Privacy Policy
Personal Data Protection Policy
THE HOTEL acts as a personal data controller before the Personal Data Protection Commission and processes the data and personal information provided in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 (General Data Protection Regulation).
This Personal Data Protection Policy applies to THE HOTEL and its official website.
We, as a personal data controller and as professionals with many years of experience in the tourism sector, respect the privacy of users. This security policy aims to inform you about the process of collection, processing, storage, use and transfer of personal data. Therefore, please familiarize yourself with its contents by reading it carefully. If you have any questions, you may ask them through the Contact Form on the website.
Definitions
For the purposes of this policy and in accordance with Regulation (EU) 2016/679:
Personal data means any information relating to a natural person who is identified or can be identified directly or indirectly by an identification number or by one or more specific features. The data may relate to facts (for example – name, e-mail address, location or date of birth) or to an opinion regarding the actions or behavior of the Data Subject.
Personal data controller means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its designation may be provided for by Union law or the law of a Member State;
Processing of personal data means any operation or set of operations that may be performed with regard to personal data by automatic or other means, such as collection, recording, organization, storage, adaptation or alteration, recovery, consultation, use, disclosure by transmission, dissemination, provision, updating or combination, blocking, erasure or destruction.
Processing of Personal Data
In order to provide and improve the services we offer and for the purposes of administering the resources related to them, we store, use and process personal data while complying with the applicable legal requirements.
TYPES OF PERSONAL DATA PROCESSED
The types of personal data collected and processed by the controller vary according to the purposes for which they are collected and the legal grounds for their processing:
The types of data collected according to their purposes are as follows:
1. For the purpose of making and confirming a reservation, THE HOTEL collects and processes the following types of data:
a/ In the case of reservation through the website:
– First name and surname of the contact person;
– e-mail address and telephone number of the contact person;
b/ In the case of reservation by telephone:
– telephone number for contact and e-mail address for reservation confirmation
– First name and surname of the contact person;
These data are stored until the reservation is fulfilled. After that, the data isare destroyed and their further processing becomes impossible.
2. For the purposes of accommodating guests at THE HOTEL, the controller processes and stores the following data:
– Personal identification number / foreigner personal number;
– Name of the person (for Bulgarian citizens – in Cyrillic, for foreigners – in Latin script, according to the national document);
– Date of birth;
– Gender;
– Citizenship;
– ID card number / valid national identity document;
– Country that issued the national document.
The data collected for the purposes of hotel registration are collected pursuant to Article 116(2) of the Tourism Act and are necessary for maintaining a register of accommodated tourists. The data are stored for a period of 5 (five) calendar years.
3. For the purposes of holding corporate or personal events at THE HOTEL, the following data are processed and stored:
– Full name of the person organizing the event. In the case of corporate events – a contact person designated by the legal entity organizing the event;
– e-mail address and telephone number of the contact person
These data are stored for up to 3 (three) calendar years after the event is held.
PRINCIPLES OF PROCESSING
When processing personal data, we comply with the following principles:
– lawfulness – when collecting, processing and storing your data, we comply with the provisions of the applicable Bulgarian and European legislation;
– fairness and transparency – the data we collect and process are handled in accordance with this privacy policy, which is available to every user;
– relevance of processing to the purposes and data minimization – the types of data we collect are reduced to the minimum in accordance with the purposes for which they are processed. The purposes for which your data are processed are those for which we are legally obliged, for which we have a contractual relationship, or for whose collection we have obtained your consent;
– storage limitation – we process and store the data received for a period of time in accordance with the purposes for which they are needed and in accordance with your consent.
– user consent for data processing – in order to use your data for marketing purposes and to improve the services we provide to you, we must obtain your explicit consent for this.
Please note that when you send an inquiry to THE HOTEL (regarding price terms, reservation, clarification concerning a reservation already made, organization of an event and/or other questions related to the services provided by the hotel), you give your consent for THE HOTEL to store and process the personal data provided by you for the purposes of the inquiry made.
In this case, your data will be erased in accordance with the applicable legislation and this privacy policy.
PERSONAL DATA PROTECTION
Confidentiality of personal data
We use electronic methods for the processing of personal data in order to ensure accurate and prompt provision of services and assistance to users.
The process of processing your personal data provided to THE HOTEL is carried out in accordance with the applicable legislation in the field of personal data protection, and THE HOTEL respects your privacy. THE HOTEL guarantees that the persons authorized by it to process personal data have undertaken a confidentiality commitment or are legally obliged to observe confidentiality.
SECURITY OF PERSONAL DATA
THE HOTEL applies technical and organizational security measures in order to protect the personal data you have provided from accidental or unlawful destruction, accidental loss, unauthorized access, alteration or dissemination, as well as from other unlawful forms of processing by unauthorized persons. The security measures we apply are subject to constant improvement and adaptation to the latest technologies.
The personal data collected may be provided to partners of THE HOTEL who act as personal data processors on behalf of THE HOTEL and have undertaken to comply with all applicable personal data protection regulations. We comply with the condition that the respective information may be used solely within the limits set by the legal basis on which they are collected or by your personal consent regarding the processing carried out on behalf of THE HOTEL, and that this information shall be treated as confidential.
THE HOTEL may disclose and provide personal information in accordance with applicable law if so ordered or required by a court or administrative authority, or if the provision of personal data is related to the performance of a legal obligation of THE HOTEL. The data collected for the purposes of accommodation at THE HOTEL are accessible to the third parties specified in the Tourism Act – the Ministry of Tourism, municipalities, the Ministry of Interior, the National Revenue Agency and the National Statistical Institute.
USERS’ RIGHTS REGARDING THEIR DATA
1. In accordance with the applicable legislation, you have the right of ownership and access to the data you have provided for processing. By submitting a written request through the Contact Form on the website, you may obtain information about the type of personal data provided and the purpose of their processing, and also request that we remove any records of your personal information, without the possibility of further processing. Upon obtaining access to your data, you may request that they be corrected if you discover errors or inconsistencies.
2. Users have the right to object to the processing of their data. The objection shall be submitted to THE HOTEL in accordance with item 1 of this section. THE HOTEL undertakes to review your objection and, within 30 calendar days of its receipt, to inform you of the result of the internal review conducted.
3. Users have the right to lodge complaints with the competent supervisory authority. According to the applicable legislation, the competent supervisory authority in the Republic of Bulgaria is the Personal Data Protection Commission.
4. Users have the right to receive their data stored by THE HOTEL where such data are provided in a structured, commonly used and machine-readable format. Users also have the right to transfer those data to another personal data controller without hindrance from THE HOTEL, in the cases and with regard to data provided on the basis of consent, data provided under a contract to which the user is a party, or data provided when steps are taken by the user and a request for concluding a contract is made.
CHANGES TO THE PERSONAL DATA PROTECTION RULES
THE HOTEL’s personal data protection rules may be amended unilaterally by THE HOTEL with a view to their improvement, the offering of new services, changes in the manner of service and communication with our clients, as well as in connection with legislative changes.
When changes are made to these personal data protection rules, THE HOTEL shall bring the changes to your attention by publishing them on our website, providing you with a reasonable period to familiarize yourself with them, after the expiry of which they shall begin to apply to the processing of your personal data without additional notice. If within that period you state that you reject the changes, this shall be deemed to mean that you have withdrawn your consent to the processing of your personal data and THE HOTEL will cease processing them in the future. This may also be related to the termination of your registrations for our games, services, electronic newsletters, etc., for the purposes of which you originally provided us with your personal data.
Contact with THE HOTEL team
If you have any questions regarding our measures and rules concerning personal data protection, please send a message through the Contact Form on the website.
The online reservation system is operated by Quendoo, a trademark owned by Quendoo AD, UIC 207759475.