The privacy and security of your personal information is very important to us. We want you to trust that the information that you have provided to us is being properly managed and protected. This policy sets out how we collect, process and look after your personal data and tells you about your rights and how the law protects you.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Purpose and data retention
We only process personal information for a specific purpose for which the data was collected and will only store and use personal information for as long as necessary for this purpose including for the purposes of satisfying any legal, accounting, or reporting requirements. You do not have to provide us with your personal information but in some cases, this means we’ll be unable to fulfill your request.
We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share information where we are satisfied that we have an appropriate legal basis. This may be because:
- you have provided your consent to us using the personal information;
- our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities.
Secure environment for personal information
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, security measures are put in place to protect against any unauthorized access, disclosure, damage or loss of your information. The collection and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.
Control and governance
To ensure your data is and stays secure, we have a Privacy Council. Our Privacy Council is a dedicated group, consisting of members of our executive management, that ensures that we are compliant with data protection rules.
Your rights under EU data protection laws
You have legal rights under EU data protection laws in relation to your personal information.
- Right of access by the data subject
Right of access means, in short, that we are required to provide you a copy of your processed personal data upon request. This enables you to check that we are lawfully processing it.
- Right to rectification and erasure
Because ownership of your personal information is very important, you have the right to ask us to rectify any information about you which is incorrect and ask us to erase your personal information if you think we no longer need to use it for the purpose we collected it from you. This applies also to the following situations: if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
- Right to restriction of processing
In certain circumstances you can ask us to restrict our use of your information, for example:
where you think the information is inaccurate and we need to verify it; where our use of your information is unlawful, but you do not want us to erase it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
- Right to object
EU data protection laws give you the right to object to the processing of your personal information in certain circumstances if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information. You can also ask us to stop using your data for direct marketing purposes.
- Data Portability
Where applicable, it is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if: The processing is based on consent or on a contract, and the processing is carried out by automated means.
You have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
The data controller is:
Cycas Hospitality BV
1013 AP, Amsterdam
How to contact us
For any questions, concerns or requests, please contact us by email: firstname.lastname@example.org