This Privacy Notice sets out how ORANGE TRAVEL (CYPRUS) LTD (“We” or the “Company”) collects and processes personal data as part of any recruitment process relating to job applicants (“you“). The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
This Privacy Notice has been prepared in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and the relevant laws of the Republic of Cyprus.
Any questions relating to this Privacy Notice or requests in respect of personal data should be directed to our Data Protection Officer (DPO) at email@example.com
Who we are
Let’s Go Tours is the trading name of Orange Travel (Cyprus) Ltd, a joint venture between the Amathus Group, one of the leading companies in Cyprus, with operations in travel and tourism dating back to 1947, and the Orange Travel Group, based in Malta. Orange Travel (Cyprus) Ltd incorporates the tour operating activities of Amathus and offers a wide range of services in leisure travel.
We strive to protect personal data and apply high standards of conduct when it comes to privacy issues. We ensure that its applicants are provided with the appropriate training in order to handle personal data securely and in accordance with the laws. Furthermore, we endeavor to ensure that any parties with whom we co-operate apply the same high standards when it comes to data protection and privacy as we do.
What data do we collect?
We process data in the context of recruitment. In this context we collect certain categories of personal information us directly from all candidates, either by CV and/ or personal interviews, including:
- contact details (including names, postal addresses, email addresses and telephone numbers);
- personal information such as nationality;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration, including benefit entitlements;
- whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process;
- employment application and CV;
Important notice on Special Category Data
In certain instances, the personal data you provide to us for these purposes may include “Special Category Data” (i.e. information concerning race, ethnic origin, trade union membership, health data or data relating to a person’s criminal record or alleged criminal activity). Such data will not be processed by us without your explicit consent.
Why do we need it?
We need to process your data in order to assess your application and carry out the recruitment process effectively. We may also need to process your data to enter into a contract with you, in which case your data as an employee will be further processed in accordance with our Employee Privacy Notice. In some cases, we may need to process data to ensure that we are complying with our legal obligations. For example, to check a successful applicant’s eligibility to work in the EU before employment starts.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job.
We may also need to process data from job applicants to respond to and defend against legal claims.
We may also collect information about whether or not an applicant is disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out our obligations and exercise specific rights in relation to employment.
If your application is unsuccessful, we may keep your personal data on file in case there are employment opportunities and vacancies relevant to your qualifications in the near future. In this case we will ask for your consent in advance and you are free to withdraw your consent at any time.
We shall not carry out any automated decision-making activities, including profiling, using your personal information.
Sources and Recipients of data
Your information will be shared internally within the Company for the purposes of the recruitment process. This includes members of the HR department, interviewers involved in the recruitment process, managers in the department with a vacancy.
Requests for access to be restricted in any particular manner should be made to firstname.lastname@example.org and will be considered and, where possible with reference to legal and regulatory obligations, actioned.
We take the security of your data very seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Rights of Data subjects
Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data. If you wish to exercise any rights under the GDPR or any other applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing; or to lodge a complaint with the relevant supervisory authority; or the right of data portability) you may send us a relevant request to email@example.com.
In response to such requests, we reserve the right to require the individual making the request to provide certain details about himself/herself so that we can validate that the individual is indeed the person whom the data refers to. We are required to respond to the request of the individual within 40 days and it will endeavour to do so wherever possible. We reserve the right to charge a reasonable fee to cover any expenses that may arise from the request.
In any case in which you choose not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, we may be unable to carry out the recruitment process successfully and you may not be offered a position.
Retention of data
We retain all personal data in accordance with the Data Retention Policy.
If your application for employment is unsuccessful, we may hold your data on file for up to 1 year after the end of the relevant recruitment process with your consent and we may contact you in the future if we believe that you may be interested in any vacancies and employment opportunities that may arise within the Company.
At the end of that period, or once you withdraw your consent, your data will be irreversibly deleted.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. Your personal data as an employee of the Company will be further processed as may be required for the purposes of the performance of your Employment Contract or by law and in accordance with our Employee Privacy Notice.
Any requests for further information in relation to the continued processing of specific data and requests for destruction of data as well as information on the retention and destruction process of the Company should be made to firstname.lastname@example.org
Changes to this Privacy Notice
We keep this Privacy Notice under review in order to ensure that it is in line with any changes to the laws relating to privacy and personal data. Any updates will appear on the Company’s website at www.amathus.com
This Privacy Notice was last updated on 25 May 2018.
The Company has a Data Protection Officer and all enquiries in respect of this Privacy Notice or any requests to exercise any of the rights set out above should be directed to the Data Protection Officer via email@example.com
If you still feel that your personal data has not been handled properly according to the law, you can make a complaint to the Office of the Commissioner for Personal Data Protection, at:
1 Iasonos Str., 1082 Nicosia,
P.O. Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565