1. Introduction

 

This Privacy Policy applies to LIV Collection premises listed below, which are managed by Ewave Holdings Limited, a company incorporated and validly existing under the laws of the Republic of Cyprus, with Registration number HE394020. Ewave Holdings Limited acts as the data controller of your personal data during your stay at any of the LIV Collection premises (“LIV”, “we”, “us”, “our”):

1. LIV Mackenzie Beach Suites

2. LIV The City Suites

3. LIV Urban Larnaca

4. LIV&Co Suites & Villas

Our Privacy Policy explains how we collect, use, share and protect your data and personal information. Your privacy is important to us and we take it very seriously. Our aim is to adopt transparent data practices and empower you to be in control of your personal data. Therefore, we describe the reasons and processes as part of which we collect your data, as well as your data protection rights. We wish to act in your best interests and provide this Privacy Policy in an as simple and readable structure and manner as possible.

This Privacy Notice explains how we process the Personal Data we collect about you:

• when you make a reservation at one of our premises,

• when you stay at one of our premises,

• when you join our loyalty program, i.e. Exclusive Club,

• when you use the LIV online store or

• when you use our website or otherwise interact with us through social

When you resort to any of our services and/or by agreeing to this Privacy Notice, e.g., when you book a room with us or stay at one of our premises, you understand and acknowledge that we will collect and use personal information as described in this Privacy Notice.

This Privacy Policy is based on the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter also referred to as “GDPR”, as well as on Law 125(I) of 2018 of the Republic of Cyprus on the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of such Data.

2.    The Personal Data we Collect

Personal data refers to any information relating to an individual that can be used to identify them. We collect personal data that you provide voluntarily and/or when you use our services. Additionally, we may obtain personal data about you from third parties, such as booking agents, family members or travel companions, your employer or others acting on your behalf – particularly, when you are travelling for business purposes.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Reservation Data means all information related to a reservation made at one of our premises, regardless of the booking channel used (for example, our Website, a travel agency or direct booking with us). This includes:

  1. Identity data such as first name, last name, username or similar identifier, marital status, title, date of birth, gender, national ID or passport, business related information (your Company identity information and your relationship with them).

  2. Contact Data includes billing address, delivery address, email address and telephone numbers, your Company contact data.

  3. Financial Data includes bank account and payment card

  4. Personal Preferences such as typical travel purpose, average stay length, preferred meal plan and booking channel.

  5. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.

• Guest Data means all information related to you as a guest who has stayed or is currently staying at one of our premises. This includes:

  1. Identity data such as first name, last name, marital status, title, date of birth, gender, national ID or passport, business related information (your Company identity information and your relationship with them).

  2. Contact Data includes billing address, delivery address, email address and telephone numbers, your Company contact data.

  3. Reservation history includes room number, type of room, number of

  4. Profile Data such as your username and password, purchases or orders made by you, feedback and survey responses, your interests and personal preferences such as typical travel purpose, average stay length, preferred meal plan and booking channel.

  5. Claims and complaints (if any)

1. Marketing communication preferences (i.e. preferences in receiving marketing from us and our third parties and your communication preferences).

2. Transaction Data such as payments to and from you and other details of products and services you have purchased from us.

• Member Data means all information related to you as a registered member of our LIV Exclusive Club program. This includes:

  1. Identity data such as first name, last name, marital status, title, date of birth, gender, national ID or passport, business related information (your Company identity information and your relationship with them).

  2. Contact Data includes billing address, delivery address, email address and telephone numbers, your Company contact data.

  3. Membership information such as reward point balance, redemption history and enrolment date.

  4. Reservation history includes room number, type of room, number of

  5. Profile Data such as your username and password, purchases or orders made by you, feedback and survey responses, your interests and personal preferences such as typical travel purpose, average stay length, preferred meal plan and booking channel.

  6. Transaction Data such as payments to and from you and other details of products and services you have purchased from us.

• Candidates’ Data means all information collected and processed about individuals who apply for a job with us, whether through our website, recruitment agencies, job platforms, or other channels. This includes your contact details (first name, last name, address, telephone, email), CV/resume, employment history, education background, references, details of professional qualifications, interview notes, and any other information you choose to provide during the recruitment process.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

3.    How we Use your Personal Data

• To Operate, Maintain and Improve the Services

We use your data to operate, maintain and improve our services, conduct research and development, perform analytics related to your stay with us and our services for customer satisfaction purposes and develop and offer new products and services, and infer certain details about you, including your interests.

• Reservations

We use your personal data to complete, manage and modify your reservations across our services, such as room reservations, restaurant, spa treatments including sending relevant communications to you that relate to your reservations, for example with regards to confirmations and reminders.

• Communicate with You

We use your data to communicate with you by email, text, or otherwise, about new product offerings, updates to the services, to offer customer support through our Customer Service branch, or with regards to anything else we think may be of interest to you. To opt out of receiving marketing communications, please see the “Unsubscribe from Marketing Emails and Text Messages” section of this Privacy Policy below.

• Protection of Our Rights

We may use your personal data to protect the rights, property or safety of Liv, ourservices, our website users and employees, or others. This may include using your data to prevent identity theft,fraud or other illegal activities, as well as to address claims or other liabilities. Additionally, we may use your data to comply with and enforce applicable laws, regulations and our own policies, including this Privacy Policy.

4.    What is the legal basis for processing your Personal Data?

• Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you. For instance, we process your personal data to provide you with the services you have requested, e.g. room reservation.

• Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

• Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.

• Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

• Vital interest: We may use your personal data when it is necessary to protect an individual’s life or health, particularly in emergency situations,

e.g. in situations where immediate action is required to save someone’s life, for example, in a medical emergency or fire evacuation.

5.    How is your Personal Data collected?

We use different methods to collect data from and about you including through:

1. Directly from You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes

personal data you provide when you:

• check in or check out;

• create an account on our website;

• request marketing to be sent to you;

• Loyalty scheme program;

• enter a competition, promotion or survey;

• make a purchase on our website via the online shop, LIV Store or

• give us feedback or contact

1. Automated technologies or As you interact with our Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy [LINK] for further details.

2. Third parties or publicly available We will receive personal data about you from various third parties and public sources as set out below:

   • Travel booking platforms, travel agents or from the company you work for in case of a business trip or from a family member;

   • Credit card providers;

   • Advertising networks and analytics providers such as com, Booking.com, Google;

   • Social

3. Wi-Fi service: When you use Wi-Fi services on our premises, your personal data may be collected and used.

4. CCTV: We may record or capture images of you in public areas, through the use of CCTV.

6.    Disclosures of your Personal Data

We may share your data as described in this Privacy Policy or when you have given us consent to do so.

• Data That May Be Shared with LIV Collection premises: The Personal Data you have provided for making a reservation is shared with the respective premises of LIV Collection for the execution of your request.

●          Data That May Be Shared with Affiliates

We are part of LIV Collection premises and may share your Personal Data with other restaurants or premises within LIV Collection, including our offices in Cyprus.

●          Data That May Be Shared with Service Providers and External Partners

We may share your data with service providers that perform services on our behalf, such as hotel management systems, cloud storage, IT services, website hosting, marketing, analytics, search engine and other software services, consultants and advisors. We may also share your Personal Data with travel agencies, airlines and car rentals.

We do not authorize our service providers or external partners to retain, use or disclose the data except as necessary to perform services on our behalf or comply with legal requirements.

●          Compliance with Law, Protection of Rights and Corporate Events

• We may share data if required by law or if a legal issue arises between us and you and we need to protect your or our rights.

• We may also share data as part or in anticipation of a business sale, merger, consolidation, investment, change in control, transfer of substantial corporate assets, reorganization, liquidation, or similar business transaction or corporate event.

Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

●          Third-Party Analytics

We use third-party analytics services, such as those of Google Analytics. The service providers that administer these analytics services use cookies and other automated technologies to collect data (such as IP addresses and other device identifiers) to evaluate, for example, use of our Services and to diagnose technical issues. To learn more        about                         Google                 Analytics,                           please                visit https://www.google.com/policies/privacy/partners/.

●          Location-Based Advertising

Through our Services, both we and certain third parties (such as our business partners) may collect information about your online activities and location to provide you with advertising about products and services tailored to your individual interests and location. Through such ad services, we can target our communications to users considering demographic data, users’ inferred interests and browsing context. These services track users’ online activities over time and across multiple online services by collecting information through automated means, including through the use cookies, web server logs, web beacons, device identifiers and other similar technologies. The ad services use this information to show ads that may be tailored to users’ interests. The information ad services may includes data about users’ visits to our Services and other websites and apps that participate in the relevant ad services, such as the pages or ads viewed and the actions taken on the websites or apps. This data collection takes place both on our Services and on unaffiliated third-party websites and apps that participate in these ad services. This process also helps us track the effectiveness of our marketing efforts.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7.    International transfers

We do not transfer your personal data outside the Republic of Cyprus.

We may also transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the Republic of Cyprus to countries which have laws that do not provide the same level of data protection as the Republic of Cyprus law.

Whenever we transfer your personal data out of the Republic of Cyprus to countries which have laws that do not provide the same level of data protection as the Republic of Cyprus law, we have implemented international data transfer agreements based on EU Standard Contractual Clauses to ensure that a similar degree of protection is afforded to it by ensuring the implementation of appropriate and suitable safeguards for Personal Data transferred to countries outside the EEA.

8. Your legal rights

You have a number of rights under data protection laws in relation to your personal data. You have the right to:

1. Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

2. Request correction of the personal data that we hold about This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

3. Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.

5. You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.

6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we

may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

1. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:

   • If you want us to establish the data’s accuracy;

   • Where our use of the data is unlawful but you do not want us to erase it;

   • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

   • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact us as per paragraph 14 below.

–       No fee usually required

 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

–       What we may need from you

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

–       Time limit to respond

 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. Unsubscribe from Marketing Emails and Text Messages

You can ask to stop sending you marketing communications, such as promotional emails/texts at any time by following the opt-out links within any marketing communication sent to you or by contacting us as per paragraph 14 below.

10. Personal Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. After the expiration of this period, we will delete/ destroy in a way that such data cannot be retrieved.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data in accordance with the provisions of this Privacy Policy.

11. Personal Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

12. Complaints

You have the right to make a complaint at any time to the Office of the Commissioner for Personal Data Protection, the Cyprus regulator for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the Office of the Commissioner for Personal Data Protection, so please contact us in the first instance.

13. Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated in July 2025.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

14. Cookies

Our Website uses Cookies technology in order to adapt its operation to your individual needs. According to this, you may consent to the storage of the data and information entered by you, so that it can be used for future visits to our Website without the need to re-enter it. The owners of other websites will not have access to this data and information. However, if you do not agree to personalize the Website, we suggest disabling the use of cookies in the options of your Internet browser.

15. Contact details

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:

• Email address: Attas@livcollections.com

• Postal address: Panagioti Theofilou 10, Oroklini 7040, Cyprus

• Telephone number: 99224194
  
  

16. Data Protection Officer details

We have also appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our DPO via the address below:

• Name: Constantinos Attas

• Postal address: Panagioti Theofilou 10, Oroklini 7040, Cyprus

• Telephone number: 99224194

• Email: Attas@livcollections.com