Archbishop Makarios Street, 7041 Larnaca, Cyprus

Privacy Policy

Scope of this policy 

This policy describes how Sveltos Estates Ltd collects, uses, consults or otherwise processes an individual's personal data in the context of the use of the websites and applications of our hotel brands/our loyalty programs (please indicate specific loyalty program)/reservations made with any of our hotels/ organizing a meeting or event/ subscription to our newsletter (hereafter the "Service").

This policy includes a description of your data protection rights, including a right to object to some of the processing activities we carry out.

In this privacy policy, Sveltos Estates Ltd, "we" or "us" also refers to its affiliates. We are a company dully registered at the Company’s Registrar according to the Company Law Cap 113 with number HE 6521 having its registered office and seat in 1st of April Street Larnaca, Cyprus and its office at Oroklini [Makariou Avenue, 7040 Oroklini], [00357 24 824900], .

We will process your personal data as a data controller.

This policy is to be read as consistent with the General Data Regulation as well as with the national laws enacted and the policies of the Controller relating to the provision of its Services.

For the purpose of this policy, the following term "Data Protection Legislation" shall mean the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to processing of personal data and privacy that may exist under applicable law.

For this policy, "controller", "processor", "third party", "supervisory authority", "personal data", "processing", "data subject", shall have the meanings set out in the applicable Data Protection Legislation.

Who processes what personal data about you?

In the context of the Service, your personal data is processed by Sveltos Estates Ltd, as detailed hereafter and with any other organisation jointly as Joint Data Controllers.

Processing purpose(s)

Processed data categories

Source of data

Legal basis

Recipients of data

Transfers outside the EEA

  • To maintain, provide or improve the Service;
  • To respond to your requests or questions;
  • To improve our websites and applications;
  • To maintain security of the Service;
  • For direct marketing purposes
  • Name, address and other contact information;
  • Payment information;
  • Information submitted or posted by you;
  • Location data
  • Directly from you through the use of the Service;
  • Directly from you through…;
  • Directly from you through the subscription form;
  • Directly from you through the Request for Proposal;
  • Your consent / opt-in obtained during check in;
  • For the performance of the contract between you and us;
  • For compliance with a legal obligation to which we are subject;
  • For the purposes of our legitimate interests which prevails your individual interests
  • IT service provider of our hotel;
  • Hotel staff;
  • Marketing department of our hotel

Data is not transferred outside the EEA

Is your personal data used for direct marketing communications?

If you have explicitly consented, we may, from time to time, contact you with information about our Service.

If you no longer want to receive such communications, please let us know by sending an email to us at ADDITIONAL OPTION: You can also unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails sent to you.

How long is your personal data stored?

We will retain your information only for the period necessary to fulfil the purposes outlined in this Privacy Statement unless a longer retention period is required by law. At the end of your contractual relation with the Hotel your data and more specifically details of your credit card, identity card and of your nationality will be retained for a period of six (6) years according to the national laws. In case legal reasons exist your data will be kept as long as the legal reasons will be completed and consequently will be then erased.

How is your personal data shared with third parties?

We only share or disclose information as described herein, including with third parties.

Your personal data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the data controller(s) legitimate interests in compliance with applicable laws.

Is your personal data transferred outside the EEA?

In the context of the provision of the Service and for the purposes described in this policy, your personal data will be kept within the EEA and transferred outside the EEA only to a country or countries which have been recognised by the European Commission to provide an adequate level of data protection.

If Third Parties process personal data on our behalf in a manner inconsistent with the principles of either Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.

What security measures are put in place?

Appropriate technical and organisational measures are implemented in order to ensure an appropriate level of security of your personal data.

In the event personal information is compromised as a result of a security breach and where the breach is likely to result in a high risk to the rights and freedoms, we will make the necessary notifications, as required under the Data Protection Legislation.

What rules apply to children?

The Service is not intended for use by anyone under the age of 14.

We do not knowingly collect of solicit personal data from anyone under the age of 14 or knowingly allow such persons to register for the Service.

In the event we learn that we have collected personal data from a child under the age of 14 without verification of parental consent, steps will be taken promptly to remove that information. If you believe that we have or may have information from or about a child under 14 of age, please contact us at .

Does this policy apply to third party websites?

If you click on a link to a third-party website, you will be taken to a website we do not control. This policy is only in effect for the Service and not for any third-party website and you are subject to the terms of use and privacy and other policies of such third-party website. Read the privacy policy of other websites carefully. We are not responsible or liable for the information or content on such third-party websites.


A 'cookie' is a small text file that is downloaded onto your access device when you visit a website and that enables the website to obtain certain information from your browser, such as your preferences. This website use cookies and similar technologies to manage login sessions, provide personalised web pages and to tailor advertising and other content to reflect your specific needs and interests.

You may configure your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it is important to remember that many of our services may not function properly if cookies are disabled. For example, we may not remember your language preferences. Please refer to your browser’s or mobile device’s technical documentation for instructions on how to delete and/or disable cookies.

For further information on cookies, how they are used and how they apply to the use of your personal data, please visit or

Changes to this policy

We reserve the right to modify and update this privacy policy from time to time. We will bring these changes to your attention should they be indicative of a fundamental change to the processing or be relevant to the nature of the processing or be relevant to you and impact your data protection rights.

How can we be contacted?

Questions, comments, remarks, requests or complaints regarding this Privacy Policy are welcome and should be addressed to:, 24824900.

Appointment of Data Protection Officer (DPO)

According to the provisions of the GDPR Regulation (2016/679, art.37) we inform you that the Data Protection Officer of Sveltos Estates Ltd appointed is P.L.P. DPO SERVICES LTD.

In case that at any time you consider that Sveltos Estates Ltd is not following or complying with the provisions outlined in the present policy or with any other matter related with the protection of personal data please contact the Data Protection Officer through:


Telephone: +357 24252584

Appendix – additional definitions to be included if deemed appropriate

Key actors
• “You” (including "Your") or “User” means [complete]
• “Controller” shall have the meaning under the GDPR, i.e. “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.
• “Processor” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.
• “Subprocessors” means a processor engaged by the Processor to carry out certain processing activities on behalf of the Controller.
• “Third Party” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data”.
• “Supervisory Authority” shall have the meaning under the GDPR, i.e. “an independent public authority which is established by a Member State pursuant to Article 51” of the GDPR.

Personal Data categories
• “Personal Data” shall have the meaning under the GDPR, i.e. “any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

General notions
• “Processing” shall have the meaning under the GDPR (i.e. “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”).
• “Data Processing Agreement” means a controller-processor agreement in accordance with Article 30 of the GDPR.
• “Privacy Shield” means the EU-U.S. Privacy Shield legal framework, designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
• “Standard Contractual Clauses” means sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of personal data.

Sveltos Hotel in Larnaca

Sveltos Hotel in Larnaca See the glimpse of Sveltos Hotel- Its a 3 star Luxury hotel situated at the beach side of Ayia Napa and near to the Larnaca Airport, in Cyprus.