Privacy Policy

Last updated: 22 September 2025

Responsible for content

MAP Boutique Hotel
MAP Boutique Hotel
15 Stasinou Ave.
1060 Nicosia, Cyprus

Web development

DESIGN: HOWDY  
CODE: LAB21

 

1. Who we are

This website is operated by MAP Boutique Hotel.
Website: https://www.maphotel.com.cy
Address: 15 Stasinou Avenue, 1060 Nicosia, Cyprus
Telephone: +357 22 444 999
Email (privacy enquiries): [email protected]

For the purposes of the EU General Data Protection Regulation (GDPR), MAP Boutique Hotel is the data controller for the personal data described in this policy.

2. What data we collect and why

2.1 Data you provide to us

  • Contact forms / enquiries: name, email, phone, message.
    Purpose: respond to your enquiry and provide support.
    Legal basis: performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR) and/or legitimate interests (Art. 6(1)(f) GDPR).

  • Booking requests / reservations (if applicable on site or via booking engine): guest details, stay dates, preferences.
    Purpose: process and manage your reservation.
    Legal basis: contract (Art. 6(1)(b) GDPR).
    Recipient: MEWS. For details on Mews’ processing, please refer to the provider’s privacy information.

  • Newsletter sign-up: email address.
    Purpose: send marketing updates with your consent.
    Legal basis: consent (Art. 6(1)(a) GDPR).
    Recipient: INTUIT Mailchimp. For details on Mailchimp’ processing, please refer to the provider’s privacy information.

  • Careers / applications: CV, contact details, cover letter.
    Purpose: evaluate and manage your application.
    Legal basis: steps prior to entering into a contract (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR).

2.2 Data we collect automatically

When you browse this website we automatically collect certain technical and usage data from your device, such as IP address (also stored in security logs), device and browser type, operating system, pages viewed, timestamps and referrers. We use this data to operate the site, keep it secure, measure performance and improve content.

We use the following Google services on this site: Google Analytics 4, Google reCAPTCHA, Google Maps (embeds).

No content delivery network (CDN) is used. For cookie names, lifetimes and provider links, please see our Cookie Policy.

2.3 Cookies and similar technologies

We use cookies and similar technologies. See our Cookie Policy for details, consent options and cookie lists.

3. How we use your data (purposes summary)

  • Provide and operate the website and online services.
  • Respond to enquiries and fulfil reservations.
  • Send marketing communications with your consent (you can unsubscribe at any time).
  • Maintain security, prevent fraud and debug issues.
  • Comply with legal obligations and regulatory requests.

4. Legal bases for processing

Depending on the context, we rely on: consent, contract, legitimate interests (e.g., site operation, security, analytics), and legal obligations.

5. Disclosure of your data (recipients)

We share personal data only as needed with trusted service providers acting under our instructions:

  • Booking engine: MEWS (reservations and related processing). Please refer to the provider’s privacy information for details.

  • Payments: payment processing is handled via the booking engine and its connected payment services. Please refer to MEWS and Stripe for details.

  • Newsletter:  INTUIT Mailchimp for email campaign management and delivery when you subscribe. Please refer to Mailchimp’s privacy information.

  • Analytics / security / embeds: Google products used on this site (Analytics, reCAPTCHA, Maps). Please refer to Google’s privacy information.

We do not disclose hosting details in this policy for security reasons. All processors are bound by contract to protect your data and process it only for our stated purposes.

6. International transfers

Some providers may process data outside the EEA. Where applicable, we rely on EU Commission adequacy decisions(for example, the EU–US Data Privacy Framework) or Standard Contractual Clauses (SCCs), plus additional safeguards as required by law. Please refer to the relevant provider’s documentation for the specific transfer mechanism.

7. Retention

We keep personal data only as long as necessary for the purposes collected:

  • Enquiries: up to 180 days after closure of the request.
  • Booking records: per hospitality, accounting and legal retention requirements.
  • Marketing lists: until you unsubscribe or request deletion.
  • Technical security logs: IP address only, retained for a limited period for security and troubleshooting.

8. Your rights

Under the GDPR you can request: access, rectification, erasure, restriction, portability, and objection to processing based on legitimate interests. Where we rely on consent, you may withdraw consent at any time.
To exercise your rights, contact us at [email protected].
You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus).

9. Security

We apply technical and organisational measures appropriate to the risk, including encrypted connections, access controls and regular updates. No method of transmission or storage is fully secure.

10. Links to other websites

Our site may link to third-party websites we do not control. Their privacy policies apply to their processing.

11. Updates to this policy

We may update this notice from time to time. The “Last updated” date shows the latest version.