Call us: +357 22370396

Privacy Policy

General

This Privacy Notice sets out how GK RUNNING IN CYPRUS LTD (hereinafter referred to as “Logicom Cyprus Marathon” or “We”) processes data, whether on individuals (including personal data in respect of individuals who are clients, intermediaries or other third parties that GK Running in Cyprus Ltd interacts with, or any individual who is connected to those parties) or otherwise. Where the data held are on individuals, this document also sets out the rights of those individuals in respect of that personal data.

This Privacy Notice has been prepared in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”).

We strive to protect personal data and apply high standards of conduct when it comes to privacy issues. We ensure that our employees are provided with the appropriate training in order to handle personal data promptly and in accordance with the laws. Furthermore, We endeavour to ensure that any parties with whom We co-operate apply the same high standards when it comes to data protection and privacy as We do.

 

What data do We hold?

We process data in the context of providing our services to the clients. The categories of data We may collect and process, according to each case, include:

  • personal information We collect and use if you make any booking with us such as your name, title, date of birth, passport number, passport expiry date and passport’s issuing country, ID card number, gender;
  • personal information We collect and use if you make a booking in relation to people travelling with you such as additional passengers, children and infants (including title, name, surname, birthdate, passport number, passport expiry date and passport’s issuing country, ID card number);
  • contact details such as postal addresses, email addresses and telephone numbers;
  • personal information we collect and use if you enter or register for our newsletter, contest, competition, prize draw or promotional offer (including name, surname, email address and/or telephone number);
  • information required by us to meet legal and regulatory requirements;
  • financial information, such as payment related information and debit/credit card information;
  • personal information We collect and use from third parties;
  • any other information you may provide to us.

 

Why do We need them?

We ensure that the data collected and processed is relevant to one or more processing activities and that we do not collect or process more or fewer data than what is reasonably required for achieving the purpose of each processing activity. Furthermore, for each purpose of processing, there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means. The purposes of processing and the lawful basis of each processing activity are the following:

Purpose Lawful basis of processing
To enter into client relationship and for providing our services

In cases where an individual has been provided with our Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at any time by writing to [email protected]

 

It is in our legitimate interests to collect and process certain personal data in the context of providing our services

 

To perform and fulfil the contract with the individual for the provision of our services

For identity verification and record and for maintaining lists for correspondence Processing is necessary for compliance with a legal obligation to which We are subject
To meet all legal, regulatory and ethical obligations applicable to us

Processing is necessary for compliance with a legal obligation to which We are subject or for the exercise of functions of public authorities

 

It is in our legitimate interests to process data to the extent necessary to ensure that We meet all legal, regulatory and ethical obligations applicable to us

To follow up on comments, enquiries and complaints

In cases where an individual has been provided with our Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at any time by writing to

[email protected]

 

It is in our legitimate interests to collect and process certain personal data to enable us follow up on comments, enquiries and complains in order to enhance client/user experience with our services

 

To perform and fulfill the contract with the individual for the provision of our services

To promote, improve and further the provision of our services

In cases where an individual has been provided with our Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at any time by writing to [email protected]

 

It is in our legitimate interests to collect and process certain personal data to enable us follow up on comments, enquiries and complains in order to enhance client/user experience with our services

Any other purpose(s) which has been agreed by or notified to you

 

Sources and Recipients of data

The sources of data may include clients, intermediaries, data subjects directly, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject) or open-source material.

Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to the DPO and will be considered and, where possible with reference to legal and regulatory obligations, actioned.

The following is a list of potential recipients of data (in each case including respective employees, directors and officers):

  • employees of GK Running in Cyprus who are acquainted with the GDPR and have signed a Confidentiality Agreement with GK Running in Cyprus;
  • third parties whose products or services you are purchasing through our platforms or otherwise such as hotels, transfer companies, tour and excursion providers or to other travel agents, including if there is a problem with your booking so that We can resolve it with you;
  • third parties or different departments within the Company for the purpose of managing bookings, handling any claims, and creating client profiles in order to make re-booking easier;
  • any sub-contractors, affiliates, agents or service providers of GK Running in Cyprus;
  • third parties with whom GK Running in Cyprus engages for the hosting of events or other marketing initiatives;
  • regulators or other governmental or supervisory bodies with a legal right to the material or legitimate interest in any material.

Unless expressly declared in this Privacy Notice or with the prior consent of the individual, personal data collected from an individual will not be disclosed to any third party other than the above-named parties.

Rights of Data subjects

Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data. Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing; or to lodge a complaint with the relevant supervisory authority; or the right o data portability) should send the request in the first instance to the DPO.

In response to such requests, GK Running in Cyprus reserves the right to require the individual making the request to provide certain details about himself/herself so that We can validate that the individual is indeed the person whom the data refers to. GK Running in Cyprus is required to respond to the request of the individual within 40 days and it will endeavour to do so wherever possible. GK Running in Cyprus reserves the right to charge a reasonable fee to cover any expenses that may arise from the request.

In any case in which a data subject chooses not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, We may be unable to provide relevant services, or there may be restrictions on the services which can be provided.

 

Retention of data

GK Running in Cyprus retains personal data in accordance with the Data Retention Policy. Any personal data provided to GK Running in Cyprus is retained to fulfil the purposes for which the data was collected. After the fulfilment of the purposes for which the personal data was collected, such data will be destroyed, and a Destruction Certificate will be retained in our records, unless destruction is prohibited for legal, regulatory or technical reasons.

Any requests for further information in relation to the continued processing of specific data and requests for destruction of data should be made to the DPO.

For further information on the retention and destruction processes please contact the DPO to be at [email protected]

 

Use of Personal Data in Legal Proceedings

If it becomes necessary that GK Running in Cyprus has to take action against you for any reason whatsoever, including but not limited to recovering from you any money owed to GK Running in Cyprus, you expressly agree that the personal data provided by you can be relied upon in identifying and taking legal action against you.

 

Changes to this Privacy Notice

GK Running in Cyprus keeps this Privacy Notice under review in order to ensure that it is in line with any changes to the laws relating to privacy and personal data. Any updates will appear on the Company’s website at www.hospitality.cyprusmarathon.com

 

This Privacy Notice was last updated on 13 November 2019.

Contact us

GK Running in Cyprus has a Data Protection Officer and all enquiries in respect of this Privacy Notice or any requests to exercise any of the rights set out above should be directed to the Data Protection Officer via email at [email protected]