Personal data protection policy
The Hotel as an administrator of personal data collects and processes particular information about the physical persons.
This information could refer to the employees, managers, clients and guests of the hotel, suppliers, contractors, business partners and other physical persons with which the administrator is in contact or wants to establish business contacts.
The present personal data protection policy regulates the way personal data are collected, processed and stored, so that they comply with the standards of the Administrator’s organization and adhere to the corresponding legal requirements.
The personal data protection policy is issued in compliance with the Personal Data Protection Act and the related acts concerning its implementation, the way they are modified, (“Bulgarian legislation”), as well as the General Data Protection Regulation (ЕС) 2016/679 (“GDPR” ).
How shall we interpret the term „personal data“ and „personal data processing“?
„Personal data“ is any type of information which a physical person can be identified by implicitly or explicitly by one or more characteristics descriptive of the person – like, for example: name, identification number/ Unified civil number, contact details – location/ address, telephone number, electronic address (email), online identificator/ IP address, images from video recordings, etc. These characteristics might be part of the physical, physiological, genetic, psychic, mental, economical, cultural and social identity of the physical person.
„Personal data processing“ is the entire scope of actions performed to personal data or a selection of personal data like collecting, saving, organizing, storing, structuring, adapting or changing, extracting, consulting, using and disclosing them by transferring, spreading or any other way by which personal data become accessible; structuring and combining, limiting, deleting and destroying them.
How shall we treat your personal data?
The Hotel places great emphasis on personal data protection so we collect and process personal data only by observing the requirements of the national and European legislation. The aim of the present „Personal Data Protection Policy“ is to inform you how we treat your personal data and what type of personal data we could collect from you, with what aim, for what period, as well as what your corresponding legal rights are.
When you entrust data to us, its security is of primary importance. We therefore protect your data by applying the appropriate technical and organizational means in concordance with the potential risks to the rights and freedoms of individuals in order to prevent unauthorized access, unauthorized or malicious use, loss or unwanted deletion of information.
What information do we collect and why?
We may collect personal information about you when you use our website or choose our services. In most cases, we require your personal data for the purpose of signing a contract, complying with a legal obligation or protecting our legitimate interest. In some cases, we process data based on your consent.
According to the services you use, we gather and process the following information about you:
Which are the guiding principles we observe?
We strictly abide by the basic principles introduced as mandatory for the processing of personal data:
We most often process personal data collected for the following purposes:
What are your rights?
When your personal data are being collected and processed you have the rights to:
When can we disclose your personal data?
We apply a set of measures to protect your personal data from loss, theft and misuse, and from unauthorized access, disclosure, alteration or destruction. We do not share your personal data with third parties before we are sure that all technical and organizational measures have been taken to protect the data by carrying out strict control in implementing this goal.
Some of the recipients of personal data can be: delivery companies, external consultants and specialists, collection companies and law firms, banks, security companies, sales agents and representatives, etc.
It is possible to disclose your personal data in the circumstances provided for by the law. For example, with your explicit consent, or with the permission of the Privacy Commission, your personal data may be disclosed to third parties. The provision of personal data in some cases is mandatory in order to comply with our legal requirements, such as: Regulatory bodies, incl. state commissions, institutions and agencies, NRA, NSSI, courts, prosecutors, etc., to whom we are obliged to provide personal data under the current legislation. It is possible, when necessary or appropriate, to provide your personal data for national security purposes or for issues of public concern.
The hotel applies all necessary measures to protect your personal data from accidental loss and unauthorized access, use, modification or disclosure. We have policies and procedures designed to protect information from loss, misuse and unauthorized disclosure. In addition, we take information security measures, including access control, strict physical protection and reliable practices for collecting, storing and processing information.
On the other hand, we apply technical measures such as encryption, pseudonymisation and anonymisation of the collected personal data.
When is your personal data erased?
We store the whole information which we collect from you and destroy it in the legally provisioned deadlines, and in case there are no such, within the periods defined by us after we have finally concluded all our financial relationships. We do not store your data for unlimited time.
Cross border data transfer
The transfer, storage and processing of personal data is safeguarded by all modern technical means. The Hotel shall not transfer your personal data outside the European Economic Area without observing the legal possibilities for it and shall implement all necessary precautions to protect the confidentiality of your information.
After the legal period for storing data has expired, data shall be destroyed in the shortest possible time by shredding all paper documents and destroying all technical forms by deleting and extinguishing all corresponding files from the PCs and the corporate system.
Personal Data protection Policy modification
The present personal data protection procedure might be modified as time elapses. Such modifications will be made valid immediately after being announced. Checking the contents of this webpage regularly will guarantee you stay updated about the type of information we collect, in what way, for what purpose and under what circumstances (if any) the Hotel shall share it with third parties.