top of page

Privacy Policy

Last updated: November 08, 2022



At PGT Cyprus In The Sun Holidays Limited (hereinafter “we”, “us” or “our”) the protection of your

personal data is a top priority. Keeping your data secure and private is part of our philosophy for

delivering high standards of services. 

The purpose of this privacy policy (Policy & quota) is to provide a clear explanation of when, why, and

how we collect and use personal data. We have designed it to be as user-friendly as possible and

have separated it into sections to make it easy for you to find the information that is most relevant to


The new European Union (EU) Data Protection Law, the General Data Protection Regulation, comes into effect on the 25th of May 2018. The GDPR (EU) 2016/679 gives individuals in

the EU more control over how their data is used and places certain obligations on businesses that

process the information of those individuals.


Who we are

PGT Cyprus In The Sun Holidays Limited is a company registered in Cyprus under the registration

number HE 438997 with its registered office located at 79, Kostaki Spaou, Flat/Office 1, 5291

Paralimni, Ammochostos, Cyprus.

We are acting, directly or through a third party, as a booking agent, representative and/or

reseller, dealing on behalf of private owners and/or property managers/agents”) offering

accommodation in Cyprus.


Whom this privacy policy is directed to

This privacy policy is directed to natural persons (hereinafter our “clients” or “guests” or “tenants”)

whom are either past, current or potential clients/guests / tenants, or are authorized

representatives/agents of past, current or potential clients/guests / tenants.


Identity and contact details of the Data Controller and Data Protection


(a) Data Controller

PGT Cyprus In The Sun Holidays Limited, a Cyprus private limited liability company, having

registration number HE 438997, is the Data Controller” pursuant to the GDPR and related

Cyprus Law, and determines how your personal data is kept and processed. 

The main establishment and the central administration of the Data Controller is situated at 79,

Kostaki Spaou, Flat/Office 1, 5291 Paralimni, Ammochostos, Cyprus.

(b) Data Protection Officer (“DPO”)

We have designated a Data Protection Officer (“DPO”), who is responsible to monitor compliance

with this privacy policy as well as the applicable Laws and liaise with the Cyprus Supervisory

Authority, namely the Office of the Commissioner for Personal Data Protection.


The DPO may be contacted directly with regard to all matters concerning this policy and the

processing of your personal data including the enforcement of all applicable and available rights. 

Official requests may be made by post at 79, Kostaki Spaou, Flat/Office 1, 5291 Paralimni,

Ammochostos, Cyprus or electronically at

How do we collect personal data?

We collect and process different types of personal data which we receive from our clients in

the person or via bookings through our website (hereinafter “business relationship”).

We may also collect and process personal data not only directly from our clients and them

representatives but also from other third parties e.g., other service providers, online tools etc. and

/ Or from publicly available sources (e.g., the press, media and the Internet) which we lawfully

obtain and are permitted to process.


Do we use Cookies?

We also collect and process certain browsing data from cookies, which are pieces of data stored

directly on the computer or mobile device that you are using. We collect first-party Cookies that are

set by the domain, such as the computer you are using to access the internet or the specific

website that you have visited. We use two main types of cookies, persistent and session

cookies. A persistent cookie remains on your device after you have visited our website. These

cookies will help us identify you as a unique anonymous visitor to our website by storing a

randomly generated number. A session cookie is temporary and only exists for the period you

access the website for (or until the browser is closed after visiting our website). This particular

type of cookie assists us by helping our website remember your selections and choices whilst

visiting our website and therefore avoids you from having to re-enter information. This type of cookie is

anonymous and does not contain personal information and cannot be used to identify you.


What categories of personal data do we collect?

We collect and use several types of information about our clients, including information which you

may be personally identified and that is defined as personal data under applicable law such as

your first and last name, address, contact details (telephone, email), identification data (such as

passport, driver’s license or National ID), birth date, place of birth (city and

country), authentication data (e.g., signature), etc.

Should there be a need to further process the personal data for a purpose other than that for

which they were initially collected, you will be informed in advance about the additional purpose

and the relevant details with respect to further processing. 

With your explicit consent, we may rarely collect special categories of personal data. Pursuant to

the definition given by the GDPR, these “sensitive” data may include racial or ethnic origin,

political opinions, religious or philosophical beliefs, health data, trade union membership, the

processing of genetic data, biometric data, data concerning health, sex life or sexual orientation

and criminal records.


What lawful reasons do we have for collecting, processing and disclosing

personal data

In order to proceed with a booking reservation, our clients must provide their personal data to us

which are necessary for the required commencement and execution of a business relationship.

This is a requirement under the relevant Anti-Money Laundering.


Failure to provide us with personal data prevents us from commencing and executing a business

relationship with the clients.

In accordance with GDPR we may rely on the following lawful reasons when we collect and

process personal data to operate our business and provide our services:

 Contract

We may process personal data for the purposes of providing our services in accordance with us

terms and conditions and/or any other contract that you have with us.

 Consent

We may rely on your freely given consent at the time you provided your personal data to us for a

purpose of the process other than for the purposes set out hereinabove, then the lawfulness of

such processing is based on that consent.  You have the right to withdraw consent at any time.

However, any processing of personal data will not be affected prior to the receipt of the


 Legitimate interests

We may rely on legitimate interests based on our evaluation that the processing is fair,

reasonable and balanced. A legitimate interest is when we have a business or commercial reason

to use our clients’ information. Instances of such processing activities can include, initiating legal

claims, preparing our defence in litigation procedures, initiating complaints to our regulator etc.

 Compliance with legal obligations

We may process personal data in order to meet legal and regulatory obligations, where relevant.


Why do we need personal data?

We aspire to be transparent when we collect and use personal data and tell you why we need it,

which typically includes:

 Providing the requested services;

 Customer management: to manage your account, to provide you with customer support

and with notices about your account, including notices about changes to services we

offer or provide through it;

 Administering, maintaining and ensuring the security of our information systems,

applications and websites;

 Functionality and security: to detect, prevent, and respond to actual or potential fraud and

illegal activities;

 Compliance: to enforce our terms and conditions and to comply with legal obligations,

where relevant, as these derive from the applicable laws or our regulators;

 In any other way, we may describe when you provide the information; or for any other

purpose with your consent provided separately from this privacy policy.


Do we share personal data with third parties?

In the course of our business relationship, our clients’ personal data may be provided to various

departments within our company.

Furthermore, the following third parties may also be the recipients of the personal data under

certain circumstances:


 Public authorities, whereby a statutory obligation exists. An example is a Criminal

Prosecution Authorities;

 Any other service providers that our clients specifically instruct us to do so, such as car

hire service provider, etc


Third parties to whom we may disclose personal data may have their own privacy policies which

describe how they use and protect personal data. If you want to learn more about their privacy

practices, we encourage you to visit the websites of those third parties.


What about personal data security?

We have put in place appropriate technical and organizational measures including physical,

electronic and procedural measures to protect personal data from loss, misuse, alteration or

destruction. We restrict access to information at our offices so that only officers and/or employees

who need to know the information have access to it. Those individuals who have access to the

data are required to maintain the confidentiality of such information.  In addition, we have trained

our employees on how to handle, manage and process personal data, applied upgraded technical

measures and transformed our policies and procedures in a way that will comply with the GDPR.

Please be aware that the transmission of data via the Internet is not completely secure. Users

should also take care with how they handle and disclose their personal data and should avoid

sending personal data through insecure email.


How long do we retain personal data?

We will keep our client’s personal data for as long as we have a business relationship.

Once our business relationship has ended, we will hold your personal data on our systems for the

longest of the following periods:

 any retention period that is required by law; or

 the end of the period in which litigation or investigations might arise in respect of the

services; or

 as directed by our own internal retention policies or practices, the length of which may

vary depending on the nature of the information that is held.

The personal data processed for the purposes of sending newsletters shall be kept with us until

you notify us that you no longer wish your personal data to be used for this purpose.


Do we change this privacy policy?

We may modify or revise our privacy policy from time to time to reflect our current privacy

practices. When we make changes to the privacy policy, we will revise the date at the

top of this page. We encourage you to periodically review this Privacy Policy which can be found at

our website to be informed about how we are

protecting your personal data.


What are your data protection rights?

Subject to the provisions of the GDPR, you have certain rights regarding the personal data we

collect, process or disclose and that is related to you, including the right:

 to receive access to your personal data (“right to access”);


 to rectify inaccurate personal data concerning you (“right to data rectification”);

 to request deletion/erasure of your personal data (“right to erasure/deletion” or “right to be


 to receive the personal data provided by you in a structured, commonly used and

machine-readable format and to transmit those personal data to another data controller

(“right to data portability”);

 to object to the use of your personal data where such use is based on our legitimate

interests or on public interests (“right to object”);

 in some cases, to request the restriction of processing of your personal data (“right to

restriction of processing”);

 to withdraw the consent given to us regarding the processing of your personal data at any

time. Note that any withdrawal of consent will not affect the lawfulness of the processing

based on consent before it was withdrawn.

We may need to request specific information from you to help us confirm your identity and ensure

your right to access the information or to exercise any of your other rights. This helps us to

ensure that personal data is not disclosed to any person who has no right to receive it. No fee is

required to make a request unless your request is clearly unfounded or excessive. Depending on

the circumstances, we may be unable to comply with your request based on other lawful grounds.


How to raise a complaint

To exercise any of the above rights or for any questions or complaints about our use of your

personal data, please contact our Data Protection Officer, either by post at 79, Kostaki Spaou,

Flat/Office 1, 5291 Paralimni, Ammochostos, Cyprus or electronically at

Complaints may also be lodged with the supervisory authority in Cyprus (Office of the

Commissioner for Personal Data Protection), by post at 1, Iasonos Street, 1082 Nicosia, Cyprus

or P.O. Box 23378, 1682 Nicosia, Cyprus.


PGT Cyprus In The Sun Holidays Ltd


79 Kostaki Spaou Office 1 5291 Paralimni Ammochostos Cyprus Company Registration Number HE438997



Tel: +357 9634 9919

WhatsApp: +357 9634 9919

Opening Hours

Open all day every day.

  • Facebook
bottom of page