Category of Personal Data

“Special Category” data includes racial or ethnic origin, political opinions, religious beliefs, health data, and similar.
We do not generally collect this data unless volunteered.
Please avoid sharing such data unless necessary.

Minors

We do not knowingly collect Personal Data from individuals under 18 years of age.
Parents or guardians should ensure minors do not submit personal data without permission.

How We Store Your Personal Data

Personal Data may be stored and processed in Cyprus and other countries where our partners operate.
We take all necessary measures to ensure adequate protection and security of your data.

Retention of Personal Data

We retain Personal Data only as long as necessary for service provision and legal compliance.
Data is securely destroyed when no longer needed.
For details, contact dpo@nestorhotel.com.

Legal Bases for Collection, Use, and Disclosure

We rely on several legal bases:

  • Performance of Contract – to fulfill our obligations to you.
  • Compliance with Legal Obligation – to meet regulatory requirements.
  • Protection of Vital Interests – to safeguard life or safety.
  • Consent – for marketing or other purposes requiring express permission.

How We Protect Your Personal Data

We implement strict physical, electronic, and procedural safeguards, including:

  • ISO 9001, ISO 22000, and ISO 27001 controls
  • Access restricted to authorized personnel
  • Employee data protection training
  • Technical and organizational measures under GDPR

We never ask for payment or confidential data via email or text.
If you suspect fraud or a security issue, contact dpo@nestorhotel.com immediately.

Choices About How We Collect, Use, and Disclose Personal Data

You have control over your Personal Data:

  • You can choose not to provide certain data (which may affect some services).
  • You can unsubscribe from marketing communications at any time.
  • Transactional or service-related emails may still be sent.
  • You may terminate your relationship, after which data will be deleted per policy.

Your Rights Related to Your Personal Data

Under GDPR, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erase your data (“Right to be Forgotten”)
  • Receive your data in portable format
  • Object to processing
  • Restrict processing
  • Withdraw consent

Contact dpo@nestorhotel.com to exercise your rights.

Changes to Our Privacy Policy

We may update this policy periodically.
Please review the latest version at www.nestorhotel.com.
The modification date (“Last Modified”) indicates the latest update.
Your continued use signifies acceptance of changes.

Enforcement and Cooperation

We review our compliance regularly.
For questions or complaints, contact our Data Protection Officer at dpo@nestorhotel.com.
We cooperate with relevant authorities to resolve issues promptly.

No Rights of Third Parties

This privacy policy does not create enforceable rights for third parties.

No Error-Free Performance

While we strive for compliance, we do not guarantee error-free performance.
We will promptly correct any failures discovered.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: info@nestorhotel.com.cy
Address: NESTOR HOTEL, P.O. Box 30265, Ayia Napa – Cyprus
Tel.: +357 23 722880
Fax: +357 23 722881