PRIVACY POLICY
The HOTEL is the administrator of personal data for the CPLD and processes the provided data and personal information in accordance with the Personal Data Protection Act and the General Regulation on the Protection of Personal Data (EU) 2016/679.
This Privacy Policy applies to the HOTEL and its official website.
We, as a personal data administrator and as a professional with many years of experience in the field of tourism, respect the privacy of users. This security policy aims to inform you about the process of collection, processing, storage, use and transfer of personal data. Therefore, please familiarize yourself with its contents by reading it carefully. In case you have questions, you can ask them through the Contact form on the site.
Definitions
In terms of this policy and in accordance with Regulation (EU) 2016/679:
Personal data is any information relating to a natural person that is identified or can be identified directly or indirectly by an identification number or by one or more specific characteristics. The data may refer to facts (for example – name, e-mail address, location or date of birth) or to an opinion about the actions or behavior of the Data Subject.
A personal data administrator is a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of personal data processing; where the purposes and means of this processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State;
Processing of personal data is any action or set of actions that may be performed in relation to personal data by automatic or other means, such as collection, recording, organization, storage, adaptation or modification, recovery, consultation, use, disclosure by transmission , distribute, provide, update or combine, block, delete or destroy.
Processing of personal data
In order to provide and improve the services we provide and for the needs of administering the resources to them, we store, use and process personal data in compliance with the applicable legal requirements.
TYPES OF PERSONAL DATA PROCESSED
The types of personal data that the administrator collects and processes are different, according to the purposes for which they are collected and the grounds for their processing:
The types of data collected according to their purposes are as follows:
1. To make a request and confirm a reservation, the HOTEL collects and processes the following types of data:
a/ When booking, through the website:
– Name and surname of the contact person;
– e-mail address and telephone number of the contact person;
b/ When booking by phone:
– phone number for feedback and e-mail address for confirmation of the reservation
– Name and surname of the contact person;
These data are stored until the reservation is made. After that, the data is destroyed and their subsequent processing is impossible.
2. For the purposes of accommodating guests in the HOTEL, the administrator processes and stores the following data:
– EGN / LNCH;
– Name of the person (for Bulgarian citizens – in Cyrillic, for foreigners – in Latin, according to the national document);
– Date of birth;
– Gender;
– Citizenship;
– Identity card number/ valid national identity document;
– Country that issued the national document.
The data collected for the purposes of registration at the hotel are collected on the basis of Art. 116, para. 2 of the Law on Tourism and are necessary for keeping a register of accommodated tourists. The data is stored for a period of 5 /five/ calendar years.
3. For the purposes of holding corporate or personal events in the HOTEL, the following data are processed and stored:
– Two names of the person organizing the event. In case of corporate events, a contact person specified by the legal entity, organizer of the event;
– e-mail address and telephone number of the contact person
These data are stored for up to 3 /three/ calendar years after the realization of the event.
PROCESSING PRINCIPLES
When processing personal data, we observe the following principles:
– legality – when collecting, processing and storing your data, we comply with the provisions of the applicable Bulgarian and European legislation;
– good faith and transparency – the data we collect, process and comply with the current privacy policy, which is available to every single user;
– relevance of the processing to the purposes and minimization of the data – the types of data we collect are minimized, in accordance with the purposes for which they are processed. The purposes for which your data are processed are those for which we are legally obligated, for which we have a contractual legal relationship or for which we have obtained your consent;
– storage limitation – we process and store semi
the data, for a period of time, according to the purposes for which they are needed and according to your consent.
– user consent to data processing – in order to use your data for marketing purposes, in order to improve the services we provide to you, we must obtain your express consent for this.
Please note that when you send an inquiry to the HOTEL (for price conditions, for a reservation, for clarification regarding an already made reservation, for holding an event and/or other questions related to the services provided by the hotel) you give your consent for the HOTEL to store and processes the personal data provided by you for the purposes of the inquiry made.
In this case, your data will be deleted in accordance with the applicable regulations and this privacy policy.
PROTECTION OF PERSONAL DATA
Confidentiality of personal data
We use electronic methods to process personal data in order to ensure accurate and fast provision of services and assistance to users.
The process of processing your personal data provided to the HOTEL is carried out in accordance with the applicable legislation in the field of personal data protection, and the HOTEL respects your privacy. The HOTEL guarantees that the persons authorized by it to process the personal data have made a commitment to confidentiality or are obliged by law to respect confidentiality.
SECURITY OF PERSONAL DATA
The HOTEL implements technical and organizational security measures in order to protect the personal data you have provided from accidental or illegal destruction, accidental loss, unauthorized access, modification or distribution, as well as from other illegal forms of processing by unauthorized persons . The security measures we apply are subject to constant improvement and adaptation to the latest technologies.
Collected personal data may be provided to partners of the HOTEL who act as personal data processors on behalf of the HOTEL and have undertaken to comply with all applicable norms for the protection of personal data. We comply with the condition that the relevant information can only be used within the limits set by the legal basis on which it is collected or by your personal consent regarding the processing carried out on behalf of the HOTEL, and that this information should be treated as confidential.
The HOTEL may disclose and provide personal information in accordance with the applicable law, if a court or administrative authority orders or requires this, or if the provision of personal data is related to the fulfillment of a legal obligation of the HOTEL. The data that is collected for the purposes of accommodation in the HOTEL is available to the third parties defined in the Tourism Act – Ministry of Tourism, Municipalities, Ministry of the Interior, National Revenue Agency and the National Statistical Institute.
RIGHTS OF USERS REGARDING THEIR DATA
1. In accordance with current legislation, you have the right to ownership and access to the data you have provided for processing. With a written request through the Contact form on the site, you can receive information about the type of personal data provided and the purpose of their processing, as well as request that we remove any records of your personal information, without the possibility of further processing. By accessing your data, you can request that it be corrected if you find any errors or inconsistencies.
2. Users have the right to object to the processing of their data. The objection is sent to the HOTEL, according to item 1 of this section. The HOTEL undertakes to consider your objection and, within 30 calendar days of its receipt, to inform you of the result of the internal inspection.
3. Users have the right to appeal to the competent supervisory authority. According to the current regulations, the competent supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data.
4. Users have the right to receive their data, which the HOTEL stores, when provided in a structured, widely used and machine-readable format. Users have the right to transfer this data to another personal data administrator without hindrance from the HOTEL, in the cases and in relation to the data provided by consent, in the cases of data provided under a contract to which the user is a party or data provided in taking steps on the part of the user and requesting the conclusion of a contract.
CHANGES IN THE RULES FOR THE PROTECTION OF PERSONAL DATA
The rules of the HOTEL for the protection of personal data can be changed unilaterally by the HOTEL in order to improve them, offer new services, changes in the way of service and communication with our customers, as well as in connection with legislative changes.
When making changes to the current rules for the protection of personal data, HOTEL
Development and maintenance of hotel websites from hotelbox.bg