1. Introduction
This document serves as the Privacy Notice for Job Applicants (referred to as the "Notice") provided by "Atlantica Hotels Management Limited’’, located at Stymfalidon Str., Atlantica Hotel, Germasogeia River, 4046, Limassol, Cyprus (referred to as "Atlantica," "we," or "us"), acting as Data Controller and acting as Data Processor on behalf of the legal entities owning hotels managed by Atlantica listed hereafter (referred to as “Hotel Owners”:
Atlantica is committed to upholding your privacy and ensuring the protection of your Personal Data when you submit a job application (referred to as "Job Applicant" or "you").We are dedicated to respecting your privacy and adhering to the principles outlined in relevant data protection and privacy laws.
This Notice includes information in accordance with Article 13 of the General Data Protection Regulation (Regulation EU 2016/679 – GDPR), outlining the processing of your Personal Data as a Job Applicant by Atlantica.
For further information on how we process Personal Data, we refer you to our Privacy Policy published on our website: www.atlanticahotels.com and encourage you to review its contents thoroughly.
2. What information do we collect in relation to you?
We systematically gather and store Personal Data in both electronic and hardcopy formats, employing a comprehensive approach that blends operational procedures with advanced technology to ensure the utmost confidentiality and security of your information. It is our standard practice not to collect Special categories of Personal Data unless voluntarily provided by you or when required by applicable laws or regulations.
Τhis Personal Data would be directly provided by you or third parties , such as your recruiting agents and/ or affiliated companies of Atlantica and/or HR departments and managers of relevant and respective Hotel Owners .
The categories of Personal Data that we collect encompass, but are not limited to, the following:
3. Purposes for collection and processing
We utilize your Personal Data to effectively manage your job application and to keep you informed about potential job opportunities within Atlantica or its affiliated companies or with Hotel Owners.The collection of your Personal Data is essential for evaluating your job application and maintaining appropriate records for potential future collaborations.
If you choose not to provide consent for the processing of your Personal Data, as outlined below, we will be unable to use your information and assess your job application or any other communications directed towards us. It's important to note that the processing of your Personal Data excludes automated decision-making or profiling, as specified in Article 22(1) and (4) of the GDPR.
4. Legal basis for processing your Personal Data
To ensure compliance with the GDPR, we strictly adhere to a lawful basis for processing your Personal Data. Specifically, the legal basis for the processing conducted by us is contingent upon your explicit consent. It is imperative to highlight that your consent, expressed by clicking the button at the conclusion of this Notice, is pivotal. Without it, we regrettably cannot retain your Personal Data or proceed with the processing of your job application.
5. Who might we share your Personal Data with?
We enforce strict security protocols in the handling of Personal Data and carefully regulate third-party access to our records and files. Your Personal Data is shared only when essential for conducting our business or fulfilling legal and/or contractual obligations.
For the purpose of processing your job application, we may share your Personal Data with affiliated companies of Atlantica, as well as with HR Departments and managers of managed hotels owners. This sharing is done exclusively for operational necessities within the context of your job application
6. Disclosure – Security Safeguards
As a standard practice, we refrain from requesting information unless it is necessary for our intended use. Furthermore, we do not engage in the sale, rental, or transfer of physical possession of your Personal Data to unaffiliated third parties. Rigorous organizational and technical measures are consistently implemented to secure your Personal Data and uphold your rights in accordance with the GDPR. We continuously assess and improve our technical, physical, and logical security protocols and procedures.
In instances where we share Personal Data with other organizations or third parties, we ensure that they adhere to strict safeguards. This includes confirming their capability to safeguard the data, obtaining proper authorization for retention, and restricting the use of your Personal Data for purposes other than those explicitly specified. Any sharing or transfer of Personal Data is fortified with appropriate safeguards, such as contractual clauses, data processing contracts, intra-group disclosures of Personal Data, etc. Particularly, if the recipient operates outside the EEA, we implement additional measures to guarantee the continued adequate protection of your Personal Data. These measures may include the inclusion of appropriate contract clauses, such as standard contract clauses approved by the European Commission.
7. Data retention period
According to our data retention policy, we ensure that Personal Data is retained for no longer than reasonably necessary. Specifically, we will maintain your Personal Data for a period of 2 years from the time of receiving your job application, unless you choose to withdraw your consent within this timeframe.
8. Your rights under EU data protection laws
Unless exempted, you possess the following rights concerning your Personal Data:
9. Exercise your rights – Contact us
If you would like to exercise your above rights or update your information or modify your communication preferences, you can contact us:
Kindly be aware that we may request verification of your identity before addressing your request. In cases where you reach out to us on behalf of another Data Subject, we may seek additional information to ascertain your authorization to make such a request.
Updates to the Privacy Notice
AAtlantica reserves the right to modify this Privacy Notice periodically to align with changes in the regulatory landscape and evolving business requirements. Updated versions will be published on our website, accompanied by date stamps, ensuring you are informed about the latest revision date of the Privacy Notice.
Last update: 01.05.2024
Key terms
“Personal Data" means any information relating to an identified or identifiable natural person (“Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Special categories of personal data” means the personal data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation;
“Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure, alignment, restriction, erasure;
“Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“Data Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“European Economic Area (“EEA”)”: EU Member States plus Norway, Iceland and Lichtenstein