Last Modified: 2024


This privacy policy (“Policy”) applies to NESTOR HOTEL, and its subsidiaries (hereinafter “we”, “us”, or “our”).

We respect your privacy and are committed to protecting it through our compliance with the General Data Protection Regulation

(EU) 2016/679 (hereinafter referred to as the “Regulation”) and relevant local data protection laws and regulations. Please read

this privacy policy carefully to understand our policies and practices regarding your personal data and how we will treat it. If you

have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact


We have developed this Policy to explain our practices regarding the personal data we collect from you if you register online with

us, access and/or use our website, through written or verbal communications with us, when you visit our property, or from other


Personal Data We Collect

“Personal Data” are data that identify you as an individual or relate to an identifiable individual. Throughout your stay, we collect

Personal Data in accordance with the law, such as:

• Name

• Gender

• Home and/or work address

• Telephone number

• Email address

• Credit and debit card number or other payment data

• Language preference

• Date and place of birth

• Nationality, passport, visa or other government-issued identification data

• Important dates, such as birthdays, anniversaries and special occasions

• Membership or loyalty program data

• Employer details if you are an employ of a corporate account or a business partner

• Travel itinerary including arrival and departure days, tour group or activity data

• Prior guest stays or interactions, goods and services purchased, special service and amenity requests

• Telephone numbers dialed, faxes sent/received or receipt of telephone messages when connected to the telephone services

we provide to guests during their stay

• Information about vehicles you may bring to our property

• Social media account ID, profile photo and other data publicly available, or data made available by linking your social media

and loyalty accounts / applications

• Your reviews and opinions about our services

• Data about family members and companions, such as names and ages of children

• Images and video data via security cameras located in public areas, such as entrances, hallways and lobbies, in our property

• Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and

beverage choices, services and amenities of which you advise us or which we learn about during your visit

• Any other type of information which you may choose to provide to us or we may obtain about you through third parties with

whom we do business (e.g., tour operators, travel agents or similar providers)

In case you will not provide your consent to our Hotel, to maintain your personal data, on the registration form upon arrival

procedure, your personal data will be kept with the Hotel’s registry and/or electronic filing system for lawful use for a period

of 90 (ninety) days after your checkout date.

If you submit any Personal Data about other people to us or our Service Providers (e.g., if you make a reservation for another

individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy

Policy and/or the Registration Card which is provided at reception desks of our hotel and/or property.

How We Collect Personal Data

ISO 9001 ISO 220008, 1st October Street, P.O.Box 30265, CY-5342 Ayia Napa Cyprus

Tel.+357 23722880 Fax. +357 23722881, Email:

We and our service providers and/or agents and/or affiliates may collect Personal data, in a variety of ways, whether these are

provided in writing or through verbal communication at every guest interaction and in providing any part of our services such as

the following:

• Online Services

We collect Personal Data when you make a reservation, purchase goods and services from our websites or Applications,

communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a

survey, contest or promotional offer.

• Property Visits

We collect Personal Data when you visit our property or use on-property services and outlets, such as restaurants, concierge

service, health club, child care services, and spa. We also collect Personal Data when you attend promotional events that we host

or in which we participate, or when you provide your Personal Data to facilitate an event.

• Customer Care Centers

We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat

services or contact customer service.

• Business Partners

We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your

experiences at our property or that we believe will be of interest to you. Examples of Business Partners include travel and tour

operator partners, travel booking platforms, on-property outlets and rental car providers.

• Physical & Mobile Location-Based Services

We collect Personal Data if you download one of our Apps or choose to participate in certain programs. For example, we may

collect the precise physical location of your device by using satellite, cell phone tower, WiFi signals, or other technologies. We

will collect this data if you opt in through the App or other program (either during your initial login or later) to receive the special

offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the App or other program will

continue to collect location data when you are in or near a participating property until you log off or close the application (the

App or other program will collect this data if it is running in the background) or if you use your phones or other device’s setting

to disable location capabilities for the NESTOR HOTEL Apps or other program.

• Other Sources

We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties. This

may include information from your travel agent, airline, credit card, and other partners, and from social media platforms

(including from people with whom you are friends or otherwise connected). For example, if you elect to login to, connect with or

link to, the Online Services using your social media account, certain Personal data from your social media account will be shared

with us, which may include Personal data that is part of your profile or your friends’ profiles.

In the event that we receive information from third parties, as opposed to directly from you, provided that they are lawfully

entitled to share your data with us, we will use and share this information for the purposes described in this Policy. Also, in the

event that your Personal data is collected in this way, then we will bring to your attention the information

included in this Policy along with the source from which the data originate, and if applicable, whether it came from publicly

accessible sources. This information shall be provided to you within a reasonable period after obtaining the personal data, but at

the latest within 1 month, except where the personal data are to be used for communication with you, in which case we will

provide you with the above information at the latest at the time of the first communication with you. However, if the above

information is envisaged to be disclosed to another recipient, then the above information shall be disclosed the latest when the

personal data are first disclosed to the new recipient, despite the fact that none of the previous deadlines has passed. Of course,

no such information would need to be provided: • where you already have this information; • where the provision of this

information, for some reason, proves impossible or would involve disproportionate effort to obtain; • obtaining or disclosure is

expressly laid down by Member State to which we are subject, and which provide measures to protect your legitimate interest;,

or • in the event where the Personal data must remain confidential subject to an obligation of professional secrecy.

Collection of Other Data

“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent

other Data reveal your specific identity or relate to an individual, we will treat other Data as Personal Data. Other Data include:

• Browser and device data

• App usage data

• Data collected through cookies, pixel tags and other technologies

ISO 9001 ISO 220008, 1st October Street, P.O.Box 30265, CY-5342 Ayia Napa Cyprus

Tel.+357 23722880 Fax. +357 23722881, Email:

• Demographic data and other data provided by you

• Aggregated data

How We Collect Other Data

We and our third-party service providers may collect Other Data in a variety of ways including:

Your browser or device

We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC)

address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer

and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you

are using. We use this data to ensure that the Online Services function properly. Your use of the Apps

We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device

accesses our servers and what data and files have been downloaded to the App based on your device number.


We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are

using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL,

language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display

data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize

your computer to assist your use of the Online Services. We also gather statistical data about use of the Online Services to

continually improve design and functionality, understand how they are used and assist us with resolving questions.

Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are

using the Online Services or to send marketing emails. We also use cookies to track responses to online advertisements and

marketing emails.

You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences.

If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example,

we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive

advertising or other offers from us that are relevant to your interests and needs. You can find good and simple instructions on

how to manage Cookies on the different types of web browsers at

Pixel Tags and other similar technologies

We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among

other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing

campaigns and compile statistics about usage of the Online Services.

Your IP Address

We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service

Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online

Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose

server problems and administer the Online Services. We also may derive your approximate location from your IP address.

Aggregated Data

We may aggregate data that we collected and this aggregated data will not personally identify you or any other user.

Use of Personal Data and other Data

We may use Personal data and other data for our legitimate business interests in a variety of ways including:

• To provide the services you request from us, such as to facilitate reservations, send confirmations or pre-arrival messages, to

assist you with meetings, events or celebrations, and provide you with other information about the area of the hotel and/or

property at which you are scheduled to visit

• To complete and fulfil your reservation and stay i.e., to process your payment, ensure that your room is available, and provide

you with related customer service

• To send you administrative information, direct marketing communications, newsletters, promotional and special offers,

periodic customer satisfaction, market research or quality assurance surveys, and in order to respond to your requests and

messages. This may be done in accordance to any communication preferences you have expressed. Such information may be

provided through e-mail, postal mail, online advertising, social media, telephone, text messages, push notifications, in-app

messaging, and other means including on –property messaging such as in-room television

ISO 9001 ISO 220008, 1st October Street, P.O.Box 30265, CY-5342 Ayia Napa Cyprus

Tel.+357 23722880 Fax. +357 23722881, Email:

• To personalize the services, you request and your experience when you stay in one of our hotels and/or property

• To offer you the expected level of hospitality in-room and throughout our property

• To allow you to participate in contests and other promotions and to administer these activities. Some of these activities have

additional rules, which could contain additional information about how we use and disclose your Personal data. We suggest that

you read any such rules carefully

• For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including through the

use of closed-circuit television, card keys, and other security systems), developing new products, enhancing, improving or

modifying our Services to ensure that our site, products, and services are of interest to you, identifying usage trends,

determining the effectiveness of our promotional campaigns and operating and expanding our business activities

• To generate visit statistics of our website

• To generate statistics in relation to the types and volumes of guests visiting our hotel and/or property during the year

• To improve and personalize of our services to you during future stays through the use of information that you provide in

relation to your preferences and experiences. For this purpose, understand that the creation of a profile is necessary.

In the event that we decide to further process your Personal data for a purpose other than that for which the personal data were

obtained, we shall provide you prior to further

processing with information on that other purpose and with any relevant further information which the General

Data Protection Regulation requires.

Disclosure, Sharing and Transfer of Personal Data To uphold a uniform level of hospitality and provide you with the best possible

service in all our property and/or hotel, your Personal data may be shared with the below entities and/or people, which may

involve cross-border transfer of information to third parties in countries outside the European Economic Area:

• To authorized personnel at the applicable hotel and/or property in order to meet your reservation request. Upon your express

consent, we retain your Personal data including details of your stay, preferences, room/accommodation type and amenities used.

• To subsidiary and/or affiliate companies and/or business partners of NESTOR HOTEL for the purpose of meeting your

preferences and in order to offer personalized services in our property.

• To MailChimp which is a marketing platform of The Rocket Science Group LLC used for the purposes of direct marketing and

email campaigns. MailChimp is part of the Privacy Shield framework and has thus been recognized by the European Commission

as offering an adequate level of data protection. Despite the agreements which are in place between NESTOR HOTEL and

MailChimp ensure that the processing of your Personal data is in accordance with the General Data Protection Regulation.

• To our third-party service providers, in order to offer products, services, or offers at our property and for our operation and

improvement. For example, your Personal data may be transferred to service providers in the context of the provision of services

such as rental of cars, spa and restaurants within our hotel, website hosting, data analysis, surveys, payment processing, order

fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing and other

services. Generally, our service providers are contractually obligated to protect your personal data and may not otherwise use or

share your personal data, except as may be required by law.

• To Authorized Licensees: We may disclose your Personal data to an Authorized Licensee in connection with the Services,

including with respect to a reservation you book through us, in connection with offerings of Travel Related Services, or to enable

an Authorized Licensee to market and operate the business that it licenses.

• To sponsors of Contests and other Promotions.

• To your friends associated with your social media account, to other website users and to your social media account provider, in

connection with your social sharing activity, such as if you connect your social media account to your Online Services account or

log-into your Online Services account from your social media account. By connecting your Online Services account and your

social media account, you authorize us to share information with your social media account provider, and you understand that

the use of the information we share will be governed by the social media site’s privacy policy. If you do not want your Personal

data shared with other users or with your social media account provider, please do not connect your social media account with

your Online Services account and do not participate in social sharing on the Online Services.

In addition, when you elect to post information on message boards, chat, profile pages and blogs and other services to which

you are able to post information and materials (including, without limitation, our social media Pages) any such information you

post or disclose through these services will become public and may be available to other users and the general public. We urge

you to be very careful when deciding to disclose any information on the Online Services.

• In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of

our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may share your Personal

data to a third party for the purposes of the aforementioned event.

ISO 9001 ISO 220008, 1st October Street, P.O.Box 30265, CY-5342 Ayia Napa Cyprus

Tel.+357 23722880 Fax. +357 23722881, Email:

• If you visit any of our property as part of a group event or meeting, then personal data collected for meeting and event

planning may be shared with the organizers of those meetings and events, and, where appropriate, guests who organize or

participate in the meeting or event.

• Other circumstances in which the sharing of your Personal data may take place are in order to:

comply with applicable laws,

respond to governmental inquiries or requests from public authorities,

comply with valid legal process,

protect the rights, privacy, safety or property of NESTOR HOTEL, site visitors, guests, employees, those of any of our

affiliates or the public,

permit us to pursue available remedies or limit the damages that we may sustain,

enforce our websites’ terms and conditions, and

respond to an emergency

to allow us to pursue available remedies or limit the damages that we may sustain.

Use and Disclosure of Other Data

We may use and disclose Other Data for any purpose, except where we are required to do otherwise under applicable law. In

some instances, we may combine Other Data with Personal data (such as combining your name with your location). If we do, we

will treat the combined information as Personal data as long as it is combined.

• Third Party Services: This Privacy Policy does not address, and we are not responsible for, the privacy, information or other

practices of any third parties, including any third party operating any site or service to which the Services link, third party

payment services, or any third-party website that is the landing page of the high-speed Internet providers at our hotel. The

inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us or by our affiliates. We

have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal data.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other

organizations, such as Facebook, Apple, Google, Microsoft, LinkedIn or any other app developer, app provider, social media

platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any

Personal data you disclose to other organizations through or in connection with the Apps or our social media Pages.

• Third Party Advertisers: We may use third-party advertising companies to serve advertisements regarding goods and services

that may be of interest to you when you access and use the Online Services and other websites or online services, based on

information relating to your access to and use of the Online Services and other websites or online services. To do so, these

companies may place or recognize a unique cookie on your browser (including through use of pixel tags).

Special category of Personal data “Special Category of Personal data” amount to such information the processing of which

reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the

processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or

data concerning a natural person’s sex life or sexual orientation. We do not generally collect Special Category information unless

it is volunteered by you. We may use health data provided by you to meet your particular needs (for example, the provision of

disability access). Despite that, we ask that, unless there is a serious need for you or another guest, you do not send us, and you

do not disclose, any Special Category Personal data to us.

Minors We do not knowingly collect personal data from individuals who are under 18 years of age. As a parent or legal guardian,

please do not allow your children to submit personal data without your permission.

How We Store Your Personal data

The information that we collect about you, including Personal data, will be stored and processed in Cyprus and/or in remote

cases in the Countries in which we and the third parties mentioned above operate. If you are located in the European Union or

other regions with laws governing data collection and use that may differ from European data protection laws, please note that

in the course of providing you with the service you requested we may transfer Personal data to some of these countries and

jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction,

however we make every effort possible to verify and audit that the processor and sub processors provide the best level of

protection of personal data.

Retention of Personal data

We keep your Personal data for as long as needed to provide you with our respective services and in compliance with relevant

laws of Cyprus. The period for which we keep your Personal data that is necessary for compliance and legal enforcement

purposes varies and depends on the nature of our legal obligations and claims in the individual case. Personal data shall be

destroyed as early as practicable, from both our short-term system and our back-ups so that restoration and/or reconstruction of

ISO 9001 ISO 220008, 1st October Street, P.O.Box 30265, CY-5342 Ayia Napa Cyprus

Tel.+357 23722880 Fax. +357 23722881, Email:

the data is no longer possible. This also involves the secure destruction of any printed paper through methods such as cross

shredding or incinerating the paper documents. For further information regarding specific retention period please contact us at

Legal Bases for Collection, Use and Disclosure of Your Personal data

There are different legal bases that we rely on to collect, use and disclose your Personal data namely:

• Performance of contract: The use of your Personal data for purposes of providing the services, customer management and

functionality and security as described above is necessary to perform the services provided to you under our term and

conditions and any other contract that you have with us.

• Compliance with legal obligation: We are permitted to use your Personal data to the extent this is required to comply with a

legal obligation to which we are subject.

• Protection of your interests: When use of your data is necessary in order to protect your vital interests or those of other


• Consent: We will rely on your consent to use (i) your Personal data for marketing and advertising purposes; (ii) your Personal

data for other purposes when we ask for your consent separately from this privacy policy and for which the purpose of the

process does not relate to the services, we offer to you.

How We Protect the Security of Your Personal data

We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal data

from unauthorized access, disclosure, alteration or destruction. We also carry out checks to ensure that our affiliates and service

providers with whom we share personal data, have reasonable measures in place to provide an adequate level of data protection

and to maintain the confidentiality of your Personal data.

Our property is certified with the International Standards ISO 9001, ISO 22000 and have put in place controls in line with ISO

27001. Only authorized employees are permitted to access Personal data, and they may do so only for permitted business

functions. In addition we have trained our employees on how to handle, manage and process personal data, applied upgraded

technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection


For your protection, we may only implement requests with respect to the personal data associated with the particular email

address that you use to send us your request, and we

may need to verify your identity before implementing your request. We will try to comply with your request as soon as

reasonably practicable.

Users should also take care with how they handle and disclose their Personal data and should avoid sending Personal data

through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the


We will not contact you by mobile/text messaging or email to ask for your confidential personal data or payment card details. If

you receive this type of request, you should not respond to it. We will only ask for payment card details by telephone when you

are booking a reservation or promotional package. We also ask that you please notify us at

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your

account has been compromised), please immediately notify us in accordance with the “Contact Us” section below.

Choices about how we Collect, use and Disclose your Personal data

We strive to provide you with choices regarding the personal data you provide to us.

• You can choose not to provide us with certain Personal data, but that may result in you being unable to use certain services.

• When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or

advertising material about updates, improvements, special offers, or containing special distributions of content by us. If

consented yet later on you decide you no longer want to receive commercial or promotional emails or newsletters from us, you

will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to seven days

for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications,

such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving

them as these will be related directly to your relationship with us.

• If you provided Personal data, you may terminate your relationship with us at any time as per the provision of the between us

agreement or engagement. If you choose to do so, your Personal data will be deleted in accordance with our retention policy.

Your Rights Related to Your Personal data

Subject to the provisions of the General Data Protection Regulation, you have certain rights regarding the personal data we

collect, use or disclose and that is related to you, including the right

ISO 9001 ISO 220008, 1st October Street, P.O.Box 30265, CY-5342 Ayia Napa Cyprus

Tel.+357 23722880 Fax. +357 23722881, Email:

• to receive information on the personal data concerning we hold about you and how such Personal data is used (right to


• to rectify inaccurate Personal data concerning you (right to data rectification);

• to delete/erase your Personal data (right to erasure/deletion, “right to be forgotten”);

• to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transmit

those Personal data to another data controller (right to data portability)

• to object to the use of your Personal data where such use is based on our legitimate interests or on public interests (right to

object); and

• in some cases, to restrict our use of your Personal data (right to restriction of processing).

If we ask for your consent to use your Personal data, you can withdraw your consent at any time.

You may, at any time, send us an e-mail to to exercise your above rights in accordance with the applicable

legal requirements and limitations. If you are located in the European Economic Area, you have a right to lodge a complaint with

your local data protection authority.

Note that some requests to delete certain Personal data will require the deletion of your user account as the provision of user

accounts are inextricable linked to the use of certain Personal data (e.g., your e-mail address). Also note that it is possible that

we require additional information from you in order to verify your authorization to make the request and to honor your request.

Changes to Our Privacy Policy

We may modify or revise our privacy policy from time to time. Although we may attempt to notify you when major changes are

made to this privacy policy, you are expected to periodically review the most up-to-date version found at our website aware of any changes, as they are binding on you.

If we change anything in our privacy policy, the date of change will be reflected in the “last modified date”. You agree that you

will periodically review this privacy policy and refresh the page when doing so. You agree to note the date of the last revision to

our privacy policy. If the “last modified” date is unchanged from the last time you reviewed our privacy policy, then it is

unchanged. On the other hand, if the date has changed, then there have been changes, and you agree to re-review our privacy

policy, and you agree to the new ones. By continuing to use the Website and receive information subsequent to us making

available an amended version of our privacy policy in a way that you can easily take notice of it, you thereby consent to such

amendment. Enforcement; Cooperation

We regularly review our compliance with this privacy policy. Please feel free to direct any questions or concerns regarding this

privacy policy or our treatment of Personal data by contacting us through the Data Protection Officer at It

is our policy

to contact the complaining party regarding his or her concerns. We will cooperate with the appropriate regulatory authorities,

including local data protection authorities, to resolve any complaints regarding the collection, use and disclosure of Personal data

that cannot be resolved by an individual and us.

No Rights of Third Parties

This privacy policy does not create rights enforceable by third parties or require disclosure of any Personal data relating to users

of the Website.

No Error Free Performance

We do not guarantee error-free performance under this privacy policy. We will use reasonable efforts to comply with this privacy

policy and will take prompt corrective action when we learn of any failure to comply with our privacy policy. We shall not be

liable for any incidental, consequential or punitive damages relating to this privacy policy

Contact Us

If you have any questions about this privacy policy or you want to exercise any of your rights regarding your Personal data, please

contact us at:

You may also contact us at:

NESTOR HOTEL PO Box 30265, Ayia Napa– Cyprus

ISO 9001 ISO 220008, 1st October Street, P.O.Box 30265, CY-5342 Ayia Napa Cyprus

Tel.+357 23722880 Fax. +357 23722881, Email:

Tel.: 00357 23 722880, Fax: 00357 23 722881


Nicos Pharmakalides

Hotel Manager

ISO 9001 ISO 22000