Date last updated: [February 11th, 2023]
Your privacy is important to us. It is Solaar Hospitality's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you,
including across our websites, solaar.cy, solaar.com.cy , and solaarhospitality.com
What personal data / information is collected?
At various times, (such as account creation, using the “contact us” form on our website or various social media channels (or other similar technologies), or when making a booking), we may collect information about you and/or the persons accompanying you, including the following:
- Contact details (for example, last name, first name, telephone number, email)
- Personal information (for example, date of birth, nationality)
- Information relating to your children (for example, number and age if cots are required)
- Your credit card number (for transaction and reservation purposes)
- Information contained on a form of identification (such as ID card, passport or driver license)
- Your arrival and departure dates
- Your questions/comments and any special requirements
- Technical and location data you generate as a result of using our website(s)
Information We Collect
Information we collect falls into one of two categories: 'voluntarily provided' information and 'automatically collected' information.
'Voluntarily provided' information refers to any information you knowingly and actively provide us when booking your stay, checking in, with other requests, or if you choose to participate in any of the following:
- Signing up for an account or our loyalty programs
- Participation in customer surveys (for example, the Guest Satisfaction Survey)
- Subscription to newsletters, in order to receive offers and promotions via email.
- Mentioning us on social media
'Automatically collected' information refers to any information automatically sent by your devices in the course of accessing and interacting with our website’s products and services:
- Transmission of information from third parties:
- Booking operators such as Booking.com
- Internet activities:
- Connection to Solaar websites (IP address, cookies in accordance with our Device Data)
- When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
- Other data collected includes:
- Device Type
- Operating System
- Geo-location data
Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
- Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
- Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
- Online forms (online reservation, questionnaires, Solaar pages on social networks, social networks login devices such as Facebook login, conversations with chatbot, etc.).
Why Personal Data Is Collected
The table below sets out why we process your data, the lawful basis for the processing and the associated retention period
||Lawful basis for processing including basis of legitimate interest
|Meeting our obligations to our customers.
Managing the reservation of apartments and accommodation requests, in particular the creation and storage of legal documents in compliance with accounting standards.
|Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interest in running our business and providing you with requested products and services.
||10 years from the booking in accordance with legal obligations.
|Managing your stay at the residences
Managing access to apartments
|Performance of a contract with you. Necessary for our legitimate interest in running our business and providing you with requested products and services.
||For the duration of your stay.
| Managing our relationship with customers before, during and after your stay:
Inputting details into the customer database
Segmentation analysis based on reservation history and customer travel preferences with a view to sending targeted communications, subject to the requirements of the EU ePrivacy directive (2002/58/EC as amended in 2009)
Predicting and anticipating future customer behaviors
Developing statistics, commercial scores and carrying out reporting of the same
Providing context data for our marketing tools. This happens when a customer visits a Group website or makes a reservation
Understanding and managing the special preferences of new or repeat customers
Sending customers newsletters, promotions, tourist, or service offers, offers from Solaar Hospitality or its commercial partners, or contacting you by telephone subject to the requirements of the EU ePrivacy directive (2002/58/EG as amended in 2009)
| Performance of our contract with you and for the management of your booking.
Necessary for our legitimate interests in promoting and improving our services.
Processing is based on your consent for direct marketing purposes.
|3 years from the last date on which you have interacted with us in any way.
|Improving our accommodation service by:
Personalizing your check-in, improving the quality of service and customer experience
Processing your personal data through our customer marketing program in order to carry out marketing operations and gain a better understanding of your requirements and wishes
Adapting our products and services to better meet your requirements
Customising the commercial offers and promotional messages we send you
Informing you of special offers and any new services created by Solaar Hospitality or one of its subsidiaries or commercial partners.
|Necessary for our legitimate interests in promoting our services, performing direct marketing activities (taking into account your commercial relationship with Solaar Hospitality Co.) and improving our services.
||3 years from the last date on which you have interacted with us in any way.
| Improving Solaar Hospitality’s services, in particular:
Carrying out surveys and analyses of questionnaires and customer comments
|Necessary for our legitimate interests in promoting our services, performing direct marketing activities (taking into account your commercial relationship with one of Solaar Hospitality’s entities)) and improving our services.
||3 years from the last date on which you have interacted with us in any way.
6 years from the date of closure of your file in case of a claim or a complaint.
| Securing and enhancing your experience of Solaar websites, applications and services by:
Maintenance and support; and
Implementing security and fraud prevention
|Necessary for our legitimate interests in running our business, provision of administration and IT services and network security to prevent fraud
||13 months from the collection of the information.
|Internal management of lists of customers having behaved inappropriately during their stay at the residences (aggressive and anti-social behavior, non-compliance with safety regulations, theft, damage and vandalism or payment incidents).
||Necessary for our legitimate interests in running our business and to prevent fraud and the abuse of our property and staff.
||Up to 122 days from the recording of an event.
| Securing payments by determining the associated level of fraud risk. As part of this analysis, Solaar Hospitality may use the JCC risk prevention service provider to refine their analysis.
Depending on the results of the investigations carried out, Solaar Hospitality may take security measures, in particular Solaar Hospitality may request the use of a different booking channel or
for the use of an alternative payment method. These measures will have the effect of suspending the execution of the booking or, if the result of the analysis does not guarantee the safety of the order,
of cancelling it. Fraudulent use of a means of payment leading to payment default may result in the entry of data in the Solaar Hospitality incident file, which may lead Solaar Hospitality to block future payments
or carry out additional checks.
||Necessary for our legitimate interests in running our business and to prevent fraud.
||90 days to our database to allow for analysis and controls and then 2 years in a separated database used for improving the system.
In case of recording in the incident file, 2 years from recording or until regularization of the situation if earlier.
| Securing properties and persons and preventing non-payments. For these reasons, some properties have a feature that allows them to include in the category of
"undesirable" customers, any customer whose behavior has been inappropriate in the following ways: aggression and rudeness, non-compliance with the property’s
contract, failure to observe safety rules, theft, damage and vandalism, or payment issues. The status of “undesirable” may cause the property where this listing
originated to refuse a customer's reservation when he/she returns to the same property.
||Necessary for our legitimate interests in running our business, securing properties and persons and preventing non-payments.
||122 days from registration.
|Using services to search for persons staying in Solaar Hospitality hotels in the event of serious events affecting the hotel in question (natural disasters, terrorist attacks, etc.).
||Protection of the vital interests of the guests.
||For the duration of the event.
|Conforming to any applicable legislation (for example, storing of accounting documents), including:
Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys
Managing data subject’s requests regarding their personal data.
|Necessary to comply with a legal obligation.
||As stipulated in the country of Cyprus legislation.
Use of Information
We may collect, hold, use and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform's core features and services
- to enable you to customize or personalise your experience of our website
- to deliver products and/or services to you
- to contact and communicate with you
- for analytics, market research, and business development, including to operate and improve our website, associated applications, and associated social media platforms
- to enable you to access and use our website, associated applications, and associated social media platforms
- for internal record keeping and administrative purposes
- for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, our marketing and market research activities may uncover data and insights, which we may combine with information about how visitors use our site to improve our site and your experience on it.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as un-authorized access, disclosure, copying, use or modification. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
How Long We Keep Your Personal Information
Please refer to the Retention Period column under ‘Why Personal Data is Collected’.
We do not aim any of our products or services directly at children under the age of 16 and we do not knowingly collect personal information about children under 16.
Disclosure of Personal Information to Third Parties
We may disclose personal information to:
- a parent, subsidiary or affiliate of our company
- third-party service providers for the purpose of enabling them to provide their services including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing providers, professional advisors, and payment systems operators
- our employees, contractors, and/or related entities
- our existing or potential agents or business partners
- credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
- courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
- third parties, including agents or sub-contractors who assist us in providing information, products, services, or direct marketing to you
- third parties to collect and process data
- an entity that buys, or to which we transfer all or substantially all of our assets and business
Third parties we currently use include:
- Google Analytics
- UIBScrm. customer relationship management (Microsoft Partner)
International Transfers of Personal Information
The personal information we collect is stored and/or processed in Cyprus, or where we or our partners, affiliates, and third-party providers maintain facilities.
Your Rights and Controlling Your Personal Information
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example providing user support), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
We use 'cookies' to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Limits of Our Policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)
Data Controller / Data Processor
The GDPR distinguishes between organisations that process personal information for their own purposes (known as “data controllers”) and organisations that process personal information on behalf of other organisations (known as “data processors”). We, Solaar Hospitality, located at the address provided in our Contact Us section, are a Data Controller with respect to the personal information you provide to us.
Legal Bases for Processing Your Personal Information
We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.
Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:
Consent From You
Performance of a Contract or Transaction
Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you contact us with an enquiry, we may require personal information such as your name and contact details in order to respond.
Our Legitimate Interests
Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.
Compliance with Law
International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Your Rights and Controlling Your Personal Information
Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
Deletion: You may have a right to request that we delete the voluntarily provided personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
For any questions or concerns regarding your privacy, you may contact us using the following details: