Privacy Policy To Guests

Website Privacy Notice to Guests

  1. Introduction

Welcome to the Privacy Notice for Guests (referred to as the "Notice") presented by "Wavemaker Hospitality Limited," situated at Stymfalidon Str., Wavemaker, Germasogeia River, 4046, Limassol, Cyprus (referred to as "Wavemaker," "we," or "us"). At Wavemaker, we prioritize the protection of your privacy and the security of your personally identifiable information, known as "Personal Data," whether you are in the process of making a reservation or enjoying a stay at one of our managed hotels (referred to as "Guest" or "you"). Our mission is to consistently surpass the expectations of our Guests by delivering outstanding products and services to both business and leisure travelers.

We are dedicated to designing an experience that is tailored to our Guests' needs while handling the Personal Data entrusted to us responsibly.

Wavemaker is unwavering in its commitment to respect your privacy and uphold the principles outlined in applicable data protection and privacy laws.

This Notice is designed to provide information in line with Article 13 of the General Data Protection Regulation (Regulation EU 2016/679 - GDPR) regarding the processing of your Personal Data as a Guest by Wavemaker, acting as the Data Controller. For a more in-depth understanding of how we manage Personal Data, we encourage you to explore our Privacy Policy, accessible on our website: www.wavemakerhospitality.com. We kindly invite you to take the time to review its contents.Top of Form

  1. What Personal Data we collect in relation to you

Respecting your privacy is a top priority for us, and we strive to maintain transparency regarding the collection of Personal Data to enhance your overall experience, whether you are making a reservation or staying at one of the hotels under our management, referred to as a "Hotel."While we primarily collect your Personal Data directly from you, we may, on occasion, gather information from other sources to ensure accuracy and completeness.

It's important to note that we generally do not collect Special Categories of personal data unless it is provided voluntarily by you or mandated by applicable laws or regulations. In instances where you share health data with us, we aim to use this information to tailor our services to better meet your specific needs and accommodate any special requests, whether for you or your companions.

The types of Personal Data we routinely collect encompass a range of details, including but not limited to:

During your reservation & during your stay:

When you make a reservation with us, we collect various types of Personal Data to ensure a personalized and seamless experience. This includes, but is not limited to:

  • Name, middle names and surname
  • Date of birth
  • Gender
  • Home and/or professional, and email addresses
  • Telephone and fax numbers
  • Nationality
  • Country of residence
  • ID or Passport numbers
  • Tax Identification Number
  • Marital status
  • Occupation
  • Purpose of visit (e.g., vacation, business, conference)
  • Lifestyle information such as room preferences and leisure activities
  • Dietary Requirements
  • Other details necessary to fulfill special occasions and requests (e.g., health conditions requiring special room accommodations, religious and dietary preferences)

This information is required for us to meet your specific needs, preferences, and any special requests you may have during your stay with us. Rest assured, we handle this data with the utmost care and in compliance with applicable privacy laws and regulations.

To comply with legal requirements as well as to fulfill legitimate purposes, the hotel will request from guests to provide ID or passport details upon their arrival. This is essential for ensuring the safety and security of guests and adhering to local regulations and facilitating necessary record-keeping procedures. Your cooperation in providing accurate identification and passport information is greatly appreciated and helps us maintain a safe and welcoming environment for all guests.

Top of Form

Additional information may encompass:

  • Data related to your Loyalty programme of Wavemaker
  • Social preferences, interests, leisure, and other activities
  • Food and beverage preferences
  • Billing information
  • Booking and payment details (including guest's IBAN) from the online system
  • Complaints and remarks
  • Details of illness/accident, past medical history, and the name of doctors in case of illness or injury during your stay
  • Details of claims, the name of the lawyer, and any associated remarks
  • Reviews/feedback/surveys regarding our services, including posted photos and quotes

Furthermore, you may be requested to provide Personal Data about other individuals, such as your companions. By supplying this information, you confirm that you have obtained the necessary permissions, and these individuals are aware of, understand, and accept our Privacy Policy and this Notice.

We may obtain Personal Data through various additional channels, including:

  • Reservations Made Directly at the Hotel or through Business Partners:

If you make a reservation directly at the Hotel, or through a business partner, travel agent, or tour operator, we may receive your Personal Data from these sources in order to appropriately book your reservation.

  • Insurance companies, travel agents, tour operators, medical professionals:

Your insurance company, their agents, and doctors, as well as your companions, tour operators or travel agents may disclose or share Personal Data and relevant medical or health information, including special categories of Personal Data, with us in the event of an accident, injury, emergency, or special dietary/ other request on your behalf. This ensures we can provide appropriate assistance and support during such circumstances.

  1. Purposes for collection and processing

Wavemaker is committed to collecting and processing your Personal Data for a range of purposes, ensuring a seamless and personalized experience:

Performing contractual obligations and transactions:

We facilitate reservations and manage your stay at our hotels, ensuring the delivery of requested products and services, including the fulfillment of any special requests.

Management Contract Compliance:

Our adherence to the management contract with the Hotel owners is a priority, ensuring all obligations are met.

Enhancing Guest Experience:

We strive to understand your interests and preferences, offering a unique and tailored experience during your stay.

Legal Compliance:

Meeting legal obligations and regulations, such as those mandated by tax authorities or law enforcement, is a crucial aspect of our data processing.

Handling Guest Interactions:

Addressing remarks, complaints, incidents, illnesses, accidents, and claims during your stay or post-departure is part of our commitment to guest satisfaction.

Product and Service Improvement:

Our ongoing effort involves managing and enhancing products, services, programs, communications, advertising campaigns, promotional activities, and day-to-day operations to elevate your hotel experience.

Marketing and Communications:

Engaging with you for marketing purposes, including communication about Wavemaker 's offerings, along with those of our strategic marketing partners and trusted third parties.

Contact and Interaction:

Establishing contact or interaction with you, conducting financial data evaluation, statistical analysis based on demographics, reservation and stay data, performing market research, and facilitating your registration in our loyalty membership program are integral parts of our data processing practices.Top of Form

  1. Legal basis for processing your Personal Data

We are dedicated to collecting and processing your Personal Data in strict adherence to applicable data protection laws. Our commitment is founded on the recognition that the processing of your Personal Data must align with specific conditions outlined below:

Consent: We will process your Personal Data if you have provided explicit consent for one or more specific purposes, such as for marketing initiatives and subscribing to receive newsletters.

Contractual Obligation: Processing may occur when it is essential for the performance of a contract with you or is required to take steps at your request before entering a contract. This includes actions like making reservations and delivering the products and services you request.

Legal Obligation: Processing may be necessary to comply with a legal obligation to which Wavemaker is subject. This might involve sharing your Personal Data with regulatory authorities as mandated by law.

Vital Interests: Processing may be required to protect your vital interests or those of another natural person, particularly in emergency situations, incidents, illnesses, or accidents.

Public Interest or Official Authority: Processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Wavemaker.

Legitimate Interests: Processing may be carried out for the purposes of the legitimate interests pursued by Wavemaker or by a third party. However, this is subject to your interests or fundamental rights and freedoms, which take precedence. An example is when it is necessary to protect our property or establish, exercise, or defend legal claims.

This comprehensive framework ensures that your Personal Data is handled with diligence and in full respect of your rights and privacy. If you have any questions or concerns about the processing of your data, please do not hesitate to contact us.

  1. Consent

As part of our commitment to keeping you well-informed, we may reach out through various channels such as: mail, email, telephone, social media, or other means to share news, events, activities, new products, and services from Wavemaker, or upcoming special offers, events, enhancements, and other pertinent information that might be of interest to you. Additionally, you may receive communications from carefully selected third parties. Rest assured, we always provide you with the option to decline any or all these communications. You can easily manage your preferences by following the directions included in our emails or other communications, or by reaching out to Wavemaker directly.

For our valued Wavemaker loyalty members, the ability to tailor your communication choices is available by updating your email preferences in your individual membership profile.

Our goal is to ensure all our Guests are equally informed and empowered to make the most of the benefits offered by Wavemaker and its strategic marketing partners.

In adhering to privacy standards, Wavemaker incorporates provisions for:

  • Determining the disclosures made to obtain valid consent.
  • Presenting consent requests in a manner that is distinct from other matters, in an easily understandable form, and using clear and plain language.
  • Ensuring that your consent is given freely, without being tied to any contractual terms that necessitate the processing of unnecessary Personal Data. This ensures that your agreement to data processing stands independently, not contingent on any contractual obligations that go beyond what is essential for the performance of the contract.
  • Documenting the date, method, and content of disclosures made, along with the validity, scope, and voluntariness of consents given.
  • Providing a straightforward method for data subjects to withdraw their consent at any time.
  1. Who might we share your Personal Data with?

We adhere to strict security protocols governing the processing of Personal Data and regulate third-party access to our records and files. Your Personal Data is shared only when essential for conducting our business or fulfilling obligations mandated by law. Our commitment to robust security measures ensures the confidentiality and integrity of your information.

We may share your information with the following entities:

All Hotels Managed by Wavemaker:

Information may be shared with all hotels managed by Wavemaker for purposes related to the provision of our services/products, business management, and for hotels to fulfil accommodation contracts with guests. This includes exercising their rights, meeting obligations arising from guest stays, and compliance with legal obligations imposed by government authorities.

Third-Party Partners:

Your information may be shared with our third-party partners, service providers, tour operators, suppliers, bankers, and retail partners. This sharing is necessary for the operation and provision of the products and services you have requested.

Sharing may occur with tour operators, insurance companies, insurance brokers, doctors, and lawyers for handling accidents, illnesses, and claims.

Professional Advisors and Auditors:

Information may be disclosed to professional advisors and auditors for seeking professional advice or meeting audit responsibilities.

Any Third Party for Legal and Regulatory Obligations:

Your information may be shared with any third party to meet our legal and regulatory obligations. This includes statutory or regulatory reporting, as well as the detection or prevention of unlawful acts, and cooperation with tax, regulatory, or other public authorities.

When we share Personal Data with other organizations or third parties, we ensure that they handle and safeguard the data responsibly. These entities are authorized to retain the data shared with them, and they are explicitly prohibited from using your Personal Data for purposes other than those agreed upon. The sharing or transfer of Personal Data is safeguarded by robust measures, such as appropriate contractual clauses, data processing agreements, intra-group disclosures of Personal Data, and other relevant safeguards.

In instances where the recipient operates outside the European Economic Area (EEA), additional precautions are implemented to guarantee the continued adequate protection of your Personal Data. This includes the incorporation of appropriate contract clauses, such as the standard contract clauses approved by the European Commission, to ensure that your Personal Data remains adequately protected even in jurisdictions outside the EEA.

  1. Security Safeguards

Wavemaker places a paramount emphasis on information security and maintains a continual process of reviewing and enhancing our technical, physical, and security measures and procedures. To protect your personally identifiable information from loss, misuse, and alteration while under our control, all Wavemaker -owned websites and servers are equipped with strong security measures.

While acknowledging that absolute "guaranteed security" is a challenging concept both on and off the Internet, we employ a combination of procedural and technical safeguards. These include strict password controls, the implementation of "firewalls," and the use of advanced encryption technologies, Palo Alto Firewalls (NGFWs), Prisma Access which will allow network traffic protection and secure hosts, containers, and functions across the application development lifecycle and software deployment to detect and respond to any potential threats.

Our commitment to adopting these measures is geared towards ensuring the utmost security for your information.

  1. Data retention period

Wavemaker is dedicated to retaining Personal Data only for the duration necessary to fulfil the intended purposes for which the data was obtained, and to meet any applicable legal and regulatory requirements. Once this period expires, we are committed to promptly erasing the Personal Data. However, in instances where there is a legitimate need for the continued use of Personal Data beyond this timeframe, such as for statistical, analytical, historical, or legitimate business purposes, we will implement appropriate measures to anonymize the data, ensuring that individual identities remain protected. This commitment reflects our ongoing dedication to responsible and transparent data management practices.

  1. Your rights under EU data protection laws

This section comprehensively outlines your rights as per Regulation (EU) 2016/679 and provides clear and concise instructions on the practical steps to exercise these rights.

9.1 Your Right of Access or Rectification

Wavemaker is committed to ensuring the accuracy and completeness of the Personal Data collected directly from you. To facilitate your rights, including obtaining a copy of your Personal Data or rectifying any information, we've streamlined the process through our user-friendly Data Subject Request Form.

9.2 Your Right to Erasure

You have the right to request the deletion or removal of any Personal Data held about you. In the event of such a request, any third parties processing or utilizing that data are also obligated to comply. It's important to note that an erasure request may only be refused if a specific exemption is applicable.

To exercise your right of access or rectification, please utilize the Data Subject Request Form. This form serves as a formal means to submit your requests and ensures that we process them promptly and in accordance with data protection regulations. If you have any questions or require assistance in this process, feel free to reach out to us. Your privacy and control over your Personal Data are of utmost importance to us.

Wavemaker is bound to erase Personal Data under the following circumstances:

  • Data No Longer Necessary: If the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • Withdrawal of Consent: In the event you withdraw your consent, and there is no alternative legal basis for processing.
  • Objection to Legitimate Interests: If you object to the processing based on Wavemaker 's legitimate interests, and there are no other compelling legitimate grounds for the processing.
  • Unlawful Processing: When the Personal Data has been unlawfully processed.
  • In cases where actual deletion of Personal Data is not feasible, Wavemaker commits to the following measures:
  • Non-Usage: Wavemaker will refrain from using Personal Data to inform any decision regarding any individual or in any manner that affects the individual.
  • Restricted Access: Wavemaker will not grant any other organization access to Personal Data.
  • Data Protection: Appropriate technical and organizational security measures will be implemented to safeguard the Personal Data.
  • Permanent Deletion Commitment: Wavemaker pledges to permanently delete the information as soon as it becomes possible to do so.

This ensures a responsible and secure approach to the handling of Personal Data, aligning with privacy principles and legal obligations. If you have any inquiries or require further clarification, please do not hesitate to reach out to us. Your privacy is of utmost importance to Wavemaker.

9.3 Your Right to Restrict Processing

You have the entitlement to restrain Wavemaker from processing your Personal Data, a right that can be exercised seamlessly through the submission of a request via our designated Data Subject Request Form. This form has been designed to ensure a straightforward and efficient process, empowering you to have control over the processing of your information. We are committed to facilitating a transparent and user-friendly experience as you manage the usage of your Personal Data in alignment with your preferences. Please contact us, should you need access to this form.

9.4 Your Right to Object

You have the inherent right to object to the processing of your Personal Data at any time. This right can be exercised seamlessly using the Data Subject Request Form, providing you with a straightforward means to articulate your preferences regarding the handling of your information.

9.5 Your Right to Data Portability

Upon your request and upon meeting the stipulated requirements in Article 20 of the General Data Protection Regulation (GDPR), you have the right to receive a copy of your Personal Data in a structured format. This request can be facilitated using the Data Subject Request Form, ensuring that the process is conducted in compliance with the GDPR provisions.

Should you wish to exercise this right or if you have any questions regarding the process, feel free to contact us. We are committed to providing you with transparency and access to your Personal Data in accordance with applicable data protection laws.

9.6 How to make a complaint

If you find that the processing of your Personal Data has not met your satisfaction, we encourage you to express your concerns by submitting a complaint, request, or objection. Please use the contact details provided in the "Contact Us" section below.

For security purposes, we may need to verify your identity before taking any action on your request or complaint. In cases where you are representing another data subject, we may request additional information to ensure proper authorization.

Should our response to your complaint or request not meet your expectations, you have the right to escalate the matter by filing a complaint with the relevant data protection authority.

Your feedback is valuable, and we are dedicated to addressing any issues promptly and transparently.

  1. Contact us

If you would like to update your information, modify your communication preferences and submit any request or objection or if you do not want to receive marketing communications from Wavemaker in the future, you can contact us:

  • by e-mail: privacy@wavemakerhospitality.com
  • by telephone: +357 25 883 516
  • by fax: +357 25 883 556
  • by writing to us at: Wavemaker Hospitality Limited , P.O. Box 52001, Potamos Yermasoyias, 4060 Limassol, Cyprus

Updates to the Privacy Notice

Wavemaker may modify this Privacy Notice as needed to accommodate changes in the regulatory environment, business requirements, or to meet the needs of our guests, properties, strategic marketing partners, and service providers. We will consistently post updated versions on our website, complete with date stamps, ensuring that you stay informed about the most recent changes to our Privacy Notice.

Wavemaker reserves the right to periodically revise this Privacy Notice to align with evolving regulatory requirements, business considerations, and the specific requirements of our guests, properties, strategic marketing partners, and service providers. Any revised versions will be promptly shared on our website and clearly date-stamped, allowing you to stay updated on the latest modifications to our Privacy Notice.

Last update: 1.11.2024

Key terms

"Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Special categories of personal data" means the Personal Data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation;

"processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure, alignment, restriction, erasure;

"consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;

"Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;

"Data Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller; "European Economic Area ("EEA")": EU Member States plus Norway, Iceland and Lichtenstein.

a woman reading a book on a beach
REWARDING EVERY STAY
  • Discount for direct bookings
  • Earn points for every euro spent
  • Elevate your stay with high-value perks
  • Earn free nights