PERSONAL DATA PROTECTION POLICY

THE HOTEL is a personal data administrator at the CPDP and processes the provided data and personal information in accordance with the Personal Data Protection Act and the General Data Protection Regulation (EU) 2016/679.
This Personal Data Protection Policy applies to THE HOTEL and its official website.
We, as a personal data administrator and as a professional with many years of experience in the field of tourism, respect the privacy of users. This security policy aims to inform you about the process of collecting, processing, storing, using and forwarding personal data. Therefore, please familiarize yourself with its contents by reading it carefully. If you have any questions, you can ask them through the Contact form on the site.

Definitions

For the purposes of this policy and in accordance with Regulation (EU) 2016/679:
Personal data is any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more specific factors. The data may relate to facts (for example – name, e-mail address, location or date of birth) or to an opinion regarding the actions or behavior of the Data Subject.
A controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its determination may be laid down in Union or Member State law;
Processing of personal data is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Processing of personal data
In order to provide and improve the services we provide and for the purposes of administering the resources to them, we store, use and process personal data in compliance with applicable legal requirements.

TYPES OF PERSONAL DATA PROCESSED

The types of personal data that the administrator collects and processes are different, according to the purposes for which they are collected and the grounds for their processing:
The types of data collected according to their purposes are as follows:
1. To make a reservation request and confirm a reservation, the HOTEL collects and processes the following types of data:
a/ When booking, via a website:
– Name and surname of the contact person;
– e-mail address and telephone number of the contact person;
b/ When booking by phone:
– telephone number for feedback and e-mail address for confirmation of the reservation
– Name and surname of the contact person;
These data are stored until the reservation is made. After that, the data is destroyed and their subsequent processing is impossible.
2. For the purposes of accommodating guests in the HOTEL, the administrator processes and stores the following data:
– Personal Identification Number / Personal Identification Number;
– Name of the person (for Bulgarian citizens – in Cyrillic, for foreigners – in Latin, according to the national document);
– Date of birth;
– Gender;
– Citizenship;
– Identity card number / valid national identity document;
– Country that issued the national document.
The data collected for the purposes of registration in the hotel are collected on the basis of Art. 116, para. 2 of the Tourism Act and are necessary for keeping a register of accommodated tourists. The data is stored for a period of 5 /five/ calendar years.
3. For the purposes of organizing corporate or personal events at the HOTEL, the following data is processed and stored:
– Two names of the person organizing the event. In the case of corporate events, a contact person specified by the legal entity organizing the event;
– e-mail address and telephone number of the contact person
These data are stored for up to 3 /three/ calendar years after the event.

PRINCIPLES OF PROCESSING

When processing personal data, we adhere to the following principles:
– lawfulness – when collecting, processing and storing your data, we comply with the provisions of applicable Bulgarian and European legislation;
– good faith and transparency – the data we collect is processed in accordance with this privacy policy, which is available to each user;
– relevance of processing to the purposes and data minimization – the types of data we collect are minimized in accordance with the purposes for which they are processed. The purposes for which your data are processed are those for which we are legally obligated, for which we have a contractual relationship or for which we have obtained your consent to collect them;
– storage limitation – we process and store the data obtained for a period of time, in accordance with the purposes for which they are needed and in accordance with your consent.
– user consent to data processing – in order to use your data for marketing purposes, in order to improve the services we provide to you, we must obtain your explicit consent to this.
Please note that when you send an inquiry to the HOTEL (for price conditions, for a reservation, for clarification regarding an already made reservation, for holding an event and/or other questions related to the services provided by the hotel) you give your consent to the HOTEL to store and process the personal data provided by you for the purposes of the inquiry.
In this case, your data will be deleted in accordance with the applicable regulations and this privacy policy.

PROTECTION OF PERSONAL DATA

Privacy of personal data
We use electronic methods for processing personal data in order to ensure accurate and prompt provision of services and assistance to users.
The process of processing your personal data provided to the HOTEL is carried out in accordance with applicable legislation in the field of personal data protection, and the HOTEL respects your personal privacy. The HOTEL guarantees that the persons authorized by it to process personal data have undertaken a commitment to confidentiality or are legally obligated to maintain confidentiality.

SECURITY OF PERSONAL DATA

THE HOTEL applies technical and organizational security measures in order to protect the personal data you have provided from accidental or unlawful destruction, accidental loss, unauthorized access, alteration or dissemination, as well as from other unlawful forms of processing by unauthorized persons. The security measures we implement are subject to constant improvement and adaptation to the most modern technologies.
The collected personal data may be provided to partners of the HOTEL, who act as personal data processors on behalf of the HOTEL and have undertaken to comply with all applicable personal data protection regulations. We comply with the condition that the relevant information may only be used within the limits set by the legal basis on which it is collected or by your personal consent regarding the processing carried out on behalf of the HOTEL, and that this information should be treated as confidential.
THE HOTEL may disclose and provide personal information in accordance with applicable law, if a court or administrative authority orders or requests this or if the provision of personal data is related to the fulfillment of a legal obligation of the HOTEL. The data collected for the purposes of accommodation in the HOTEL is accessible to third parties specified in the Tourism Act – the Ministry of Tourism, Municipalities, Ministry of Interior, National Revenue Agency and the National Statistical Institute.

CONSUMER RIGHTS REGARDING THEIR DATA

1. In accordance with the applicable legislation, you have the right to ownership and access to the data you have provided for processing. By submitting a written request through the Contact Form on the site, you can receive information about the type of personal data provided and the purpose of its processing, as well as request that we remove any records of your personal information, without the possibility of further processing. By accessing your data, you can request that it be corrected if you find errors or inconsistencies.
2. Users have the right to object to the processing of their data. The objection is addressed to the HOTEL, in accordance with item 1 of this section. THE HOTEL undertakes to consider your objection and within 30 calendar days of its receipt to inform you of the result of the internal inspection.
3. Users have the right to lodge complaints with the competent supervisory authority. According to the current legislation, the competent supervisory authority in the Republic of Bulgaria is the Commission for Personal Data Protection.
4. Users have the right to receive their data, which the HOTEL stores, when provided in a structured, widely used and machine-readable format. Users also have the right to transfer this data to another personal data administrator without hindrance from the HOTEL, in cases and with respect to data provided by consent, in cases of data provided under a contract to which the user is a party or data provided when taking steps by the user and requesting to conclude a contract.

CHANGES TO THE RULES FOR PROTECTION OF PERSONAL DATA

The HOTEL’s rules for the protection of personal data may be changed unilaterally by the HOTEL with a view to their improvement, offering new services, changes in the method of service and communication with our customers, as well as in connection with legislative changes.
When making changes to these personal data protection rules, the HOTEL brings the changes made to your attention by publishing them on our website, providing you with a reasonable period to familiarize yourself with them, after which they begin to apply to the processing of your personal data, without further notice. If within this period you state that you reject the changes, it will be considered that you have withdrawn your consent to the processing of your personal data and the HOTEL will cease processing them in the future. This may also be related to the termination of your registrations for our games, services, electronic newsletters, etc., for the purposes of which you initially provided us with your personal data.

Contact the HOTEL team

If you have any questions regarding our measures and policies regarding the protection of personal data, please send a message via the Contact form on the site.

The online reservation system is operated by Quendoo, a trademark owned by Quendoo AD.