Privacy Policy

Personal data protection policy

The Hotel as an administrator of personal data collects and processes particular information about the physical persons.

This information could refer to the employees, managers, clients and guests of the hotel, suppliers, contractors, business partners and other physical persons with which the administrator is in contact or wants to establish business contacts.

The present personal data protection policy regulates the way personal data are collected, processed and stored, so that they comply with the standards of the Administrator’s organization and adhere to the corresponding legal requirements.

The personal data protection policy is issued in compliance with the Personal Data Protection Act and the related acts concerning its implementation, the way they are modified, (“Bulgarian legislation”), as well as the General Data Protection Regulation (ЕС) 2016/679 (“GDPR” ).

How shall we interpret the term „personal data“ and „personal data processing“?

„Personal data“ is any type of information which a physical person can be identified by implicitly or explicitly by one or more characteristics descriptive of the person – like, for example: name, identification number/ Unified civil number, contact details – location/ address, telephone number, electronic address (email), online identificator/ IP address, images from video recordings, etc. These characteristics might be part of the physical, physiological, genetic, psychic, mental, economical, cultural and social identity of the physical person.

„Personal data processing“ is the entire scope of actions performed to personal data or a selection of personal data like collecting, saving, organizing, storing, structuring, adapting or changing, extracting, consulting, using and disclosing them by transferring, spreading or any other way by which personal data become accessible; structuring and combining, limiting, deleting and destroying them.

How shall we treat your personal data?

The Hotel places great emphasis on personal data protection so we collect and process personal data only by observing the requirements of the national and European legislation. The aim of the present „Personal Data Protection Policy“ is to inform you how we treat your personal data and what type of personal data we could collect from you, with what aim, for what period, as well as what your corresponding legal rights are.

When you entrust data to us, its security is of primary importance. We therefore protect your data by applying the appropriate technical and organizational means in concordance with the potential risks to the rights and freedoms of individuals in order to prevent unauthorized access, unauthorized or malicious use, loss or unwanted deletion of information.

What information do we collect and why?

We may collect personal information about you when you use our website or choose our services. In most cases, we require your personal data for the purpose of signing a contract, complying with a legal obligation or protecting our legitimate interest. In some cases, we process data based on your consent.

According to the services you use, we gather and process the following information about you:

  • Names of the person, Unified Civil Number (for the purpose of check in and the issuing of invoices, if requested);
  • Contact details – contact address, telephone number and email.

Which are the guiding principles we observe?

We strictly abide by the basic principles introduced as mandatory for the processing of personal data:

  • Personal data are processed lawfully, fairly and transparently;
  • Personal data are collected for specific, explicit, and legitimate purposes and are not processed further in a manner that is incompatible with those purposes;
  • Personal data are adequate, relevant and limited to the purpose for which they are processed;
  • Personal data are accurate and, where necessary, kept up-to-date;
  • Personal data are kept in a form which permits identification of subjects for no longer than shall be required by the purposes for which the personal data are processed;
  • Personal data are processed in a manner that ensures an appropriate level of safety of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical and organizational measures.

We most often process personal data collected for the following purposes:

  • When signing and executing a contract – for registrating the guest at the Hotel, preparing accounting documents like a bill or an invoice for the services provided to you; for the purpose of notifications related to our services;
  • In carrying out a legal obligation – for the purpose of obligations under the provisions of the Law on Tourism, the Accountancy Act and the Tax Insurance Procedure Code and other related normative acts, concerning the keeping of accurate and lawful accounting; in reporting obligations to all state commissions and regulators, as well as the court; when executing online booking (distance selling) and selling outside our hotel facility;
  • Upon your agreement – direct marketing for our products and services.

What are your rights?

When your personal data are being collected and processed you have the rights to:

  • Information concerning your personal data and access to the data gathered about you;
  • Rectification/ completion, if the data are incomplete or incorrect – whether as a result of your request or the initiative of the Hotel;
  • Erasure of your personal data, when the legal grounds for this exist;
  • Limit your personal data processing by the Hotel, if legal grounds for this exist;
  • Transfer your personal data among distinct controllers – it allows you to receive your data from the Hotel and transfer them to a different administrator in a format suitable for being used;
  • Complain about your personal data processing, if legal grounds for this exist;
  • Be defended in an administrative or legal procedure in case your rights have been breached;
  • You can defend your rights by writing to us at e-mail: info@azurrohotyel.com or the following address: Nessebar,8240 Sunny Beach, Azurro Hotel;
  • Your personal data are stored with us according to the purpose they have been collected for and during the periods provided for legally.

 

When can we disclose your personal data?

We apply a set of measures to protect your personal data from loss, theft and misuse, and from unauthorized access, disclosure, alteration or destruction. We do not share your personal data with third parties before we are sure that all technical and organizational measures have been taken to protect the data by carrying out strict control in implementing this goal.

Some of the recipients of personal data can be: delivery companies, external consultants and specialists, collection companies and law firms, banks, security companies, sales agents and representatives, etc.

It is possible to disclose your personal data in the circumstances provided for by the law. For example, with your explicit consent, or with the permission of the Privacy Commission, your personal data may be disclosed to third parties. The provision of personal data in some cases is mandatory in order to comply with our legal requirements, such as: Regulatory bodies, incl. state commissions, institutions and agencies, NRA, NSSI, courts, prosecutors, etc., to whom we are obliged to provide personal data under the current legislation. It is possible, when necessary or appropriate, to provide your personal data for national security purposes or for issues of public concern.

Safety

The hotel applies all necessary measures to protect your personal data from accidental loss and unauthorized access, use, modification or disclosure. We have policies and procedures designed to protect information from loss, misuse and unauthorized disclosure. In addition, we take information security measures, including access control, strict physical protection and reliable practices for collecting, storing and processing information.

On the other hand, we apply technical measures such as encryption, pseudonymisation and anonymisation of the collected personal data.

When is your personal data erased?

We store the whole information which we collect from you and destroy it in the legally provisioned deadlines, and in case there are no such, within the periods defined by us after we have finally concluded all our financial relationships. We do not store your data for unlimited time.

 

Cross border data transfer

The transfer, storage and processing of personal data is safeguarded by all modern technical means. The Hotel shall not transfer your personal data outside the European Economic Area without observing the legal possibilities for it and shall implement all necessary precautions to protect the confidentiality of your information.

Data destruction

After the legal period for storing data has expired, data shall be destroyed in the shortest possible time by shredding all paper documents and destroying all technical forms by deleting and extinguishing all corresponding files from the PCs and the corporate system.

Personal Data protection Policy modification

The present personal data protection procedure might be modified as time elapses. Such modifications will be made valid immediately after being announced. Checking the contents of this webpage regularly will guarantee you stay updated about the type of information we collect, in what way, for what purpose and under what circumstances (if any) the Hotel shall share it with third parties.

 


Close
Book Now
Call Us:
+359 879 889 089
Facebook Instagram

Standard Double Room

17 m2 3 adults 1 children
from 0 per night

Family Room

30 m2 4 adults 4 children
from 0 per night
Loading...
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.