Privacy Policy
Introduction
Seafront Protaras values your personal and confidential information. We are committed to protecting this information with adequate protection and use it only for the purposes stipulated in this Privacy Policy. This Privacy Policy will help you understand what personal data is collected and processed, how its protected, how we use it and what rights are made available to you regarding your personal data. This Privacy Policy (‘Policy’) explains how (collectively, with its affiliates, ‘Sea Front Protaras’, ‘we’, ‘us’, ‘our’) a Company incorporated under the laws of the Republic of Cyprus. Being a Data Controller, collects and processes your personal information, i.e. information collected online and offline, in accordance with the General Data Protection Regulation (2016/679) and the applicable Data Protection Laws of the Republic of Cyprus (‘the Law’). When we reference Seafront Protaras, we also mean the websites managed by Seafront Protaras Ltd, such as https://seafrontprotaras.com/, www.facebook.com/seafrontprotaras and https://www.instagram.com/seafrontprotaras/ Our Policy does not apply to any services or third-parties that have a separate privacy policy and are not incorporated in this Policy and it does not apply to third-party products or services, all of which are regulated by their own privacy policies, even if our services contain them, utilize them, or contain links to them.Definitions
‘Data Controller’ means the person or organization which determines when, why and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law; ‘Data Protection Officer’ means the person who is formally appointed with the purpose of ensuring that we are aware of and comply with our data protection responsibilities and obligations according to the Law; ‘Data Subject’ means a living, identified or identifiable natural person about whom we hold Personal Data; ‘Personal data’ means data about the Data Subject who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access; ‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction; ‘Special Categories of Personal Data’ means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data; For the purposes of this Policy, Personal Data includes Special Categories of Personal Data. ‘Third Party’ means the recipient of your Personal Data as defined below. The kind of information we collect about you The purpose of the Processing of your Personal Data is largely based on each of our services that you have requested, used or intend to use:- Contact details (e.g. name, surname, email address, physical address, phone number);
- Personal Correspondence (e.g. emails that you send to us, information posted publicly on our social media channels);
- Payment information (e.g. payment card information, IBAN, PayPal account, bank account);
- Employee Information (e.g. social insurance number, bank account)
- Website information (e.g. geographical coordinates, IP address)
- Educational background (e.g. university, work experience etc.)
- Any additional information that can be necessary for the provision of particular services (e.g. food allergies, Tax Identification Number, Driving License etc.)
On what legal basis do we process your Personal Data
As Data Controllers we may collect and process your Personal Data for any or all of the following purposes:- Contractual Obligations: Are necessary to enter into a contract and/or to perform the contract in order to fulfill the services that you have requested (e.g. Hiring of Yachts, Hiring Babysitters, Hiring a Chef, Booking Excursions and Tickets, Car Rental, Taxi Services, Hiring Charter Planes, Reservations etc.);
- Consent: You have given consent to the processing of your Personal Data for a specific purpose (e.g. Receiving newsletters and/or promotional emails etc.)
- Legitimate Interests: Are necessary for the purposes of our legitimate interests or of a third party (e.g. legal claims), except where these interests are overridden by your interests or fundamental rights and freedoms, especially in cases where the Data Subject is a child;
- Legal Obligations: Is required for complying with the Law and/or any applicable law (e.g. the obligation of keeping accounting records).
Who Receives your Personal Data
Your Personal Data are only accessible by the following Third Parties:- The employees with a need for access to fulfill the purposes set out above;
- Any of our sub-contractors and/or service providers, including but not limited to IT service providers, Credit/Debit Card Processing Companies which process credit/debit card payments, Yacht companies, Chefs, Taxi Companies, Charter Companies, Excursion and Tour Operators;
- Marketing service providers (e.g. to send e-mails – if you consent/opt-in to receive newsletters and/or promotional emails, consent to participate in our contests and other such promotional offers etc.);
Transferring your Personal Data outside European Union (‘EU’) and European Economic Area (‘EEA’)
We generally do not transfer your Personal Data to countries outside of EU and EEA (‘Third Countries’), except where required by the purposes set out in this Policy. If we need to transfer any Personal Data to Third Countries, we always ensure that the transfer meets the relevant requirements of the Law and we take all steps required to ensure that your Personal Data continues to receive our standards of protection.When can Personal Data be transferred outside of the EU and the EEA
- If the European Commission has made a finding that the Third Country, territory or sectors within the Third Country ensures an adequate level of privacy protection (Adequacy Decision);
- The Third Party has signed the standard data protection clauses (i.e. contract) adopted by the European Commission and agreed to apply the privacy standards of protection of the European Union;
- The Data Subject has provided consent to the transfer.